fix(admin-web): only logout on explicit 401/403 from refresh endpoint

Previously any refresh failure (network error, service restart, timeout) would clear localStorage and redirect to /login — kicking active users. Now only a deliberate token rejection (HTTP 401/403) causes logout. Transient errors are rejected silently without destroying the session. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 06:40:24 -08:00 · 2026-03-07 06:40:24 -08:00 · 7ccbe33f88
parent eca1490c72
commit 7ccbe33f88
1 changed files with 11 additions and 5 deletions
--- a/frontend/admin-web/src/infrastructure/http/http.client.ts
+++ b/frontend/admin-web/src/infrastructure/http/http.client.ts
@ -59,11 +59,17 @@ class HttpClient {
          console.log('[HttpClient] Token refreshed, retrying:', originalRequest.url);
          originalRequest.headers.Authorization = `Bearer ${newToken}`;
          return this.client(originalRequest);
-        } catch (refreshErr) {
-          // refresh 也失败 → 清空登录态，跳转登录
-          console.error('[HttpClient] Token refresh failed, redirecting to login:', refreshErr);
+        } catch (refreshErr: any) {
+          // 只有 refresh 接口明确拒绝（401/403）才清除登录态并跳转
+          // 网络错误、超时、服务重启导致的 5xx 不踢出用户
+          const refreshStatus = refreshErr?.response?.status;
+          if (refreshStatus === 401 || refreshStatus === 403) {
+            console.error('[HttpClient] Refresh token rejected, redirecting to login');
            localStorage.removeItem('gcx-admin-auth');
            window.location.href = '/login';
+          } else {
+            console.warn('[HttpClient] Token refresh failed (transient error, not logging out):', refreshErr?.message);
+          }
          return Promise.reject(error);
        }
      },