From adbb73484b215b56262b55d7c6f829f54e7c3d6e Mon Sep 17 00:00:00 2001
From: JoblersTune <sarah@interledger.org>
Date: Thu, 22 Aug 2024 12:44:34 +0200
Subject: [PATCH] chore: added clarity to the redirect functionality

---
 packages/frontend/app/lib/envConfig.server.ts |  1 -
 .../frontend/app/lib/kratos_checks.server.ts  | 45 +++++++++----------
 2 files changed, 22 insertions(+), 24 deletions(-)

diff --git a/packages/frontend/app/lib/envConfig.server.ts b/packages/frontend/app/lib/envConfig.server.ts
index 053526b0ad..8b55db2ead 100644
--- a/packages/frontend/app/lib/envConfig.server.ts
+++ b/packages/frontend/app/lib/envConfig.server.ts
@@ -9,7 +9,6 @@ const variables = {
 }
 
 if (variables.authEnabled) {
-  // Iterate over the other variables to ensure they have values
   Object.entries(variables).forEach(([key, value]) => {
     if (!value) {
       throw new Error(`Environment variable ${key} is missing`)
diff --git a/packages/frontend/app/lib/kratos_checks.server.ts b/packages/frontend/app/lib/kratos_checks.server.ts
index a31ff907a9..de89a26fbf 100644
--- a/packages/frontend/app/lib/kratos_checks.server.ts
+++ b/packages/frontend/app/lib/kratos_checks.server.ts
@@ -31,35 +31,34 @@ export async function checkAuthAndRedirect(
   url: string,
   cookieHeader?: string | null
 ) {
-  const isAuthPath = new URL(url).pathname.startsWith('/auth')
-  const isSettingsPage = new URL(url).pathname.includes('/settings')
-  const isLogoutPage = new URL(url).pathname.includes('/logout')
+  const { pathname } = new URL(url)
+  const isAuthPath = pathname.startsWith('/auth')
+  const isSettingsPage = pathname.includes('/settings')
+  const isLogoutPage = pathname.includes('/logout')
 
-  if (isAuthPath) {
-    if (!variables.authEnabled) {
+  if (!variables.authEnabled) {
+    // If auth is disabled users shouldn't accesses the auth path or Kratos settings pages
+    if (isAuthPath || isSettingsPage) {
       throw redirect('/')
     } else {
-      const loggedIn = await isLoggedIn(cookieHeader)
-      if (loggedIn) {
-        if(isLogoutPage) {
-          return
-        }
-        throw redirect('/')
-      }
       return
     }
+  }
+
+  // auth is enabled
+  const loggedIn = await isLoggedIn(cookieHeader)
+
+  // Logged-in users can access all pages except auth pages, with the exception of the manual logout page
+  if (loggedIn) {
+    if (isAuthPath && !isLogoutPage) {
+      throw redirect('/')
+    }
+    return
   } else {
-    if (!variables.authEnabled) {
-      if (isSettingsPage) {
-        throw redirect('/')
-      }
-      return
-    } else {
-      const loggedIn = await isLoggedIn(cookieHeader)
-      if (!loggedIn) {
-        throw redirect('/auth')
-      }
-      return
+    // Unauthenticated users can only access auth path pages
+    if (!isAuthPath) {
+      throw redirect('/auth')
     }
+    return
   }
 }