Kingsmai/pokopiawiki.tootaio.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): migrate fully to HTTP-only cookie sessions

Browse Source 
Remove client-side token storage and Authorization header injection
Backend login now only returns user data, omitting the session token
Remove Authorization from backend CORS allowed headers
Clean up obsolete VITE_* environment variable fallbacks
Update Modal component to use Vue useId() instead of Math.random()
This commit is contained in:
xiaomai
2026-05-06 17:15:46 +08:00
parent f26cfdc830
commit fa656a8d02
24 changed files with 123 additions and 357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
frontend/src/views/LifeView.vue
View File

@@ -35,10 +35,8 @@ import {
} from '../icons';
import {
api,
getAuthToken,
moderationUpdateEvent,
onAuthTokenChange,
setAuthToken,
onAuthChange,
type AiModerationStatus,
type AuthUser,
type CommentSort,
@@ -252,20 +250,12 @@ const submitLabel = computed(() => {
async function loadCurrentUser() {
authReady.value = false;
if (!getAuthToken()) {
currentUser.value = null;
activeFeedScope.value = 'all';
authReady.value = true;
return;
}
try {
const response = await api.me();
currentUser.value = response.user;
} catch {
currentUser.value = null;
activeFeedScope.value = 'all';
setAuthToken(null);
} finally {
authReady.value = true;
}
@@ -1376,7 +1366,6 @@ onMounted(() => {
document.addEventListener('click', closeReactionPickerFromDocument);
document.addEventListener('keydown', closeReactionPickerFromKeyboard);
window.addEventListener(moderationUpdateEvent, handleModerationUpdate);
const hadAuthToken = getAuthToken() !== null;
void (async () => {
await loadCurrentUser();
if (!initialLanguagesLoaded.value) {
@@ -1387,12 +1376,12 @@ onMounted(() => {
await loadLifeCategories();
initialOptionsLoaded.value = true;
}
if (!initialPostsLoaded.value || hadAuthToken) {
if (!initialPostsLoaded.value || currentUser.value) {
await loadPosts();
initialPostsLoaded.value = true;
}
})();
removeAuthListener = onAuthTokenChange(() => {
removeAuthListener = onAuthChange(() => {
void (async () => {
await loadCurrentUser();
await loadPosts();