add admin login page at /login

2026-05-17 10:40:03 +03:00 · 2026-05-17 10:40:03 +03:00 · e8e7cf9ea9
commit e8e7cf9ea9
parent f0da523ae4
7 changed files with 289 additions and 7 deletions
--- a/backend/app/Middleware/CorsMiddleware.php
+++ b/backend/app/Middleware/CorsMiddleware.php
@ -0,0 +1,40 @@
+<?php
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Slim\Psr7\Response;
+
+class CorsMiddleware implements MiddlewareInterface
+{
+    private const ALLOWED_ORIGIN = 'http://localhost:5173';
+
+    public function process(
+        ServerRequestInterface $request,
+        RequestHandlerInterface $handler,
+    ): ResponseInterface {
+        if ($request->getMethod() === 'OPTIONS') {
+            return $this->withCorsHeaders(new Response(204));
+        }
+
+        return $this->withCorsHeaders($handler->handle($request));
+    }
+
+    private function withCorsHeaders(ResponseInterface $response): ResponseInterface
+    {
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', self::ALLOWED_ORIGIN)
+            ->withHeader('Access-Control-Allow-Credentials', 'true')
+            ->withHeader(
+                'Access-Control-Allow-Headers',
+                'Content-Type, Authorization',
+            )
+            ->withHeader(
+                'Access-Control-Allow-Methods',
+                'GET, POST, OPTIONS',
+            );
+    }
+}
--- a/backend/config/routes.php
+++ b/backend/config/routes.php
@ -2,11 +2,14 @@

 use App\Controllers\AuthController;
 use App\Middleware\AuthMiddleware;
+use App\Middleware\CorsMiddleware;
 use Slim\App;
 use Slim\Routing\RouteCollectorProxy;

 return function (App $app): void {

+    $app->add(CorsMiddleware::class);
+
    $app->get('/me', [AuthController::class, 'me'])
        ->add(AuthMiddleware::class);