Inject auth cookie native dans AppDelegate au lancement

Évite le redirect 303 du backend /login qui casse WKWebView (WebKitErrorDomain
code 102, frame load interrupted by policy change). Le cookie est posé
directement dans HTTPCookieStorage.shared avec les bons attributs (domain
coach.hypnotruck.ch, path /, secure, expire 1 an).

Token lu depuis CoachAuth.kCoachWebToken défini dans CoachAuth.swift
(gitignored). Template fourni dans CoachAuth.swift.example.

Setup côté Mac mini :
1. cp ios/App/App/CoachAuth.swift.example ios/App/App/CoachAuth.swift
2. Éditer pour mettre la vraie valeur du token
3. Dans Xcode, Right-click App folder → Add Files → sélectionner CoachAuth.swift

ios/App/App/AppDelegate.swift

@@ -7,43 +7,46 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
     var window: UIWindow?
 
     func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
-        // Override point for customization after application launch.
+        injectCoachAuthCookie()
         return true
     }
 
-    func applicationWillResignActive(_ application: UIApplication) {
+    /// Injecte le cookie d'auth coach.hypnotruck.ch dans HTTPCookieStorage.shared
-        // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state.
+    /// avant que la WKWebView ne charge la 1ère page. Évite de passer par /login
-        // Use this method to pause ongoing tasks, disable timers, and invalidate graphics rendering callbacks. Games should use this method to pause the game.
+    /// (le redirect 303 casse la WKWebView avec WebKitErrorDomain code 102).
+    ///
+    /// Le token est lu depuis la constante `kCoachWebToken` définie dans
+    /// `CoachAuth.swift` (gitignored). Si le fichier est absent, l'app
+    /// fonctionne mais demande le token au 1er lancement via /login.
+    private func injectCoachAuthCookie() {
+        let token = CoachAuth.kCoachWebToken
+        guard !token.isEmpty, token != "REPLACE_ME" else { return }
+
+        let oneYear: TimeInterval = 60 * 60 * 24 * 365
+        let properties: [HTTPCookiePropertyKey: Any] = [
+            .name: "coach_web_token",
+            .value: token,
+            .domain: "coach.hypnotruck.ch",
+            .path: "/",
+            .secure: true,
+            .expires: Date(timeIntervalSinceNow: oneYear),
+        ]
+
+        guard let cookie = HTTPCookie(properties: properties) else { return }
+        HTTPCookieStorage.shared.setCookie(cookie)
     }
 
-    func applicationDidEnterBackground(_ application: UIApplication) {
+    func applicationWillResignActive(_ application: UIApplication) {}
-        // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later.
+    func applicationDidEnterBackground(_ application: UIApplication) {}
-        // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits.
+    func applicationWillEnterForeground(_ application: UIApplication) {}
-    }
+    func applicationDidBecomeActive(_ application: UIApplication) {}
-
+    func applicationWillTerminate(_ application: UIApplication) {}
-    func applicationWillEnterForeground(_ application: UIApplication) {
-        // Called as part of the transition from the background to the active state; here you can undo many of the changes made on entering the background.
-    }
-
-    func applicationDidBecomeActive(_ application: UIApplication) {
-        // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface.
-    }
-
-    func applicationWillTerminate(_ application: UIApplication) {
-        // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:.
-    }
 
     func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey: Any] = [:]) -> Bool {
-        // Called when the app was launched with a url. Feel free to add additional processing here,
-        // but if you want the App API to support tracking app url opens, make sure to keep this call
         return ApplicationDelegateProxy.shared.application(app, open: url, options: options)
     }
 
     func application(_ application: UIApplication, continue userActivity: NSUserActivity, restorationHandler: @escaping ([UIUserActivityRestoring]?) -> Void) -> Bool {
-        // Called when the app was launched with an activity, including Universal Links.
-        // Feel free to add additional processing here, but if you want the App API to support
-        // tracking app url opens, make sure to keep this call
         return ApplicationDelegateProxy.shared.application(application, continue: userActivity, restorationHandler: restorationHandler)
     }
-
 }

ios/App/App/CoachAuth.swift.example

@@ -0,0 +1,19 @@
+// CoachAuth.swift — fichier local non versionné (gitignored).
+//
+// SETUP : sur le Mac mini, copier ce fichier en supprimant l'extension .example :
+//   cp ios/App/App/CoachAuth.swift.example ios/App/App/CoachAuth.swift
+//
+// Puis remplacer "REPLACE_ME" par la vraie valeur de COACH_WEB_TOKEN
+// (visible côté VPS dans ~/.config/infomaniak.env).
+//
+// Enfin, dans Xcode, Right-click sur le dossier "App" dans le navigateur de
+// gauche → "Add Files to App..." → sélectionner CoachAuth.swift → Add.
+// Cela ajoute le fichier au target App pour qu'il soit compilé.
+
+import Foundation
+
+enum CoachAuth {
+    /// Token d'auth pour coach.hypnotruck.ch — injecté comme cookie
+    /// `coach_web_token` au lancement de l'app par AppDelegate.
+    static let kCoachWebToken: String = "REPLACE_ME"
+}