From ff9b74efeb2dedf58088dba3346b3145d200ca76 Mon Sep 17 00:00:00 2001
From: Yunlu Wen <wylswz@163.com>
Date: Tue, 21 Oct 2025 13:24:57 +0800
Subject: [PATCH 1/2] fix: remove login status api (#27177)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
---
 api/controllers/console/auth/login.py | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/api/controllers/console/auth/login.py b/api/controllers/console/auth/login.py
index 277f9a60a8..f371613bee 100644
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -29,8 +29,6 @@ from libs.token import (
     clear_access_token_from_cookie,
     clear_csrf_token_from_cookie,
     clear_refresh_token_from_cookie,
-    extract_access_token,
-    extract_csrf_token,
     set_access_token_to_cookie,
     set_csrf_token_to_cookie,
     set_refresh_token_to_cookie,
@@ -286,13 +284,3 @@ class RefreshTokenApi(Resource):
             return response
         except Exception as e:
             return {"result": "fail", "message": str(e)}, 401
-
-
-# this api helps frontend to check whether user is authenticated
-# TODO: remove in the future. frontend should redirect to login page by catching 401 status
-@console_ns.route("/login/status")
-class LoginStatus(Resource):
-    def get(self):
-        token = extract_access_token(request)
-        csrf_token = extract_csrf_token(request)
-        return {"logged_in": bool(token) and bool(csrf_token)}

From fb6f05c2676cbf19a7a9a09a3d971b0aef453fb3 Mon Sep 17 00:00:00 2001
From: Joel <iamjoel007@gmail.com>
Date: Tue, 21 Oct 2025 13:25:20 +0800
Subject: [PATCH 2/2] fix: infinite jump to login url (#27178)

---
 web/service/base.ts | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/web/service/base.ts b/web/service/base.ts
index 9f2b885cb4..fc9a649eec 100644
--- a/web/service/base.ts
+++ b/web/service/base.ts
@@ -114,6 +114,15 @@ export type IOtherOptions = {
   onDataSourceNodeError?: IOnDataSourceNodeError
 }
 
+function jumpTo(url: string) {
+  if(!url)
+    return
+  const targetPath = new URL(url, globalThis.location.origin).pathname
+  if(targetPath === globalThis.location.pathname)
+    return
+  globalThis.location.href = url
+}
+
 function unicodeToChar(text: string) {
   if (!text)
     return ''
@@ -576,11 +585,11 @@ export const request = async<T>(url: string, options = {}, otherOptions?: IOther
         return Promise.reject(err)
       }
       if (code === 'not_init_validated' && IS_CE_EDITION) {
-        globalThis.location.href = `${globalThis.location.origin}${basePath}/init`
+        jumpTo(`${globalThis.location.origin}${basePath}/init`)
         return Promise.reject(err)
       }
       if (code === 'not_setup' && IS_CE_EDITION) {
-        globalThis.location.href = `${globalThis.location.origin}${basePath}/install`
+        jumpTo(`${globalThis.location.origin}${basePath}/install`)
         return Promise.reject(err)
       }
 
@@ -589,15 +598,14 @@ export const request = async<T>(url: string, options = {}, otherOptions?: IOther
       if (refreshErr === null)
         return baseFetch<T>(url, options, otherOptionsForBaseFetch)
       if (location.pathname !== `${basePath}/signin` || !IS_CE_EDITION) {
-        globalThis.location.href = loginUrl
+        jumpTo(loginUrl)
         return Promise.reject(err)
       }
       if (!silent) {
         Toast.notify({ type: 'error', message })
         return Promise.reject(err)
       }
-      if (globalThis.location.href !== loginUrl)
-        globalThis.location.href = loginUrl
+      jumpTo(loginUrl)
       return Promise.reject(err)
     }
     else {