Redirect unauthenticated protected memo access to sign in

[darkestni]

Resolves #5644

Summary

When an anonymous user opens a protected or private memo link, Memos currently sends them to a 403 page. This is confusing because the next useful action is usually to sign in.

This change redirects unauthenticated users to the sign-in page instead, shows a short explanation, preserves the original memo URL, and returns them to that memo after sign-in or sign-up.

Changes

• Memo detail page now distinguishes between unauthenticated, permission denied, and not found errors.
• Added auth redirect helpers for safe redirect targets and auth reasons.
• Sign-in page now reads and preserves redirect targets.
• Password sign-in now returns users to the original page after authentication.
• Sign-up flow also preserves the original target and returns there after registration.

Behavior

• Unauthenticated access to protected/private memo:
  • Redirect to sign-in
  • Show a short message explaining the memo is not public
  • Return to the memo after successful sign-in/sign-up
• Authenticated but unauthorized access:
  • Keep existing 403 behavior
• Missing memo:
  • Go to 404

Validation

• corepack pnpm lint
• corepack pnpm build

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0159fc3bb4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[boojack]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Delightful!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[memoclaw]

Thanks for the contribution! A few issues need to be addressed before this can be merged:

Missing i18n — "This memo is not public. Sign in to continue." is hardcoded English in both SignIn.tsx and SignUp.tsx. All user-facing strings should go through useTranslate() / t() with a corresponding translation key added to the i18n resource files.

Incorrect fallback route for unhandled errors — In MemoDetail.tsx, any ConnectError that isn't Unauthenticated, PermissionDenied, or NotFound (e.g. Code.Internal, Code.DeadlineExceeded) silently navigates to /404. A server error is not a not-found. Consider keeping the user on the current page (the toast is sufficient) or routing to a generic error page.

Hardcoded /auth/signup path — SignIn.tsx builds the sign-up link with a string literal /auth/signup instead of ${ROUTES.AUTH}/signup. SignUp.tsx already uses ROUTES.AUTH correctly — please keep it consistent.

Please address these before re-requesting review.

[darkestni]

Thanks for the review — I addressed the requested changes in 4c67e482:

• moved the protected memo notice into i18n resources and used t() in both auth pages
• stopped routing unexpected MemoDetail errors to /404 and kept them as toast-only errors
• replaced the hardcoded sign-up path in SignIn.tsx with ${ROUTES.AUTH}/signup

I also localized the fallback memo load error message while touching that code path.

Validation run:

• corepack pnpm lint
• corepack pnpm build

[memoclaw]

Logic is sound and security handling is correct. Merging and will follow up with missing i18n fallbacks for remaining locales.