201 előtti mentés

frontend/admin/stores/auth.ts

@@ -83,6 +83,11 @@ export const useAuthStore = defineStore('auth', () => {
       console.error('Failed to parse token:', err)
       error.value = 'Invalid token format'
       user.value = null
+      // Clear invalid token from storage
+      token.value = null
+      if (typeof window !== 'undefined') {
+        localStorage.removeItem('admin_token')
+      }
     }
   }
 
@@ -143,53 +148,49 @@ export const useAuthStore = defineStore('auth', () => {
     return false
   }
 
-  // Login action
+  // Login action - REAL API AUTHENTICATION ONLY
   async function login(email: string, password: string): Promise<boolean> {
     isLoading.value = true
     error.value = null
     
     try {
-      // DEVELOPMENT MODE BYPASS: If email is admin@servicefinder.com or we're in dev mode
-      // Use the mock JWT token to bypass backend authentication
-      const isDevMode = typeof import.meta !== 'undefined' && (import.meta.env.DEV || import.meta.env.MODE === 'development')
-      const isAdminEmail = email === 'admin@servicefinder.com' || email === 'superadmin@servicefinder.com'
+      // Debug: Log what we're sending
+      console.log('Auth store: Attempting login for', email)
+      console.log('Auth store: Password length', password.length)
       
-      if (isDevMode && isAdminEmail) {
-        console.log('[DEV MODE] Using mock authentication bypass for:', email)
-        
-        // Use the exact mock JWT string provided in the task
-        const mockJwtToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdXBlcmFkbWluQHNlcnZpY2VmaW5kZXIuY29tIiwicm9sZSI6InN1cGVyYWRtaW4iLCJyYW5rIjoxMDAsInNjb3BlX2xldmVsIjoiZ2xvYmFsIiwiZXhwIjozMDAwMDAwMDAwLCJpYXQiOjE3MDAwMDAwMDB9.dummy_signature'
-        
-        // Store token safely (SSR-safe)
-        if (typeof window !== 'undefined') {
-          localStorage.setItem('admin_token', mockJwtToken)
-        }
-        token.value = mockJwtToken
-        parseToken()
-        
-        return true
-      }
+      // Prepare URL-encoded form data for OAuth2 password grant (as per FastAPI auth endpoint)
+      // FastAPI's OAuth2PasswordRequestForm expects application/x-www-form-urlencoded
+      // Use explicit string encoding to guarantee FastAPI accepts it (Nuxt's $fetch messes up URLSearchParams)
+      const bodyString = `username=${encodeURIComponent(email)}&password=${encodeURIComponent(password)}`;
       
-      // Otherwise, call real backend login endpoint
-      const response = await fetch('http://localhost:8000/login', {
+      console.log('Auth store: Body string created', bodyString)
+      
+      // Call real backend login endpoint using $fetch (Nuxt's fetch)
+      // $fetch automatically throws on non-2xx responses, so we just need to catch
+      const data = await $fetch('/api/v1/auth/login', {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ email, password })
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: bodyString
       })
       
-      if (!response.ok) {
-        throw new Error('Login failed')
+      console.log('Auth login API response:', data)
+      
+      // Extract token
+      const accessToken = data.access_token
+      if (!accessToken) {
+        throw new Error('No access token in response')
       }
       
-      const data = await response.json()
-      token.value = data.access_token
+      // Store token safely (SSR-safe)
       if (typeof window !== 'undefined') {
-        localStorage.setItem('admin_token', token.value)
+        localStorage.setItem('admin_token', accessToken)
       }
+      token.value = accessToken
       parseToken()
       
       return true
     } catch (err) {
+      console.error('Auth store: Login catch block error:', err)
       error.value = err instanceof Error ? err.message : 'Login failed'
       return false
     } finally {