From 2992822010985c5265f20d1d3001bd99dd3a7b45 Mon Sep 17 00:00:00 2001
From: Luis Pereira <luispereira.tkd@gmail.com>
Date: Sun, 18 Jan 2026 22:57:46 +0000
Subject: [PATCH] feat: replace global auth state variable with template
 injected object

---
 template/about.ctml  |  2 +-
 user-management.lisp | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/template/about.ctml b/template/about.ctml
index dccc022..8da4661 100644
--- a/template/about.ctml
+++ b/template/about.ctml
@@ -8,7 +8,7 @@
   <link rel="icon" type="image/png" sizes="32x32" href="/asteroid/static/favicon-32x32.png">
   <link rel="icon" type="image/png" sizes="16x16" href="/asteroid/static/favicon-16x16.png">
   <link rel="stylesheet" type="text/css" href="/asteroid/static/asteroid.css">
-  <script src="/asteroid/static/js/auth-ui.js"></script>
+  <script lquery='(text (asteroid::get-auth-state-js-var))'></script>
 </head>
 <body>
   <div class="container">
diff --git a/user-management.lisp b/user-management.lisp
index 3acf20c..2569076 100644
--- a/user-management.lisp
+++ b/user-management.lisp
@@ -157,6 +157,19 @@
   "Get the currently authenticated user's ID from session"
   (session:field "user-id"))
 
+(defun get-auth-state-js-var ()
+  "Builds a JavaScript variable definition with the current authentication state
+   for a request. The variable definition is a string ready to be injected in a
+   template file."
+  (let ((user (get-current-user)))
+    (format nil "var AUTHSTATE = ~a"
+            (if user
+              (cl-json:encode-json-to-string
+               `(("loggedIn" .  t)
+                 ("isAdmin" . ,(when (user-has-role-p user :admin) t))
+                 ("username" . ,(dm:field user "username"))))
+              "null"))))
+
 (defun require-authentication (&key (api nil))
   "Require user to be authenticated. 
    Returns T if authenticated, NIL if not (after emitting error response).