handle trailing slashes in protected routes

pages/api/index.ts

@@ -82,9 +82,12 @@ export async function getAccessToken(): Promise<string> {
  * @returns Path to required auth token. If not required, return empty string.
  */
 export function getAuthTokenPath(path: string) {
+  // Ensure trailing slashes to compare paths component by component. Same for protectedRoutes.
+  path += '/'
   const protectedRoutes = siteConfig.protectedRoutes
   let authTokenPath = ''
-  for (const r of protectedRoutes) {
+  for (let r of protectedRoutes) {
+    r = r.replace(/\/$/, '') + '/'
     if (path.startsWith(r)) {
       authTokenPath = `${r}/.password`
       break
@@ -185,7 +188,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     res.status(400).json({ error: 'Path query invalid.' })
     return
   }
-  const cleanPath = pathPosix.resolve('/', pathPosix.normalize(path))
+  // Besides normalizing and making absolute, trailing slashes are trimmed
+  const cleanPath = pathPosix.resolve('/', pathPosix.normalize(path)).replace(/\/$/, '')
 
   // Validate sort param
   if (typeof sort !== 'string') {