Right now every endpoint except for /login redirects to index.html which tries to auth the user, and redirects them to /login if it can't find a saved session. But there are more views than just /login that shouldn't require a session. For example, right now when the user tries to create a new account, they are immediately redirected by the login script, but you shouldn't have to log in to create an account.
Proposed solution: replace views.js with two files: public-views.js and private-views.js. Redirect public views like login, create account, etc to public-views which then renders the proper template, and redirect everything else to private-views.js, which performs an auth and then renders the appropriate template.
Right now every endpoint except for
/login
redirects toindex.html
which tries to auth the user, and redirects them to/login
if it can't find a saved session. But there are more views than just/login
that shouldn't require a session. For example, right now when the user tries to create a new account, they are immediately redirected by the login script, but you shouldn't have to log in to create an account.Proposed solution: replace
views.js
with two files:public-views.js
andprivate-views.js
. Redirect public views like login, create account, etc topublic-views
which then renders the proper template, and redirect everything else toprivate-views.js
, which performs an auth and then renders the appropriate template.