diff options
| author | Mohamed Bassem <me@mbassem.com> | 2025-12-20 11:11:46 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-12-20 11:11:46 +0000 |
| commit | e53f3ae528ca189f6d6b29baee0e04da147614f2 (patch) | |
| tree | b85b70cae0d384530c9478ee974c3d6d3dffc49b /apps/web/app/settings | |
| parent | 92e352f3f6b5e3be29667aad29a88769f1483564 (diff) | |
| download | karakeep-e53f3ae528ca189f6d6b29baee0e04da147614f2.tar.zst | |
fix: add authentication checks to settings layout (#2274)
The settings layout was missing authentication checks, causing server
errors when unauthenticated users tried to access any settings page.
This fix adds:
- Session verification via getServerAuthSession()
- Redirect to "/" if no session exists
- Proper error handling with tryCatch wrapper
- Redirect to "/logout" for NOT_FOUND or UNAUTHORIZED errors
This brings the settings layout in line with the auth patterns used
in dashboard, admin, and reader layouts.
Fixes #2242
Co-authored-by: Claude <noreply@anthropic.com>
Diffstat (limited to 'apps/web/app/settings')
| -rw-r--r-- | apps/web/app/settings/layout.tsx | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/apps/web/app/settings/layout.tsx b/apps/web/app/settings/layout.tsx index 0124becf..8d211e53 100644 --- a/apps/web/app/settings/layout.tsx +++ b/apps/web/app/settings/layout.tsx @@ -1,9 +1,12 @@ +import { redirect } from "next/navigation"; import MobileSidebar from "@/components/shared/sidebar/MobileSidebar"; import Sidebar from "@/components/shared/sidebar/Sidebar"; import SidebarLayout from "@/components/shared/sidebar/SidebarLayout"; import { ReaderSettingsProvider } from "@/lib/readerSettings"; import { UserSettingsContextProvider } from "@/lib/userSettings"; import { api } from "@/server/api/client"; +import { getServerAuthSession } from "@/server/auth"; +import { TRPCError } from "@trpc/server"; import { TFunction } from "i18next"; import { ArrowLeft, @@ -22,6 +25,7 @@ import { } from "lucide-react"; import serverConfig from "@karakeep/shared/config"; +import { tryCatch } from "@karakeep/shared/tryCatch"; const settingsSidebarItems = ( t: TFunction, @@ -112,9 +116,27 @@ export default async function SettingsLayout({ }: Readonly<{ children: React.ReactNode; }>) { - const userSettings = await api.users.settings(); + const session = await getServerAuthSession(); + if (!session) { + redirect("/"); + } + + const userSettings = await tryCatch(api.users.settings()); + + if (userSettings.error) { + if (userSettings.error instanceof TRPCError) { + if ( + userSettings.error.code === "NOT_FOUND" || + userSettings.error.code === "UNAUTHORIZED" + ) { + redirect("/logout"); + } + } + throw userSettings.error; + } + return ( - <UserSettingsContextProvider userSettings={userSettings}> + <UserSettingsContextProvider userSettings={userSettings.data}> <ReaderSettingsProvider> <SidebarLayout sidebar={<Sidebar items={settingsSidebarItems} />} |