2.9 KiB
2.9 KiB
SPQ Page Architecture & Auth Flow
Page layout
/ (index.html) — login page (NO redirect — root lands here directly)
dashboard.html — main dashboard (auth-guarded: no user → redirects to /)
appointments.html, customers.html, repair-orders.html — sub-pages (auth-guarded)
Why index.html = login page
When index.html was the dashboard and login.html was a separate page, stale/expired PocketBase tokens in localStorage caused an infinite redirect loop:
- User visits
/→index.html(dashboard) →onAuthStateChanged→ SDK sees stale token as valid → stays - First PocketBase API call fails (401) → SDK clears auth →
onChange(null)fires → redirect tologin.html login.htmlloads → SDK reads token from localStorage again (still there, client-side JWT expiry check says valid) →onAuthStateChanged(user)→ redirect toindex.html- Loop!
Making index.html the login page eliminates the bounce: unauthorized users see the login form directly, authorized users get one clean redirect to dashboard.html.
Auth guard pattern (in every page JS)
onAuthStateChanged(auth, (user) => {
if (user) {
// initialize page
} else {
window.location.href = 'index.html'; // redirect to login
}
});
login.js (login page):
onAuthStateChanged(auth, (user) => {
if (user) {
window.location.href = 'dashboard.html'; // already logged in → dashboard
}
// If no user, stay on login page
});
PocketBase auth flow
The pocketbase.js adapter:
- Creates PocketBase client pointed at
window.location.origin(same-origin, through nginx/api/proxy) onAuthStateChangedfires initial state synchronously viaauth.currentUsergetter (reads frompb.authStore)- Then registers
pb.authStore.onChangefor future changes authStorereads from localStorage keypocketbase_auth
When renaming/moving pages
All references are relative (dashboard.html, not absolute paths). Files to update:
| File | What to change |
|---|---|
login.js |
Login success redirect → dashboard.html |
dashboard.js, main.js, appointments.js, customers.js, repair-orders.js |
Auth fail redirect → index.html |
shared/header-functionality.js |
Logout redirect → index.html |
index.html (login page body) |
Post-login redirects → dashboard.html?cb=... |
appointments.html, repair-orders.html, customers.html |
Nav links → dashboard.html |
dashboard.html |
Nav self-links → dashboard.html |
customers.js |
Quote links → dashboard.html?quoteId=... |
Total: ~28 references across 13 files.
nginx note
Home nginx server_name must include the domain the VPS sends in Host header. If the VPS proxies shopproquote.graj-media.com with Host: graj-media.com, add it as an alias:
server_name grajmedia.duckdns.org graj-media.com shopproquote.graj-media.com;