From c79c21e965bbf689800354ca1be034c2e782f56d Mon Sep 17 00:00:00 2001 From: Judging28 Date: Fri, 12 Sep 2025 23:49:32 +0800 Subject: [PATCH] (fix)check redirectBareDomain option first --- apps/server/src/services/auth.ts | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/apps/server/src/services/auth.ts b/apps/server/src/services/auth.ts index 8b56f1e5f..b10ef8097 100644 --- a/apps/server/src/services/auth.ts +++ b/apps/server/src/services/auth.ts @@ -26,20 +26,8 @@ function checkAuth(req: Request, res: Response, next: NextFunction) { if (isElectron || noAuthentication) { next(); return; - } else if (currentTotpStatus !== lastAuthState.totpEnabled || currentSsoStatus !== lastAuthState.ssoEnabled) { - req.session.destroy((err) => { - if (err) console.error('Error destroying session:', err); - res.redirect('login'); - }); - return; - } else if (currentSsoStatus) { - if (req.oidc?.isAuthenticated() && req.session.loggedIn) { - next(); - return; - } - res.redirect('login'); - return; } else if (!req.session.loggedIn && !noAuthentication) { + // check redirectBareDomain option first // cannot use options.getOptionBool currently => it will throw an error on new installations // TriliumNextTODO: look into potentially creating an getOptionBoolOrNull instead @@ -54,6 +42,19 @@ function checkAuth(req: Request, res: Response, next: NextFunction) { } } res.redirect(hasRedirectBareDomain ? "share" : "login"); + } else if (currentTotpStatus !== lastAuthState.totpEnabled || currentSsoStatus !== lastAuthState.ssoEnabled) { + req.session.destroy((err) => { + if (err) console.error('Error destroying session:', err); + res.redirect('login'); + }); + return; + } else if (currentSsoStatus) { + if (req.oidc?.isAuthenticated() && req.session.loggedIn) { + next(); + return; + } + res.redirect('login'); + return; } else { next(); }