@NOBLES5E Thanks again!
You are right, this is bad. As your implementation, we must "return" the Response.
// To Hono maintainers: I don't think we can support nested middleware when the middleware returns early
// sincenext()is never called in this case. Feel free to correct me
We need to support "nested" middleware because there is a case only the context has "username/password". For example, Cloudflare Workers / Modules mode.
I think the best way is to return auth as follows, what do you think? This is a breaking change, but it's OK because it is a security fix.
app.use('/auth/*', async (c, next) => { const auth = basicAuth({ username: c.env.USERNAME, password: c.env.PASSWORD }) return auth(c, next) })
However, this is an issue that should be resolved as quickly as possible, so I may merge or I may fix it without your response.