1. use post instead of get for auth/login api 2. refactor api filter, but still need to work on it 3. if login failed show some message in front end