frontend error management enhancement
This commit is contained in:
@@ -14,12 +14,12 @@ from fastapi import APIRouter, Depends, Response
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from app.core.database import get_db
|
||||
from app.core.environment import should_use_secure_cookies
|
||||
from app.services.auth_service import auth_service
|
||||
from app.exceptions import InvalidCredentialsException
|
||||
from models.schema.auth import LoginResponse, UserLogin, UserResponse
|
||||
from models.database.user import User
|
||||
from app.api.deps import get_current_admin_api
|
||||
from app.core.config import settings
|
||||
|
||||
router = APIRouter(prefix="/auth")
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -60,7 +60,7 @@ def admin_login(
|
||||
key="admin_token",
|
||||
value=login_result["token_data"]["access_token"],
|
||||
httponly=True, # JavaScript cannot access (XSS protection)
|
||||
secure=settings.environment == "production", # HTTPS only in production
|
||||
secure=should_use_secure_cookies(), # HTTPS only in production/staging
|
||||
samesite="lax", # CSRF protection
|
||||
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
|
||||
path="/admin", # RESTRICTED TO ADMIN ROUTES ONLY
|
||||
@@ -68,7 +68,7 @@ def admin_login(
|
||||
|
||||
logger.debug(
|
||||
f"Set admin_token cookie with {login_result['token_data']['expires_in']}s expiry "
|
||||
f"(path=/admin, httponly=True, secure={settings.environment == 'production'})"
|
||||
f"(path=/admin, httponly=True, secure={should_use_secure_cookies()})"
|
||||
)
|
||||
|
||||
# Also return token in response for localStorage (API calls)
|
||||
|
||||
11
app/api/v1/public/vendors/auth.py
vendored
11
app/api/v1/public/vendors/auth.py
vendored
@@ -12,7 +12,7 @@ This prevents:
|
||||
"""
|
||||
|
||||
import logging
|
||||
from fastapi import APIRouter, Depends, Response
|
||||
from fastapi import APIRouter, Depends, Response, Request
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from app.core.database import get_db
|
||||
@@ -21,7 +21,8 @@ from app.exceptions import VendorNotFoundException
|
||||
from models.schema.auth import LoginResponse, UserLogin
|
||||
from models.schema.customer import CustomerRegister, CustomerResponse
|
||||
from models.database.vendor import Vendor
|
||||
from app.core.config import settings
|
||||
from app.api.deps import get_current_customer_api
|
||||
from app.core.environment import should_use_secure_cookies
|
||||
|
||||
router = APIRouter(prefix="/auth")
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -110,7 +111,7 @@ def customer_login(
|
||||
key="customer_token",
|
||||
value=login_result["token_data"]["access_token"],
|
||||
httponly=True, # JavaScript cannot access (XSS protection)
|
||||
secure=settings.environment == "production", # HTTPS only in production
|
||||
secure=should_use_secure_cookies(), # HTTPS only in production/staging
|
||||
samesite="lax", # CSRF protection
|
||||
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
|
||||
path="/shop", # RESTRICTED TO SHOP ROUTES ONLY
|
||||
@@ -118,7 +119,7 @@ def customer_login(
|
||||
|
||||
logger.debug(
|
||||
f"Set customer_token cookie with {login_result['token_data']['expires_in']}s expiry "
|
||||
f"(path=/shop, httponly=True, secure={settings.environment == 'production'})"
|
||||
f"(path=/shop, httponly=True, secure={should_use_secure_cookies()})"
|
||||
)
|
||||
|
||||
# Return full login response
|
||||
@@ -230,8 +231,6 @@ def get_current_customer(
|
||||
This endpoint can be called to verify authentication and get customer info.
|
||||
Requires customer authentication via cookie or header.
|
||||
"""
|
||||
from app.api.deps import get_current_customer_api
|
||||
from fastapi import Request
|
||||
|
||||
# Note: This would need Request object to check cookies
|
||||
# For now, just indicate the endpoint exists
|
||||
|
||||
8
app/api/v1/vendor/auth.py
vendored
8
app/api/v1/vendor/auth.py
vendored
@@ -24,7 +24,8 @@ from models.schema.auth import UserLogin
|
||||
from models.database.vendor import Vendor, VendorUser, Role
|
||||
from models.database.user import User
|
||||
from pydantic import BaseModel
|
||||
from app.core.config import settings
|
||||
from app.api.deps import get_current_vendor_api
|
||||
from app.core.environment import should_use_secure_cookies
|
||||
|
||||
router = APIRouter(prefix="/auth")
|
||||
logger = logging.getLogger(__name__)
|
||||
@@ -139,7 +140,7 @@ def vendor_login(
|
||||
key="vendor_token",
|
||||
value=login_result["token_data"]["access_token"],
|
||||
httponly=True, # JavaScript cannot access (XSS protection)
|
||||
secure=settings.environment == "production", # HTTPS only in production
|
||||
secure=should_use_secure_cookies(), # HTTPS only in production/staging
|
||||
samesite="lax", # CSRF protection
|
||||
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
|
||||
path="/vendor", # RESTRICTED TO VENDOR ROUTES ONLY
|
||||
@@ -147,7 +148,7 @@ def vendor_login(
|
||||
|
||||
logger.debug(
|
||||
f"Set vendor_token cookie with {login_result['token_data']['expires_in']}s expiry "
|
||||
f"(path=/vendor, httponly=True, secure={settings.environment == 'production'})"
|
||||
f"(path=/vendor, httponly=True, secure={should_use_secure_cookies()})"
|
||||
)
|
||||
|
||||
# Return full login response
|
||||
@@ -205,7 +206,6 @@ def get_current_vendor_user(
|
||||
|
||||
This endpoint can be called to verify authentication and get user info.
|
||||
"""
|
||||
from app.api.deps import get_current_vendor_api
|
||||
|
||||
# This will check both cookie and header
|
||||
user = get_current_vendor_api(request, db=db)
|
||||
|
||||
Reference in New Issue
Block a user