From 4e49ffe95418474f8e4e3dcf56878b6bd2cb635f Mon Sep 17 00:00:00 2001
From: Sattvik Chakravarthy <sattvik@gmail.com>
Date: Tue, 26 Sep 2023 09:49:08 +0530
Subject: [PATCH 1/2] fix: no panic in middleware

---
 CHANGELOG.md        | 1 +
 supertokens/main.go | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bd033865..5197030e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 -   Handle AWS Public URLs (ending with `.amazonaws.com`) separately while extracting TLDs for SameSite attribute.
+-   Return `500` status instead of panic when `supertokens.Middleware` is used without initializing the SDK.
 
 ## [0.14.0] - 2023-09-11
 
diff --git a/supertokens/main.go b/supertokens/main.go
index c2e07ac9..338919b1 100644
--- a/supertokens/main.go
+++ b/supertokens/main.go
@@ -34,7 +34,9 @@ func Init(config TypeInput) error {
 func Middleware(theirHandler http.Handler) http.Handler {
 	instance, err := GetInstanceOrThrowError()
 	if err != nil {
-		panic("Please call supertokens.Init function before using the Middleware")
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		})
 	}
 	return instance.middleware(theirHandler)
 }

From aa9cddf04b902421043c703eefd6b97520448dd4 Mon Sep 17 00:00:00 2001
From: Sattvik Chakravarthy <sattvik@gmail.com>
Date: Tue, 26 Sep 2023 12:47:36 +0530
Subject: [PATCH 2/2] fix: test

---
 recipe/emailpassword/middleware_test.go | 33 +++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 recipe/emailpassword/middleware_test.go

diff --git a/recipe/emailpassword/middleware_test.go b/recipe/emailpassword/middleware_test.go
new file mode 100644
index 00000000..e137e4b0
--- /dev/null
+++ b/recipe/emailpassword/middleware_test.go
@@ -0,0 +1,33 @@
+package emailpassword
+
+import (
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/supertokens/supertokens-golang/supertokens"
+)
+
+func TestAPIWithSupertokensMiddlewareButNotInitialized(t *testing.T) {
+	BeforeEach()
+	defer AfterEach()
+
+	mux := http.NewServeMux()
+	testServer := httptest.NewServer(supertokens.Middleware(mux))
+	defer testServer.Close()
+
+	resp, err := http.Post(testServer.URL+"/auth/signup", "application/json", nil)
+	if err != nil {
+		t.Error(err.Error())
+	}
+
+	assert.Equal(t, 500, resp.StatusCode)
+	defer resp.Body.Close()
+	bodyBytes, err := ioutil.ReadAll(resp.Body)
+	assert.NoError(t, err)
+
+	bodyStr := string(bodyBytes)
+	assert.Equal(t, "initialisation not done. Did you forget to call the SuperTokens.init function?\n", bodyStr)
+}