fix auth redirect

server/handlers/auth.handler.js

@@ -20,17 +20,19 @@ function authenticate(type, error, isStrict, redirect) {
       if (err) return next(err);
 
       if (
+        req.isHTML &&
         redirect &&
         ((!user && isStrict) ||
         (user && isStrict && !user.verified) ||
         (user && user.banned))
       ) {
+        const path = user.banned ? "/logout" : "/login";
         if (redirect === "page") {
-          res.redirect("/login");
+          res.redirect(path);
           return;
         }
         if (redirect === "header") {
-          res.setHeader("HX-Redirect", "/login");
+          res.setHeader("HX-Redirect", path);
           res.send("NOT_AUTHENTICATED");
           return;
         }
@@ -65,7 +67,8 @@ function authenticate(type, error, isStrict, redirect) {
 const local = authenticate("local", "Login credentials are wrong.", true, null);
 const jwt = authenticate("jwt", "Unauthorized.", true, "header");
 const jwtPage = authenticate("jwt", "Unauthorized.", true, "page");
-const jwtLoose = authenticate("jwt", "Unauthorized.", false, null);
+const jwtLoose = authenticate("jwt", "Unauthorized.", false, "header");
+const jwtLoosePage = authenticate("jwt", "Unauthorized.", false, "page");
 const apikey = authenticate("localapikey", "API key is not correct.", false, null);
 
 async function cooldown(req, res, next) {
@@ -350,6 +353,7 @@ module.exports = {
   generateApiKey,
   jwt,
   jwtLoose,
+  jwtLoosePage,
   jwtPage,
   local,
   login,

server/handlers/renders.handler.js

@@ -152,7 +152,7 @@ async function linkEdit(req, res) {
     ...(!req.user.admin && { user_id: req.user.id })
   });
   res.render("partials/links/edit", {
-    ...(!link && utils.sanitize.link(link)),
+    ...(link && utils.sanitize.link(link)),
   });
 }
 

server/routes/renders.routes.js

@@ -11,26 +11,25 @@ const router = Router();
 // pages
 router.get(
   "/",
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user), 
   asyncHandler(renders.homepage)
 );
 
 router.get(
   "/login", 
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(renders.login)
 );
 
 router.get(
   "/logout", 
-  asyncHandler(auth.jwtLoose),
   asyncHandler(renders.logout)
 );
 
 router.get(
   "/404", 
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.notFound)
 );
@@ -51,21 +50,21 @@ router.get(
 
 router.get(
   "/banned",
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.banned)
 );
 
 router.get(
   "/report",
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.report)
 );
 
 router.get(
   "/reset-password",
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.resetPassword)
 );
@@ -73,7 +72,7 @@ router.get(
 router.get(
   "/reset-password/:resetPasswordToken",
   asyncHandler(auth.resetPassword),
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.resetPasswordResult)
 );
@@ -81,7 +80,7 @@ router.get(
 router.get(
   "/verify-email/:changeEmailToken",
   asyncHandler(auth.changeEmail),
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.verifyChangeEmail)
 );
@@ -89,14 +88,14 @@ router.get(
 router.get(
   "/verify/:verificationToken",
   asyncHandler(auth.verify),
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.verify)
 );
 
 router.get(
   "/terms",
-  asyncHandler(auth.jwtLoose),
+  asyncHandler(auth.jwtLoosePage),
   asyncHandler(locals.user),
   asyncHandler(renders.terms)
 );