# Merge Request: Auth / Author Flow Hardening and Client Separation
## Summary
This change set improves the authentication–author lifecycle by clearly separating **Auth** and **Blog API** clients, ensuring an **Author is created at registration time**, and preventing user-controlled mutation of immutable identity fields in the UI.
The result is a cleaner contract between services, fewer edge cases around missing authors, and more predictable client behavior.
---
## Key Changes
### 1. Username Made Read-Only in Profile UI
- Disabled the `username` field in `Profile.tsx`
- Prevents accidental or malicious mutation of identity-bound fields
- Aligns UI behavior with backend ownership rules
---
### 2. Dedicated Auth vs Blog API Clients
- Introduced a separate Axios client for the Auth service (`auth`)
- Blog service continues to use `api`
- Both clients:
- Automatically attach JWT tokens
- Share centralized `401` handling and token invalidation logic
**Why:**
Auth and Blog are separate concerns and potentially separate services. Explicit clients reduce coupling and eliminate ambiguous routing.
---
### 3. Registration Flow Now Creates Author Automatically
- `register()` now:
1. Registers the user via Auth service
2. Creates a corresponding Author via Blog API
This guarantees:
- Every authenticated user has an Author record
- No race condition or implicit author creation later
---
### 4. Correct Endpoint Usage for “Current User”
- `/auth/me` is now correctly called via the Auth client
- `/authors/me` replaces ID-based lookup for the current author
- Eliminates dependency on user ID leaking across service boundaries
---
### 5. Centralized Token & Auth Error Handling
- Shared request interceptor to attach JWT tokens
- Shared response interceptor to handle `401` consistently
- Token invalidation is now uniform across services
---
### 6. Environment Configuration Updated
- Added `VITE_AUTH_BASE_URL` to support separate Auth service routing
- Explicit environment contract avoids accidental misconfiguration
---
## Impact
- Cleaner service boundaries
- Deterministic user → author lifecycle
- Reduced client-side complexity and edge cases
- More secure handling of identity fields
---
## Notes / Follow-ups
- Optional auto-login after registration is scaffolded but commented
- Logout or redirect handling on `401` can be wired later via an event bus or global handler
---
**Risk Level:** Low
**Behavioral Change:** Yes (author auto-created on registration)
**Backward Compatibility:** Requires Auth + Blog services to be reachable separately
Reviewed-on: #1
Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
Summary
Introduced ArticlesModel abstraction with list + map store for fast lookup and clean CRUD operations.
Replaced all array-based article access with model methods (readById, create, update, refresh).
Added utils/articles.ts with pure functions for list/map operations.
Updated ArticleProvider to use the new model API and avoid mutation issues.
Added URL-synced navigation (pushState) + VIEW_URL mapping for deep-linkable routes.
Implemented route parsing on load (/articles/:id) to auto-open article view.
Standardized openArticle to pass full ArticleModel instead of index.
Updated all ArticleCard components to use article object instead of index.
Added navigationMap to view router for custom child navigation names.
Extracted shared styles to types/styles.ts and replaced old inline styled components.
Updated props definitions for Login, Register, Profile, ArticleView, MainContent, ArticleGrid.
Removed React.StrictMode wrapper to avoid double-effects during development.
Release: 0.2.5
Type: Feature + Refactor + Routing upgrade
- Introduce unified View hierarchy (VIEW_TREE) with parent/child relationships
- Add useViewRouter for navigate(), goBack(), openArticle(), and dynamic child navigation
- Replace legacy boolean-based view flags with single ui.view state
- Implement dynamic component rendering via VIEW_COMPONENTS map
- Add HomeView wrapper and integrate dynamic navigation props
- Update ArticleView to use open_editor and new ArticleViewProps
- Adjust ArticleEditor props type to accept null article
- Normalize navigation prop naming (open_* passed as onBack/onEdit via router)
- Enforce validation: prevent article updates without logged-in user
- Remove old conditional rendering/switch blocks and simplify Blog.tsx
- Version bump: 0.2.3 → 0.2.4
