From 97958498305e420cba6fa79e9556437a9e388841 Mon Sep 17 00:00:00 2001
From: trafficlunar <hello@trafficlunar.net>
Date: Fri, 17 Apr 2026 18:34:56 +0100
Subject: [PATCH] fix: prevent people from going to login and submit without
 sufficient session

also fix build errors for the 1000th time
---
 frontend/src/pages/login.tsx  |  6 ++----
 frontend/src/pages/out.tsx    | 17 +++++++++++++----
 frontend/src/pages/submit.tsx |  6 ++----
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/frontend/src/pages/login.tsx b/frontend/src/pages/login.tsx
index 12c3c7a..4f2bd5b 100644
--- a/frontend/src/pages/login.tsx
+++ b/frontend/src/pages/login.tsx
@@ -1,13 +1,11 @@
 import { Icon } from "@iconify/react";
 import { useStore } from "@nanostores/react";
-import { Link, useNavigate } from "react-router";
+import { Link, Navigate } from "react-router";
 import { session } from "../session";
 
 export default function LoginPage() {
-	const navigate = useNavigate();
 	const $session = useStore(session);
-
-	if ($session) navigate("/");
+	if ($session) return <Navigate to="/" replace />;
 
 	const API_URL = import.meta.env.VITE_API_URL;
 
diff --git a/frontend/src/pages/out.tsx b/frontend/src/pages/out.tsx
index 16f85dc..f8004dd 100644
--- a/frontend/src/pages/out.tsx
+++ b/frontend/src/pages/out.tsx
@@ -6,20 +6,29 @@ export default function LinkOutPage() {
 	const [searchParams] = useSearchParams();
 	const url = searchParams.get("url");
 
-	if (!url || Array.isArray(url)) navigate("/");
+	if (!url) {
+		navigate("/");
+		return null;
+	}
 
 	let parsed: URL;
 	try {
 		parsed = new URL(url);
 	} catch {
 		navigate("/"); // redirect if URL is invalid
+		return null;
 	}
 
-	// Next.js doesn't allow attacks like these but you can never be too safe
-	if (!["http:", "https:"].includes(parsed.protocol)) navigate("/");
+	if (!["http:", "https:"].includes(parsed.protocol)) {
+		navigate("/");
+		return null;
+	}
 
 	const isSafe = Array.from(SAFE_LINKS).some((domain) => parsed.hostname === domain || parsed.hostname.endsWith(`.${domain}`));
-	if (isSafe) navigate(url);
+	if (isSafe) {
+		navigate(url);
+		return null;
+	}
 
 	return (
 		<div className="grow flex items-center justify-center">
diff --git a/frontend/src/pages/submit.tsx b/frontend/src/pages/submit.tsx
index 95926ab..170e1b7 100644
--- a/frontend/src/pages/submit.tsx
+++ b/frontend/src/pages/submit.tsx
@@ -1,12 +1,10 @@
 import { useStore } from "@nanostores/react";
 import SubmitForm from "../components/submit-form";
 import { session } from "../session";
-import { useNavigate } from "react-router";
+import { Navigate } from "react-router";
 
 export default function SubmitPage() {
-	const navigate = useNavigate();
 	const $session = useStore(session);
-
-	if (!$session) navigate("/login");
+	if (!$session) return <Navigate to="/login" replace />;
 	return <SubmitForm />;
 }