feat(login): redirect back to original page after logging in

2025-09-30 19:22:11 +00:00 · 2025-09-25 22:07:53 -04:00 · 2025-09-25 22:07:53 -04:00 · 5ffbf53eaf
commit 5ffbf53eaf
parent 5fa0709663
4 changed files with 19 additions and 1 deletions
--- a/internal/template/templates/views/login.html
+++ b/internal/template/templates/views/login.html
@ -8,6 +8,7 @@
    {{ if not disableLocalAuth }}
    <form action="{{ route "checkLogin" }}" method="post">
        <input type="hidden" name="csrf" value="{{ .csrf }}">
+        <input type="hidden" name="redirect_url" value="{{ .redirectURL }}">

        {{ if .errorMessage }}
            <div role="alert" class="alert alert-error">{{ .errorMessage }}</div>
--- a/internal/ui/login_check.go
+++ b/internal/ui/login_check.go
@ -6,6 +6,7 @@ package ui // import "miniflux.app/v2/internal/ui"
 import (
 	"log/slog"
 	"net/http"
+	"net/url"

 	"miniflux.app/v2/internal/config"
 	"miniflux.app/v2/internal/http/cookie"
@ -22,6 +23,8 @@ func (h *handler) checkLogin(w http.ResponseWriter, r *http.Request) {
 	clientIP := request.ClientIP(r)
 	sess := session.New(h.store, request.SessionID(r))
 	view := view.New(h.tpl, r, sess)
+	redirectURL := r.FormValue("redirect_url")
+	view.Set("redirectURL", redirectURL)

 	if config.Opts.DisableLocalAuth() {
 		slog.Warn("blocking local auth login attempt, local auth is disabled",
@ -93,5 +96,12 @@ func (h *handler) checkLogin(w http.ResponseWriter, r *http.Request) {
 		config.Opts.BasePath(),
 	))

+	if redirectURL != "" {
+		if parsedURL, err := url.Parse(redirectURL); err == nil && !parsedURL.IsAbs() {
+			html.Redirect(w, r, redirectURL)
+			return
+		}
+	}
+
 	html.Redirect(w, r, route.Path(h.router, user.DefaultHomePage))
 }
--- a/internal/ui/login_show.go
+++ b/internal/ui/login_show.go
@ -27,5 +27,7 @@ func (h *handler) showLoginPage(w http.ResponseWriter, r *http.Request) {

 	sess := session.New(h.store, request.SessionID(r))
 	view := view.New(h.tpl, r, sess)
+	redirectURL := request.QueryStringParam(r, "redirect_url", "")
+	view.Set("redirectURL", redirectURL)
 	html.OK(w, r, view.Render("login"))
 }
--- a/internal/ui/middleware.go
+++ b/internal/ui/middleware.go
@ -8,6 +8,7 @@ import (
 	"errors"
 	"log/slog"
 	"net/http"
+	"net/url"

 	"miniflux.app/v2/internal/config"
 	"miniflux.app/v2/internal/crypto"
@ -42,7 +43,11 @@ func (m *middleware) handleUserSession(next http.Handler) http.Handler {
 				slog.Debug("Redirecting to login page because no user session has been found",
 					slog.String("url", r.RequestURI),
 				)
-				html.Redirect(w, r, route.Path(m.router, "login"))
+				loginURL, _ := url.Parse(route.Path(m.router, "login"))
+				values := loginURL.Query()
+				values.Set("redirect_url", r.RequestURI)
+				loginURL.RawQuery = values.Encode()
+				html.Redirect(w, r, loginURL.String())
 			}
 		} else {
 			slog.Debug("User session found",