fix(web): preserve next on 401, validate redirect target, catch navigation rejections

This commit is contained in:
2026-04-29 10:16:07 +08:00
parent 9d93bcd24b
commit 9e3b745da3
3 changed files with 9 additions and 6 deletions
+4 -2
View File
@@ -40,8 +40,10 @@ async function onSubmit() {
try {
const out = await authApi.login(email.value, password.value)
auth.setSession(out.token, out.user)
const next = (router.currentRoute.value.query.next as string) || '/'
await router.replace(next)
const raw = router.currentRoute.value.query.next
const next =
typeof raw === 'string' && raw.startsWith('/') && !raw.startsWith('//') ? raw : '/'
await router.replace(next).catch(() => {})
} catch (e) {
error.value = e instanceof ApiException ? e.body.message : '登录失败'
} finally {