fix: use POST for token verification to prevent caching

backend/routers/auth.py

@@ -186,9 +186,9 @@ async def forgot_password(request: schemas.ForgotPassword, lang: str = "en"):
     
     return {"message": "Reset instructions sent to your email"}
 
-@router.get("/verify-reset-token")
-async def verify_reset_token(token: str):
-    user_id = token_service.verify_reset_token(token)
+@router.post("/verify-reset-token")
+async def verify_reset_token(request: schemas.TokenVerify):
+    user_id = token_service.verify_reset_token(request.token)
     if not user_id:
         raise HTTPException(status_code=400, detail="Invalid or expired reset token")
     return {"message": "Token is valid"}

backend/schemas.py

@@ -230,3 +230,6 @@ class ContactRequest(BaseModel):
     email: EmailStr
     subject: str = Field(..., min_length=1)
     message: str = Field(..., min_length=1)
+
+class TokenVerify(BaseModel):
+    token: str

src/lib/api.ts

@@ -234,7 +234,11 @@ export const resetPassword = async (data: any) => {
 };
 
 export const verifyResetToken = async (token: string) => {
-  const response = await fetch(`${API_BASE_URL}/auth/verify-reset-token?token=${encodeURIComponent(token)}&lang=${i18n.global.locale.value}`);
+  const response = await fetch(`${API_BASE_URL}/auth/verify-reset-token?lang=${i18n.global.locale.value}`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ token })
+  });
   
   if (!response.ok) {
     throw new Error(await getErrorMessage(response, 'Invalid or expired token'));