letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(navigation): persist last-port for next-login + root → /dashboard

Browse Source 
Login routing previously always landed at the user's first port-role.
With a multi-port operator (super-admins, multi-tenant ops) the active
port reverted on every login, breaking the "I was working in X
yesterday" continuity.

- PortProvider PATCHes `/api/v1/me` with `preferences.defaultPortId =
  currentPort.id` whenever the active port changes (URL or explicit
  switch). Ref-keyed dedupe; fire-and-forget so navigation isn't
  blocked by a transient PATCH failure.
- UserMenu's port-switcher also writes the preference on click so the
  preference is captured even for users who never re-render through
  PortProvider.
- /dashboard resolver checks `preferences.defaultPortId` first, falling
  back to first-port-by-name (super-admin) or first-role (everyone
  else). The preference is verified against current access before being
  honoured — a stale id from a revoked role or archived port can't
  strand the user on a 403.
- Add /src/app/page.tsx that redirects `/` → `/dashboard` so the
  middleware's `redirect=/` post-login parameter doesn't dump users on
  an empty 404. The existing /dashboard handler then routes them on to
  their resolved port.
- UserMenu sign-out: replace `router.push('/api/auth/sign-out')` (which
  issued a GET against better-auth's POST-only endpoint, causing Safari
  and Comet/Arc to land the JSON response as a `sign_out` download)
  with `signOut()` from the auth client + an explicit redirect.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt
2026-05-21 19:06:48 +02:00
parent 3ae86f2854
commit bb7a371d1f
4 changed files with 93 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/app/dashboard/page.tsx
View File

@@ -1,6 +1,6 @@
import { redirect } from 'next/navigation'; import { redirect } from 'next/navigation';
import { headers } from 'next/headers'; import { headers } from 'next/headers';
import { eq } from 'drizzle-orm'; import { and, eq } from 'drizzle-orm';
import { auth } from '@/lib/auth'; import { auth } from '@/lib/auth';
import { db } from '@/lib/db'; import { db } from '@/lib/db';
@@ -11,6 +11,13 @@ import { userPortRoles, userProfiles } from '@/lib/db/schema/users';
* Plain `/dashboard` lands users into their default port's dashboard. Used * Plain `/dashboard` lands users into their default port's dashboard. Used
* by post-login redirects and any code that doesn't yet know the active * by post-login redirects and any code that doesn't yet know the active
* port slug. * port slug.
*
* Resolution order:
* 1. `preferences.defaultPortId` — last port the user worked in, written
* by the port-switcher. Only honoured if the user still has access
* (preference may be stale after a role revoke or port archive).
* 2. Super-admin → first port alphabetically. Other users → first
* `user_port_roles` row.
*/ */
export default async function DashboardRedirectPage() { export default async function DashboardRedirectPage() {
const session = await auth.api.getSession({ headers: await headers() }); const session = await auth.api.getSession({ headers: await headers() });
@@ -20,16 +27,35 @@ export default async function DashboardRedirectPage() {
where: eq(userProfiles.userId, session.user.id), where: eq(userProfiles.userId, session.user.id),
}); });
const lastPortId = (profile?.preferences as { defaultPortId?: string } | null)?.defaultPortId;
let slug: string | undefined; let slug: string | undefined;
if (profile?.isSuperAdmin) {
const first = await db.query.ports.findFirst({ orderBy: portsTable.name }); if (lastPortId) {
slug = first?.slug; // Verify access before honouring the preference — a stale id (port
} else { // archived, role revoked) shouldn't strand the user on a 403.
const role = await db.query.userPortRoles.findFirst({ if (profile?.isSuperAdmin) {
where: eq(userPortRoles.userId, session.user.id), const port = await db.query.ports.findFirst({ where: eq(portsTable.id, lastPortId) });
with: { port: true }, slug = port?.slug;
}); } else {
slug = role?.port.slug; const role = await db.query.userPortRoles.findFirst({
where: and(eq(userPortRoles.userId, session.user.id), eq(userPortRoles.portId, lastPortId)),
with: { port: true },
});
slug = role?.port.slug;
}
}
if (!slug) {
if (profile?.isSuperAdmin) {
const first = await db.query.ports.findFirst({ orderBy: portsTable.name });
slug = first?.slug;
} else {
const role = await db.query.userPortRoles.findFirst({
where: eq(userPortRoles.userId, session.user.id),
with: { port: true },
});
slug = role?.port.slug;
}
} }
if (!slug) redirect('/login?error=no-port-access'); if (!slug) redirect('/login?error=no-port-access');

13
src/app/page.tsx Normal file
View File

@@ -0,0 +1,13 @@
import { redirect } from 'next/navigation';
/**
* Root `/` has no UI of its own — every authenticated surface lives under
* a port slug. Forward to `/dashboard`, which resolves the user's default
* port and redirects again to `/<portSlug>/dashboard`. Without this, a
* post-login redirect of `redirect=/` (set by middleware when the user
* originally hit `/`) lands on an empty 404.
*/
export default function RootPage() {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
redirect('/dashboard' as any);
}

23
src/components/layout/user-menu.tsx
View File

@@ -19,6 +19,8 @@ import { LogOut, Settings, Bell, Check, Building2 } from 'lucide-react';
import { type ReactNode } from 'react'; import { type ReactNode } from 'react';
import { useUIStore } from '@/stores/ui-store'; import { useUIStore } from '@/stores/ui-store';
import { signOut } from '@/lib/auth/client';
import { apiFetch } from '@/lib/api/client';
import { import {
DropdownMenu, DropdownMenu,
DropdownMenuContent, DropdownMenuContent,
@@ -61,6 +63,16 @@ export function UserMenu({ trigger, align = 'end', user, ports }: UserMenuProps)
// All cached queries are port-scoped - invalidate so they refetch with // All cached queries are port-scoped - invalidate so they refetch with
// the new X-Port-Id header. // the new X-Port-Id header.
queryClient.invalidateQueries(); queryClient.invalidateQueries();
// Remember the choice so the next login lands here automatically.
// Fire-and-forget — failure shouldn't block the navigation, and any
// stale value is harmless (the post-login resolver verifies access
// before honouring it).
void apiFetch('/api/v1/me', {
method: 'PATCH',
body: { preferences: { defaultPortId: port.id } },
}).catch(() => {
/* silent — best-effort */
});
// eslint-disable-next-line @typescript-eslint/no-explicit-any // eslint-disable-next-line @typescript-eslint/no-explicit-any
router.push(`/${port.slug}/dashboard` as any); router.push(`/${port.slug}/dashboard` as any);
} }
@@ -122,7 +134,16 @@ export function UserMenu({ trigger, align = 'end', user, ports }: UserMenuProps)
<DropdownMenuSeparator /> <DropdownMenuSeparator />
<DropdownMenuItem <DropdownMenuItem
className="text-destructive focus:text-destructive" className="text-destructive focus:text-destructive"
onClick={() => router.push('/api/auth/sign-out')} // `router.push` to /api/auth/sign-out issued a GET against
// better-auth's POST-only endpoint. Safari (and other browsers
// serving JSON without a matching renderer) treat that as a
// file download — the response landed on disk as a `sign_out`
// file instead of signing the user out. Call the auth client
// directly to issue a proper POST, then redirect to /login.
onClick={async () => {
await signOut();
router.push('/login');
}}
> >
<LogOut className="w-4 h-4 mr-2" aria-hidden /> <LogOut className="w-4 h-4 mr-2" aria-hidden />
Sign Out Sign Out

23
src/providers/port-provider.tsx
View File

@@ -1,9 +1,10 @@
'use client'; 'use client';
import { createContext, useContext, useEffect, type ReactNode } from 'react'; import { createContext, useContext, useEffect, useRef, type ReactNode } from 'react';
import { useParams } from 'next/navigation'; import { useParams } from 'next/navigation';
import { useUIStore } from '@/stores/ui-store'; import { useUIStore } from '@/stores/ui-store';
import { apiFetch } from '@/lib/api/client';
import type { Port } from '@/lib/db/schema/ports'; import type { Port } from '@/lib/db/schema/ports';
interface PortContextValue { interface PortContextValue {
@@ -47,6 +48,26 @@ export function PortProvider({ children, ports, defaultPortId }: PortProviderPro
} }
}, [currentPort, currentPortId, currentPortSlug, setPort]); }, [currentPort, currentPortId, currentPortSlug, setPort]);
// Remember the last port the user landed on (URL-derived or
// explicit-switch) so the next login routes here automatically. Tracked
// in a ref-keyed dedupe so we only PATCH when the active port actually
// changes — re-renders inside the same port don't write. Fire-and-forget;
// a transient network failure shouldn't block navigation, and the
// post-login resolver verifies access so a stale value can't strand the
// user on a 403.
const lastPersistedPortIdRef = useRef<string | null>(null);
useEffect(() => {
if (!currentPort) return;
if (lastPersistedPortIdRef.current === currentPort.id) return;
lastPersistedPortIdRef.current = currentPort.id;
void apiFetch('/api/v1/me', {
method: 'PATCH',
body: { preferences: { defaultPortId: currentPort.id } },
}).catch(() => {
/* silent — best-effort */
});
}, [currentPort]);
return ( return (
<PortContext.Provider <PortContext.Provider
value={{ value={{