fix: add unauthorized instead of sending to a loop

main.go

@@ -62,6 +62,7 @@ func main() {
 
 	http.Handle("/oauth/callback", oauthStore.CallbackHandler())
 	http.Handle("/oauth/login", oauthStore.LoginPage())
+	http.Handle("/oauth/unauthorized", oauthStore.UnauthorizedPage())
 	protectedRoot := false
 	for _, pattern := range config.GuardedPaths {
 		if pattern == "/" {

oauth.go

@@ -84,6 +84,11 @@ func (s *OAuthStore) DeleteSession(sessionID string) {
 func sendToLoginPage(w http.ResponseWriter, r *http.Request) {
 	http.Redirect(w, r, "/oauth/login", http.StatusTemporaryRedirect)
 }
+
+func sendToUnauthorized(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, "/oauth/unauthorized", http.StatusTemporaryRedirect)
+}
+
 func generateRandomToken() string {
 	b := make([]byte, 32)
 	rand.Read(b)
@@ -93,6 +98,16 @@ func generateRandomToken() string {
 //go:embed templates/LoginPage.html
 var loginPageContent string
 
+//go:embed templates/NotAuthorizedPage.html
+var unauthorizedPageContent string
+
+func (s *OAuthStore) UnauthorizedPage() http.Handler {
+	unauthorizedPageTemplate := template.Must(template.New("unauthorizedPageContent").Parse(unauthorizedPageContent))
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		unauthorizedPageTemplate.Execute(w, nil)
+	})
+}
+
 func (s *OAuthStore) LoginPage() http.Handler {
 
 	loginPageTemplate := template.Must(template.New("loginPageContent").Parse(loginPageContent))
@@ -156,7 +171,7 @@ func (s *OAuthStore) Protected(next http.Handler) http.Handler {
 			}
 		}
 		if !found {
-			sendToLoginPage(w, r)
+			sendToUnauthorized(w, r)
 			return
 		}
 

templates/NotAuthorizedPage.html

@@ -0,0 +1,77 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Unauthorized</title>
+    <style>
+      * {
+        margin: 0;
+        padding: 0;
+        box-sizing: border-box;
+      }
+      
+      body {
+        font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+        min-height: 100vh;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+      
+      .login-container {
+        background: white;
+        padding: 3rem;
+        border-radius: 16px;
+        max-width: 400px;
+        width: 90%;
+        display: flex;
+        justify-content: center;
+      }
+      
+      .login-button {
+        background: #4c4c4c;
+        color: white;
+        border: none;
+        padding: 16px 32px;
+        border-radius: 12px;
+        font-size: 16px;
+        font-weight: 600;
+        cursor: pointer;
+        transition: all 0.3s ease;
+        display: inline-flex;
+        align-items: center;
+        gap: 12px;
+        text-decoration: none;
+        min-width: 200px;
+        justify-content: center;
+      }
+      
+      .login-button:hover {
+        transform: translateY(-2px);
+      }
+      
+      .login-button:active {
+        transform: translateY(0);
+      }
+      
+      .lock-icon {
+        width: 20px;
+        height: 20px;
+        fill: currentColor;
+      }
+      
+      h1 {
+        color: #333;
+        margin-bottom: 2rem;
+        font-weight: 300;
+        font-size: 2rem;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="login-container">
+      <h1>Unauthorized</h1>
+    </div>
+  </body>
+</html>