marcel/mealprep
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): bypass auth guard for static assets and favicon

Browse Source 
Prevents redirect loop when backend is down — login page CSS/JS
would otherwise be redirected to /login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel Raddatz
2026-04-02 13:55:03 +02:00
parent d7f317587e
commit 2bdb1010f8
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
frontend/src/hooks.server.test.ts
View File

@@ -39,6 +39,15 @@ describe('auth guard (hooks.server.ts handle)', () => {
expect(resolve).toHaveBeenCalledWith(event); expect(resolve).toHaveBeenCalledWith(event);
}); });
it.each(['/_app/immutable/chunks/app.js', '/favicon.ico'])(
'allows static asset %s without auth',
async (path) => {
const { event, resolve } = createEvent(path);
await handle({ event, resolve });
expect(resolve).toHaveBeenCalledWith(event);
}
);
it('redirects unauthenticated requests on protected routes', async () => { it('redirects unauthenticated requests on protected routes', async () => {
const { event, resolve } = createEvent('/planner'); const { event, resolve } = createEvent('/planner');
try { try {

5
frontend/src/hooks.server.ts
View File

@@ -4,7 +4,12 @@ import { apiClient } from '$lib/server/api';
const PUBLIC_ROUTES = ['/login', '/register', '/invite']; const PUBLIC_ROUTES = ['/login', '/register', '/invite'];
const STATIC_PREFIXES = ['/_app/', '/favicon'];
function isPublicRoute(pathname: string): boolean { function isPublicRoute(pathname: string): boolean {
if (STATIC_PREFIXES.some((prefix) => pathname.startsWith(prefix))) {
return true;
}
return PUBLIC_ROUTES.some((route) => pathname === route || pathname.startsWith(route + '/')); return PUBLIC_ROUTES.some((route) => pathname === route || pathname.startsWith(route + '/'));
} }