Files
Hermes Agent 5d87e4975c Add HttpOnly cookie auth for cross-domain SPA login
Problem: Frontend JS bundle used credentials:'same-origin' which
dropped cookies on cross-domain requests. Login worked (200) but
the subsequent /auth/me check returned 401, leaving the user stuck
on the login screen.

Fix:
- AuthController now sets a dtp_jwt HttpOnly cookie on login/refresh
- Cookie uses Domain=.fahrschultermin.de (shared between frontend
  and api subdomain), Secure, SameSite=Lax, Max-Age=8h
- JwtMiddleware reads JWT from Authorization header OR cookie
- Added AuthController::me() endpoint (was missing, caused 500)
- Logout endpoint clears the cookie
- Frontend index.php patches fetch() to use credentials:'include'
  for all /api/v1/* calls
2026-06-04 20:33:31 +02:00

27 lines
606 B
PHP
Executable File

#!/usr/bin/env php
<?php
/**
* Migration Runner - Remote Version
*/
echo "Starte Migration...\n";
try {
$pdo = new PDO(
'pgsql:host=10.255.30.11;port=5433;dbname=fahrschuldesk',
'fahrschuldesk_api',
'E8xP2mKjQ9nRtWsLvZ3bVc5YyH1sDe7f'
);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "✓ DB verbunden\n";
$sql = file_get_contents(__DIR__ . '/migration.sql');
$pdo->exec($sql);
echo "✓ Migration ausgeführt!\n";
} catch (PDOException $e) {
echo "✗ Fehler: " . $e->getMessage() . "\n";
exit(1);
}
echo "Fertig!\n";