fix(login): use public bootstrap settings

Point the login page at the existing public bootstrap endpoint
instead of the protected /api/settings route.

Also extend the public bootstrap response with hasPassword and
setupComplete so unauthenticated users get the correct first-run
or password-setup flow without triggering a 401.
This commit is contained in:
Kfir Amar
2026-03-15 01:17:04 +02:00
parent 36856b18db
commit cda765a02d
2 changed files with 8 additions and 3 deletions
+7 -2
View File
@@ -8,9 +8,14 @@ export async function GET() {
try {
const settings = await getSettings();
const requireLogin = settings.requireLogin !== false;
return NextResponse.json({ requireLogin });
const hasPassword = !!settings.password || !!process.env.INITIAL_PASSWORD;
const setupComplete = !!settings.setupComplete;
return NextResponse.json({ requireLogin, hasPassword, setupComplete });
} catch (error) {
return NextResponse.json({ requireLogin: true }, { status: 200 });
return NextResponse.json(
{ requireLogin: true, hasPassword: true, setupComplete: true },
{ status: 200 }
);
}
}
+1 -1
View File
@@ -24,7 +24,7 @@ export default function LoginPage() {
const baseUrl = typeof window !== "undefined" ? window.location.origin : "";
try {
const res = await fetch(`${baseUrl}/api/settings`, {
const res = await fetch(`${baseUrl}/api/settings/require-login`, {
signal: controller.signal,
});
clearTimeout(timeoutId);