Files
drivetimeplaner/scripts/deploy_api.sh
Hermes Agent 5d87e4975c Add HttpOnly cookie auth for cross-domain SPA login
Problem: Frontend JS bundle used credentials:'same-origin' which
dropped cookies on cross-domain requests. Login worked (200) but
the subsequent /auth/me check returned 401, leaving the user stuck
on the login screen.

Fix:
- AuthController now sets a dtp_jwt HttpOnly cookie on login/refresh
- Cookie uses Domain=.fahrschultermin.de (shared between frontend
  and api subdomain), Secure, SameSite=Lax, Max-Age=8h
- JwtMiddleware reads JWT from Authorization header OR cookie
- Added AuthController::me() endpoint (was missing, caused 500)
- Logout endpoint clears the cookie
- Frontend index.php patches fetch() to use credentials:'include'
  for all /api/v1/* calls
2026-06-04 20:33:31 +02:00

50 lines
1.6 KiB
Bash
Executable File

#!/bin/bash
set -e
# DriveTime API Deployment Script
# Usage: ./scripts/deploy_api.sh
API_LOCAL="/home/admin-drive-time-planer/drivetimeplaner/api"
API_REMOTE="/srv/web/fahrschuldesk/domains/api.fahrschultermin.de"
SSH_OPTS="-p 2225"
echo "=== Deploying DriveTime Slim API ==="
# 1. Rsync source files (exclude vendor, .env, storage)
echo "[1/4] Syncing files..."
rsync -avz --delete \
--exclude='vendor/' \
--exclude='.env' \
--exclude='storage/' \
-e "ssh $SSH_OPTS" \
"$API_LOCAL/" \
"fahrschuldesk@fahrschultermin.de:$API_REMOTE/"
# 2. Composer install on server
echo "[2/4] Running composer install..."
ssh $SSH_OPTS "fahrschuldesk@fahrschultermin.de" \
"cd $API_REMOTE && composer install --no-dev --optimize-autoloader 2>&1"
# 3. Clear OPcache if needed
echo "[3/4] Checking PHP OPcache..."
ssh $SSH_OPTS "fahrschuldesk@fahrschultermin.de" \
"php -r 'if(function_exists(\"opcache_get_status\")) { opcache_get_status(); }' 2>/dev/null && echo 'OPcache active' || echo 'No OPcache'"
# 4. Test login endpoint
echo "[4/4] Testing API..."
TOKEN=$(curl -sf -X POST "https://api.fahrschultermin.de/api/v1/auth/login" \
-H "Content-Type: application/json" \
-d '{"email":"admin@nordring.test","password":"Tanja82"}' | jq -r '.token')
if [ -n "$TOKEN" ] && [ "$TOKEN" != "null" ]; then
echo "✓ Login successful"
curl -sf "https://api.fahrschultermin.de/api/v1/bootstrap" \
-H "Authorization: Bearer $TOKEN" | jq -e '.tenant.name' > /dev/null 2>&1
echo "✓ Bootstrap endpoint working"
else
echo "✗ Login failed - check JWT_SECRET on server"
exit 1
fi
echo ""
echo "=== Deployment complete ==="