feat: add customer login page in SPA

- Created Login/index.tsx with styled form - Added /auth/customer-login API endpoint (no admin perms required) - Registered route in Routes.php - Added /login route in customer-spa App.tsx - Account page now redirects to SPA login instead of wp-login.php - Login supports redirect param for post-login navigation
2025-12-31 22:43:13 +07:00
parent 3d7eb5bf48
commit 56042d4b8e
5 changed files with 242 additions and 13 deletions
--- a/includes/Api/AuthController.php
+++ b/includes/Api/AuthController.php
@@ -78,6 +78,58 @@ class AuthController {
 		], 200 );
 	}
 	
+	/**
+	 * Customer login endpoint (no admin permission required)
+	 * 
+	 * @param WP_REST_Request $request Request object
+	 * @return WP_REST_Response Response object
+	 */
+	public static function customer_login( WP_REST_Request $request ): WP_REST_Response {
+		$username = sanitize_text_field( $request->get_param( 'username' ) );
+		$password = $request->get_param( 'password' );
+		
+		if ( empty( $username ) || empty( $password ) ) {
+			return new WP_REST_Response( [
+				'success' => false,
+				'message' => __( 'Username and password are required', 'woonoow' ),
+			], 400 );
+		}
+		
+		// Authenticate user
+		$user = wp_authenticate( $username, $password );
+		
+		if ( is_wp_error( $user ) ) {
+			return new WP_REST_Response( [
+				'success' => false,
+				'message' => __( 'Invalid username or password', 'woonoow' ),
+			], 401 );
+		}
+		
+		// Clear old cookies and set new ones
+		wp_clear_auth_cookie();
+		wp_set_current_user( $user->ID );
+		wp_set_auth_cookie( $user->ID, true );
+		
+		// Trigger login action
+		do_action( 'wp_login', $user->user_login, $user );
+		
+		// Get customer data
+		$customer_data = [
+			'id'         => $user->ID,
+			'name'       => $user->display_name,
+			'email'      => $user->user_email,
+			'first_name' => get_user_meta( $user->ID, 'first_name', true ),
+			'last_name'  => get_user_meta( $user->ID, 'last_name', true ),
+			'avatar'     => get_avatar_url( $user->ID ),
+		];
+		
+		return new WP_REST_Response( [
+			'success' => true,
+			'user'    => $customer_data,
+			'nonce'   => wp_create_nonce( 'wp_rest' ),
+		], 200 );
+	}
+	
 	/**
 	 * Logout endpoint
 	 * 
--- a/includes/Api/Routes.php
+++ b/includes/Api/Routes.php
@@ -65,6 +65,13 @@ class Routes {
                'permission_callback' => '__return_true',
            ] );
            
+            // Customer login endpoint (no admin permission required)
+            register_rest_route( $namespace, '/auth/customer-login', [
+                'methods'             => 'POST',
+                'callback'            => [ AuthController::class, 'customer_login' ],
+                'permission_callback' => '__return_true',
+            ] );
+            
            // Defer to controllers to register their endpoints
            CheckoutController::register();
            OrdersController::register();