fix(auth): resolve redirect loop on index and double encoding issue Detailed analysis: 401 error in handleAuthFailure was forcing redirect even on public routes. Also cleaned up redundant encodeURIComponent in proxy.ts.

[xun082]

PR 描述

PR 类型

• 🐛 Bug 修复
• ✨ 新功能
• 💄 UI/UX 改进
• ♻️ 重构
• 🚀 性能优化
• 📝 文档更新
• 🔄 其他

Issue 关联

Closes #

其他信息

[netlify]

❌ Deploy Preview for ornate-blancmange-89db6b failed. Why did it fail? →

Name	Link
🔨 Latest commit	e666441
🔍 Latest deploy log	https://app.netlify.com/projects/ornate-blancmange-89db6b/deploys/69bb44159fba7d0008061f78

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the application's authentication flow by resolving an infinite redirect loop on public routes and fixing a double encoding issue in redirect URLs. The changes refine how the authentication proxy and client-side failure handling interact with public and protected paths, leading to a more robust and user-friendly authentication experience.

Highlights

• Redirect Loop Resolution: Addressed an infinite redirect loop that occurred on public routes by ensuring the authentication failure handler and proxy middleware correctly identify and bypass authentication for these paths.
• Double Encoding Fix: Eliminated redundant encodeURIComponent calls in both the proxy middleware and the client-side authentication failure handler, preventing issues like %252F in redirect URLs.
• Public Route Handling: Introduced a PUBLIC_ROUTES constant and isPublicRoute helper to explicitly define and check for routes that do not require authentication, allowing them to pass through the proxy without token validation or redirects.
• Authentication Cookie Refinement: Simplified the AUTH_COOKIES constant by removing REFRESH_TOKEN and REFRESH_EXPIRES_IN, and streamlined the clearAuthCookies function.
• Middleware Configuration Update: Updated the config.matcher in proxy.ts to clearly specify protected routes while implicitly excluding public ones, and added /rooms/:path* to the protected list.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

本次 PR 旨在修复公共页面上的重定向循环以及一个重复编码的问题。proxy.ts 中的修改通过识别公共路由避免了不必要的认证跳转。client.ts 中也应用了类似逻辑。我发现识别公共路由的逻辑在 proxy.ts 和 client.ts 中存在重复，这可能导致不一致性。我已在相关代码处添加了具体的重构建议。

[gemini-code-assist]

这部分用于判断公共路径的逻辑与 apps/DocFlow/src/proxy.ts 中的 isPublicRoute 函数存在重复。

代码重复会增加维护成本，并且两边的逻辑存在不一致：

1. proxy.ts 中的逻辑更完整，它通过 PUBLIC_ROUTES 集合处理了像 /blog 和 /share 这样的精确匹配路径，而此处的逻辑只处理了带斜杠的子路径前缀（例如 /blog/），可能会漏掉对 /blog 页面的判断。
2. 未来如果需要修改公共路径的定义，需要在两个地方同步修改，容易遗漏。

建议：
将 proxy.ts 中的 PUBLIC_ROUTES 常量和 isPublicRoute 函数提取到一个公共的、与 Edge runtime 兼容的文件中（例如 src/utils/routes.ts 或 src/utils/auth.ts），然后在 proxy.ts 和 client.ts 中都导入并使用这个共享函数。

这样可以确保逻辑统一，并简化未来的维护工作。例如，在 client.ts 中可以这样使用：

import { isPublicRoute } from '@/utils/routes'; // 假设的路径

// ... in handleAuthFailure()
if (isPublicRoute(pathname)) return;