Skip to content

Commit 26633de

Browse files
feat: lock auth-only tiles on the welcome page (no more blank 401s) (#12)
The welcome page links to /profile/, /public/, /private/, /inbox/, /settings/ — but the last three require auth. Without a session cookie, clicking those tiles previously dropped the user on a blank 401 (zero-byte body). Confusing. On page load, each tile is HEAD-probed. On a 401/403 the tile is dimmed (opacity .55, no hover-darken) and its href is rewritten to ./idp so a click routes the user to the sign-in flow instead of a blank screen. After sign-in, refreshing the welcome page re-probes and the tiles unlock automatically. The probe runs alongside the existing Sign in / Sign up reveal (same HEAD-probe pattern). No JSS change required. Bumps jspod to 0.0.14.
1 parent 8b5ab89 commit 26633de

2 files changed

Lines changed: 18 additions & 1 deletion

File tree

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "jspod",
3-
"version": "0.0.13",
3+
"version": "0.0.14",
44
"description": "JavaScript Solid Pod - Just works, batteries included",
55
"type": "module",
66
"main": "index.js",

welcome.html

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@
2424
.dirs{list-style:none;padding:0;margin:1em 0 0;display:grid;grid-template-columns:repeat(auto-fit,minmax(160px,1fr));gap:.5em}
2525
.dirs li a{display:block;padding:.7em .9em;background:#f3eee5;border-radius:8px;color:#222}
2626
.dirs li a:hover{background:#ebe5d8}
27+
.dirs li a.locked{opacity:.55;cursor:default}
28+
.dirs li a.locked:hover{background:#f3eee5}
2729
footer{margin-top:1.5em;padding-top:1em;border-top:1px solid #eee;color:#888;font-size:.85em;text-align:center}
2830
</style>
2931
</head>
@@ -69,6 +71,21 @@ <h1>Your Solid pod</h1>
6971
else if(res.status===403){if(l)l.hidden=false;}
7072
}).catch(function(){});
7173
})();
74+
(function(){
75+
// Probe each directory tile. If unauthenticated (401/403), dim it
76+
// and redirect its click to the sign-in flow instead of letting the
77+
// browser navigate into a blank 401 response body.
78+
document.querySelectorAll('.dirs a').forEach(function(a){
79+
var href=a.getAttribute('href');
80+
fetch(href,{method:'HEAD',cache:'no-store'}).then(function(res){
81+
if(res.status===401||res.status===403){
82+
a.classList.add('locked');
83+
a.title='Sign in to view '+href;
84+
a.setAttribute('href','./idp');
85+
}
86+
}).catch(function(){});
87+
});
88+
})();
7289
</script>
7390
</body>
7491
</html>

0 commit comments

Comments
 (0)