feat(auth): add AuthStateService for role-based redirects

- Create Services/AuthStateService.cs with Login/Logout/GetPortalUrl
- Register as singleton in Program.cs

Co-authored-by: Velik <hongochai10@users.noreply.github.com>

apps/web-client-tpos-net/src/WebClientTpos.Client/Program.cs

@@ -20,6 +20,10 @@ builder.Services.AddSingleton(sp => new HttpClient { BaseAddress = new Uri(new U
 // VI: Thêm POS data service cho BFF API calls
 builder.Services.AddScoped<WebClientTpos.Client.Services.PosDataService>();
 
+// EN: Add auth state service for role-based redirects
+// VI: Thêm auth state service cho điều hướng theo vai trò
+builder.Services.AddSingleton<WebClientTpos.Client.Services.AuthStateService>();
+
 // EN: Add MudBlazor services
 // VI: Thêm các services của MudBlazor
 builder.Services.AddMudServices();

apps/web-client-tpos-net/src/WebClientTpos.Client/Services/AuthStateService.cs

@@ -0,0 +1,38 @@
+namespace WebClientTpos.Client.Services;
+
+public class AuthStateService
+{
+    public bool IsAuthenticated { get; private set; }
+    public string? UserEmail { get; private set; }
+    public string? UserRole { get; private set; } // "owner", "staff", "customer", "branch"
+    public string? Token { get; private set; }
+
+    public event Action? OnChange;
+
+    public void Login(string email, string token, string role)
+    {
+        IsAuthenticated = true;
+        UserEmail = email;
+        Token = token;
+        UserRole = role;
+        OnChange?.Invoke();
+    }
+
+    public void Logout()
+    {
+        IsAuthenticated = false;
+        UserEmail = null;
+        Token = null;
+        UserRole = null;
+        OnChange?.Invoke();
+    }
+
+    public string GetPortalUrl() => UserRole switch
+    {
+        "owner" or "admin" => "/admin",
+        "staff" => "/pos/cafe",
+        "branch" => "/admin",
+        "customer" => "/app",
+        _ => "/auth/login"
+    };
+}