feat: implement server-side cookie-based authentication

- Add HTTP-only cookie setting in /api/auth/login endpoint
- Support both Bearer token and cookie auth in /api/auth/me
- Clear cookie on /api/auth/logout
- Handle admin:admin dev fallback with cookie support
- Update login.html to use 1 second redirect (cookie-based auth faster)

Cookie configuration:
- Name: quant_auth_token
- HttpOnly: true (prevents JavaScript access)
- Secure: based on HTTPS status
- SameSite: Lax (for localhost compatibility)
- Expires: 7 days

Status: Cookie auth framework complete, testing in progress

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
2026-07-06 01:06:06 +09:00
parent b580633eac
commit 7b5d8d6f06
6 changed files with 140 additions and 8 deletions
@@ -320,13 +320,13 @@
// 로그인 성공 메시지 표시
alertDiv.className = 'alert alert-success show';
alertDiv.textContent = '로그인 성공! 대시보드로 이동합니다...';
alertDiv.textContent = '로그인 성공! 대시보드로 이동합니다.';
// Blazor 앱이 localStorage에서 토큰을 읽고 초기화할 시간을 충분히 준다
// 4초 대기 후 대시보드로 이동
// 쿠키가 설정되었으므로 짧은 대기 시간만 필요
// (Blazor가 쿠키를 자동으로 인식함)
setTimeout(() => {
window.location.href = '/dashboard';
}, 4000);
}, 1000);
} else {
const data = await response.json();
alertDiv.className = 'alert alert-error show';