jerick/finance-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow unauthenticated access to /login to prevent redirect loop

Browse Source 
Unauthenticated requests to /login were hitting the auth gate and
redirecting back to /login?callbackUrl=/login, causing a loop.
Let the login page render for unauthenticated users; only redirect
away from /login when the user is already logged in.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
jerick
2026-04-20 16:49:01 -04:00
parent 2e264014b6
commit adb5d144a0
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/middleware.ts
View File

@@ -84,11 +84,15 @@ export default auth((req) => {
if (pathname.startsWith('/api/')) { if (pathname.startsWith('/api/')) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
} }
if (pathname !== '/login') {
const loginUrl = siteUrl(req, '/login') const loginUrl = siteUrl(req, '/login')
loginUrl.searchParams.set('callbackUrl', pathname) loginUrl.searchParams.set('callbackUrl', pathname)
return NextResponse.redirect(loginUrl) return NextResponse.redirect(loginUrl)
} }
return NextResponse.next()
}
// Logged-in users hitting /login get sent to the dashboard
if (pathname === '/login') { if (pathname === '/login') {
return NextResponse.redirect(siteUrl(req, '/dashboard')) return NextResponse.redirect(siteUrl(req, '/dashboard'))
} }