mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-06 05:49:12 +02:00
* fix(auth): detect cookie-based session during CLI setup flow When users run `multica setup` after logging into multica.ai, the CLI redirects to the login page which only checked localStorage for an existing session. Since the web app stores auth tokens as HttpOnly cookies (not localStorage), the session was never detected and users had to log in again. Now the login page also tries `api.getMe()` (which sends the HttpOnly cookie automatically) when no localStorage token exists. A new `POST /api/cli-token` endpoint lets cookie-authenticated sessions obtain a bearer token to hand off to the CLI. * fix(auth): prioritise cookie auth over localStorage in CLI setup flow Address code review feedback: cookie-first detection avoids authorising the CLI with a stale or mismatched localStorage token. The useEffect now calls getMe() without a bearer token first (relying on the HttpOnly cookie), and only falls back to localStorage if cookie auth fails. handleCliAuthorize uses an authSourceRef to pick the matching token source — issueCliToken for cookie sessions, localStorage for token sessions — preventing the click handler from re-reading a potentially stale localStorage entry.