From 78f9bd3f7a976c8e83519493ee9bb2107e604b38 Mon Sep 17 00:00:00 2001
From: florianfederspiel <florian@fedeo.de>
Date: Tue, 2 Jun 2026 12:03:34 +0200
Subject: [PATCH] Auth-Redirect vor Bootstrap verhindern

---
 frontend/middleware/auth.global.ts |  4 ++--
 frontend/stores/auth.ts            | 18 +++++++++++++++---
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/frontend/middleware/auth.global.ts b/frontend/middleware/auth.global.ts
index c9eea0d..305e110 100644
--- a/frontend/middleware/auth.global.ts
+++ b/frontend/middleware/auth.global.ts
@@ -1,6 +1,6 @@
 export default defineNuxtRouteMiddleware(async (to, from) => {
     const auth = useAuthStore()
-    const token = useCookie<string | null>("token", { path: "/" }).value
+    const token = auth.getStoredToken()
 
     // DEBUG: Was sieht die Middleware wirklich?
     console.log("🔒 Middleware Check auf:", to.path)
@@ -13,7 +13,7 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
         return
     }
 
-    if (!auth.user && token && process.client) {
+    if (!auth.user && token) {
         console.log("🔄 Auth-Bootstrap aus Cookie")
         await auth.initStore()
     }
diff --git a/frontend/stores/auth.ts b/frontend/stores/auth.ts
index abf3708..c4eef21 100644
--- a/frontend/stores/auth.ts
+++ b/frontend/stores/auth.ts
@@ -34,6 +34,18 @@ export const useAuthStore = defineStore("auth", {
             return useCookie<string | null>("token", { path: "/" })
         },
 
+        getStoredToken() {
+            const rootToken = this.tokenCookie().value
+            if (rootToken || !process.client) return rootToken
+
+            const tokenCookie = document.cookie
+                .split(";")
+                .map((part) => part.trim())
+                .find((part) => part.startsWith("token="))
+
+            return tokenCookie ? decodeURIComponent(tokenCookie.slice("token=".length)) : null
+        },
+
         clearScopedTokenCookies() {
             if (!process.client) return
 
@@ -113,7 +125,7 @@ export const useAuthStore = defineStore("auth", {
         scheduleSessionTimers(token?: string | null) {
             if (!process.client) return
 
-            const tokenToUse = token || this.tokenCookie().value
+            const tokenToUse = token || this.getStoredToken()
 
             this.clearSessionTimers()
             this.sessionWarningVisible = false
@@ -173,7 +185,7 @@ export const useAuthStore = defineStore("auth", {
             console.log("Auth initStore")
 
             // 1. Check: Haben wir überhaupt ein Token?
-            const token = this.tokenCookie().value
+            const token = this.getStoredToken()
 
             if (!token) {
                 // Kein Token -> Wir sind fertig, User ist Gast.
@@ -298,7 +310,7 @@ export const useAuthStore = defineStore("auth", {
             const tempStore = useTempStore()
 
             // Token aus Argument oder Cookie holen
-            const tokenToUse = jwt || this.tokenCookie().value
+            const tokenToUse = jwt || this.getStoredToken()
 
             if (!tokenToUse) {
                 const wasSessionExpired = this.sessionExpired