reference

Session & Auth

// The auth context

lib/auth-context.tsx exposes a single React provider that owns the session state for the whole dashboard. It hides the plumbing — debounced checks, focus-driven refresh, 401-driven sign-out — behind two hooks:

const { status, account, refresh, signOut } = useAuth();
// status: "loading" | "authenticated" | "unauthenticated"

const account = useAccount();
// shortcut to the account object

// The Account shape

type Account = {
  UID: string | number;
  Username: string;
  Email: string;
  Boosts?: number;
  StripeCustomerID?: string | null;
  TwoFactorEnabled?: boolean;
};

// Refresh behaviour

DEDUPAt most one /api/auth/check-session request is in-flight at a time.
DEBOUNCESubsequent checks within 60 seconds reuse the cached result so navigation feels instant.
FOCUSTab focus triggers a fresh check so a stale tab catches up after you have been away.
401Any ApiError with status 401 forces a sign-out and a redirect to /login.

// Signing out

signOut(redirect?) calls /api/auth/logout, clears the local account, and redirects to the given path (defaulting to /login).