From 7ccbe33f8876ace32e053c3ee3dd05b69726ad27 Mon Sep 17 00:00:00 2001 From: hailin Date: Sat, 7 Mar 2026 06:40:24 -0800 Subject: [PATCH] fix(admin-web): only logout on explicit 401/403 from refresh endpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously any refresh failure (network error, service restart, timeout) would clear localStorage and redirect to /login — kicking active users. Now only a deliberate token rejection (HTTP 401/403) causes logout. Transient errors are rejected silently without destroying the session. Co-Authored-By: Claude Sonnet 4.6 --- .../src/infrastructure/http/http.client.ts | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/frontend/admin-web/src/infrastructure/http/http.client.ts b/frontend/admin-web/src/infrastructure/http/http.client.ts index 009f92c..9c358c1 100644 --- a/frontend/admin-web/src/infrastructure/http/http.client.ts +++ b/frontend/admin-web/src/infrastructure/http/http.client.ts @@ -59,11 +59,17 @@ class HttpClient { console.log('[HttpClient] Token refreshed, retrying:', originalRequest.url); originalRequest.headers.Authorization = `Bearer ${newToken}`; return this.client(originalRequest); - } catch (refreshErr) { - // refresh 也失败 → 清空登录态,跳转登录 - console.error('[HttpClient] Token refresh failed, redirecting to login:', refreshErr); - localStorage.removeItem('gcx-admin-auth'); - window.location.href = '/login'; + } catch (refreshErr: any) { + // 只有 refresh 接口明确拒绝(401/403)才清除登录态并跳转 + // 网络错误、超时、服务重启导致的 5xx 不踢出用户 + const refreshStatus = refreshErr?.response?.status; + if (refreshStatus === 401 || refreshStatus === 403) { + console.error('[HttpClient] Refresh token rejected, redirecting to login'); + localStorage.removeItem('gcx-admin-auth'); + window.location.href = '/login'; + } else { + console.warn('[HttpClient] Token refresh failed (transient error, not logging out):', refreshErr?.message); + } return Promise.reject(error); } },