root/smart-home-server

Fork: 0

root / smart-home-server

History for smart-home-server / webclient / src / router / index.js

2026-06-07	e90acee Browse files » Phase 1 auth security hotfixes: cookie-based session, bearer checks, router guard sync ... - Remove access_token from OAuth callback URL (token leak fix) - Add sanitizeReturnTo() to prevent open redirect on login/callback - Add Bearer token expiration check in resolve_user_by_bearer() - Add user status check in load_user_by_id() (block inactive/banned) - Cache authStore.init() promise to prevent race condition - Await auth init in router beforeEach guard - Remove URL token parsing from main.js and LoginPage - Remove hasTokenInUrl workaround from client.js 401 handler Eugene Sukhodolskiy committed 2 days ago
2026-06-06	ac97fa4 Browse files » Phase 4: Vue client auth store, Bearer token injection, router guards, login page ... Server: - AuthControllerTrait now supports both session and Bearer token auth (resolves user from Authorization: Bearer header via shserv_sessions) Vue client: - Add api/auth.js module for access token management - Inject Authorization: Bearer header in http.js - Handle 401 in client.js: clear token + redirect to /auth/login - New Pinia auth store (stores/auth.js): init, refreshToken, logout, hasPermission - New usePermission composable - Router guards: redirect unauthenticated to /login, permission-based route blocking - New LoginPage.vue with gnexus-auth login button - AppShell: conditional nav items by permission, user bar with logout - main.js: initialize auth before mounting app - MSW mocks: /auth/me, /auth/logout, /auth/refresh - Fix AppShell.spec.js for Pinia + router setup All 167 tests pass. Eugene Sukhodolskiy committed 3 days ago
2026-06-02	a6f5c68 Browse files » Phase 6: Rename webclient-vue to webclient, match legacy dist structure Eugene Sukhodolskiy committed 7 days ago

2026-06-07

e90acee
Browse files »

Phase 1 auth security hotfixes: cookie-based session, bearer checks, router guard sync ...

- Remove access_token from OAuth callback URL (token leak fix)
- Add sanitizeReturnTo() to prevent open redirect on login/callback
- Add Bearer token expiration check in resolve_user_by_bearer()
- Add user status check in load_user_by_id() (block inactive/banned)
- Cache authStore.init() promise to prevent race condition
- Await auth init in router beforeEach guard
- Remove URL token parsing from main.js and LoginPage
- Remove hasTokenInUrl workaround from client.js 401 handler

Eugene Sukhodolskiy committed 2 days ago

2026-06-06

ac97fa4
Browse files »

Phase 4: Vue client auth store, Bearer token injection, router guards, login page ...

Server:
- AuthControllerTrait now supports both session and Bearer token auth
  (resolves user from Authorization: Bearer header via shserv_sessions)

Vue client:
- Add api/auth.js module for access token management
- Inject Authorization: Bearer header in http.js
- Handle 401 in client.js: clear token + redirect to /auth/login
- New Pinia auth store (stores/auth.js): init, refreshToken, logout, hasPermission
- New usePermission composable
- Router guards: redirect unauthenticated to /login, permission-based route blocking
- New LoginPage.vue with gnexus-auth login button
- AppShell: conditional nav items by permission, user bar with logout
- main.js: initialize auth before mounting app
- MSW mocks: /auth/me, /auth/logout, /auth/refresh
- Fix AppShell.spec.js for Pinia + router setup

All 167 tests pass.

Eugene Sukhodolskiy committed 3 days ago

2026-06-02

a6f5c68
Browse files »

Phase 6: Rename webclient-vue to webclient, match legacy dist structure

Eugene Sukhodolskiy committed 7 days ago