auth: full session-based auth with remember-me support
- Seed user: shawn / Brett85!@ (SHA-256) - Sessions table with expires_at column - login endpoint supports remember_me flag (30d vs 1d expiry) - logout endpoint invalidates server-side token - auth middleware + /api/auth/me check session expiry - Frontend sends remember_me in login request body - Frontend calls /api/auth/logout on client logout - Migration function for existing databases
This commit is contained in:
+6
-3
@@ -1381,16 +1381,16 @@
|
||||
}
|
||||
|
||||
try {
|
||||
const remember = document.getElementById('loginRemember').checked;
|
||||
const result = await api('/api/auth/login', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ username, password }),
|
||||
body: JSON.stringify({ username, password, remember_me: remember }),
|
||||
});
|
||||
|
||||
AppState.authToken = result.token;
|
||||
AppState.currentUser = { id: result.id, username: result.username, role: result.role };
|
||||
|
||||
const remember = document.getElementById('loginRemember').checked;
|
||||
if (remember) {
|
||||
localStorage.setItem('canteen_session', JSON.stringify({
|
||||
token: result.token,
|
||||
@@ -1416,7 +1416,10 @@
|
||||
}
|
||||
}
|
||||
|
||||
function doLogout() {
|
||||
async function doLogout() {
|
||||
try {
|
||||
await api('/api/auth/logout', { method: 'POST' });
|
||||
} catch (e) { /* ignore — still clean up locally */ }
|
||||
localStorage.removeItem('canteen_session');
|
||||
AppState.authToken = null;
|
||||
AppState.currentUser = null;
|
||||
|
||||
Reference in New Issue
Block a user