From cd733fbc7d4bc0c699cebbe49ef68473a36c307e Mon Sep 17 00:00:00 2001
From: Paperclip <noreply@paperclip.ing>
Date: Tue, 31 Mar 2026 17:05:09 +0000
Subject: [PATCH] fix(e2e): resolve lint error, Dashboard auth gap, and mock
 auth redirect

- Remove unused `response` variable in j8-unauth-access.spec.ts:40
- Move Dashboard route inside ProtectedRoute wrapper in App.tsx
- Add VITE_MOCK_AUTH mode to ProtectedRoute: check Zustand
  isAuthenticated flag instead of calling authClient.useSession()

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 e2e/journeys/j8-unauth-access.spec.ts |  2 +-
 src/App.tsx                           |  2 +-
 src/components/ProtectedRoute.tsx     | 14 ++++++++++++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/e2e/journeys/j8-unauth-access.spec.ts b/e2e/journeys/j8-unauth-access.spec.ts
index 79e8ee3..9ed40da 100644
--- a/e2e/journeys/j8-unauth-access.spec.ts
+++ b/e2e/journeys/j8-unauth-access.spec.ts
@@ -37,7 +37,7 @@ test.describe('J8: Unauthenticated Access', () => {
   test('shows loading spinner while auth session is pending', async ({ page }) => {
     // Intercept but don't respond — session stays pending
     await page.context().clearCookies();
-    const response = await page.request.fetch('/api/auth/session', {
+    await page.request.fetch('/api/auth/session', {
       method: 'GET',
     });
 
diff --git a/src/App.tsx b/src/App.tsx
index bfd515a..ee4c2dc 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -31,8 +31,8 @@ export default function App() {
       <BrowserRouter>
         <Routes>
           <Route element={<Layout />}>
-            <Route index element={<Dashboard />} />
             <Route element={<ProtectedRoute />}>
+              <Route index element={<Dashboard />} />
               <Route path="purchases" element={<Purchases />} />
               <Route path="purchases/:id" element={<PurchaseDetail />} />
               <Route path="products" element={<Products />} />
diff --git a/src/components/ProtectedRoute.tsx b/src/components/ProtectedRoute.tsx
index 6c3df87..cf92831 100644
--- a/src/components/ProtectedRoute.tsx
+++ b/src/components/ProtectedRoute.tsx
@@ -4,12 +4,22 @@ import { authClient } from '../lib/auth-client.ts'
 import { useAuthStore } from '../stores/auth.ts'
 
 export function ProtectedRoute() {
+  const isMockAuth = import.meta.env.VITE_MOCK_AUTH === 'true'
   const { data: session, isPending } = authClient.useSession()
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated)
   const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
 
   useEffect(() => {
-    setAuthenticated(!!session)
-  }, [session, setAuthenticated])
+    if (!isMockAuth) {
+      setAuthenticated(!!session)
+    }
+  }, [session, setAuthenticated, isMockAuth])
+
+  // In mock auth mode, rely on Zustand store (set by Login/Register pages)
+  if (isMockAuth) {
+    if (!isAuthenticated) return <Navigate to="/login" replace />
+    return <Outlet />
+  }
 
   if (isPending) {
     return (