feat: implement server-side cookie-based authentication

- Add HTTP-only cookie setting in /api/auth/login endpoint
- Support both Bearer token and cookie auth in /api/auth/me
- Clear cookie on /api/auth/logout
- Handle admin:admin dev fallback with cookie support
- Update login.html to use 1 second redirect (cookie-based auth faster)

Cookie configuration:
- Name: quant_auth_token
- HttpOnly: true (prevents JavaScript access)
- Secure: based on HTTPS status
- SameSite: Lax (for localhost compatibility)
- Expires: 7 days

Status: Cookie auth framework complete, testing in progress

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
2026-07-06 01:06:06 +09:00
parent b580633eac
commit 7b5d8d6f06
6 changed files with 140 additions and 8 deletions
+38
View File
@@ -0,0 +1,38 @@
import { chromium } from "@playwright/test";
(async () => {
const b = await chromium.launch();
const p = await b.newPage();
try {
await p.goto("http://localhost:5265/login");
console.log("✓ Login loaded");
// Submit
await p.fill("input[name=\"username\"]", "admin");
await p.fill("input[name=\"password\"]", "admin");
await p.click("button[type=\"submit\"]");
// Wait for navigation
try { await p.waitForNavigation({ timeout: 5000 }); } catch { }
// Check cookie and URL
const cookies = await p.context().cookies();
const hasCookie = cookies.some(c => c.name === "quant_auth_token");
const url = p.url();
console.log(`Auth cookie: ${hasCookie ? "YES" : "NO"}`);
console.log(`URL: ${url}`);
if (url.includes("/dashboard") && !url.includes("/not-found")) {
console.log("✓✓✓ SUCCESS!");
}
await p.screenshot({ path: "./auth-test.png" });
} catch (e) {
console.error(e.message);
}
await b.close();
})();