Todd/gate-quote
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SPA auth: serve app without auth, protect API only

Browse Source
This commit is contained in:
Todd
2026-05-24 15:29:14 -04:00
parent 3dc8d54f97
commit 9147cdb373
1 changed files with 3 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/index.js
View File

@ -80,19 +80,11 @@ app.get('/api/pricing/:category', requireAuth, (req, res) => {
res.status(400).json({ error: `Invalid category. Use: ${validCategories.join(', ')}` });
});
// Serve static files with auth protection
// Serve static files (SPA loads without auth — auth is API-only)
const clientDist = path.join(__dirname, '..', 'client', 'dist');
if (fs.existsSync(clientDist)) {
// Allow unauthenticated access to login page assets and auth endpoints
app.use('/assets', express.static(path.join(clientDist, 'assets')));
// Login page is always accessible
app.get('/login', (req, res) => {
res.sendFile(path.join(clientDist, 'index.html'));
});
// All other routes require auth
app.get('*', requireAuth, (req, res) => {
app.use(express.static(clientDist));
app.get('*', (req, res) => {
res.sendFile(path.join(clientDist, 'index.html'));
});
}