fix auth handler race condition

[naltatis]

fixes #28822

Return 404 if API is called, but requested endpoint is not registered yet.

[sourcery-ai]

Hey - I've left some high level feedback:

• Consider adding a brief comment above the next == nil check explaining under what circumstances next can be nil (e.g., during startup while routes are being registered), so future maintainers understand why this guard exists and don’t inadvertently remove it.
• If this Not Found response is user-facing, you may want to reuse a shared/not-found handler or at least match any existing 404 response format (e.g., empty body or JSON) to keep error responses consistent across the API.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider adding a brief comment above the `next == nil` check explaining under what circumstances `next` can be nil (e.g., during startup while routes are being registered), so future maintainers understand why this guard exists and don’t inadvertently remove it.
- If this `Not Found` response is user-facing, you may want to reuse a shared/not-found handler or at least match any existing 404 response format (e.g., empty body or JSON) to keep error responses consistent across the API.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}