Auth and Protected Routes

Login Flow

1. User submits credentials on /login.
2. Dashboard POSTs to POST /api/v1/auth/login.
3. Backend returns a JWT token and user data.
4. AuthContext stores the token in localStorage under the key user.
5. All subsequent API requests include Authorization: Bearer <token>.

AuthContext

AuthContext (src/contexts/AuthContext.tsx) exposes:

Property	Type	Description
user	object	Decoded JWT payload including role
token	string	Raw JWT string
isAdmin	boolean	true if user.role === "admin"
isPublisher	boolean	true if user.role === "publisher"
login(data)	function	Stores user and token, redirects to dashboard
logout()	function	Clears localStorage, redirects to /login

PrivateRoute Behavior

PrivateRoute (src/router/route.ts) wraps all protected routes and handles three cases:

Scenario	Redirect
No token in localStorage	/login
Publisher visiting an admin-only route	/publisher/dashboard
Admin visiting a publisher-only route	/dashboard

Note

Publisher routes are prefixed with /publisher/ (singular). Admin routes for managing publishers are under /publishers/ (plural). The PrivateRoute uses this prefix to distinguish them.