From 5988c6d064a1aadbc491c86b43e78a464e9b6e16d414f653e34dd8132dd549bb Mon Sep 17 00:00:00 2001
From: Claude Dev <support+claude@ezscale.cloud>
Date: Mon, 9 Feb 2026 02:55:48 -0500
Subject: [PATCH] Fix redirect loop on session expiry and add missing nav links

- Add redirectGuestsTo in bootstrap/app.php so unauthenticated users
  always redirect to the full account login URL instead of a relative
  /login that would 404 on the admin subdomain or loop
- Create HandleInertiaRequests middleware to share auth.user, flash
  messages, and domain config to all Vue pages (was entirely missing)
- Add Profile nav link in AppLayout, "Customer View" link in AdminLayout
- Point logout to account subdomain where Fortify routes live
- Link AuthLayout logo back to marketing site
- Fix Marketing/Home links to use full account subdomain URLs
- Update RoleBasedAccessTest to match new redirect URL

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../Http/Middleware/HandleInertiaRequests.php | 30 +++++++++++++++++++
 website/bootstrap/app.php                     |  4 ++-
 website/resources/js/Layouts/AdminLayout.vue  | 16 ++++++++--
 website/resources/js/Layouts/AppLayout.vue    | 12 +++++++-
 website/resources/js/Layouts/AuthLayout.vue   |  8 ++++-
 website/resources/js/Pages/Marketing/Home.vue | 12 ++++++--
 .../Feature/Auth/RoleBasedAccessTest.php      |  2 +-
 7 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100644 website/app/Http/Middleware/HandleInertiaRequests.php

diff --git a/website/app/Http/Middleware/HandleInertiaRequests.php b/website/app/Http/Middleware/HandleInertiaRequests.php
new file mode 100644
index 0000000..9e3b7c8
--- /dev/null
+++ b/website/app/Http/Middleware/HandleInertiaRequests.php
@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use Illuminate\Http\Request;
+use Inertia\Middleware;
+
+class HandleInertiaRequests extends Middleware
+{
+    /** @return array<string, mixed> */
+    public function share(Request $request): array
+    {
+        return array_merge(parent::share($request), [
+            'auth' => fn () => [
+                'user' => $request->user() ? $request->user()->only('id', 'name', 'email', 'status') : null,
+            ],
+            'flash' => fn () => [
+                'success' => $request->session()->get('success'),
+                'error' => $request->session()->get('error'),
+            ],
+            'domains' => fn () => [
+                'marketing' => config('app.domains.marketing'),
+                'account' => config('app.domains.account'),
+                'admin' => config('app.domains.admin'),
+            ],
+        ]);
+    }
+}
diff --git a/website/bootstrap/app.php b/website/bootstrap/app.php
index d711574..09c4e38 100644
--- a/website/bootstrap/app.php
+++ b/website/bootstrap/app.php
@@ -29,9 +29,11 @@ return Application::configure(basePath: dirname(__DIR__))
         $middleware->trustProxies(at: '*');
 
         $middleware->web(append: [
-            \Inertia\Middleware::class,
+            \App\Http\Middleware\HandleInertiaRequests::class,
         ]);
 
+        $middleware->redirectGuestsTo(fn () => 'https://'.config('app.domains.account').'/login');
+
         $middleware->alias([
             'role' => \Spatie\Permission\Middleware\RoleMiddleware::class,
             'permission' => \Spatie\Permission\Middleware\PermissionMiddleware::class,
diff --git a/website/resources/js/Layouts/AdminLayout.vue b/website/resources/js/Layouts/AdminLayout.vue
index df08490..147641c 100644
--- a/website/resources/js/Layouts/AdminLayout.vue
+++ b/website/resources/js/Layouts/AdminLayout.vue
@@ -1,8 +1,12 @@
 <script setup>
 import { Link, usePage } from '@inertiajs/vue3';
+import { computed } from 'vue';
+import FlashMessages from '@/Components/FlashMessages.vue';
 
 const page = usePage();
-const user = page.props.auth?.user;
+const user = computed(() => page.props.auth?.user);
+const domains = computed(() => page.props.domains);
+const accountUrl = computed(() => `https://${domains.value?.account}`);
 </script>
 
 <template>
@@ -24,10 +28,17 @@ const user = page.props.auth?.user;
                         </div>
                     </div>
                     <div class="flex items-center space-x-4">
+                        <a
+                            v-if="user"
+                            :href="accountUrl + '/dashboard'"
+                            class="text-sm text-gray-400 hover:text-white"
+                        >
+                            Customer View
+                        </a>
                         <span v-if="user" class="text-sm text-gray-300">{{ user.name }}</span>
                         <Link
                             v-if="user"
-                            href="/logout"
+                            :href="accountUrl + '/logout'"
                             method="post"
                             as="button"
                             class="text-sm text-gray-400 hover:text-white"
@@ -40,6 +51,7 @@ const user = page.props.auth?.user;
         </nav>
 
         <main class="max-w-7xl mx-auto py-6 px-4 sm:px-6 lg:px-8">
+            <FlashMessages />
             <slot />
         </main>
     </div>
diff --git a/website/resources/js/Layouts/AppLayout.vue b/website/resources/js/Layouts/AppLayout.vue
index 149916e..6fe963f 100644
--- a/website/resources/js/Layouts/AppLayout.vue
+++ b/website/resources/js/Layouts/AppLayout.vue
@@ -1,8 +1,11 @@
 <script setup>
 import { Link, usePage } from '@inertiajs/vue3';
+import { computed } from 'vue';
+import FlashMessages from '@/Components/FlashMessages.vue';
 
 const page = usePage();
-const user = page.props.auth?.user;
+const user = computed(() => page.props.auth?.user);
+const domains = computed(() => page.props.domains);
 </script>
 
 <template>
@@ -21,6 +24,12 @@ const user = page.props.auth?.user;
                             >
                                 Dashboard
                             </Link>
+                            <Link
+                                href="/profile"
+                                class="px-3 py-2 rounded-md text-sm font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-100"
+                            >
+                                Profile
+                            </Link>
                         </div>
                     </div>
                     <div class="flex items-center space-x-4">
@@ -40,6 +49,7 @@ const user = page.props.auth?.user;
         </nav>
 
         <main class="max-w-7xl mx-auto py-6 px-4 sm:px-6 lg:px-8">
+            <FlashMessages />
             <slot />
         </main>
     </div>
diff --git a/website/resources/js/Layouts/AuthLayout.vue b/website/resources/js/Layouts/AuthLayout.vue
index 2ea5ad8..842a35f 100644
--- a/website/resources/js/Layouts/AuthLayout.vue
+++ b/website/resources/js/Layouts/AuthLayout.vue
@@ -1,11 +1,17 @@
 <script setup>
+import { usePage } from '@inertiajs/vue3';
+import { computed } from 'vue';
+
+const page = usePage();
+const domains = computed(() => page.props.domains);
+const marketingUrl = computed(() => `https://${domains.value?.marketing}`);
 </script>
 
 <template>
     <div class="min-h-screen flex flex-col items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
         <div class="w-full max-w-md">
             <div class="text-center mb-8">
-                <h1 class="text-3xl font-bold text-gray-900">EZSCALE</h1>
+                <a :href="marketingUrl" class="text-3xl font-bold text-gray-900">EZSCALE</a>
                 <p class="mt-2 text-sm text-gray-600">Cloud Hosting Platform</p>
             </div>
             <div class="bg-white shadow-sm rounded-lg border border-gray-200 p-8">
diff --git a/website/resources/js/Pages/Marketing/Home.vue b/website/resources/js/Pages/Marketing/Home.vue
index 7227c22..a920b3d 100644
--- a/website/resources/js/Pages/Marketing/Home.vue
+++ b/website/resources/js/Pages/Marketing/Home.vue
@@ -1,4 +1,10 @@
 <script setup>
+import { usePage } from '@inertiajs/vue3';
+import { computed } from 'vue';
+
+const page = usePage();
+const domains = computed(() => page.props.domains);
+const accountUrl = computed(() => `https://${domains.value?.account}`);
 </script>
 
 <template>
@@ -8,8 +14,8 @@
                 <div class="flex justify-between h-16 items-center">
                     <span class="text-xl font-bold text-gray-900">EZSCALE</span>
                     <div class="space-x-4">
-                        <a href="/login" class="text-sm text-gray-600 hover:text-gray-900">Sign in</a>
-                        <a href="/register" class="text-sm px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700">Get Started</a>
+                        <a :href="accountUrl + '/login'" class="text-sm text-gray-600 hover:text-gray-900">Sign in</a>
+                        <a :href="accountUrl + '/register'" class="text-sm px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700">Get Started</a>
                     </div>
                 </div>
             </div>
@@ -25,7 +31,7 @@
                     VPS, Dedicated Servers, Web Hosting, and Game Servers. Powered by EZSCALE.
                 </p>
                 <div class="mt-10">
-                    <a href="/register" class="px-8 py-3 bg-blue-600 text-white font-medium rounded-md hover:bg-blue-700 text-lg">
+                    <a :href="accountUrl + '/register'" class="px-8 py-3 bg-blue-600 text-white font-medium rounded-md hover:bg-blue-700 text-lg">
                         Start Free Trial
                     </a>
                 </div>
diff --git a/website/tests/Feature/Auth/RoleBasedAccessTest.php b/website/tests/Feature/Auth/RoleBasedAccessTest.php
index c454d47..dc01f0f 100644
--- a/website/tests/Feature/Auth/RoleBasedAccessTest.php
+++ b/website/tests/Feature/Auth/RoleBasedAccessTest.php
@@ -12,7 +12,7 @@ beforeEach(function (): void {
 
 it('redirects unauthenticated users to login', function (): void {
     $this->get($this->accountUrl.'/dashboard')
-        ->assertRedirect($this->accountUrl.'/login');
+        ->assertRedirect('https://'.config('app.domains.account').'/login');
 });
 
 it('identifies admin users correctly', function (): void {