This pull request transitions the authentication mechanism from cookie-based to session token-based authentication for both the frontend and backend. It introduces a new session token manager on the frontend, updates API service logic to handle session tokens, and replaces cookie authentication with session authentication middleware on the backend. The changes ensure that session tokens are securely managed and attached to requests, and that authentication is only enforced when required by configuration.
Frontend session token management and API changes:
- Added
sessionTokenManagerutility to handle storing, retrieving, and clearing session tokens inlocalStorage(fe/src/utils/sessionToken.ts). - Updated
ApiServiceto attach session tokens to outgoing requests, handle session token responses on login, and always clear tokens on logout (fe/src/services/api.ts). [1] [2] [3] [4] [5]
Backend authentication mechanism changes:
- Replaced cookie-based authentication with session token-based authentication, including conditional registration of the session service based on config and removing cookie authentication setup (
listenarr.api/Program.cs). [1] [2] [3] - Added
SessionAuthenticationMiddlewareto validate ...
Automated canary build