fix(auth): clear stored user on logout to prevent empty home on relaunch

On logout, only the token was removed from MMKV while the user JSON was left behind. On next app launch, initialUser rehydrated userAtom from the stale storage while apiAtom was correctly null, so useProtectedRoute treated the session as authenticated and the user landed on an empty (auth)/(tabs)/(home) instead of /login. - Remove "user" from storage in logoutMutation alongside "token". - Make initialUser defensive: return null when no token is present so the user/api atoms stay consistent and any pre-existing stale state self-corrects on next launch.
2026-05-31 19:18:26 +01:00 · 2026-06-01 00:53:10 +10:00
1 changed files with 8 additions and 0 deletions
--- a/providers/JellyfinProvider.tsx
+++ b/providers/JellyfinProvider.tsx
@@ -69,6 +69,13 @@ const initialApi = (() => {

 const initialUser = (() => {
  try {
+    // Only return a stored user if we also have a token. Otherwise the
+    // user atom would be populated while the api atom is null (e.g. after
+    // a logout that left stale user JSON in storage), which causes
+    // useProtectedRoute to keep us inside the (auth) group instead of
+    // redirecting to /login.
+    const token = storage.getString("token");
+    if (!token) return null;
    const userStr = storage.getString("user");
    if (userStr) {
      return JSON.parse(userStr) as UserDto;
@@ -402,6 +409,7 @@ export const JellyfinProvider: React.FC<{ children: ReactNode }> = ({
        );

      storage.remove("token");
+      storage.remove("user");
      clearTVDiscoverySafely();
      setUser(null);
      setApi(null);