Harden auth and outbound admin surfaces

2026-05-23 21:12:45 +12:00
parent d9ac54a2ff
commit 1ce01ec348
15 changed files with 495 additions and 110 deletions
@@ -42,13 +42,14 @@ export default function LoginPage() {
        method: 'POST',
        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
        body,
+        credentials: 'include',
      })
      if (!response.ok) {
        throw new Error('Login failed')
      }
      const data = await response.json()
-      if (data?.access_token) {
-        setToken(data.access_token)
+      if (data?.authenticated) {
+        setToken('cookie')
        if (typeof window !== 'undefined') {
          window.location.href = '/'
          return