fix: login loop and repeated medication notifications

- Fix login loop: secure cookie detection now uses x-forwarded-proto/origin headers to correctly identify HTTPS requests through Tailscale Funnel - Add credentials: include to login/register fetch calls - Verify session after login/registration before redirecting to prevent race conditions - Fix repeated medication reminders: isDue() now matches exact minute instead of 5-minute tolerance window, preventing duplicate notifications when sender runs every minute - Add tests for cookie security and notification scheduling - Extract isDue() to separate module for better testability
2026-05-24 21:31:43 +08:00 · 2026-03-15 12:17:42 +00:00
parent f0f674945c
commit 1bb88288f4
12 changed files with 120 additions and 27 deletions
--- a/src/lib/auth/cookies.test.ts
+++ b/src/lib/auth/cookies.test.ts
@@ -0,0 +1,25 @@
+import { afterEach, describe, expect, it } from 'vitest'
+import { shouldUseSecureCookies } from './cookies'
+
+const originalCookieSecure = process.env.COOKIE_SECURE
+
+afterEach(() => {
+  process.env.COOKIE_SECURE = originalCookieSecure
+})
+
+describe('shouldUseSecureCookies', () => {
+  it('uses secure cookies for forwarded https requests even in development', () => {
+    expect(shouldUseSecureCookies({ forwardedProto: 'https' })).toBe(true)
+  })
+
+  it('uses secure cookies when the request origin is https', () => {
+    expect(
+      shouldUseSecureCookies({ origin: 'https://debianvm.kangaroo-eel.ts.net:10000' })
+    ).toBe(true)
+  })
+
+  it('allows an explicit insecure override', () => {
+    process.env.COOKIE_SECURE = 'false'
+    expect(shouldUseSecureCookies({ forwardedProto: 'https' })).toBe(false)
+  })
+})