hailin
/
gcx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(admin-web): save new refresh token after token rotation 

refreshAccessToken() was discarding the new refresh token returned by
/auth/refresh, reusing the old (now-invalidated) one on next expiry.
This caused the second refresh to return 401, kicking the user to login
after just 15 minutes (two access token lifetimes).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-03-07 06:55:25 -08:00
parent b285512c11
commit 5ce4dd2442
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
frontend/admin-web/src/infrastructure/http/http.client.ts
View File

@ -93,11 +93,13 @@ class HttpClient {
}); });
const newAccessToken: string = resp.data?.data?.accessToken ?? resp.data?.accessToken; const newAccessToken: string = resp.data?.data?.accessToken ?? resp.data?.accessToken;
if (!newAccessToken) throw new Error('No access token in refresh response'); if (!newAccessToken) throw new Error('No access token in refresh response');
// 同时保存新的 refresh tokenrotating refresh token — 不保存会导致下次 refresh 失败)
const newRefreshToken: string | undefined = resp.data?.data?.refreshToken ?? resp.data?.refreshToken;
console.log('[HttpClient] Got new access token, updating storage...'); console.log('[HttpClient] Got new tokens, updating storage...');
// 更新 localStorage 中的 tokenZustand store 下次读取时自动感知)
const updated = JSON.parse(raw); const updated = JSON.parse(raw);
updated.state.token = newAccessToken; updated.state.token = newAccessToken;
if (newRefreshToken) updated.state.refreshToken = newRefreshToken;
localStorage.setItem('gcx-admin-auth', JSON.stringify(updated)); localStorage.setItem('gcx-admin-auth', JSON.stringify(updated));
return newAccessToken; return newAccessToken;