refactor: move auth token to HttpOnly cookie, fix CORS and artefacts
Backend: - Set JWT as HttpOnly cookie on login, add cookie fallback in auth middleware - Add /auth/logout endpoint to clear cookie - Fix CORS to echo origin with Allow-Credentials for withCredentials requests - Make SPA static serving optional via SERVE_SPA config flag Frontend: - Remove manual token management; rely on HttpOnly cookie + withCredentials - Simplify auth-slice to authenticated boolean flag - Fix Artefact interface to match backend fields (sha256Hash, fileName, fileSize) - Fix artefact upload endpoint and send version in FormData - Use KiB/MiB for file size display - Move Redux hooks from store/hooks to hooks/store
This commit is contained in:
@@ -63,3 +63,12 @@ BANDWIDTH_BPS=209715
|
||||
# Default: 100
|
||||
# Example: RATE_LIMIT_RPS=50 (stricter, for constrained environments)
|
||||
RATE_LIMIT_RPS=100
|
||||
|
||||
# ── Web Admin Panel ───────────────────────────────────────
|
||||
|
||||
# Whether the Go server should serve the built SPA frontend from ./web/dist.
|
||||
# Set to false when using Caddy, Nginx, or another reverse proxy to serve
|
||||
# the frontend and proxy API requests to this server.
|
||||
# Default: true
|
||||
# Example: SERVE_SPA=false (frontend served by external web server)
|
||||
SERVE_SPA=true
|
||||
|
||||
Reference in New Issue
Block a user