/* ========================================================================= auth.js — login page controller (Google-only) • shows a friendly toast if the Google callback failed (?error=...) • if a session cookie already exists, skip straight to the dashboard There is no API-key sign-in: the only way in is "Continue with Google". ========================================================================= */ (function () { 'use strict'; // where the dashboard lives (relative to login.html) var DASHBOARD = 'dashboard.html'; var toast = document.getElementById('auth-toast'); // the error banner element // human messages for each Google callback failure code (?error=...) var ERRORS = { 'access_denied': 'You cancelled the Google sign-in. Try again when you’re ready.', 'google_not_configured': 'Google sign-in isn’t set up on this deployment yet. Please contact the operator.', 'bad_state': 'The sign-in request expired or was invalid. Please try again.', 'exchange_failed': 'Google rejected the sign-in code. Please try again.', 'no_token': 'Google didn’t return an access token. Please try again.', 'user_fetch_failed': 'Could not fetch your Google profile. Please try again.', 'email_not_verified': 'Your Google email isn’t verified. Verify it, then try again.', 'wrong_domain': 'Your Google account isn’t in the allowed organization. Use an allowed account.' }; // surface the error toast if the callback redirected back here with ?error=... var params = new URLSearchParams(window.location.search); var errCode = params.get('error'); if (errCode && ERRORS[errCode] && toast) { toast.hidden = false; toast.innerHTML = ' ' + ERRORS[errCode]; // clean the URL so the error doesn't persist on refresh history.replaceState(null, '', window.location.pathname); } // already logged in? (valid Google session cookie) → skip the sign-in screen fetch('/auth/me').then(function (r) { if (r.ok) window.location.replace(DASHBOARD); // session is live → straight in }).catch(function () { /* not logged in — stay on the login page */ }); })();