Hi , I'd like to explain how my application works and discuss a few issues with it. - First, a user registers using the signUp method and is by default directed to the public tenant. - Afterwards, they can create their own tenant and switch to that tenant. - Then, users with admin roles can create users within their own tenants. When a user makes a request with a curl command, for example:

curl -X POST http://mydomain.localdev/api/auth/mytenant/signup \
    -H "Content-Type: application/json" \
     -d '{
         "formFields": [
             {"id": "email", "value": “email@gmail.com"},
             {"id": "password", "value": “Password123”},
             {"id": "username", "value": “myusername},
             {"id": "surname", "value": “mysurname”},
             {"id": "role", "value": "Admin"},
             {"id": "phone", "value": “55555555555”},
             {"id": "status", "value": “pending”},
             {"id": "two-step-verification", "value": “false”}
         ]
     }'

they can specify the tenant they wish to join by replacing mytenant with the desired tenant value, thus gaining unauthorized access to a tenant they shouldn't have access to. To solve this, I'm considering performing a session check when a request is made to the signup method. When a POST request is made to SignUp, I want to check if the session of the requestor exists and if it does, access various information within the session. If there is no session, I want to register them to the public tenant. So, how can i access the request's session in the signup method?

you can use the getSession function in here. This function needs to the request object, which you can get from the options arg of the function.