frontend error management enhancement

app/api/v1/vendor/auth.py

@@ -24,7 +24,8 @@ from models.schema.auth import UserLogin
 from models.database.vendor import Vendor, VendorUser, Role
 from models.database.user import User
 from pydantic import BaseModel
-from app.core.config import settings
+from app.api.deps import get_current_vendor_api
+from app.core.environment import should_use_secure_cookies
 
 router = APIRouter(prefix="/auth")
 logger = logging.getLogger(__name__)
@@ -139,7 +140,7 @@ def vendor_login(
         key="vendor_token",
         value=login_result["token_data"]["access_token"],
         httponly=True,  # JavaScript cannot access (XSS protection)
-        secure=settings.environment == "production",  # HTTPS only in production
+        secure=should_use_secure_cookies(),  # HTTPS only in production/staging
         samesite="lax",  # CSRF protection
         max_age=login_result["token_data"]["expires_in"],  # Match JWT expiry
         path="/vendor",  # RESTRICTED TO VENDOR ROUTES ONLY
@@ -147,7 +148,7 @@ def vendor_login(
 
     logger.debug(
         f"Set vendor_token cookie with {login_result['token_data']['expires_in']}s expiry "
-        f"(path=/vendor, httponly=True, secure={settings.environment == 'production'})"
+        f"(path=/vendor, httponly=True, secure={should_use_secure_cookies()})"
     )
 
     # Return full login response
@@ -205,7 +206,6 @@ def get_current_vendor_user(
 
     This endpoint can be called to verify authentication and get user info.
     """
-    from app.api.deps import get_current_vendor_api
 
     # This will check both cookie and header
     user = get_current_vendor_api(request, db=db)