# T006 — Mock auth session + login + guard > Status: `todo` > Milestone: `M2` > Est. change: `~160 lines` ## Goal mock 登入後可進 `/app/**`;未登入強制 `/login`;logout 清 session。 ## Depends on - T005 ## Inputs - Spec §4.1、§5.0 Auth - mock 帳密可寫死 e.g. `demo@harbor.local` / `demo`(文件註明) ## Outputs ### 程式變更 | 路徑 | 動作 | 說明 | |------|------|------| | `apps/web/src/auth/AuthContext.tsx` | add | session state | | `apps/web/src/auth/RequireAuth.tsx` | add | 路由守衛 | | `apps/web/src/pages/LoginPage.tsx` | edit | 表單 + 錯誤 | | `apps/web/src/lib/storage.ts` | add | localStorage helpers(可先做) | | Topbar | edit | 登出按鈕 | ### 行為變更 - 重整後 mock session 仍在 - 錯密碼顯示錯誤、不進 app ## Out of scope - JWT / live API - email 驗證 ## Acceptance - [ ] 未登入開 `/app/today` → `/login` - [ ] 正確登入 → Today - [ ] 登出 → login 且不可回 app - [ ] `npm run build` 通過 ```bash cd apps/web && npm run build ```