From 4ff685557fcf007c5c3971b5dcb59d5feb7e55c5 Mon Sep 17 00:00:00 2001 From: AV77web Date: Tue, 9 Jun 2026 14:21:18 +0200 Subject: [PATCH] modifiche al login --- .env.example | 1 - .gitignore | 1 - src/api/client.ts | 23 +++++++++++++++++------ 3 files changed, 17 insertions(+), 8 deletions(-) delete mode 100644 .env.example diff --git a/.env.example b/.env.example deleted file mode 100644 index 7e17703..0000000 --- a/.env.example +++ /dev/null @@ -1 +0,0 @@ -VITE_API_URL=http://localhost:3003 diff --git a/.gitignore b/.gitignore index ec4379b..abdeb6b 100644 --- a/.gitignore +++ b/.gitignore @@ -11,7 +11,6 @@ dist-ssr/ # Variabili d'ambiente (MAI in git) .env .env.* -!.env.example # Log logs/ diff --git a/src/api/client.ts b/src/api/client.ts index 42c55f4..972d90e 100644 --- a/src/api/client.ts +++ b/src/api/client.ts @@ -44,29 +44,40 @@ export async function login(email: string, password: string): Promise { email, password, redirect: "false", - json: "true", }); const response = await fetch(`${API_URL}/api/auth/callback/credentials`, { method: "POST", credentials: "include", - headers: { "Content-Type": "application/x-www-form-urlencoded" }, + redirect: "manual", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + "X-Auth-Return-Redirect": "1", + }, body, }); - const data = await response.json().catch(() => ({})); - if (!response.ok || data.error) { + if (response.type === "opaqueredirect" || response.status === 302) { + throw new Error("Login non riuscito: frontend non aggiornato o configurazione Auth errata"); + } + + const data = await response.json().catch(() => ({})) as { url?: string }; + if (!response.ok || data.url?.includes("error=")) { throw new Error("Credenziali non valide"); } } export async function logout(): Promise { const csrfToken = await getCsrfToken(); - const body = new URLSearchParams({ csrfToken, json: "true" }); + const body = new URLSearchParams({ csrfToken }); await fetch(`${API_URL}/api/auth/signout`, { method: "POST", credentials: "include", - headers: { "Content-Type": "application/x-www-form-urlencoded" }, + redirect: "manual", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + "X-Auth-Return-Redirect": "1", + }, body, }); }