[backport rh-test] Add session cookie auth (#6299)

## Summary Backport of session cookie authentication implementation from main to rh-test. ## Changes - Added session cookie management via extension hooks - Cookie created on login, refreshed on token refresh, deleted on logout - New extension hooks: `onAuthTokenRefreshed()` and `onAuthUserLogout()` - DDD-compliant structure with platform layer (`src/platform/auth/session/`) ## Conflict Resolution - Resolved import conflict in `firebaseAuthStore.ts` (merged `onIdTokenChanged` + `sendEmailVerification`) - Added `onIdTokenChanged` mock to tests ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-6299-backport-rh-test-Add-session-cookie-auth-2986d73d365081238507f99ae789d44b) by [Unito](https://www.unito.io)
2026-04-22 23:39:45 +00:00 · 2025-10-26 01:11:59 -07:00
parent 065b848e58
commit 072b234a13
8 changed files with 143 additions and 2 deletions
--- a/src/platform/auth/session/useSessionCookie.ts
+++ b/src/platform/auth/session/useSessionCookie.ts
@@ -0,0 +1,65 @@
+import { isCloud } from '@/platform/distribution/types'
+import { api } from '@/scripts/api'
+import { useFirebaseAuthStore } from '@/stores/firebaseAuthStore'
+
+/**
+ * Session cookie management for cloud authentication.
+ * Creates and deletes session cookies on the ComfyUI server.
+ */
+export const useSessionCookie = () => {
+  /**
+   * Creates or refreshes the session cookie.
+   * Called after login and on token refresh.
+   */
+  const createSession = async (): Promise<void> => {
+    if (!isCloud) return
+
+    const authStore = useFirebaseAuthStore()
+    const authHeader = await authStore.getAuthHeader()
+
+    if (!authHeader) {
+      throw new Error('No auth header available for session creation')
+    }
+
+    const response = await fetch(api.apiURL('/auth/session'), {
+      method: 'POST',
+      credentials: 'include',
+      headers: {
+        ...authHeader,
+        'Content-Type': 'application/json'
+      }
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      throw new Error(
+        `Failed to create session: ${errorData.message || response.statusText}`
+      )
+    }
+  }
+
+  /**
+   * Deletes the session cookie.
+   * Called on logout.
+   */
+  const deleteSession = async (): Promise<void> => {
+    if (!isCloud) return
+
+    const response = await fetch(api.apiURL('/auth/session'), {
+      method: 'DELETE',
+      credentials: 'include'
+    })
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      throw new Error(
+        `Failed to delete session: ${errorData.message || response.statusText}`
+      )
+    }
+  }
+
+  return {
+    createSession,
+    deleteSession
+  }
+}