From 2b947049161a3e96f5a6b6859d20da709c5c9216 Mon Sep 17 00:00:00 2001
From: Cory McWilliams <cory@unprompted.com>
Date: Mon, 11 Sep 2023 16:52:17 +0000
Subject: [PATCH] If a user visiting /login is already authenticated, bounce
 them away.  This is me trying to avoid hassle for people who bookmarked the
 login page.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4458 ed5197a5-7fde-0310-b194-c3ffbd925b24
---
 core/auth.js | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/core/auth.js b/core/auth.js
index d8ecac1c..69e12f06 100644
--- a/core/auth.js
+++ b/core/auth.js
@@ -116,12 +116,20 @@ function getCookies(headers) {
 function handler(request, response) {
 	let session = getCookies(request.headers).session;
 	if (request.uri == "/login") {
+		let formData = form.decodeForm(request.query);
+		if (query(request.headers)?.permissions?.authenticated) {
+			if (formData.return) {
+				response.writeHead(303, {"Location": formData.return});
+			} else {
+				response.writeHead(303, {"Location": (request.client.tls ? 'https://' : 'http://') + request.headers.host + '/', "Content-Length": "0"});
+			}
+			response.end();
+			return;
+		}
+
 		let sessionIsNew = false;
 		let loginError;
 
-		let formData = form.decodeForm(request.query);
-
-		print(request.method, utf8Decode(request.body), JSON.stringify(formData));
 		if (request.method == "POST" || formData.submit) {
 			sessionIsNew = true;
 			formData = form.decodeForm(utf8Decode(request.body), formData);