labs / static /js /auth.js
3v324v23's picture
deploy: unified router + dreamy website (2026-06-16T09:46:52Z)
c1a683f
Raw
History Blame Contribute Delete
2.39 kB
/* =========================================================================
auth.js — login page controller (Google-only)
• shows a friendly toast if the Google callback failed (?error=...)
• if a session cookie already exists, skip straight to the dashboard
There is no API-key sign-in: the only way in is "Continue with Google".
========================================================================= */
(function () {
'use strict';
// where the dashboard lives (relative to login.html)
var DASHBOARD = 'dashboard.html';
var toast = document.getElementById('auth-toast'); // the error banner element
// human messages for each Google callback failure code (?error=...)
var ERRORS = {
'access_denied': 'You cancelled the Google sign-in. Try again when you’re ready.',
'google_not_configured': 'Google sign-in isn’t set up on this deployment yet. Please contact the operator.',
'bad_state': 'The sign-in request expired or was invalid. Please try again.',
'exchange_failed': 'Google rejected the sign-in code. Please try again.',
'no_token': 'Google didn’t return an access token. Please try again.',
'user_fetch_failed': 'Could not fetch your Google profile. Please try again.',
'email_not_verified': 'Your Google email isn’t verified. Verify it, then try again.',
'wrong_domain': 'Your Google account isn’t in the allowed organization. Use an allowed account.'
};
// surface the error toast if the callback redirected back here with ?error=...
var params = new URLSearchParams(window.location.search);
var errCode = params.get('error');
if (errCode && ERRORS[errCode] && toast) {
toast.hidden = false;
toast.innerHTML = '<svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><line x1="12" y1="8" x2="12" y2="12"/><line x1="12" y1="16" x2="12.01" y2="16"/></svg> ' + ERRORS[errCode];
// clean the URL so the error doesn't persist on refresh
history.replaceState(null, '', window.location.pathname);
}
// already logged in? (valid Google session cookie) → skip the sign-in screen
fetch('/auth/me').then(function (r) {
if (r.ok) window.location.replace(DASHBOARD); // session is live → straight in
}).catch(function () { /* not logged in — stay on the login page */ });
})();