Lukas
c41165c294
The sha256Hex helper used window.crypto.subtle.digest(), which is only available in a secure context (HTTPS / localhost). In the HTTP Docker environment crypto.subtle is undefined, causing a TypeError before any request is sent — the setup and login forms both silently failed with 'An unexpected error occurred'. Fix: pass raw passwords directly to the API. The backend already applies bcrypt, which is sufficient. No stored hashes need migration because setup never completed successfully in the HTTP environment. * frontend/src/pages/SetupPage.tsx — remove sha256Hex call * frontend/src/api/auth.ts — remove sha256Hex call * frontend/src/pages/__tests__/SetupPage.test.tsx — drop crypto mock * frontend/src/utils/crypto.ts — deleted (no remaining callers)
30 lines
837 B
TypeScript
30 lines
837 B
TypeScript
/**
|
|
* Authentication API functions.
|
|
*
|
|
* Wraps calls to POST /api/auth/login and POST /api/auth/logout
|
|
* using the central typed fetch client.
|
|
*/
|
|
|
|
import { api } from "./client";
|
|
import { ENDPOINTS } from "./endpoints";
|
|
import type { LoginResponse, LogoutResponse } from "../types/auth";
|
|
|
|
/**
|
|
* Authenticate with the master password.
|
|
*
|
|
* @param password - The master password entered by the user.
|
|
* @returns The login response containing the session token.
|
|
*/
|
|
export async function login(password: string): Promise<LoginResponse> {
|
|
return api.post<LoginResponse>(ENDPOINTS.authLogin, { password });
|
|
}
|
|
|
|
/**
|
|
* Log out and invalidate the current session.
|
|
*
|
|
* @returns The logout confirmation message.
|
|
*/
|
|
export async function logout(): Promise<LogoutResponse> {
|
|
return api.post<LogoutResponse>(ENDPOINTS.authLogout, {});
|
|
}
|