🐛 When not logged in, access to the backend interface is not allowed #1476

Author: Phinease

frontend/app/[locale]/chat/page.tsx

@@ -1,6 +1,7 @@
 "use client";
 
 import { useEffect } from "react";
+import { useAuth } from "@/hooks/useAuth";
 
 import { useConfig } from "@/hooks/useConfig";
 import { configService } from "@/services/configService";
@@ -9,6 +10,7 @@ import { ChatInterface } from "./internal/chatInterface";
 
 export default function ChatPage() {
   const { appConfig } = useConfig();
+  const { user, isLoading: userLoading, openLoginModal, isSpeedMode } = useAuth();
 
   useEffect(() => {
     // Load config from backend when entering chat page
@@ -19,6 +21,18 @@ export default function ChatPage() {
     }
   }, [appConfig.appName]);
 
+  // Require login on chat page when unauthenticated (full mode only)
+  useEffect(() => {
+    if (!isSpeedMode && !userLoading && !user) {
+      openLoginModal();
+    }
+  }, [isSpeedMode, user, userLoading, openLoginModal]);
+
+  // Avoid rendering and backend calls when unauthenticated (full mode only)
+  if (!isSpeedMode && (!user || userLoading)) {
+    return null;
+  }
+
   return (
     <div className="flex h-screen flex-col">
       <ChatInterface />

frontend/app/[locale]/setup/agents/page.tsx

@@ -23,7 +23,7 @@ export default function AgentSetupPage() {
   const { message } = App.useApp();
   const router = useRouter();
   const { t } = useTranslation();
-  const { user, isLoading: userLoading } = useAuth();
+  const { user, isLoading: userLoading, isSpeedMode, openLoginModal } = useAuth();
 
   const [connectionStatus, setConnectionStatus] = useState<ConnectionStatus>(
     CONNECTION_STATUS.PROCESSING
@@ -33,22 +33,24 @@ export default function AgentSetupPage() {
 
   // Check login status and permission
   useEffect(() => {
-    if (!userLoading && !user) {
-      router.push("/");
+    if (!isSpeedMode && !userLoading && !user) {
+      openLoginModal();
       return;
     }
 
-    // Only admin users can access this page
-    if (user && user.role !== USER_ROLES.ADMIN) {
+    // Only admin users can access this page (full mode)
+    if (!isSpeedMode && user && user.role !== USER_ROLES.ADMIN) {
       router.push("/setup/knowledges");
       return;
     }
-  }, [user, userLoading, router]);
+  }, [isSpeedMode, user, userLoading, router, openLoginModal]);
 
   // Check the connection status when the page is initialized
   useEffect(() => {
-    checkModelEngineConnection();
-  }, []);
+    if (isSpeedMode || (user && !userLoading)) {
+      checkModelEngineConnection();
+    }
+  }, [isSpeedMode, user, userLoading]);
 
   // Function to check the ModelEngine connection status
   const checkModelEngineConnection = async () => {

frontend/app/[locale]/setup/knowledges/page.tsx

@@ -25,7 +25,7 @@ export default function KnowledgeSetupPage() {
   const { message } = App.useApp();
   const router = useRouter();
   const { t } = useTranslation();
-  const { user, isLoading: userLoading } = useAuth();
+  const { user, isLoading: userLoading, isSpeedMode, openLoginModal } = useAuth();
 
   const [connectionStatus, setConnectionStatus] = useState<ConnectionStatus>(
     CONNECTION_STATUS.PROCESSING
@@ -35,14 +35,15 @@ export default function KnowledgeSetupPage() {
 
   // Check login status and permission
   useEffect(() => {
-    if (!userLoading && !user) {
-      router.push("/");
+    if (!isSpeedMode && !userLoading && !user) {
+      openLoginModal();
       return;
     }
-  }, [user, userLoading, router]);
+  }, [isSpeedMode, user, userLoading, openLoginModal]);
 
   // Check the connection status when the page is initialized
   useEffect(() => {
+    if (!(isSpeedMode || user)) return;
     checkModelEngineConnection();
 
     // Trigger knowledge base data acquisition when the page is initialized
@@ -54,7 +55,7 @@ export default function KnowledgeSetupPage() {
 
     // Load config for normal user
     const loadConfigForNormalUser = async () => {
-      if (user && user.role !== USER_ROLES.ADMIN) {
+      if (!isSpeedMode && user && user.role !== USER_ROLES.ADMIN) {
         try {
           await configService.loadConfigToFrontend();
           configStore.reloadFromStorage();
@@ -65,7 +66,7 @@ export default function KnowledgeSetupPage() {
     };
 
     loadConfigForNormalUser();
-  }, [user]);
+  }, [isSpeedMode, user]);
 
   // Function to check the ModelEngine connection status
   const checkModelEngineConnection = async () => {

frontend/app/[locale]/setup/models/page.tsx

@@ -27,7 +27,7 @@ export default function ModelSetupPage() {
   const { message } = App.useApp();
   const router = useRouter();
   const { t } = useTranslation();
-  const { user, isLoading: userLoading } = useAuth();
+  const { user, isLoading: userLoading, isSpeedMode, openLoginModal } = useAuth();
 
   const [connectionStatus, setConnectionStatus] = useState<ConnectionStatus>(
     CONNECTION_STATUS.PROCESSING
@@ -47,16 +47,18 @@ export default function ModelSetupPage() {
 
   // Check login status and permission
   useEffect(() => {
-    if (!userLoading && !user) {
-      router.push("/");
+    if (!isSpeedMode && !userLoading && !user) {
+      openLoginModal();
       return;
     }
-  }, [user, userLoading, router]);
+  }, [isSpeedMode, user, userLoading, openLoginModal]);
 
   // Check the connection status when the page is initialized
   useEffect(() => {
-    checkModelEngineConnection();
-  }, []);
+    if (isSpeedMode || (user && !userLoading)) {
+      checkModelEngineConnection();
+    }
+  }, [isSpeedMode, user, userLoading]);
 
   // Function to check the ModelEngine connection status
   const checkModelEngineConnection = async () => {

frontend/components/auth/sessionListeners.tsx

@@ -78,8 +78,9 @@ export function SessionListeners() {
     };
   }, []);
 
-  // Listen for session expiration events
+  // Listen for session expiration events (skip in speed mode)
   useEffect(() => {
+    if (isSpeedMode) return;
     const handleSessionExpired = (event: CustomEvent) => {
       // Directly call the wrapper function
       showSessionExpiredModal();
@@ -99,7 +100,7 @@ export function SessionListeners() {
       );
     };
     // Remove confirm from dependency array to avoid duplicate registration due to function reference changes
-  }, [router, pathname, openLoginModal, setIsFromSessionExpired, modal]);
+  }, [router, pathname, openLoginModal, setIsFromSessionExpired, modal, isSpeedMode]);
 
   // When component first mounts, if no local session is found, show modal immediately
   useEffect(() => {

frontend/hooks/useAuth.ts

@@ -57,11 +57,7 @@ export function AuthProvider({ children }: { children: (value: AuthContextType)
         const version = data.content?.deployment_version || data.deployment_version;
 
         setIsSpeedMode(version === 'speed');
-        
-        // If in speed mode and no user exists, perform auto login
-        if (version === 'speed' && !user) {
-          await performAutoLogin();
-        }
+        // In speed mode, do not perform any auto login; UI should not depend on login
       }
     } catch (error) {
       log.error('Failed to check deployment version:', error);
@@ -128,8 +124,9 @@ export function AuthProvider({ children }: { children: (value: AuthContextType)
     checkDeploymentVersion();
   }, []); // When user status changes, check again
 
-  // Check user login status
+  // Check user login status (skip in speed mode)
   useEffect(() => {
+    if (isSpeedMode) return;
     if (!isLoading && !user) {
       // When page is loaded, if not logged in, trigger session expired event
       // Only trigger on non-home path, and only when there is a session before
@@ -140,11 +137,11 @@ export function AuthProvider({ children }: { children: (value: AuthContextType)
         setShouldCheckSession(false); // After triggering the expired event, disable session check
       }
     }
-  }, [user, isLoading, pathname, shouldCheckSession, t]);
+  }, [user, isLoading, pathname, shouldCheckSession, t, isSpeedMode]);
 
-  // Session validity check, ensure the session in local storage is not expired
+  // Session validity check, ensure the session in local storage is not expired (skip in speed mode)
   useEffect(() => {
-    if (!user || isLoading || !shouldCheckSession) return;
+    if (isSpeedMode || !user || isLoading || !shouldCheckSession) return;
 
     const verifySession = () => {
       const lastVerifyTime = Number(localStorage.getItem('lastSessionVerifyTime') || 0);
@@ -177,7 +174,7 @@ export function AuthProvider({ children }: { children: (value: AuthContextType)
     const intervalId = setInterval(verifySession, 10000);
 
     return () => clearInterval(intervalId);
-  }, [user, isLoading, shouldCheckSession, t]);
+  }, [isSpeedMode, user, isLoading, shouldCheckSession, t]);
 
   const openLoginModal = () => {
     setIsRegisterModalOpen(false)