From 306df184325cdfc50845528f853954b22c3f39b8 Mon Sep 17 00:00:00 2001
From: bwees <brandonwees@gmail.com>
Date: Sat, 30 May 2026 14:42:35 -0500
Subject: [PATCH] chore: use Route helper

---
 web/src/lib/route.ts               | 9 +++++++++
 web/src/routes/auth/login/+page.ts | 9 ++-------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/web/src/lib/route.ts b/web/src/lib/route.ts
index 734be99402..1846f29796 100644
--- a/web/src/lib/route.ts
+++ b/web/src/lib/route.ts
@@ -152,4 +152,13 @@ export const Route = {
   // queues
   queues: () => '/admin/queues',
   viewQueue: ({ name }: { name: QueueName }) => `/admin/queues/${asQueueSlug(name)}`,
+
+  // continue helper for ensuring same-origin URLs
+  continue: (url: string | null, fallback: string) => {
+    if (!url || !url.startsWith('/') || url.startsWith('//')) {
+      return fallback;
+    }
+
+    return url;
+  },
 };
diff --git a/web/src/routes/auth/login/+page.ts b/web/src/routes/auth/login/+page.ts
index 1cb8d79d70..348d737820 100644
--- a/web/src/routes/auth/login/+page.ts
+++ b/web/src/routes/auth/login/+page.ts
@@ -8,15 +8,10 @@ import type { PageLoad } from './$types';
 export const load = (async ({ parent, url }) => {
   await parent();
 
-  let continueUrl = url.searchParams.get('continue');
-
-  // require same origin continue URL
-  if (!continueUrl || !continueUrl.startsWith('/') || continueUrl.startsWith('//')) {
-    continueUrl = Route.photos();
-  }
+  const continueUrl = url.searchParams.get('continue');
 
   if (authManager.authenticated) {
-    redirect(307, continueUrl);
+    redirect(307, Route.continue(continueUrl, Route.photos()));
   }
 
   if (!serverConfigManager.value.isInitialized) {