feat: implement server-side cookie-based authentication

- Add HTTP-only cookie setting in /api/auth/login endpoint
- Support both Bearer token and cookie auth in /api/auth/me
- Clear cookie on /api/auth/logout
- Handle admin:admin dev fallback with cookie support
- Update login.html to use 1 second redirect (cookie-based auth faster)

Cookie configuration:
- Name: quant_auth_token
- HttpOnly: true (prevents JavaScript access)
- Secure: based on HTTPS status
- SameSite: Lax (for localhost compatibility)
- Expires: 7 days

Status: Cookie auth framework complete, testing in progress

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
2026-07-06 01:06:06 +09:00
parent b580633eac
commit 7b5d8d6f06
6 changed files with 140 additions and 8 deletions
BIN
View File
Binary file not shown.

After

Width:  |  Height:  |  Size: 211 KiB