refactor: move auth token to HttpOnly cookie, fix CORS and artefacts
Backend: - Set JWT as HttpOnly cookie on login, add cookie fallback in auth middleware - Add /auth/logout endpoint to clear cookie - Fix CORS to echo origin with Allow-Credentials for withCredentials requests - Make SPA static serving optional via SERVE_SPA config flag Frontend: - Remove manual token management; rely on HttpOnly cookie + withCredentials - Simplify auth-slice to authenticated boolean flag - Fix Artefact interface to match backend fields (sha256Hash, fileName, fileSize) - Fix artefact upload endpoint and send version in FormData - Use KiB/MiB for file size display - Move Redux hooks from store/hooks to hooks/store
This commit is contained in:
@@ -28,5 +28,16 @@ func (h *Handler) Login(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, resp)
|
||||
// Set JWT as HttpOnly cookie so the frontend doesn't need to manage it.
|
||||
// The browser sends it automatically on every request.
|
||||
maxAge := h.svc.ExpiryHrs() * 3600
|
||||
c.SetCookie("pipely_token", resp.Token, maxAge, "/", "", false, true)
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "Login successful"})
|
||||
}
|
||||
|
||||
func (h *Handler) Logout(c *gin.Context) {
|
||||
// Clear the auth cookie by setting MaxAge=-1
|
||||
c.SetCookie("pipely_token", "", -1, "/", "", false, true)
|
||||
c.JSON(http.StatusOK, gin.H{"message": "Logged out"})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user