Prior to this PR, the token returned by /api/login was persisted only in the component state, which caused it to be lost when navigating away from the /admin page.
This PR makes the following changes to persist the admin token:
The /api/login endpoint now returns the token as a cookie in addition to as a json object in the response payload.
The /admin page now processes the cookies sent back by the server. The payload is now ignored.
The /admin page will attempt to load the token from cookie storage if it is present, and allow deleting the cookie with the logout button.
The /api/internal/recommendations allows reading the token from a cookie. This is currently not used by the frontend, which still sends the admin token using the Authorization header.
There is probably an argument to be made that we could get rid of cookies entirely and persist things in localStorage, but I thought using cookies might allow for http-only (i.e. no javascript) tests, if that makes sense.
Prior to this PR, the token returned by
/api/loginwas persisted only in the component state, which caused it to be lost when navigating away from the/adminpage.This PR makes the following changes to persist the admin token:
/api/loginendpoint now returns the token as a cookie in addition to as a json object in the response payload./adminpage now processes the cookies sent back by the server. The payload is now ignored./adminpage will attempt to load the token from cookie storage if it is present, and allow deleting the cookie with the logout button./api/internal/recommendationsallows reading the token from a cookie. This is currently not used by the frontend, which still sends the admin token using theAuthorizationheader.There is probably an argument to be made that we could get rid of cookies entirely and persist things in localStorage, but I thought using cookies might allow for http-only (i.e. no javascript) tests, if that makes sense.