frontend error management enhancement

app/api/v1/admin/auth.py

@@ -14,12 +14,12 @@ from fastapi import APIRouter, Depends, Response
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
+from app.core.environment import should_use_secure_cookies
 from app.services.auth_service import auth_service
 from app.exceptions import InvalidCredentialsException
 from models.schema.auth import LoginResponse, UserLogin, UserResponse
 from models.database.user import User
 from app.api.deps import get_current_admin_api
-from app.core.config import settings
 
 router = APIRouter(prefix="/auth")
 logger = logging.getLogger(__name__)
@@ -60,7 +60,7 @@ def admin_login(
         key="admin_token",
         value=login_result["token_data"]["access_token"],
         httponly=True,  # JavaScript cannot access (XSS protection)
-        secure=settings.environment == "production",  # HTTPS only in production
+        secure=should_use_secure_cookies(),  # HTTPS only in production/staging
         samesite="lax",  # CSRF protection
         max_age=login_result["token_data"]["expires_in"],  # Match JWT expiry
         path="/admin",  # RESTRICTED TO ADMIN ROUTES ONLY
@@ -68,7 +68,7 @@ def admin_login(
 
     logger.debug(
         f"Set admin_token cookie with {login_result['token_data']['expires_in']}s expiry "
-        f"(path=/admin, httponly=True, secure={settings.environment == 'production'})"
+        f"(path=/admin, httponly=True, secure={should_use_secure_cookies()})"
     )
 
     # Also return token in response for localStorage (API calls)