nuzlocke-tracker/.beans/archive/nuzlocke-tracker-2zwg--protect-frontend-routes-with-protectedroute-and-ad.md

title, status, type, priority, created_at, updated_at, parent, blocked_by

title	status	type	priority	created_at	updated_at	parent	blocked_by
Protect frontend routes with ProtectedRoute and AdminRoute	completed	task	normal	2026-03-21T10:06:20Z	2026-03-21T10:19:41Z	nuzlocke-tracker-ce4o	nuzlocke-tracker-5svj

Use the existing `ProtectedRoute` component (currently unused) and create an `AdminRoute` component to guard routes in `App.tsx`.

Checklist

• Wrap `/runs/new` and `/genlockes/new` with `ProtectedRoute` (requires login)
• Create `AdminRoute` component that checks `isAdmin` from `useAuth()`, redirects to `/` with a toast/message if not admin
• Wrap all `/admin/*` routes with `AdminRoute`
• Ensure `/runs` and `/runs/:runId` remain accessible to everyone (public run viewing)
• Verify deep-linking works (e.g., visiting `/admin/games` while logged out redirects to login, then back to `/admin/games` after auth)

Files to change

• `frontend/src/App.tsx` — wrap routes
• `frontend/src/components/ProtectedRoute.tsx` — already exists, verify it works
• `frontend/src/components/AdminRoute.tsx` — new file

Summary of Changes

Implemented frontend route protection:

• ProtectedRoute: Wraps /runs/new and /genlockes/new - redirects unauthenticated users to /login with return location preserved
• AdminRoute: New component that checks isAdmin from useAuth(), redirects non-admins to / with a toast notification
• Admin routes: Wrapped AdminLayout with AdminRoute to protect all /admin/* routes
• Public routes: /runs and /runs/:runId remain accessible to everyone
• Deep-linking: Location state preserved so users return to original route after login