Affected Apps / Packages
Portfolio (apps/portfolio), Studio (apps/studio)
Metadata
- Suggested Branch: feat/auth-guest-mode-redirection
- Suggested PR Title: [Feature] [Auth]: Require login redirect with callback for guest access
Is your feature request related to a problem?
Yes. Unauthenticated users are currently assigned a guest cookie automatically. We want them to see the login page first before entering guest mode.
Also, guest users in the portfolio dashboard must be allowed to edit and preview their work, but the publication action should be locked.
Describe the solution you'd like
-
Update studio/proxy.ts to redirect users without session or guest cookies to /login for all dashboard routes, bypassing only /login, /share, /api, static files, and _next. Remove automatic guest cookie assignment.
-
Update portfolio/proxy.ts to block access to private routes (like /dashboard and /editor) if the user lacks a session and does not have the guest cookie.
-
Update login/page.tsx guest access action to set veriworkly-guest-mode=true on the shared domain (.localhost or .veriworkly.com) and redirect to the callbackURL search parameter.
-
Update portfolio-store.ts loading sequence to gracefully handle 401 rejections from the server during guest visits and avoid synchronizing draft changes to the database.
Describe alternatives you've considered
Using server actions to write the cookie, but a client-side setting during the "Continue without login" action is simpler and handles the multi-domain redirect immediately.
Additional Context
No response
Affected Apps / Packages
Portfolio (apps/portfolio), Studio (apps/studio)
Metadata
Is your feature request related to a problem?
Yes. Unauthenticated users are currently assigned a guest cookie automatically. We want them to see the login page first before entering guest mode.
Also, guest users in the portfolio dashboard must be allowed to edit and preview their work, but the publication action should be locked.
Describe the solution you'd like
Update
studio/proxy.tsto redirect users without session or guest cookies to/loginfor all dashboard routes, bypassing only/login,/share,/api, static files, and_next. Remove automatic guest cookie assignment.Update
portfolio/proxy.tsto block access to private routes (like/dashboardand/editor) if the user lacks a session and does not have the guest cookie.Update
login/page.tsxguest access action to setveriworkly-guest-mode=trueon the shared domain (.localhostor.veriworkly.com) and redirect to thecallbackURLsearch parameter.Update
portfolio-store.tsloading sequence to gracefully handle 401 rejections from the server during guest visits and avoid synchronizing draft changes to the database.Describe alternatives you've considered
Using server actions to write the cookie, but a client-side setting during the "Continue without login" action is simpler and handles the multi-domain redirect immediately.
Additional Context
No response