Jonathan Hvid
b3bd5e4af6
Restore the "Part of AI Lab" credit block in all three views and hide it client-side once /auth/me (or fresh login) identifies the viewer as alz@bii.dk. Everyone else sees it as before. Marked with data-ailab; hidden via inline display:none since the flex containers override the [hidden] attribute. No inline scripts — logic lives in the existing page JS, CSP stays script-src 'self'. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
54 lines
2.5 KiB
JavaScript
54 lines
2.5 KiB
JavaScript
// ─────────────────────────────────────────────────────────────
|
|
// protected/mobile/mobile.js — minimal client for the mobile view.
|
|
//
|
|
// One behaviour, nothing else:
|
|
// 1. Confirm the session is still valid on page load. If the
|
|
// session expired since the server rendered the HTML, bounce
|
|
// to "/" so the user doesn't read gated content without a
|
|
// session cookie (defensive — requireAuth already gates the
|
|
// page request itself).
|
|
//
|
|
// The customer-facing deck ends on the implementation roadmap; there
|
|
// is no "Join" CTA on this view (matching the desktop view), so no
|
|
// POST to /api/bifrost-join.
|
|
//
|
|
// There is no logout button on the mobile view; the masthead is
|
|
// logo-only by design. Users who want to log out can do so from a
|
|
// desktop session, or by clearing cookies.
|
|
//
|
|
// No GSAP, no Lenis, no d3. No sharing of globals with the desktop
|
|
// timeline/bifrost scripts — this file is only loaded by
|
|
// protected/mobile/index.html and never by the desktop view.
|
|
// ─────────────────────────────────────────────────────────────
|
|
|
|
/* ───── AI Lab credit visibility ─────
|
|
The "Part of AI Lab" affiliation credit is shown to everyone except
|
|
one viewer, who has asked that it never appear while they present.
|
|
Hidden client-side once /auth/me returns the email. Compared
|
|
lower-cased so casing doesn't matter; the container is display:flex,
|
|
so an inline display:none is used (it beats the stylesheet rule,
|
|
where the [hidden] attribute would not). ───── */
|
|
const AILAB_HIDE_EMAIL = 'alz@bii.dk';
|
|
function applyAilabVisibility(email) {
|
|
if (!email || email.trim().toLowerCase() !== AILAB_HIDE_EMAIL) return;
|
|
document.querySelectorAll('[data-ailab]').forEach((el) => {
|
|
el.style.display = 'none';
|
|
});
|
|
}
|
|
|
|
(async function checkSession() {
|
|
try {
|
|
const res = await fetch('/auth/me', { credentials: 'same-origin' });
|
|
if (!res.ok) {
|
|
window.location.href = '/';
|
|
return;
|
|
}
|
|
const data = await res.json().catch(() => ({}));
|
|
applyAilabVisibility(data.email);
|
|
} catch {
|
|
// Network error — do not boot the user out; desktop behaviour is
|
|
// the same. If the next action actually needs the server, we'll
|
|
// surface the error there.
|
|
}
|
|
})();
|
|
|