customable/claude-mem
1
0
Fork 0
Code Issues 1 Pull requests 5 Projects Releases 163 Packages 2 Wiki Activity Actions

fix: allow unauthenticated access to /login page #86

Merged
jonas.hanisch merged 1 commit from fix/login-page-json-response into main 2026-01-22 19:12:14 +00:00
Conversation 0 Commits 1 Files changed 3 +14 -5
jack commented 2026-01-22 19:08:49 +00:00
Owner
Copy link

Summary

  • Fix redirect loop when accessing /login without authentication
  • Only enable auth middleware when BOTH non-localhost bind AND token configured
  • Allow /login and /api/auth/* paths to bypass auth checks
  • Log warning when network access is enabled without authentication

Problem

When binding to a non-localhost address without a remote token configured:

  1. User visits / → redirected to /login
  2. Login page redirects to / (no auth configured)
  3. Infinite redirect loop

Solution

  • Auth middleware now only activates when both conditions are met:
    • Bind address is not localhost
    • CLAUDE_MEM_REMOTE_TOKEN is configured
  • If network access without auth, log warning but allow access

Test plan

  • Network access without token: works without login
  • Network access with token: login page loads correctly
  • Localhost access: always works

🤖 Generated with Claude Code

## Summary - Fix redirect loop when accessing `/login` without authentication - Only enable auth middleware when BOTH non-localhost bind AND token configured - Allow `/login` and `/api/auth/*` paths to bypass auth checks - Log warning when network access is enabled without authentication ## Problem When binding to a non-localhost address without a remote token configured: 1. User visits `/` → redirected to `/login` 2. Login page redirects to `/` (no auth configured) 3. Infinite redirect loop ## Solution - Auth middleware now only activates when **both** conditions are met: - Bind address is not localhost - `CLAUDE_MEM_REMOTE_TOKEN` is configured - If network access without auth, log warning but allow access ## Test plan - [x] Network access without token: works without login - [x] Network access with token: login page loads correctly - [x] Localhost access: always works 🤖 Generated with [Claude Code](https://claude.com/claude-code)
fix: allow unauthenticated access to /login page
All checks were successful
CI / build (pull_request) Successful in 21s
Details
CI / validate-plugin (pull_request) Successful in 2s
Details
88c7787ebe 
The auth middleware was blocking access to /login for remote users,
returning JSON instead of the login HTML page.

Changes:
- Allow /login and /api/auth/* paths before auth checks
- Only enable auth middleware when BOTH non-localhost bind AND token configured
- Log warning when network access enabled without authentication

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
jonas.hanisch force-pushed fix/login-page-json-response from 88c7787ebe
All checks were successful
CI / build (pull_request) Successful in 21s
Details
CI / validate-plugin (pull_request) Successful in 2s
Details
to 5b653970b9
All checks were successful
CI / build (pull_request) Successful in 21s
Details
CI / validate-plugin (pull_request) Successful in 2s
Details
2026-01-22 19:11:38 +00:00 Compare
jonas.hanisch deleted branch fix/login-page-json-response 2026-01-22 19:12:14 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
good first issue

Good for newcomers

  
has-pr

Issue has an associated pull request

  
help wanted

Community contributions welcome

  
idea

Idea or concept - not yet ready for implementation

  
priority
critical
Urgent issue requiring immediate attention

  
priority
high
High priority issue

  
priority
low
Low priority issue

  
priority
medium
Medium priority issue

  
status
blocked
Blocked by external dependency

  
status
in-progress
Currently being worked on

  
status
needs-review
Awaiting code review

  
status
ready
Ready to be worked on

  
type
bug
Something isn't working

  
type
docs
Documentation improvements

  
type
enhancement
Improvement to existing functionality

  
type
feature
New feature or request

  
type
refactor
Code refactoring without functional changes

No labels
good first issue
has-pr
help wanted
idea
priority
critical
priority
high
priority
low
priority
medium
status
blocked
status
in-progress
status
needs-review
status
ready
type
bug
type
docs
type
enhancement
type
feature
type
refactor
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
customable/claude-mem!86
No description provided.