fix(auth): send login token in POST body

src/app/api/auth/token/login/route.ts

@@ -11,9 +11,9 @@ import crypto from 'crypto';
 
 const logger = RMABLogger.create('API.Auth.TokenLogin');
 
-export async function GET(request: NextRequest) {
+export async function POST(request: NextRequest) {
   try {
-    const token = request.nextUrl.searchParams.get('token');
+    const { token } = await request.json();
 
     if (!token) {
       return NextResponse.json({ error: 'Missing token parameter' }, { status: 400 });

src/app/auth/token/login/page.tsx

@@ -22,7 +22,11 @@ function TokenLoginContent() {
       return;
     }
 
-    fetch(`/api/auth/token/login?token=${encodeURIComponent(token)}`)
+    fetch('/api/auth/token/login', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ token }),
+    })
       .then((res) => res.json())
       .then((data) => {
         if (data.error) {
@@ -35,7 +39,7 @@ function TokenLoginContent() {
         localStorage.setItem('user', JSON.stringify(data.user));
 
         setAuthData(data.user, data.accessToken);
-          window.location.href = '/';
+        window.location.href = '/';
       })
       .catch(() => {
         router.replace('/login');