fix(login): use public bootstrap settings
Point the login page at the existing public bootstrap endpoint instead of the protected /api/settings route. Also extend the public bootstrap response with hasPassword and setupComplete so unauthenticated users get the correct first-run or password-setup flow without triggering a 401.
This commit is contained in:
@@ -8,9 +8,14 @@ export async function GET() {
|
||||
try {
|
||||
const settings = await getSettings();
|
||||
const requireLogin = settings.requireLogin !== false;
|
||||
return NextResponse.json({ requireLogin });
|
||||
const hasPassword = !!settings.password || !!process.env.INITIAL_PASSWORD;
|
||||
const setupComplete = !!settings.setupComplete;
|
||||
return NextResponse.json({ requireLogin, hasPassword, setupComplete });
|
||||
} catch (error) {
|
||||
return NextResponse.json({ requireLogin: true }, { status: 200 });
|
||||
return NextResponse.json(
|
||||
{ requireLogin: true, hasPassword: true, setupComplete: true },
|
||||
{ status: 200 }
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ export default function LoginPage() {
|
||||
const baseUrl = typeof window !== "undefined" ? window.location.origin : "";
|
||||
|
||||
try {
|
||||
const res = await fetch(`${baseUrl}/api/settings`, {
|
||||
const res = await fetch(`${baseUrl}/api/settings/require-login`, {
|
||||
signal: controller.signal,
|
||||
});
|
||||
clearTimeout(timeoutId);
|
||||
|
||||
Reference in New Issue
Block a user