Commit Graph

1 Commits (master)

Author SHA1 Message Date
isnowglobal-admin 9b21b40da8 release: alpha2.0 — session persistence, Tanuki stability, login flow
Auth & Session:
- Add credentials: include to all frontend fetch calls (queryClient,
  auth-context, tanuki-trades, symbol-selector, settings, verify)
- Redis-backed session store with connect-redis, 7-day cookie expiry,
  sameSite=lax, httpOnly=true
- Add app.set('trust proxy', 1) so Express honors X-Forwarded-Proto from
  nginx — fixes secure cookies never being sent over HTTPS
- Cookie secure flag also checks APP_URL for reverse proxy deployments

Login Flow:
- Fix post-login redirect race condition: use full page reload
  (window.location.href) instead of hash navigation so auth cookie is
  established before ProtectedRoute checks session
- Disable SymbolSelector query when not authenticated to prevent blocking
  fetches on login page
- SymbolSelector returns null when not authenticated — no UI rendered

Tanuki Trades:
- Add ErrorBoundary component to isolate Tanuki page crashes
- Use unique queryKey ['tanuki-tickers'] to prevent React Query cache
  collision with symbol selector
- Defensive query syntax with async/await for error isolation

Testing:
- Verified login → redirect → refresh → session persists (no 401)
- Verified Tanuki page no longer crashes the entire app
- Verified /api/auth/me returns user data across requests with cookie
2026-07-01 14:53:24 -04:00