@stevederico/skateboard-ui 1.5.0 → 1.5.1

package/CHANGELOG.md

@@ -1,11 +1,17 @@
 # CHANGELOG
 
+1.5.1
+
+  Rename noProtectedRoutes to authOverlay
+  Guard unauthenticated Settings UI
+  Skip 401 redirect in authOverlay mode
+
 1.5.0
 
   Add AuthOverlay component
   Add useAuthGate hook
   Add auth overlay state
-  Add noProtectedRoutes support
+  Add authOverlay support
   Add JSDoc comments
   Update README documentation
 

package/ProtectedRoute.jsx

@@ -7,7 +7,7 @@ import { isAuthenticated, apiRequest, getAppKey, getConstants } from './Utilitie
  *
  * Checks client-side auth via isAuthenticated(), then validates the
  * session with the backend via /me. Redirects to /signin if invalid.
- * Bypassed when constants.noProtectedRoutes is true (for lazy auth).
+ * Bypassed when constants.authOverlay is true (for lazy auth).
  * Bypassed when constants.noLogin is true (no auth required).
  *
  * @returns {JSX.Element} Outlet if authenticated, Navigate to /signin otherwise
@@ -21,7 +21,7 @@ import { isAuthenticated, apiRequest, getAppKey, getConstants } from './Utilitie
  */
 const ProtectedRoute = () => {
     const constants = getConstants();
-    const skipProtection = constants.noProtectedRoutes === true;
+    const skipProtection = constants.authOverlay === true;
     const [status, setStatus] = useState(skipProtection ? 'valid' : 'checking');
 
     useEffect(() => {

package/README.md

@@ -97,7 +97,7 @@ const constants = {
 
   // Optional: Authentication
   noLogin: false,  // Set true to disable authentication
-  noProtectedRoutes: false,  // Set true to allow unauthenticated access to /app routes (use with useAuthGate)
+  authOverlay: false,  // Set true to allow unauthenticated access to /app routes (use with useAuthGate)
 
   // Optional: Payments (Stripe)
   stripeProducts: [
@@ -397,11 +397,11 @@ Let users explore `/app` without signing in — prompt them only when they perfo
 
 ### Setup
 
-Set `noProtectedRoutes: true` in your constants to allow unauthenticated access to `/app` routes:
+Set `authOverlay: true` in your constants to allow unauthenticated access to `/app` routes:
 
 ```json
 {
-  "noProtectedRoutes": true
+  "authOverlay": true
 }
 ```
 

package/SettingsView.jsx

@@ -54,7 +54,7 @@ export default function SettingsView() {
         {/* Main content */}
         <div className="flex flex-col items-center p-4 gap-4">
           {/* User Card */}
-          {(constants.noLogin === false || typeof constants.noLogin === 'undefined') && (
+          {(constants.noLogin === false || typeof constants.noLogin === 'undefined') && state.user && (
             <div className="w-full max-w-lg bg-accent rounded-2xl p-5">
               <div className="flex items-center gap-4">
                 <Avatar size="lg">
@@ -113,7 +113,7 @@ export default function SettingsView() {
           </div>
 
           {/* Billing */}
-          {(constants.noLogin === false || typeof constants.noLogin === 'undefined') && (
+          {(constants.noLogin === false || typeof constants.noLogin === 'undefined') && state.user && (
             <div className="w-full max-w-lg bg-accent rounded-2xl p-5">
               <div className="flex items-center justify-between">
                 <div>

package/Utilities.js

@@ -723,10 +723,12 @@ export async function apiRequest(endpoint, options = {}) {
         if (timeoutId) clearTimeout(timeoutId);
     }
 
-    // Handle 401 (redirect to signout)
+    // Handle 401 (redirect to signout, unless authOverlay mode)
     if (response.status === 401) {
-        window.location.href = '/signout';
-        throw new Error('Unauthorized - Redirecting to Sign Out');
+        if (getConstants().authOverlay !== true) {
+            window.location.href = '/signout';
+        }
+        throw new Error('Unauthorized');
     }
 
     // Handle 403 CSRF token failures with auto-retry

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@stevederico/skateboard-ui",
   "private": false,
-  "version": "1.5.0",
+  "version": "1.5.1",
   "type": "module",
   "exports": {
     "./AppSidebar": {