refactor: switch to cookie-based auth flow with JS interop fallback
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 7s
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 15s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped
Deploy to Production / Build & Deploy to Production (push) Failing after 3m14s
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 7s
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 15s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped
Deploy to Production / Build & Deploy to Production (push) Failing after 3m14s
Architecture shift: - Primary: HTTP-only cookie authentication (server-side) - Fallback: localStorage with JS interop for SPA Changes: 1. CustomAuthenticationStateProvider: - Add IJSRuntime for direct localStorage access - Try JS interop first, fallback to LocalStorageService - Added detailed logging for auth debugging 2. Dashboard.razor: - Add @rendermode InteractiveWebAssembly (CLAUDE.md compliance) - Restore auth check with logging - Redirect to /login.html if not authenticated 3. Program.cs: - Reorder MapRazorComponents: WebAssembly first (default) - Add detailed logging to /api/auth/login cookie setup - Verify Set-Cookie headers are sent correctly 4. login.html: - Simplified to 2-second wait before redirect - localStorage as backup storage - Ready for cookie-based auth Next steps: - Verify Set-Cookie headers appear in responses - Confirm cookie-based auth works end-to-end - Test dashboard loads with cookie authentication Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -294,7 +294,9 @@ app.MapPost("/api/auth/login", async (JsonElement payload, HttpContext httpConte
|
||||
});
|
||||
|
||||
// Set HTTP-only cookie for server-side authentication
|
||||
// Note: Secure=true only in production (HTTPS); localhost uses HTTP
|
||||
Console.WriteLine($"[Auth/Login] Setting cookie 'quant_auth_token'");
|
||||
Console.WriteLine($"[Auth/Login] IsHttps: {httpContext.Request.IsHttps}");
|
||||
|
||||
httpContext.Response.Cookies.Append(
|
||||
"quant_auth_token",
|
||||
rawToken,
|
||||
@@ -308,8 +310,11 @@ app.MapPost("/api/auth/login", async (JsonElement payload, HttpContext httpConte
|
||||
}
|
||||
);
|
||||
|
||||
Console.WriteLine($"[Auth/Login] Cookie append completed");
|
||||
Console.WriteLine($"[Auth/Login] Response headers count: {httpContext.Response.Headers.Count}");
|
||||
|
||||
// Also return token for localStorage backup (for SPA navigation)
|
||||
return Results.Ok(new
|
||||
var result = Results.Ok(new
|
||||
{
|
||||
success = true,
|
||||
username = account.Username,
|
||||
@@ -317,6 +322,9 @@ app.MapPost("/api/auth/login", async (JsonElement payload, HttpContext httpConte
|
||||
accessToken = rawToken,
|
||||
expiresAt = expiresAt.ToString("O")
|
||||
});
|
||||
|
||||
Console.WriteLine($"[Auth/Login] About to return 200 OK response");
|
||||
return result;
|
||||
}).DisableAntiforgery();
|
||||
|
||||
app.MapGet("/api/auth/me", async (HttpContext context, IWorkspaceRepository workspaceRepo) =>
|
||||
|
||||
Reference in New Issue
Block a user