Fix validation fo google tokens

src/routes/+page.svelte

@@ -1,22 +1,11 @@
 <div class="min-h-screen flex flex-col justify-center items-center">
     <!-- SVG QR Code Art on Top -->
     <div class="mb-8">
-        <!-- Simple QR code SVG (static, for illustration) -->
-        <svg width="96" height="96" viewBox="0 0 96 96" fill="none" xmlns="http://www.w3.org/2000/svg">
-            <rect width="96" height="96" rx="16" fill="#F3F4F6"/>
-            <rect x="12" y="12" width="20" height="20" fill="#111827"/>
-            <rect x="64" y="12" width="20" height="20" fill="#111827"/>
-            <rect x="12" y="64" width="20" height="20" fill="#111827"/>
-            <rect x="40" y="40" width="8" height="8" fill="#111827"/>
-            <rect x="56" y="56" width="8" height="8" fill="#111827"/>
-            <rect x="72" y="40" width="8" height="8" fill="#111827"/>
-            <rect x="40" y="72" width="8" height="8" fill="#111827"/>
-        </svg>
+        <img class="w-32 h-auto" src="/qr-code.png" alt="">
     </div>
     <h1 class="text-3xl font-bold text-center mb-2">ESN Scanner App</h1>
     <h2 class="text-lg text-gray-600 text-center mb-8">Make entrance to your events a breeze.</h2>
     <div class="flex space-x-4 w-full justify-center">
-        <a href="/auth/login" class="w-32 py-2 bg-blue-600 text-white rounded text-center hover:bg-blue-700 transition">Login</a>
-        <a href="/auth/signup" class="w-32 py-2 bg-gray-200 text-blue-700 rounded text-center hover:bg-gray-300 transition">Signup</a>
+        <a href="/private/home" class="w-64 py-2 bg-blue-600 text-white rounded-lg text-center hover:bg-blue-700 transition">Get started</a>
     </div>
 </div>

src/routes/auth/signout/+page.svelte

@@ -1,11 +0,0 @@
-<script lang="ts">
-import { onMount } from 'svelte';
-import { goto } from '$app/navigation';
-
-onMount(() => {
-  localStorage.clear();
-  goto('/');
-});
-</script>
-
-<p>Signing out...</p>

src/routes/auth/signout/+server.ts

@@ -1,9 +1,11 @@
 import type { RequestHandler } from './$types';
-import { redirect } from '@sveltejs/kit';
-
-export const GET: RequestHandler = async ({ locals }) => {
-  // If using supabase-js client on the server, you can sign out here
-  if (locals.supabase) {
+export const GET: RequestHandler = async ({ locals}) => {
     await locals.supabase.auth.signOut();
-  }
-};
+
+    const html = `
+        <script>
+            localStorage.clear();
+            location.href = '/';
+        </script>`;
+    return new Response(html, { headers: { 'Content-Type': 'text/html' } });
+};

src/routes/private/api/gmail/+server.ts

@@ -60,5 +60,24 @@ export const POST: RequestHandler = async ({ request }) => {
 		}
 	}
 
+	/* validate token */
+	if (action === 'validate') {
+		if (!refreshToken) {
+			console.log('No refreshToken provided');
+			return json({ valid: false });
+		}
+		try {
+			console.log('Validating refreshToken:', refreshToken);
+			const oAuth2Client = getOAuthClient();
+			oAuth2Client.setCredentials({ refresh_token: refreshToken });
+			await oAuth2Client.getAccessToken(); // This will throw if invalid
+			console.log('Token is valid');
+			return json({ valid: true });
+		} catch (err) {
+			console.error('Token validation error:', err);
+			return json({ valid: false, error: (err as Error).message });
+		}
+	}
+
 	return new Response('Bad request', { status: 400 });
 };

src/routes/private/creator/+page.svelte

@@ -9,9 +9,21 @@
 	let subject = '';
 	let body = '';
 
-	onMount(() => {
+	async function validateToken(token: string): Promise<boolean> {
+		if (!token) return false;
+		const res = await fetch('/private/api/gmail', {
+			method: 'POST',
+			headers: { 'Content-Type': 'application/json' },
+			body: JSON.stringify({ action: 'validate', refreshToken: token })
+		});
+		if (!res.ok) return false;
+		const data = await res.json();
+		return !!data.valid;
+	}
+
+	onMount(async () => {
 		refreshToken = localStorage.getItem('gmail_refresh_token') ?? '';
-		authorized = !!refreshToken;
+		authorized = await validateToken(refreshToken);
 	});
 
 	/* ⇢ redirects straight to Google via server 302 */