diff --git a/index.js b/index.js
index 90912b3..68d6957 100644
--- a/index.js
+++ b/index.js
@@ -56,20 +56,11 @@ global.checkACL = function(req, perm) {
 };
 
 app.use((req, res, next) => {
-	const allowed = ["/", "/login", "/static/*", "/favicon.ico", "/robots.txt"];
-	const isAllowed = allowed.some(pattern => {
-		if (pattern.endsWith('*')) {
-			return req.path.startsWith(pattern.slice(0, -1));
-		}
-		return req.path === pattern;
-	});
-	if (isAllowed) {
-		return next();
-	}
-	if (!req.session.user) {
-		return res.redirect('/login?err=4');
-	}
-	res.redirect('/login')
+	if (req.session.user) return next();
+	if (req.path === '/login' || req.path === '/login/') return next();
+	if (req.path === '/logout' || req.path === '/logout/') return next();
+	if (req.path.startsWith('/public/') || req.path === '/favicon.ico' || req.path === '/robots.txt') return next();
+	res.redirect('/login?err=4');
 });
 app.use(cors());
 app.use(express.json());