From fd1f985597edf954c9765b198af66e5da4e94521 Mon Sep 17 00:00:00 2001
From: "soroush.asadi" <soroush.asadi@aliasaas.com>
Date: Sun, 21 Jun 2026 10:39:27 +0330
Subject: [PATCH] fix(auth): redirect already-signed-in users away from the
 login page

Visiting /login while authenticated now redirects to the app (/pos) instead of
showing the login form again. Guarded on _hasHydrated so the not-yet-rehydrated
(null) session isn't misread, and renders a brief "redirecting" state instead of
flashing the form. fa/en/ar strings added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 web/dashboard/messages/ar.json                |  1 +
 web/dashboard/messages/en.json                |  1 +
 web/dashboard/messages/fa.json                |  1 +
 web/dashboard/src/app/[locale]/login/page.tsx | 19 ++++++++++++++++++-
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/web/dashboard/messages/ar.json b/web/dashboard/messages/ar.json
index 221dae1..59147fb 100644
--- a/web/dashboard/messages/ar.json
+++ b/web/dashboard/messages/ar.json
@@ -39,6 +39,7 @@
   "auth": {
     "title": "تسجيل الدخول إلى ميزي",
     "subtitle": "سيتم إرسال رمز التحقق إلى هاتفك",
+    "redirecting": "مسجّل الدخول بالفعل — يتم التحويل…",
     "phone": "رقم الجوال",
     "phonePlaceholder": "٠٩١٢١٢٣٤٥٦٧",
     "sendOtp": "إرسال الرمز",
diff --git a/web/dashboard/messages/en.json b/web/dashboard/messages/en.json
index 301c1f5..26ade1a 100644
--- a/web/dashboard/messages/en.json
+++ b/web/dashboard/messages/en.json
@@ -39,6 +39,7 @@
   "auth": {
     "title": "Sign in to Meezi",
     "subtitle": "We will send a verification code to your phone",
+    "redirecting": "Already signed in — redirecting…",
     "phone": "Mobile number",
     "phonePlaceholder": "09121234567",
     "sendOtp": "Send code",
diff --git a/web/dashboard/messages/fa.json b/web/dashboard/messages/fa.json
index 118d563..36f0fe1 100644
--- a/web/dashboard/messages/fa.json
+++ b/web/dashboard/messages/fa.json
@@ -39,6 +39,7 @@
   "auth": {
     "title": "ورود به میزی",
     "subtitle": "کد تأیید به موبایل شما ارسال می‌شود",
+    "redirecting": "قبلاً وارد شده‌اید — در حال انتقال…",
     "phone": "شماره موبایل",
     "phonePlaceholder": "۰۹۱۲۱۲۳۴۵۶۷",
     "sendOtp": "ارسال کد",
diff --git a/web/dashboard/src/app/[locale]/login/page.tsx b/web/dashboard/src/app/[locale]/login/page.tsx
index 7bb8759..91abf83 100644
--- a/web/dashboard/src/app/[locale]/login/page.tsx
+++ b/web/dashboard/src/app/[locale]/login/page.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useState } from "react";
+import { useState, useEffect } from "react";
 import { useTranslations } from "next-intl";
 import { useRouter, Link } from "@/i18n/routing";
 import { apiPost, ApiClientError } from "@/lib/api/client";
@@ -18,6 +18,15 @@ export default function LoginPage() {
   const t = useTranslations("auth");
   const router = useRouter();
   const setAuth = useAuthStore((s) => s.setAuth);
+  const user = useAuthStore((s) => s.user);
+  const hasHydrated = useAuthStore((s) => s._hasHydrated);
+
+  // Already signed in? Don't show the login form again — send them to the app.
+  // Gate on _hasHydrated so we don't act on a not-yet-rehydrated (null) session.
+  const alreadyAuthed = hasHydrated && !!user?.accessToken;
+  useEffect(() => {
+    if (alreadyAuthed) router.replace("/pos");
+  }, [alreadyAuthed, router]);
 
   const [tab, setTab] = useState<LoginTab>("otp");
 
@@ -140,6 +149,14 @@ export default function LoginPage() {
     setCode("");
   };
 
+  if (alreadyAuthed) {
+    return (
+      <div className="flex min-h-screen items-center justify-center bg-muted/30 p-4">
+        <p className="text-sm text-muted-foreground">{t("redirecting")}</p>
+      </div>
+    );
+  }
+
   return (
     <div className="flex min-h-screen items-center justify-center bg-muted/30 p-4">
       <Card className="w-full max-w-md">