diff --git a/server/auth/index.js b/server/auth/index.js
index 8ee96fb..f9e9610 100644
--- a/server/auth/index.js
+++ b/server/auth/index.js
@@ -19,12 +19,12 @@ router.post('/recover', require('./password-recover'));
 router.get('/reset', require('./password-redirect'));
 router.patch('/reset', require('./password-reset'));
 
+//logouts allowed when banned, and when the token itself is invalid
+router.delete('/logout', require('./logout'));
+
 //middleware
 router.use(tokenAuth);
 
-//logouts allowed when banned, still needs tokens
-router.delete('/logout', require('./logout'));
-
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {