fix: resolve platform authentication cookie conflicts and session management

- Fix cookie isolation between regular and platform authentication systems - Add custom cookie names for regular auth (app-auth.session-token) vs platform auth (platform-auth.session-token) - Remove restrictive cookie path from platform auth to allow proper session access - Create custom usePlatformSession hook to bypass NextAuth useSession routing issues - Fix platform dashboard authentication and eliminate redirect loops - Add proper NEXTAUTH_SECRET configuration - Enhance platform login with autocomplete attributes - Update TODO with PR #20 feedback actions and mark platform features complete The platform management dashboard now has fully functional authentication with proper session isolation between regular users and platform admins.
2026-01-16 12:32:10 +01:00 · 2025-06-28 14:24:33 +02:00
parent 1972c5e9f7
commit 2f2c358e67
7 changed files with 267 additions and 134 deletions
--- a/app/platform/dashboard/page.tsx
+++ b/app/platform/dashboard/page.tsx
@ -1,6 +1,5 @@
 "use client";

-import { useSession } from "next-auth/react";
 import { useEffect, useState } from "react";
 import { useRouter } from "next/navigation";
 import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
@ -48,8 +47,39 @@ interface DashboardData {
  };
 }

+// Custom hook for platform session
+function usePlatformSession() {
+  const [session, setSession] = useState<any>(null);
+  const [status, setStatus] = useState<"loading" | "authenticated" | "unauthenticated">("loading");
+
+  useEffect(() => {
+    const fetchSession = async () => {
+      try {
+        const response = await fetch("/api/platform/auth/session");
+        const sessionData = await response.json();
+        
+        if (sessionData?.user?.isPlatformUser) {
+          setSession(sessionData);
+          setStatus("authenticated");
+        } else {
+          setSession(null);
+          setStatus("unauthenticated");
+        }
+      } catch (error) {
+        console.error("Platform session fetch error:", error);
+        setSession(null);
+        setStatus("unauthenticated");
+      }
+    };
+
+    fetchSession();
+  }, []);
+
+  return { data: session, status };
+}
+
 export default function PlatformDashboard() {
-  const { data: session, status } = useSession();
+  const { data: session, status } = usePlatformSession();
  const router = useRouter();
  const { toast } = useToast();
  const [dashboardData, setDashboardData] = useState<DashboardData | null>(null);
@ -67,7 +97,7 @@ export default function PlatformDashboard() {
  useEffect(() => {
    if (status === "loading") return;

-    if (!session?.user?.isPlatformUser) {
+    if (status === "unauthenticated" || !session?.user?.isPlatformUser) {
      router.push("/platform/login");
      return;
    }
@ -155,7 +185,7 @@ export default function PlatformDashboard() {
    );
  }

-  if (!session?.user?.isPlatformUser) {
+  if (status === "unauthenticated" || !session?.user?.isPlatformUser) {
    return null;
  }

--- a/app/platform/layout.tsx
+++ b/app/platform/layout.tsx
@ -9,7 +9,7 @@ export default function PlatformLayout({
  children: React.ReactNode;
 }) {
  return (
-    <SessionProvider>
+    <SessionProvider basePath="/api/platform/auth">
      {children}
      <Toaster />
    </SessionProvider>
--- a/app/platform/login/page.tsx
+++ b/app/platform/login/page.tsx
@ -31,14 +31,9 @@ export default function PlatformLoginPage() {

      if (result?.error) {
        setError("Invalid credentials");
-      } else {
-        // Verify the session has platform access
-        const session = await getSession();
-        if (session?.user?.isPlatformUser) {
-          router.push("/platform/dashboard");
-        } else {
-          setError("Platform access required");
-        }
+      } else if (result?.ok) {
+        // Login successful, redirect to dashboard
+        router.push("/platform/dashboard");
      }
    } catch (error) {
      setError("An error occurred during login");
@ -73,6 +68,7 @@ export default function PlatformLoginPage() {
                onChange={(e) => setEmail(e.target.value)}
                required
                disabled={isLoading}
+                autoComplete="email"
              />
            </div>

@ -85,6 +81,7 @@ export default function PlatformLoginPage() {
                onChange={(e) => setPassword(e.target.value)}
                required
                disabled={isLoading}
+                autoComplete="current-password"
              />
            </div>