From 326a7664d379f77de53d24b2dc119321741aef3b Mon Sep 17 00:00:00 2001
From: Leo Vasanko <leo@git>
Date: Sat, 30 Aug 2025 18:43:27 -0600
Subject: [PATCH] Formatting

---
 frontend/src/stores/auth.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/frontend/src/stores/auth.js b/frontend/src/stores/auth.js
index 64d619b..ba11f8a 100644
--- a/frontend/src/stores/auth.js
+++ b/frontend/src/stores/auth.js
@@ -6,10 +6,11 @@ export const useAuthStore = defineStore('auth', {
     // Auth State
     userInfo: null, // Contains the full user info response: {user, credentials, aaguid_info, session_type, authenticated}
     isLoading: false,
-  resetToken: null, // transient reset token (never stored in cookie)
+    resetToken: null, // transient reset token
+    restrictedMode: false, // If true, app loaded outside /auth/ and should restrict to login or permission denied
 
     // UI State
-    currentView: 'login', // 'login', 'profile', 'device-link', 'reset'
+    currentView: 'login',
     status: {
       message: '',
       type: 'info',
@@ -68,10 +69,20 @@ export const useAuthStore = defineStore('auth', {
       }
     },
     selectView() {
+      if (this.restrictedMode) {
+        // In restricted mode only allow login or show permission denied if already authenticated
+        if (!this.userInfo) this.currentView = 'login'
+        else if (this.userInfo.authenticated) this.currentView = 'permission-denied'
+        else this.currentView = 'login' // do not expose reset/registration flows outside /auth/
+        return
+      }
       if (!this.userInfo) this.currentView = 'login'
       else if (this.userInfo.authenticated) this.currentView = 'profile'
       else this.currentView = 'reset'
     },
+    setRestrictedMode(flag) {
+      this.restrictedMode = !!flag
+    },
     async loadUserInfo() {
       const headers = {}
       // Reset tokens are only passed via query param now, not Authorization header