fix(manacore): auth flow and dashboard widget API fixes

Auth fixes: - Update fetchInterceptor skip patterns for ManaCore auth endpoints - Fix URL matching to compare full origins instead of partial matches - Update token manager state after successful login - Remove Supabase session dependency from layouts - Use authStore for auth state in route layouts Dashboard fixes: - Add network error detection in base-client to prevent infinite retries - Update all 9 dashboard widgets to not retry on service unavailable - Add /api/v1 prefix to all backend service URLs (chat, calendar, contacts, todo, zitare, picture, manadeck) Commands: - Add dev:manacore:backends to start all 9 dashboard backends - Add dev:manacore:full to start web + all backends together - Update COMMANDS.md with new commands and backend port table Auth service: - Fix TypeScript error: crossApp → cross_app in referrals schema 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-14 23:01:09 +02:00 · 2025-12-07 14:44:58 +01:00 · 2025-12-07 14:44:58 +01:00 · a6cc0b83aa
commit a6cc0b83aa
parent ee52f6c144
33 changed files with 2634 additions and 68 deletions
--- a/packages/shared-auth/src/interceptors/fetchInterceptor.ts
+++ b/packages/shared-auth/src/interceptors/fetchInterceptor.ts
@ -20,7 +20,17 @@ export interface FetchInterceptorConfig {
 * Default patterns to skip
 */
 const DEFAULT_SKIP_PATTERNS = [
-	// Auth endpoints
+	// Auth endpoints (Mana Core Auth)
+	'/api/v1/auth/login',
+	'/api/v1/auth/register',
+	'/api/v1/auth/refresh',
+	'/api/v1/auth/logout',
+	'/api/v1/auth/forgot-password',
+	'/api/v1/auth/reset-password',
+	'/api/v1/auth/verify',
+	'/api/v1/auth/google-signin',
+	'/api/v1/auth/apple-signin',
+	// Legacy auth patterns (for backwards compatibility)
 	'/auth/signin',
 	'/auth/signup',
 	'/auth/refresh',
@ -147,13 +157,18 @@ function shouldSkipInterception(url: string, skipPatterns: string[], backendUrl:
 		return true;
 	}

-	// Check if URL matches backend
-	const backendDomain = backendUrl
-		.replace(/https?:\/\//, '')
-		.replace(/:\d+$/, '')
-		.toLowerCase();
+	// Check if URL matches backend (must include full host:port)
+	// Parse backendUrl to get origin (protocol + host + port)
+	try {
+		const backendOrigin = new URL(backendUrl).origin.toLowerCase();
+		const requestOrigin = new URL(url).origin.toLowerCase();

-	if (!lowerUrl.includes(backendDomain)) {
+		// Only intercept if request origin matches backend origin
+		if (requestOrigin !== backendOrigin) {
+			return true;
+		}
+	} catch {
+		// If URL parsing fails, skip interception
 		return true;
 	}