From dd99c5dd74b1a4a4a85949708a7cc8a45735393f Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sun, 17 May 2026 22:44:30 +0200
Subject: [PATCH] refactor(auth): login action imports extractFaSessionId from
 \$lib/shared/cookies

Drop the inline parser; reuse the now-shared helper. Pure rewire, no behaviour
change. Addresses PR #612 / Felix F2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 frontend/src/routes/login/+page.server.ts | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/frontend/src/routes/login/+page.server.ts b/frontend/src/routes/login/+page.server.ts
index 3f00a76e..244711d0 100644
--- a/frontend/src/routes/login/+page.server.ts
+++ b/frontend/src/routes/login/+page.server.ts
@@ -1,5 +1,6 @@
 import { fail, redirect, type Actions } from '@sveltejs/kit';
 import { env } from '$env/dynamic/private';
+import { extractFaSessionId } from '$lib/shared/cookies';
 import { getErrorMessage, type ErrorCode } from '$lib/shared/errors';
 import type { PageServerLoad } from './$types';
 
@@ -10,20 +11,6 @@ export const load: PageServerLoad = ({ url }) => {
 	};
 };
 
-/**
- * Extracts the fa_session cookie value from a Set-Cookie response header.
- * The backend may emit attributes like `Path`, `HttpOnly`, `SameSite=Strict`, `Max-Age`, `Secure`;
- * we only forward the opaque session id — the SvelteKit cookies API will rewrite
- * the attributes itself.
- */
-function extractFaSessionId(setCookieHeaders: string[]): string | null {
-	for (const header of setCookieHeaders) {
-		const match = header.match(/^fa_session=([^;]+)/);
-		if (match) return match[1];
-	}
-	return null;
-}
-
 export const actions = {
 	login: async ({ request, cookies, fetch, url }) => {
 		const data = await request.formData();