Matt
bb7a371d1f
Login routing previously always landed at the user's first port-role.
With a multi-port operator (super-admins, multi-tenant ops) the active
port reverted on every login, breaking the "I was working in X
yesterday" continuity.
- PortProvider PATCHes `/api/v1/me` with `preferences.defaultPortId =
currentPort.id` whenever the active port changes (URL or explicit
switch). Ref-keyed dedupe; fire-and-forget so navigation isn't
blocked by a transient PATCH failure.
- UserMenu's port-switcher also writes the preference on click so the
preference is captured even for users who never re-render through
PortProvider.
- /dashboard resolver checks `preferences.defaultPortId` first, falling
back to first-port-by-name (super-admin) or first-role (everyone
else). The preference is verified against current access before being
honoured — a stale id from a revoked role or archived port can't
strand the user on a 403.
- Add /src/app/page.tsx that redirects `/` → `/dashboard` so the
middleware's `redirect=/` post-login parameter doesn't dump users on
an empty 404. The existing /dashboard handler then routes them on to
their resolved port.
- UserMenu sign-out: replace `router.push('/api/auth/sign-out')` (which
issued a GET against better-auth's POST-only endpoint, causing Safari
and Comet/Arc to land the JSON response as a `sign_out` download)
with `signOut()` from the auth client + an explicit redirect.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>