fix(server): add missing return after error responses (#2150)

Lanfei · web-flow · commit 9a2ba1dabe3a · 2026-03-16T22:22:55.000+08:00
In BeginAuthnRegistration (webauthn.go), missing return statements after
error responses caused the function to continue executing with a nil
authnInstance, potentially leading to a nil pointer panic.

In OIDCLoginCallback and SSOLoginCallback (ssologin.go), missing return
statements after GenerateToken/autoRegister errors caused the handler to
send a second response, resulting in a superfluous response write.

In SetThunderBrowser (offline_download.go), the default case of the
storage type switch sent an error response but did not return, causing
SaveSettingItems and tool initialization to continue executing even when
driver type validation failed.
diff --git a/server/handles/offline_download.go b/server/handles/offline_download.go
@@ -448,6 +448,7 @@ func SetThunderBrowser(c *gin.Context) {
 		case *thunder_browser.ThunderBrowser, *thunder_browser.ThunderBrowserExpert:
 		default:
 			common.ErrorStrResp(c, "unsupported storage driver for offline download, only ThunderBrowser is supported", 400)
+			return
 		}
 	}
 	items := []model.SettingItem{
diff --git a/server/handles/ssologin.go b/server/handles/ssologin.go
@@ -256,11 +256,13 @@ func OIDCLoginCallback(c *gin.Context) {
 			user, err = autoRegister(userID, userID, err)
 			if err != nil {
 				common.ErrorResp(c, err, 400)
+				return
 			}
 		}
 		token, err := common.GenerateToken(user)
 		if err != nil {
 			common.ErrorResp(c, err, 400)
+			return
 		}
 		if useCompatibility {
 			c.Redirect(302, common.GetApiUrl(c)+"/@login?token="+token)
@@ -427,6 +429,7 @@ func SSOLoginCallback(c *gin.Context) {
 	token, err := common.GenerateToken(user)
 	if err != nil {
 		common.ErrorResp(c, err, 400)
+		return
 	}
 	if usecompatibility {
 		c.Redirect(302, common.GetApiUrl(c)+"/@login?token="+token)
diff --git a/server/handles/webauthn.go b/server/handles/webauthn.go
@@ -130,17 +130,20 @@ func BeginAuthnRegistration(c *gin.Context) {
 	authnInstance, err := authn.NewAuthnInstance(c)
 	if err != nil {
 		common.ErrorResp(c, err, 400)
+		return
 	}
 
 	options, sessionData, err := authnInstance.BeginRegistration(user)
 
 	if err != nil {
 		common.ErrorResp(c, err, 400)
+		return
 	}
 
 	val, err := json.Marshal(sessionData)
 	if err != nil {
 		common.ErrorResp(c, err, 400)
+		return
 	}
 
 	common.SuccessResp(c, gin.H{

Original file line number	Diff line number	Diff line change
`@@ -448,6 +448,7 @@ func SetThunderBrowser(c *gin.Context) {`
`448`	`448`	`case thunder_browser.ThunderBrowser, thunder_browser.ThunderBrowserExpert:`
`449`	`449`	`default:`
`450`	`450`	`common.ErrorStrResp(c, "unsupported storage driver for offline download, only ThunderBrowser is supported", 400)`
	`451`	`+ return`
`451`	`452`	`}`
`452`	`453`	`}`
`453`	`454`	`items := []model.SettingItem{`
Original file line number	Diff line number	Diff line change
`@@ -256,11 +256,13 @@ func OIDCLoginCallback(c *gin.Context) {`
`256`	`256`	`user, err = autoRegister(userID, userID, err)`
`257`	`257`	`if err != nil {`
`258`	`258`	`common.ErrorResp(c, err, 400)`
	`259`	`+ return`
`259`	`260`	`}`
`260`	`261`	`}`
`261`	`262`	`token, err := common.GenerateToken(user)`
`262`	`263`	`if err != nil {`
`263`	`264`	`common.ErrorResp(c, err, 400)`
	`265`	`+ return`
`264`	`266`	`}`
`265`	`267`	`if useCompatibility {`
`266`	`268`	`c.Redirect(302, common.GetApiUrl(c)+"/@login?token="+token)`
`@@ -427,6 +429,7 @@ func SSOLoginCallback(c *gin.Context) {`
`427`	`429`	`token, err := common.GenerateToken(user)`
`428`	`430`	`if err != nil {`
`429`	`431`	`common.ErrorResp(c, err, 400)`
	`432`	`+ return`
`430`	`433`	`}`
`431`	`434`	`if usecompatibility {`
`432`	`435`	`c.Redirect(302, common.GetApiUrl(c)+"/@login?token="+token)`
Original file line number	Diff line number	Diff line change
`@@ -130,17 +130,20 @@ func BeginAuthnRegistration(c *gin.Context) {`
`130`	`130`	`authnInstance, err := authn.NewAuthnInstance(c)`
`131`	`131`	`if err != nil {`
`132`	`132`	`common.ErrorResp(c, err, 400)`
	`133`	`+ return`
`133`	`134`	`}`
`134`	`135`
`135`	`136`	`options, sessionData, err := authnInstance.BeginRegistration(user)`
`136`	`137`
`137`	`138`	`if err != nil {`
`138`	`139`	`common.ErrorResp(c, err, 400)`
	`140`	`+ return`
`139`	`141`	`}`
`140`	`142`
`141`	`143`	`val, err := json.Marshal(sessionData)`
`142`	`144`	`if err != nil {`
`143`	`145`	`common.ErrorResp(c, err, 400)`
	`146`	`+ return`
`144`	`147`	`}`
`145`	`148`
`146`	`149`	`common.SuccessResp(c, gin.H{`