Right now every endpoint except for /login redirects to index.html which tries to auth the user, and redirects them to /login if it can't find a saved session. But there are more views than just /login that shouldn't require a session. For example, right now when the user tries to create a new account, they are immediately redirected by the login script, but you shouldn't have to log in to create an account.
Proposed solution: replace views.js with two files: public-views.js and private-views.js. Redirect public views like login, create account, etc to public-views which then renders the proper template, and redirect everything else to private-views.js, which performs an auth and then renders the appropriate template.
Right now every endpoint except for
/loginredirects toindex.htmlwhich tries to auth the user, and redirects them to/loginif it can't find a saved session. But there are more views than just/loginthat shouldn't require a session. For example, right now when the user tries to create a new account, they are immediately redirected by the login script, but you shouldn't have to log in to create an account.Proposed solution: replace
views.jswith two files:public-views.jsandprivate-views.js. Redirect public views like login, create account, etc topublic-viewswhich then renders the proper template, and redirect everything else toprivate-views.js, which performs an auth and then renders the appropriate template.