From 321908dc2f0a3ea0273ebd3d4e407d9eb7d4d179 Mon Sep 17 00:00:00 2001
From: "Builder.io" <builder-bot@builder.io>
Date: Mon, 10 Nov 2025 04:49:24 +0000
Subject: [PATCH] Add email domain validation to StaffLogin

cgen-f99c683cdc504631968d019ea29febe5
---
 client/pages/StaffLogin.tsx | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/client/pages/StaffLogin.tsx b/client/pages/StaffLogin.tsx
index d0a34144..f67ab0d6 100644
--- a/client/pages/StaffLogin.tsx
+++ b/client/pages/StaffLogin.tsx
@@ -66,15 +66,31 @@ export default function StaffLogin() {
     }
   }, [location.search, toastError]);
 
-  // Redirect if already authenticated
+  // Redirect if already authenticated (with @aethex.dev email validation)
   useEffect(() => {
     if (!loading && user) {
+      const userEmail = user.email || "";
+      const isAethexDev = userEmail.endsWith("@aethex.dev");
+
+      if (!isAethexDev) {
+        // Email is not @aethex.dev - show error
+        setErrorFromUrl(
+          "Only @aethex.dev email addresses can access the Staff Portal. If you're an authorized contractor, please use your assigned contractor email."
+        );
+        toastError({
+          title: "Access Denied",
+          description: "This email domain is not authorized for staff access.",
+        });
+        return;
+      }
+
+      // Valid staff email - redirect to dashboard
       const params = new URLSearchParams(location.search);
       const next = params.get("next");
       const safeNext = next && next.startsWith("/staff") ? next : null;
       navigate(safeNext || "/staff/dashboard", { replace: true });
     }
-  }, [user, loading, navigate, location.search]);
+  }, [user, loading, navigate, location.search, toastError]);
 
   const handleGoogleSignIn = async () => {
     setIsLoading(true);