sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

frontend error management enhancement

Browse Source
This commit is contained in:
Samir Boulahtit
2025-11-05 21:52:22 +01:00
parent e4bc438069
commit 79dfcab09f
66 changed files with 7781 additions and 922 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/api/v1/public/vendors/auth.py vendored
View File

@@ -12,7 +12,7 @@ This prevents:
"""
import logging
from fastapi import APIRouter, Depends, Response
from fastapi import APIRouter, Depends, Response, Request
from sqlalchemy.orm import Session
from app.core.database import get_db
@@ -21,7 +21,8 @@ from app.exceptions import VendorNotFoundException
from models.schema.auth import LoginResponse, UserLogin
from models.schema.customer import CustomerRegister, CustomerResponse
from models.database.vendor import Vendor
from app.core.config import settings
from app.api.deps import get_current_customer_api
from app.core.environment import should_use_secure_cookies
router = APIRouter(prefix="/auth")
logger = logging.getLogger(__name__)
@@ -110,7 +111,7 @@ def customer_login(
key="customer_token",
value=login_result["token_data"]["access_token"],
httponly=True, # JavaScript cannot access (XSS protection)
secure=settings.environment == "production", # HTTPS only in production
secure=should_use_secure_cookies(), # HTTPS only in production/staging
samesite="lax", # CSRF protection
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
path="/shop", # RESTRICTED TO SHOP ROUTES ONLY
@@ -118,7 +119,7 @@ def customer_login(
logger.debug(
f"Set customer_token cookie with {login_result['token_data']['expires_in']}s expiry "
f"(path=/shop, httponly=True, secure={settings.environment == 'production'})"
f"(path=/shop, httponly=True, secure={should_use_secure_cookies()})"
)
# Return full login response
@@ -230,8 +231,6 @@ def get_current_customer(
This endpoint can be called to verify authentication and get customer info.
Requires customer authentication via cookie or header.
"""
from app.api.deps import get_current_customer_api
from fastapi import Request
# Note: This would need Request object to check cookies
# For now, just indicate the endpoint exists