Problem: Frontend JS bundle used credentials:'same-origin' which dropped cookies on cross-domain requests. Login worked (200) but the subsequent /auth/me check returned 401, leaving the user stuck on the login screen. Fix: - AuthController now sets a dtp_jwt HttpOnly cookie on login/refresh - Cookie uses Domain=.fahrschultermin.de (shared between frontend and api subdomain), Secure, SameSite=Lax, Max-Age=8h - JwtMiddleware reads JWT from Authorization header OR cookie - Added AuthController::me() endpoint (was missing, caused 500) - Logout endpoint clears the cookie - Frontend index.php patches fetch() to use credentials:'include' for all /api/v1/* calls
41 lines
872 B
PHP
Executable File
41 lines
872 B
PHP
Executable File
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support;
|
|
|
|
final class Request
|
|
{
|
|
public function method(): string
|
|
{
|
|
return strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET');
|
|
}
|
|
|
|
public function path(): string
|
|
{
|
|
$uri = $_SERVER['REQUEST_URI'] ?? '/';
|
|
$path = parse_url($uri, PHP_URL_PATH) ?: '/';
|
|
|
|
return rtrim($path, '/') ?: '/';
|
|
}
|
|
|
|
public function query(string $key, mixed $default = null): mixed
|
|
{
|
|
return $_GET[$key] ?? $default;
|
|
}
|
|
|
|
public function input(): array
|
|
{
|
|
$contentType = $_SERVER['CONTENT_TYPE'] ?? '';
|
|
|
|
if (str_contains($contentType, 'application/json')) {
|
|
$raw = file_get_contents('php://input');
|
|
$decoded = json_decode($raw ?: '[]', true);
|
|
|
|
return is_array($decoded) ? $decoded : [];
|
|
}
|
|
|
|
return $_POST;
|
|
}
|
|
}
|