7b5d8d6f06
- Add HTTP-only cookie setting in /api/auth/login endpoint - Support both Bearer token and cookie auth in /api/auth/me - Clear cookie on /api/auth/logout - Handle admin:admin dev fallback with cookie support - Update login.html to use 1 second redirect (cookie-based auth faster) Cookie configuration: - Name: quant_auth_token - HttpOnly: true (prevents JavaScript access) - Secure: based on HTTPS status - SameSite: Lax (for localhost compatibility) - Expires: 7 days Status: Cookie auth framework complete, testing in progress Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
39 lines
1.0 KiB
JavaScript
39 lines
1.0 KiB
JavaScript
import { chromium } from "@playwright/test";
|
|
|
|
(async () => {
|
|
const b = await chromium.launch();
|
|
const p = await b.newPage();
|
|
|
|
try {
|
|
await p.goto("http://localhost:5265/login");
|
|
console.log("✓ Login loaded");
|
|
|
|
// Submit
|
|
await p.fill("input[name=\"username\"]", "admin");
|
|
await p.fill("input[name=\"password\"]", "admin");
|
|
await p.click("button[type=\"submit\"]");
|
|
|
|
// Wait for navigation
|
|
try { await p.waitForNavigation({ timeout: 5000 }); } catch { }
|
|
|
|
// Check cookie and URL
|
|
const cookies = await p.context().cookies();
|
|
const hasCookie = cookies.some(c => c.name === "quant_auth_token");
|
|
const url = p.url();
|
|
|
|
console.log(`Auth cookie: ${hasCookie ? "YES" : "NO"}`);
|
|
console.log(`URL: ${url}`);
|
|
|
|
if (url.includes("/dashboard") && !url.includes("/not-found")) {
|
|
console.log("✓✓✓ SUCCESS!");
|
|
}
|
|
|
|
await p.screenshot({ path: "./auth-test.png" });
|
|
|
|
} catch (e) {
|
|
console.error(e.message);
|
|
}
|
|
|
|
await b.close();
|
|
})();
|