soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

stage 1 of oauth removal, switch to sanctum pat tokens

Browse Source
This commit is contained in:
Codex Agent
2025-11-06 20:35:58 +01:00
parent c9783bd57b
commit 776da57ca9
47 changed files with 1571 additions and 2555 deletions
Download Patch File Download Diff File Expand all files Collapse all files

321
resources/js/admin/pages/LoginPage.tsx
View File

@@ -1,242 +1,181 @@
import React from 'react';
import { Location, useLocation, useNavigate } from 'react-router-dom';
import { useTranslation } from 'react-i18next';
import { ArrowRight, Loader2 } from 'lucide-react';
import { useLocation, useNavigate } from 'react-router-dom';
import { Loader2 } from 'lucide-react';
import { Alert, AlertDescription, AlertTitle } from '@/components/ui/alert';
import { Button } from '@/components/ui/button';
import AppLogoIcon from '@/components/app-logo-icon';
import { Alert, AlertDescription } from '@/components/ui/alert';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Label } from '@/components/ui/label';
import { useAuth } from '../auth/context';
import { ADMIN_DEFAULT_AFTER_LOGIN_PATH } from '../constants';
import {
buildAdminOAuthStartPath,
buildMarketingLoginUrl,
encodeReturnTo,
isPermittedReturnTarget,
resolveReturnTarget,
storeLastDestination,
} from '../lib/returnTo';
import { encodeReturnTo, resolveReturnTarget } from '../lib/returnTo';
import { useMutation } from '@tanstack/react-query';
interface LocationState {
from?: Location;
type LoginResponse = {
token: string;
token_type: string;
abilities: string[];
};
async function performLogin(payload: { login: string; password: string; return_to?: string | null }): Promise<LoginResponse> {
const response = await fetch('/api/v1/tenant-auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Accept': 'application/json',
},
body: JSON.stringify({
...payload,
remember: true,
}),
});
if (response.status === 422) {
const data = await response.json();
const errors = data.errors ?? {};
const flattened = Object.values(errors).flat();
throw new Error(flattened.join(' ') || 'Validation failed');
}
if (!response.ok) {
throw new Error('Login failed.');
}
return (await response.json()) as LoginResponse;
}
export default function LoginPage() {
const { status, login } = useAuth();
export default function LoginPage(): JSX.Element {
const { status, applyToken } = useAuth();
const { t } = useTranslation('auth');
const location = useLocation();
const navigate = useNavigate();
const searchParams = React.useMemo(() => new URLSearchParams(location.search), [location.search]);
const oauthError = searchParams.get('error');
const oauthErrorDescription = searchParams.get('error_description');
const rawReturnTo = searchParams.get('return_to');
const state = location.state as LocationState | null;
const fallbackTarget = React.useMemo(() => {
if (state?.from) {
const from = state.from;
const search = from.search ?? '';
const hash = from.hash ?? '';
const composed = `${from.pathname}${search}${hash}`;
if (isPermittedReturnTarget(composed)) {
return composed;
}
}
return ADMIN_DEFAULT_AFTER_LOGIN_PATH;
}, [state]);
const { finalTarget, encodedFinal } = React.useMemo(
const fallbackTarget = ADMIN_DEFAULT_AFTER_LOGIN_PATH;
const { finalTarget } = React.useMemo(
() => resolveReturnTarget(rawReturnTo, fallbackTarget),
[fallbackTarget, rawReturnTo]
[rawReturnTo, fallbackTarget]
);
const resolvedErrorMessage = React.useMemo(() => {
if (!oauthError) {
return null;
}
const errorMap: Record<string, string> = {
login_required: t('login.oauth_errors.login_required'),
invalid_request: t('login.oauth_errors.invalid_request'),
invalid_client: t('login.oauth_errors.invalid_client'),
invalid_redirect: t('login.oauth_errors.invalid_redirect'),
invalid_scope: t('login.oauth_errors.invalid_scope'),
tenant_mismatch: t('login.oauth_errors.tenant_mismatch'),
google_failed: t('login.oauth_errors.google_failed'),
google_no_match: t('login.oauth_errors.google_no_match'),
};
return errorMap[oauthError] ?? oauthErrorDescription ?? oauthError;
}, [oauthError, oauthErrorDescription, t]);
React.useEffect(() => {
if (status === 'authenticated') {
navigate(finalTarget, { replace: true });
}
}, [finalTarget, navigate, status]);
const redirectTarget = React.useMemo(() => {
if (finalTarget) {
return finalTarget;
}
const [login, setLogin] = React.useState('');
const [password, setPassword] = React.useState('');
const [error, setError] = React.useState<string | null>(null);
if (state?.from) {
const from = state.from;
const search = from.search ?? '';
const hash = from.hash ?? '';
const path = `${from.pathname}${search}${hash}`;
const mutation = useMutation({
mutationKey: ['tenantAdminLogin'],
mutationFn: performLogin,
onError: (err: unknown) => {
const message = err instanceof Error ? err.message : String(err);
setError(message);
},
onSuccess: async (data) => {
setError(null);
await applyToken(data.token, data.abilities ?? []);
navigate(finalTarget, { replace: true });
},
});
return path.startsWith('/') ? path : `/${path}`;
}
const handleSubmit = (event: React.FormEvent<HTMLFormElement>) => {
event.preventDefault();
setError(null);
return ADMIN_DEFAULT_AFTER_LOGIN_PATH;
}, [finalTarget, state]);
const shouldOpenAccountLogin = oauthError === 'login_required';
const isLoading = status === 'loading';
const hasAutoStartedRef = React.useRef(false);
const oauthStartPath = React.useMemo(
() => buildAdminOAuthStartPath(redirectTarget, encodedFinal),
[encodedFinal, redirectTarget]
);
const marketingLoginUrl = React.useMemo(() => buildMarketingLoginUrl(oauthStartPath), [oauthStartPath]);
const hasRedirectedRef = React.useRef(false);
React.useEffect(() => {
if (!shouldOpenAccountLogin || hasRedirectedRef.current) {
return;
}
hasRedirectedRef.current = true;
window.location.replace(marketingLoginUrl);
}, [marketingLoginUrl, shouldOpenAccountLogin]);
React.useEffect(() => {
if (status !== 'unauthenticated' || oauthError || hasAutoStartedRef.current) {
return;
}
hasAutoStartedRef.current = true;
storeLastDestination(redirectTarget);
login(redirectTarget);
}, [login, oauthError, redirectTarget, status]);
const googleHref = React.useMemo(() => {
const target = new URL('/event-admin/auth/google', window.location.origin);
target.searchParams.set('return_to', encodeReturnTo(oauthStartPath));
return target.toString();
}, [oauthStartPath]);
mutation.mutate({
login,
password,
return_to: rawReturnTo,
});
};
return (
<div className="relative min-h-svh overflow-hidden bg-slate-950 px-4 py-16 text-white">
<div className="relative min-h-svh overflow-hidden bg-slate-950 text-white">
<div
aria-hidden
className="absolute inset-0 bg-[radial-gradient(ellipse_at_top,_rgba(255,137,170,0.35),_transparent_60%),radial-gradient(ellipse_at_bottom,_rgba(99,102,241,0.35),_transparent_55%)] blur-3xl"
/>
<div className="absolute inset-0 bg-gradient-to-br from-gray-950 via-gray-950/70 to-[#1a0f1f]" aria-hidden />
<div className="relative z-10 mx-auto flex w-full max-w-md flex-col items-center gap-8">
<div className="flex flex-col items-center gap-3 text-center">
<div className="relative z-10 mx-auto flex w-full max-w-md flex-col gap-10 px-6 py-16">
<header className="flex flex-col items-center gap-3 text-center">
<span className="flex h-12 w-12 items-center justify-center rounded-full bg-white/15 shadow-lg shadow-black/20">
<AppLogoIcon className="h-7 w-7 text-white" />
</span>
<h1 className="text-2xl font-semibold">{t('login.panel_title', t('login.title', 'Event Admin'))}</h1>
<h1 className="text-2xl font-semibold tracking-tight">
{t('login.panel_title', t('login.title', 'Event Admin Login'))}
</h1>
<p className="max-w-sm text-sm text-white/70">
{t('login.panel_copy', 'Sign in with your Fotospiel admin access. OAuth 2.1 and clear role permissions keep your account protected.')}
{t('login.panel_copy', 'Sign in with your Fotospiel admin credentials to manage your events and galleries.')}
</p>
</div>
</header>
{resolvedErrorMessage ? (
<Alert className="w-full border-red-400/40 bg-red-50/80 text-red-800 dark:border-red-500/40 dark:bg-red-500/10 dark:text-red-100">
<AlertTitle>{t('login.oauth_error_title')}</AlertTitle>
<AlertDescription>{resolvedErrorMessage}</AlertDescription>
</Alert>
) : null}
<form onSubmit={handleSubmit} className="flex flex-col gap-5 rounded-3xl border border-white/10 bg-white/95 p-8 text-slate-900 shadow-2xl shadow-rose-400/10 backdrop-blur-xl dark:border-white/10 dark:bg-slate-900/95 dark:text-slate-50">
<div className="grid gap-2">
<Label htmlFor="login" className="text-sm font-semibold text-slate-700 dark:text-slate-200">
{t('login.username_or_email', 'E-Mail oder Benutzername')}
</Label>
<Input
id="login"
name="login"
type="text"
autoComplete="username"
required
value={login}
onChange={(event) => setLogin(event.target.value)}
className="h-12 rounded-xl border-slate-200/60 bg-white/90 px-4 text-base shadow-inner shadow-slate-200/40 focus-visible:ring-[#ff8bb1]/40 dark:border-slate-800/70 dark:bg-slate-900/70 dark:text-slate-100"
placeholder={t('login.username_or_email_placeholder', 'name@example.com')}
/>
</div>
<div className="w-full space-y-4 rounded-3xl border border-white/10 bg-white/95 p-8 text-slate-900 shadow-2xl shadow-rose-400/10 backdrop-blur-xl dark:border-white/10 dark:bg-slate-900/95 dark:text-slate-50">
<div className="space-y-2 text-left">
<h2 className="text-xl font-semibold">{t('login.actions_title', 'Choose your sign-in method')}</h2>
<p className="text-sm text-slate-500 dark:text-slate-300">
{t('login.actions_copy', 'Access the tenant dashboard securely with OAuth or your Google account.')}
<div className="grid gap-2">
<Label htmlFor="password" className="text-sm font-semibold text-slate-700 dark:text-slate-200">
{t('login.password', 'Passwort')}
</Label>
<Input
id="password"
name="password"
type="password"
autoComplete="current-password"
required
value={password}
onChange={(event) => setPassword(event.target.value)}
className="h-12 rounded-xl border-slate-200/60 bg-white/90 px-4 text-base shadow-inner shadow-slate-200/40 focus-visible:ring-[#ff8bb1]/40 dark:border-slate-800/70 dark:bg-slate-900/70 dark:text-slate-100"
placeholder={t('login.password_placeholder', '••••••••')}
/>
<p className="text-xs text-slate-500 dark:text-slate-400">
{t('login.remember_hint', 'Wir halten dich automatisch angemeldet, solange du dieses Gerät nutzt.')}
</p>
</div>
<div className="space-y-3">
<Button
size="lg"
className="group flex w-full items-center justify-center gap-2 rounded-full bg-gradient-to-r from-[#ff5f87] via-[#ec4899] to-[#6366f1] px-8 py-3 text-base font-semibold text-white shadow-lg shadow-rose-400/30 transition hover:from-[#ff4470] hover:via-[#ec4899] hover:to-[#4f46e5] focus-visible:ring-4 focus-visible:ring-rose-400/40"
disabled={isLoading}
onClick={() => {
if (shouldOpenAccountLogin) {
window.location.href = marketingLoginUrl;
return;
}
{error ? (
<Alert variant="destructive" className="rounded-2xl border-rose-400/50 bg-rose-50/90 text-rose-700 dark:border-rose-500/40 dark:bg-rose-500/10 dark:text-rose-100">
<AlertDescription>{error}</AlertDescription>
</Alert>
) : null}
storeLastDestination(redirectTarget);
login(redirectTarget);
}}
>
{isLoading ? (
<>
<Loader2 className="h-5 w-5 animate-spin" />
{t('login.loading', 'Signing you in …')}
</>
) : (
<>
{shouldOpenAccountLogin
? t('login.open_account_login')
: t('login.cta', 'Continue with Fotospiel login')}
<ArrowRight className="h-5 w-5 transition group-hover:translate-x-1" />
</>
)}
</Button>
<Button
type="submit"
className="mt-2 h-12 w-full justify-center rounded-xl bg-gradient-to-r from-[#ff5f87] via-[#ec4899] to-[#6366f1] text-base font-semibold shadow-[0_18px_35px_-18px_rgba(236,72,153,0.7)] transition hover:from-[#ff4470] hover:via-[#ec4899] hover:to-[#4f46e5]"
disabled={mutation.isLoading}
>
{mutation.isLoading ? <Loader2 className="mr-2 h-5 w-5 animate-spin" /> : null}
{mutation.isLoading ? t('login.loading', 'Anmeldung …') : t('login.submit', 'Anmelden')}
</Button>
</form>
<Button
variant="outline"
size="lg"
className="flex w-full items-center justify-center gap-3 rounded-full border-slate-200 bg-white text-slate-900 transition hover:bg-slate-50 dark:border-slate-700 dark:bg-slate-900 dark:text-slate-50 dark:hover:bg-slate-800"
onClick={() => {
window.location.href = googleHref;
}}
>
<GoogleIcon className="h-5 w-5" />
{t('login.google_cta', 'Continue with Google')}
</Button>
</div>
<p className="text-xs text-slate-500 dark:text-slate-300">
{t('login.support', "Need access? Contact your event team or email support@fotospiel.de — we're happy to help.")}
</p>
</div>
{redirectTarget !== ADMIN_DEFAULT_AFTER_LOGIN_PATH ? (
<p className="text-center text-xs text-white/50">{t('login.return_hint')}</p>
) : null}
<footer className="text-center text-xs text-white/50">
{t('login.support', "Brauchen Sie Hilfe? Schreiben Sie uns an support@fotospiel.de")}
</footer>
</div>
</div>
);
}
function GoogleIcon({ className }: { className?: string }) {
return (
<svg className={className} viewBox="0 0 24 24" aria-hidden>
<path
fill="#4285F4"
d="M23.52 12.272c0-.851-.076-1.67-.217-2.455H12v4.639h6.44a5.51 5.51 0 0 1-2.393 3.622v3.01h3.88c2.271-2.093 3.593-5.18 3.593-8.816Z"
/>
<path
fill="#34A853"
d="M12 24c3.24 0 5.957-1.073 7.943-2.912l-3.88-3.01c-1.073.72-2.446 1.147-4.063 1.147-3.124 0-5.773-2.111-6.717-4.954H1.245v3.11C3.221 21.64 7.272 24 12 24Z"
/>
<path
fill="#FBBC05"
d="M5.283 14.27a7.2 7.2 0 0 1 0-4.54V6.62H1.245a11.996 11.996 0 0 0 0 10.76l4.038-3.11Z"
/>
<path
fill="#EA4335"
d="M12 4.75c1.761 0 3.344.606 4.595 1.794l3.447-3.447C17.957 1.012 15.24 0 12 0 7.272 0 3.221 2.36 1.245 6.62l4.038 3.11C6.227 6.861 8.876 4.75 12 4.75Z"
/>
</svg>
);
}