Spaces:
Sleeping
Sleeping
update auth
Browse files- services/api/db/auth.py +9 -5
services/api/db/auth.py
CHANGED
|
@@ -172,15 +172,19 @@ async def login(response: Response, payload: LoginPayload):
|
|
| 172 |
print(f"Authentication successful for: {payload.username} (ID: {user_id}, Name: {full_name})")
|
| 173 |
|
| 174 |
token = create_token(user_data)
|
| 175 |
-
# Set cookie with
|
|
|
|
|
|
|
|
|
|
| 176 |
response.set_cookie(
|
| 177 |
key="auth_token",
|
| 178 |
value=token,
|
| 179 |
-
httponly=False,
|
| 180 |
-
samesite="None", #
|
| 181 |
-
secure=True,
|
| 182 |
path="/",
|
| 183 |
-
max_age=604800
|
|
|
|
| 184 |
)
|
| 185 |
return {
|
| 186 |
"message": f"Login successful for {user_data['username']}",
|
|
|
|
| 172 |
print(f"Authentication successful for: {payload.username} (ID: {user_id}, Name: {full_name})")
|
| 173 |
|
| 174 |
token = create_token(user_data)
|
| 175 |
+
# Set cookie with settings that work for both Chrome and Safari
|
| 176 |
+
# For localhost development, we need different settings than production
|
| 177 |
+
is_localhost = os.getenv("ENVIRONMENT", "development") == "development"
|
| 178 |
+
|
| 179 |
response.set_cookie(
|
| 180 |
key="auth_token",
|
| 181 |
value=token,
|
| 182 |
+
httponly=False, # Allow JavaScript access for localStorage fallback
|
| 183 |
+
samesite="Lax" if is_localhost else "None", # Lax for localhost, None for cross-origin
|
| 184 |
+
secure=False if is_localhost else True, # False for HTTP localhost, True for HTTPS production
|
| 185 |
path="/",
|
| 186 |
+
max_age=604800, # 7 days
|
| 187 |
+
domain=None # Let browser set the domain automatically
|
| 188 |
)
|
| 189 |
return {
|
| 190 |
"message": f"Login successful for {user_data['username']}",
|