diff --git a/routes/_middleware.ts b/routes/_middleware.ts
index e87521b..4a0d90a 100644
--- a/routes/_middleware.ts
+++ b/routes/_middleware.ts
@@ -3,9 +3,9 @@ import { deleteCookie, getCookies } from "$std/http/cookie.ts";
 import { getUserFromNonExpiredLoginToken } from "@/db/mod.ts";
 import { type ContextState } from "@/types.ts";
 
-export async function handler(
+async function currentUser(
   request: Request,
-  ctx: MiddlewareHandlerContext<ContextState>,
+  context: MiddlewareHandlerContext<ContextState>,
 ) {
   let hasBadAuthCookie = false;
   const { lsauth } = getCookies(request.headers);
@@ -14,17 +14,31 @@ export async function handler(
     const user = await getUserFromNonExpiredLoginToken(lsauth);
     if (!user) hasBadAuthCookie = true;
     else {
-      ctx.state.user = user;
-      delete ctx.state.user.createdAt;
-      delete ctx.state.user.updatedAt;
-      delete ctx.state.user.passwordDigest;
+      context.state.user = user;
+      delete context.state.user.createdAt;
+      delete context.state.user.updatedAt;
+      delete context.state.user.passwordDigest;
     }
   }
-
-  const resp = await ctx.next();
+  const resp = await context.next();
   if (resp) {
-    resp.headers.set("server", "fresh server");
     if (hasBadAuthCookie) deleteCookie(resp.headers, "lsauth");
   }
   return resp;
 }
+
+export async function serverHeader(
+  _request: Request,
+  context: MiddlewareHandlerContext<ContextState>,
+) {
+  const resp = await context.next();
+  if (resp) {
+    resp.headers.set("server", "fresh server");
+  }
+  return resp;
+}
+
+export const handler = [
+  currentUser,
+  serverHeader,
+];