bert.hausmans
473b22ac9e
Rewrites plugins/1.router/guards.ts per ARCH-CONSOLIDATION §4.3. The
B1 portal-context carve-out is removed; portal/organizer routing is
now declarative via meta.context, role gates via meta.requiresRole.
Guard pipeline:
1. Initialize auth store on first navigation
2. Public routes pass through (authenticated user on guest-only path
is bounced to resolveLandingRoute)
3. Auth required → /login?to=<path>
4. MFA setup gate → /account-settings?tab=security
5. requiresRole declarative check (replaces hardcoded /platform path
prefix + isSuperAdmin)
6. Context routing — portal returns early, organizer falls through
and sets lastContext
7. Org-selection check (organizer routes only)
Page meta updates (mechanical, idempotent):
- 4 portal pages: removed `requiresAuth: true` (auth is implicit)
- 4 pages: replaced `requiresAuth: false` with `meta.public: true`
(registreren, wachtwoord-instellen, advance/[token],
invitations/[token])
- 22 organizer pages: added `context: 'organizer'`
(account-settings, events/**, organisation/form-failures/**,
select-organisation, dashboard, events/index, members,
organisation/{index,companies,settings})
- 8 platform pages: added `context: 'organizer'` +
`requiresRole: 'super_admin'`
- 6 organizer pages had no definePage block — one was added with
`context: 'organizer'`
Adds plugins/1.router/__tests__/guards.spec.ts (11 tests) covering
public passthrough, unauthenticated redirect, portal/organizer
context branching, declarative requiresRole, org-selection
redirect, MFA gate.
Test count 178 → 189 (11 new). Lint + typecheck clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>