Files
QuantEngineByItz/cookie-auth-test.mjs
T
kjh2064 7b5d8d6f06 feat: implement server-side cookie-based authentication
- Add HTTP-only cookie setting in /api/auth/login endpoint
- Support both Bearer token and cookie auth in /api/auth/me
- Clear cookie on /api/auth/logout
- Handle admin:admin dev fallback with cookie support
- Update login.html to use 1 second redirect (cookie-based auth faster)

Cookie configuration:
- Name: quant_auth_token
- HttpOnly: true (prevents JavaScript access)
- Secure: based on HTTPS status
- SameSite: Lax (for localhost compatibility)
- Expires: 7 days

Status: Cookie auth framework complete, testing in progress

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-07-06 01:06:06 +09:00

54 lines
1.6 KiB
JavaScript

import { chromium } from "@playwright/test";
(async () => {
const b = await chromium.launch();
const p = await b.newPage();
try {
await p.goto("http://localhost:5265/login");
console.log("✓ 1. Login page loaded");
// Submit login
await p.fill("input[name=\"username\"]", "admin");
await p.fill("input[name=\"password\"]", "admin");
await p.click("button[type=\"submit\"]");
console.log("✓ 2. Login submitted");
// Wait for navigation
try {
await p.waitForNavigation({ waitUntil: "load", timeout: 6000 });
} catch { }
// Check cookies
const cookies = await p.context().cookies();
const hasAuthCookie = cookies.some(c => c.name === "quant_auth_token");
console.log(`✓ 3. Auth cookie: ${hasAuthCookie ? "YES" : "NO"}`);
const url = p.url();
const content = await p.content();
console.log(`\n📍 Final URL: ${url}`);
if (url.includes("/dashboard")) {
if (content.includes("관리자 대시보드")) {
console.log("✓✓✓ SUCCESS: Dashboard fully loaded!");
} else if (content.includes("Not Found")) {
console.log("✗ Dashboard URL but Not Found error");
} else {
console.log("✓ Dashboard page (content varies)");
}
} else if (url.includes("/login")) {
console.log("⚠ Back at login (auth failed)");
} else {
console.log("? Other page");
}
await p.screenshot({ path: "./final-login-test.png" });
} catch (e) {
console.error("Error:", e.message.substring(0, 50));
}
await b.close();
})();