fix: auto-login after signup and context-aware token clearing
This fixes the "Authorization header required for API calls" error during vendor onboarding after signup. Changes: - Generate JWT access token on signup completion - Set vendor_token cookie for page navigation - Return access_token in signup response for localStorage - Store vendor_token in localStorage after signup completion - Make clearTokens() context-aware to prevent cross-portal interference - Fix vendor logout to not clear admin/customer tokens 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -233,35 +233,66 @@ class APIClient {
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear authentication tokens
|
||||
* Clear authentication tokens for current context only.
|
||||
*
|
||||
* Uses path-based detection to clear only the relevant token:
|
||||
* - /admin/* paths clear admin_token
|
||||
* - /vendor/* paths clear vendor_token
|
||||
* - /shop/* paths clear customer_token
|
||||
* - Other paths clear all tokens (fallback)
|
||||
*/
|
||||
clearTokens() {
|
||||
apiLog.info('Clearing all authentication tokens...');
|
||||
const currentPath = window.location.pathname;
|
||||
|
||||
apiLog.info('Clearing authentication tokens for path:', currentPath);
|
||||
|
||||
const tokensBefore = {
|
||||
admin_token: !!localStorage.getItem('admin_token'),
|
||||
admin_user: !!localStorage.getItem('admin_user'),
|
||||
vendor_token: !!localStorage.getItem('vendor_token'),
|
||||
vendor_user: !!localStorage.getItem('vendor_user'),
|
||||
customer_token: !!localStorage.getItem('customer_token'),
|
||||
token: !!localStorage.getItem('token')
|
||||
};
|
||||
apiLog.debug('Tokens before clear:', tokensBefore);
|
||||
|
||||
localStorage.removeItem('admin_token');
|
||||
localStorage.removeItem('admin_user');
|
||||
localStorage.removeItem('vendor_token');
|
||||
localStorage.removeItem('vendor_user');
|
||||
localStorage.removeItem('token');
|
||||
// Context-aware token clearing to prevent cross-context interference
|
||||
if (currentPath.startsWith('/admin/') || currentPath.startsWith('/api/v1/admin/')) {
|
||||
apiLog.info('Clearing admin tokens only');
|
||||
localStorage.removeItem('admin_token');
|
||||
localStorage.removeItem('admin_user');
|
||||
} else if (currentPath.startsWith('/vendor/') || currentPath.startsWith('/api/v1/vendor/')) {
|
||||
apiLog.info('Clearing vendor tokens only');
|
||||
localStorage.removeItem('vendor_token');
|
||||
localStorage.removeItem('vendor_user');
|
||||
localStorage.removeItem('currentUser');
|
||||
localStorage.removeItem('vendorCode');
|
||||
} else if (currentPath.includes('/shop/') || currentPath.startsWith('/api/v1/shop/')) {
|
||||
apiLog.info('Clearing customer tokens only');
|
||||
localStorage.removeItem('customer_token');
|
||||
} else {
|
||||
// Fallback: clear all tokens for unknown paths
|
||||
apiLog.info('Unknown path context, clearing all tokens');
|
||||
localStorage.removeItem('admin_token');
|
||||
localStorage.removeItem('admin_user');
|
||||
localStorage.removeItem('vendor_token');
|
||||
localStorage.removeItem('vendor_user');
|
||||
localStorage.removeItem('customer_token');
|
||||
localStorage.removeItem('currentUser');
|
||||
localStorage.removeItem('vendorCode');
|
||||
localStorage.removeItem('token');
|
||||
}
|
||||
|
||||
const tokensAfter = {
|
||||
admin_token: !!localStorage.getItem('admin_token'),
|
||||
admin_user: !!localStorage.getItem('admin_user'),
|
||||
vendor_token: !!localStorage.getItem('vendor_token'),
|
||||
vendor_user: !!localStorage.getItem('vendor_user'),
|
||||
customer_token: !!localStorage.getItem('customer_token'),
|
||||
token: !!localStorage.getItem('token')
|
||||
};
|
||||
apiLog.debug('Tokens after clear:', tokensAfter);
|
||||
apiLog.info('All tokens cleared');
|
||||
apiLog.info('Context-specific tokens cleared');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user