chore(auth): guard login callback when ENABLE_LOGIN is false

Author: gary149

src/routes/login/callback/+server.ts

@@ -1,5 +1,5 @@
 import { error, redirect } from "@sveltejs/kit";
-import { getOIDCUserData, validateAndParseCsrfToken } from "$lib/server/auth";
+import { getOIDCUserData, validateAndParseCsrfToken, loginFeatureEnabled } from "$lib/server/auth";
 import { z } from "zod";
 import { base } from "$app/paths";
 import { config } from "$lib/server/config";
@@ -25,6 +25,9 @@ const allowedUserDomains = z
 	.parse(JSON5.parse(sanitizeJSONEnv(config.ALLOWED_USER_DOMAINS, "[]")));
 
 export async function GET({ url, locals, cookies, request, getClientAddress }) {
+	if (!loginFeatureEnabled) {
+		throw error(404, "Login is disabled");
+	}
 	const { error: errorName, error_description: errorDescription } = z
 		.object({
 			error: z.string().optional(),