refactor: centralize frontend detection with FrontendDetector

Major architecture change to unify frontend detection: ## Problem Solved - Eliminated code duplication across 3 middleware files - Fixed incomplete path detection (now detects /api/v1/admin/*) - Unified on FrontendType enum (deprecates RequestContext) - Added request.state.frontend_type for all requests ## New Components - app/core/frontend_detector.py: Centralized FrontendDetector class - middleware/frontend_type.py: FrontendTypeMiddleware (replaces ContextMiddleware) - docs/architecture/frontend-detection.md: Complete architecture documentation ## Changes - main.py: Use FrontendTypeMiddleware instead of ContextMiddleware - middleware/context.py: Deprecated (kept for backwards compatibility) - middleware/platform_context.py: Use FrontendDetector.is_admin() - middleware/vendor_context.py: Use FrontendDetector.is_admin() - middleware/language.py: Use FrontendType instead of context_value - app/exceptions/handler.py: Use FrontendType.STOREFRONT - app/exceptions/error_renderer.py: Use FrontendType - Customer routes: Cookie path changed from /shop to /storefront ## Documentation - docs/architecture/frontend-detection.md: New comprehensive docs - docs/architecture/middleware.md: Updated for new system - docs/architecture/request-flow.md: Updated for FrontendType - docs/backend/middleware-reference.md: Updated API reference ## Tests - tests/unit/core/test_frontend_detector.py: 37 new tests - tests/unit/middleware/test_frontend_type.py: 11 new tests - tests/unit/middleware/test_context.py: Updated for compatibility Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 16:15:19 +01:00
parent e77535e2cd
commit b769f5a047
17 changed files with 1393 additions and 915 deletions
--- a/app/modules/customers/routes/api/storefront.py
+++ b/app/modules/customers/routes/api/storefront.py
@@ -10,7 +10,7 @@ Public and authenticated endpoints for customer operations in storefront:
 Uses vendor from middleware context (VendorContextMiddleware).

 Implements dual token storage with path restriction:
- Sets HTTP-only cookie with path=/shop (restricted to shop routes only)
+- Sets HTTP-only cookie with path=/storefront (restricted to storefront routes only)
 - Returns token in response for localStorage (API calls)
 """

@@ -182,14 +182,14 @@ def customer_login(
        else "unknown"
    )

-    cookie_path = "/shop"
+    cookie_path = "/storefront"
    if access_method == "path":
        full_prefix = (
            vendor_context.get("full_prefix", "/vendor/")
            if vendor_context
            else "/vendor/"
        )
-        cookie_path = f"{full_prefix}{vendor.subdomain}/shop"
+        cookie_path = f"{full_prefix}{vendor.subdomain}/storefront"

    response.set_cookie(
        key="customer_token",
@@ -240,14 +240,14 @@ def customer_logout(request: Request, response: Response):
        else "unknown"
    )

-    cookie_path = "/shop"
+    cookie_path = "/storefront"
    if access_method == "path" and vendor:
        full_prefix = (
            vendor_context.get("full_prefix", "/vendor/")
            if vendor_context
            else "/vendor/"
        )
-        cookie_path = f"{full_prefix}{vendor.subdomain}/shop"
+        cookie_path = f"{full_prefix}{vendor.subdomain}/storefront"

    response.delete_cookie(key="customer_token", path=cookie_path)