fix: Redirect to clients paywall only if logged in (#4386)

When an instance has more connected OAuth clients than their current plan and options allows them to, we redirect them to a paywall from any web app except the Settings app (because it allows disconnecting clients). However, if the user is not logged in, the paywall will return an unauthorized error. Therefore, we'll make sure the redirection to the paywall only occurs when the user is logged in (we don't duplicate the logic to redirect them to the login page in the paywall middleware).
cozy · Apr 23, 2024 · 820a931 · 820a931
2 parents 5f3c93e + 6f9628c
commit 820a931
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/web/apps/serve.go b/web/apps/serve.go
@@ -69,12 +69,6 @@ func Serve(c echo.Context) error {
 	}
 
 	if file == "" || file == route.Index {
-		if !route.Public {
-			if handled, err := middlewares.CheckOAuthClientsLimitExceeded(c); handled {
-				return err
-			}
-		}
-
 		webapp = app.DoLazyUpdate(i, webapp, app.Copier(consts.WebappType, i), i.Registries()).(*app.WebappManifest)
 	}
 
@@ -313,6 +307,14 @@ func ServeAppFile(c echo.Context, i *instance.Instance, fs appfs.FileServer, web
 	sessID := ""
 	if isLoggedIn {
 		sessID = sess.ID()
+
+		if file == "" || file == route.Index {
+			if !route.Public {
+				if handled, err := middlewares.CheckOAuthClientsLimitExceeded(c); handled {
+					return err
+				}
+			}
+		}
 	}
 	params := buildServeParams(c, i, webapp, isLoggedIn, sessID)