ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

fix: skip auth token refresh for public API endpoints

Browse Source 
Public dashboard endpoints use password auth, not session tokens.
A 401 on /public/ should surface to the caller (for password prompt),
not trigger a token refresh that fails and shows "Session expired".
This commit is contained in:
Usman Baig
2026-03-22 13:47:02 +01:00
parent 0805bbaeee
commit ef21004519
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/api/client.ts
View File

@@ -238,8 +238,9 @@ async function apiRequest<T>(
if (response.status === 401) { if (response.status === 401) {
// * Attempt Token Refresh if 401 // * Attempt Token Refresh if 401
if (typeof window !== 'undefined') { if (typeof window !== 'undefined') {
// * Prevent infinite loop: Don't refresh if the failed request WAS a refresh request (unlikely via apiRequest but safe to check) // * Skip token refresh for public endpoints (they use password auth, not session tokens)
if (!endpoint.includes('/auth/refresh')) { // * and for refresh requests themselves (prevent infinite loop)
if (!endpoint.includes('/auth/refresh') && !endpoint.includes('/public/')) {
if (isRefreshing) { if (isRefreshing) {
// * If refresh is already in progress, wait for it to complete (or fail) // * If refresh is already in progress, wait for it to complete (or fail)
return new Promise<T>((resolve, reject) => { return new Promise<T>((resolve, reject) => {