feat: implement server-side cookie-based authentication
- Add HTTP-only cookie setting in /api/auth/login endpoint - Support both Bearer token and cookie auth in /api/auth/me - Clear cookie on /api/auth/logout - Handle admin:admin dev fallback with cookie support - Update login.html to use 1 second redirect (cookie-based auth faster) Cookie configuration: - Name: quant_auth_token - HttpOnly: true (prevents JavaScript access) - Secure: based on HTTPS status - SameSite: Lax (for localhost compatibility) - Expires: 7 days Status: Cookie auth framework complete, testing in progress Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,53 @@
|
||||
import { chromium } from "@playwright/test";
|
||||
|
||||
(async () => {
|
||||
const b = await chromium.launch();
|
||||
const p = await b.newPage();
|
||||
|
||||
try {
|
||||
await p.goto("http://localhost:5265/login");
|
||||
console.log("✓ 1. Login page loaded");
|
||||
|
||||
// Submit login
|
||||
await p.fill("input[name=\"username\"]", "admin");
|
||||
await p.fill("input[name=\"password\"]", "admin");
|
||||
await p.click("button[type=\"submit\"]");
|
||||
console.log("✓ 2. Login submitted");
|
||||
|
||||
// Wait for navigation
|
||||
try {
|
||||
await p.waitForNavigation({ waitUntil: "load", timeout: 6000 });
|
||||
} catch { }
|
||||
|
||||
// Check cookies
|
||||
const cookies = await p.context().cookies();
|
||||
const hasAuthCookie = cookies.some(c => c.name === "quant_auth_token");
|
||||
console.log(`✓ 3. Auth cookie: ${hasAuthCookie ? "YES" : "NO"}`);
|
||||
|
||||
const url = p.url();
|
||||
const content = await p.content();
|
||||
|
||||
console.log(`\n📍 Final URL: ${url}`);
|
||||
|
||||
if (url.includes("/dashboard")) {
|
||||
if (content.includes("관리자 대시보드")) {
|
||||
console.log("✓✓✓ SUCCESS: Dashboard fully loaded!");
|
||||
} else if (content.includes("Not Found")) {
|
||||
console.log("✗ Dashboard URL but Not Found error");
|
||||
} else {
|
||||
console.log("✓ Dashboard page (content varies)");
|
||||
}
|
||||
} else if (url.includes("/login")) {
|
||||
console.log("⚠ Back at login (auth failed)");
|
||||
} else {
|
||||
console.log("? Other page");
|
||||
}
|
||||
|
||||
await p.screenshot({ path: "./final-login-test.png" });
|
||||
|
||||
} catch (e) {
|
||||
console.error("Error:", e.message.substring(0, 50));
|
||||
}
|
||||
|
||||
await b.close();
|
||||
})();
|
||||
Reference in New Issue
Block a user