Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Eleazarguitar18/kantuta_pos_front/llms.txt
Use this file to discover all available pages before exploring further.
AuthContext is the single source of truth for the authenticated session in Kantuta POS. It owns the JWT access token, the current user object, and two storage helpers — loginStorage and logoutStorage — that keep React state and localStorage in sync. It also runs an inactivity timer that automatically logs the user out after 45 minutes without any keyboard, mouse, or scroll activity.
AuthContextType Interface
The shape of the context value is defined inline insideAuthContext.tsx (the file in src/context/auth/types/AuthContextType.ts holds a legacy stub):
| Field | Type | Description |
|---|---|---|
user | User | null | Deserialized user object from localStorage on mount |
token | string | null | The JWT access token; null if expired or not present |
isAuthenticated | boolean | true only when token is a non-empty, non-literal string and user is non-null |
loginStorage | function | Persists all three credentials to localStorage and updates React state |
logoutStorage | function | Clears all credentials from localStorage and redirects to /signin |
Consuming the Context
Import and call theuseAuth() hook from anywhere inside the AuthContextProvider tree:
How loginStorage and logoutStorage Work
loginStorage — persisting credentials
Called by the sign-in page after a successful API response. Stores three keys in After this call,
localStorage and updates React state atomically:isAuthenticated flips to true on the next render.Token Expiry Decoding
On every page load,AuthContextProvider checks whether the stored access_token has already expired before restoring it into React state. The check manually decodes the JWT payload without any external library:
- State initializer — the
useStatelazy initializer fortokencallsisTokenExpiredbefore returning the stored value. If the token is expired, it removes all three localStorage keys and returnsnull. - Mount effect — a
useEffectwith an empty dependency array re-runs the check after the initial render to catch any edge case where the initializer ran before the DOM was ready.
Inactivity Auto-Logout (45 Minutes)
A seconduseEffect sets up an activity-based reset timer. Any user interaction resets the countdown; if 45 minutes pass with no activity, logoutStorage() is called automatically.
The 45-minute inactivity timer starts as soon as
AuthContextProvider mounts — even before the user has signed in. Once the user signs in, the timer continues running and resets on any mousemove, keydown, scroll, or click event on the window. The timer reference is held in a useRef so it does not trigger re-renders when it resets.isAuthenticated Guard Logic
TheisAuthenticated boolean is more defensive than a simple !!token check:
localStorage.getItem('access_token') returns the literal string "null" or "undefined" — which can happen if code elsewhere accidentally calls localStorage.setItem('access_token', String(null)).
Role-Based Access with useRole
For component-level role checks, use theuseRole hook instead of reading user.role directly. It normalizes the role to lowercase and provides convenience booleans:
useRole internally calls useAuth(), so it also requires being inside AuthContextProvider.