fix: Use wp_signon for proper WordPress authentication in standalone login

2025-11-05 00:11:20 +07:00
parent 04e02f1d67
commit 15f0bcb4e4
4 changed files with 20 additions and 10 deletions
--- a/admin-spa/src/App.tsx
+++ b/admin-spa/src/App.tsx
@@ -1,5 +1,6 @@
 import React, { useEffect, useState } from 'react';
-import { HashRouter, Routes, Route, NavLink, useLocation, useParams, Navigate } from 'react-router-dom';
+import { HashRouter, Routes, Route, NavLink, useLocation, useParams, Navigate, Link } from 'react-router-dom';
+import { Login } from './routes/Login';
 import Dashboard from '@/routes/Dashboard';
 import DashboardRevenue from '@/routes/Dashboard/Revenue';
 import DashboardOrders from '@/routes/Dashboard/Orders';
@@ -19,7 +20,6 @@ import ProductAttributes from '@/routes/Products/Attributes';
 import CouponsIndex from '@/routes/Coupons';
 import CouponNew from '@/routes/Coupons/New';
 import CustomersIndex from '@/routes/Customers';
-import { Login } from '@/routes/Login';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { LayoutDashboard, ReceiptText, Package, Tag, Users, Settings as SettingsIcon, Maximize2, Minimize2, Loader2 } from 'lucide-react';
 import { Toaster } from 'sonner';
@@ -441,7 +441,7 @@ function AuthWrapper() {
    });

    // In standalone mode, trust the initial PHP auth check
-    // No need for additional API call since PHP already verified the session
+    // PHP uses wp_signon which sets proper WordPress cookies
    if (window.WNW_CONFIG?.standaloneMode) {
      setIsAuthenticated(window.WNW_CONFIG.isAuthenticated);
      setIsChecking(false);
@@ -464,7 +464,7 @@ function AuthWrapper() {
  }

  if (location.pathname === '/login' && isAuthenticated) {
-    return <Navigate to="/dashboard" replace />;
+    return <Navigate to="/" replace />;
  }

  return (
--- a/admin-spa/src/lib/api.ts
+++ b/admin-spa/src/lib/api.ts
@@ -9,7 +9,7 @@ export const api = {
    if (!headers.has('Accept')) headers.set('Accept', 'application/json');
    if (options.body && !headers.has('Content-Type')) headers.set('Content-Type', 'application/json');

-    const res = await fetch(url, { credentials: 'same-origin', ...options, headers });
+    const res = await fetch(url, { credentials: 'include', ...options, headers });

    if (!res.ok) {
      let responseData: any = null;
--- a/admin-spa/src/routes/Login.tsx
+++ b/admin-spa/src/routes/Login.tsx
@@ -37,6 +37,11 @@ export function Login() {
        window.WNW_CONFIG.currentUser = data.user;
        window.WNW_CONFIG.nonce = data.nonce;
        
+        // CRITICAL: Also update WNW_API.nonce for API requests
+        if (window.WNW_API) {
+          window.WNW_API.nonce = data.nonce;
+        }
+        
        // Redirect to dashboard (no reload needed, auth state is updated)
        navigate('/dashboard');
      } else {