From fb0d0cb32c29aec46150f28f790c38f6a63ee1cd Mon Sep 17 00:00:00 2001
From: MidoriKurage <kuragectl@gmail.com>
Date: Tue, 31 Mar 2026 10:39:36 +0800
Subject: [PATCH] fix(auth): Cleanup getRefreshTokenCookiePath implementation

---
 pkg/modules/auth/auth.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/modules/auth/auth.go b/pkg/modules/auth/auth.go
index fd40f41af..0751407f5 100644
--- a/pkg/modules/auth/auth.go
+++ b/pkg/modules/auth/auth.go
@@ -53,15 +53,17 @@ const RefreshTokenCookieName = "vikunja_refresh_token" //nolint:gosec // not a c
 // getRefreshTokenCookiePath returns the cookie path for the refresh token,
 // derived from service.publicurl.
 func getRefreshTokenCookiePath() string {
+	refreshURL := "/api/v1/user/token/refresh"
+
 	publicURL := config.ServicePublicURL.GetString()
 	u, err := url.Parse(publicURL)
-	if err != nil || publicURL == "" || publicURL == "/" {
-		return "/api/v1/user/token/refresh"
+	if err != nil {
+		return refreshURL
 	}
 
 	// Extract the path component and append the refresh endpoint
 	basePath := strings.TrimRight(u.Path, "/")
-	return basePath + "/api/v1/user/token/refresh"
+	return basePath + refreshURL
 }
 
 // SetRefreshTokenCookie sets an HttpOnly cookie containing the refresh token.