Refactor frontend entry to login and play routes

RpgRoller.Tests/Api/FrontendHostTests.cs

@@ -3,15 +3,41 @@ namespace RpgRoller.Tests;
 public sealed class FrontendHostTests(WebApplicationFactory<Program> factory) : ApiTestBase(factory)
 {
     [Fact]
-    public async Task RootPath_ServesBlazorFrontendShell()
+    public async Task RootPath_RedirectsToLogin_WhenAnonymous()
     {
         using var factory = CreateFactory(1);
         using var client = factory.CreateClient(new() { AllowAutoRedirect = false });
         var response = await client.GetAsync("/");
 
+        Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
+        Assert.Equal("/login", response.Headers.Location?.OriginalString);
+    }
+
+    [Fact]
+    public async Task RootPath_RedirectsToPlay_WhenAuthenticated()
+    {
+        using var factory = CreateFactory(1);
+        using var client = factory.CreateClient(new() { AllowAutoRedirect = false });
+        await RegisterAsync(client, "alice", "Password123", "Alice");
+        await LoginAsync(client, "alice", "Password123");
+
+        var response = await client.GetAsync("/");
+
+        Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
+        Assert.Equal("/play", response.Headers.Location?.OriginalString);
+    }
+
+    [Fact]
+    public async Task LoginPath_ServesStaticAuthMarkup()
+    {
+        using var factory = CreateFactory(1);
+        using var client = factory.CreateClient(new() { AllowAutoRedirect = false });
+        var response = await client.GetAsync("/login");
+
         Assert.Equal(HttpStatusCode.OK, response.StatusCode);
         var html = await response.Content.ReadAsStringAsync();
-        Assert.Contains("_framework/blazor.web.js", html);
-        Assert.Contains("Connecting...", html);
+        Assert.Contains("Register or log in to join a campaign session.", html);
+        Assert.Contains("data-auth-page", html);
+        Assert.DoesNotContain("_framework/blazor.web.js", html);
     }
 }