refactor(auth): migrate fully to HTTP-only cookie sessions

Remove client-side token storage and Authorization header injection Backend login now only returns user data, omitting the session token Remove Authorization from backend CORS allowed headers Clean up obsolete VITE_* environment variable fallbacks Update Modal component to use Vue useId() instead of Math.random()
2026-05-06 17:15:46 +08:00
parent f26cfdc830
commit fa656a8d02
24 changed files with 123 additions and 357 deletions
--- a/frontend/middleware/auth.global.ts
+++ b/frontend/middleware/auth.global.ts
@@ -1,4 +1,4 @@
-import { api, setAuthToken } from '../src/services/api';
+import { api } from '../src/services/api';

 export default defineNuxtRouteMiddleware(async (to) => {
  const requiredPermissions = to.matched
@@ -30,7 +30,6 @@ export default defineNuxtRouteMiddleware(async (to) => {
      return navigateTo('/pokemon');
    }
  } catch {
-    setAuthToken(null);
    return navigateTo({ path: '/login', query: { redirect: to.fullPath } });
  }
 });