fixed #1

2026-06-08 15:27:06 +02:00
parent 8d2be395b9
commit 0f8c7f57ac
4 changed files with 61 additions and 28 deletions
--- a/frontend/assets/js/auth.js
+++ b/frontend/assets/js/auth.js
@@ -14,17 +14,19 @@
    }

    function clearAllAuth() {
-        console.log("Clearing all auth remnants from cookies and localStorage...");
+        console.log("Clearing all auth remnants from everywhere...");
        localStorage.removeItem("access_token");
        localStorage.removeItem("refresh_token");
-        document.cookie = "access_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
-        document.cookie = "refresh_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
+        sessionStorage.removeItem("is_refreshing");
+        document.cookie = "access_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax;";
+        document.cookie = "refresh_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax;";
    }

    async function tryTokenRefresh(refreshToken) {
        if (!refreshToken) return false;

        try {
+            console.log("Sending refresh token to /api/refresh...");
            const response = await fetch("/api/refresh", {
                method: "POST",
                headers: { "Content-Type": "application/json" },
@@ -33,13 +35,10 @@

            if (response.ok) {
                const data = await response.json();
-
                localStorage.setItem("access_token", data.access_token);
                localStorage.setItem("refresh_token", data.refresh_token);
-
                document.cookie = `access_token=${data.access_token}; path=/; max-age=900; SameSite=Lax; Secure`;
                document.cookie = `refresh_token=${data.refresh_token}; path=/; max-age=604800; SameSite=Lax; Secure`;
-
                return true;
            }
        } catch (err) {
@@ -59,52 +58,71 @@
        const refreshToken = cookieRefreshToken || localRefreshToken;

        console.log("Auth check started...");
-        console.log("AccessToken present:", !!accessToken);
-        console.log("RefreshToken present:", !!refreshToken);
+        console.log("AccessToken available (Cookie/Local):", !!cookieAccessToken, "/", !!localAccessToken);
+        console.log("RefreshToken available (Cookie/Local):", !!cookieRefreshToken, "/", !!localRefreshToken);

        if (!accessToken && !refreshToken) {
-            console.log("No tokens found. User is guest.");
+            console.log("No tokens found in cookies or localStorage. User is a guest.");
            return;
        }

        if (accessToken) {
            try {
-                console.log("Attempting ping with access token...");
-                const response = await fetch("/api/ping", {
+                console.log("Validating token against /api/userinfo...");
+
+                const response = await fetch("/api/userinfo", {
                    method: "GET",
                    headers: { "Authorization": `Bearer ${accessToken}` }
                });

                if (response.ok) {
-                    console.log("Ping successful! Redirecting to dashboard...");
+                    console.log("Token is perfectly valid!");
+                    sessionStorage.removeItem("is_refreshing");
+
+                    if (!cookieAccessToken) {
+                        document.cookie = `access_token=${accessToken}; path=/; max-age=900; SameSite=Lax; Secure`;
+                    }
+                    if (!cookieRefreshToken && localRefreshToken) {
+                        document.cookie = `refresh_token=${localRefreshToken}; path=/; max-age=604800; SameSite=Lax; Secure`;
+                    }
+
+                    console.log("Redirecting to dashboard...");
                    window.location.href = "/dashboard";
                    return;
                } else {
-                    console.log("Ping failed. Token might be expired. Status:", response.status);
+                    console.log("Token rejected by /api/userinfo. Status:", response.status);
                }
            } catch (err) {
-                console.error("Network error during ping:", err);
+                console.error("Network error during token verification:", err);
            }
        }

+        if (sessionStorage.getItem("is_refreshing") === "true") {
+            console.warn("Loop protection triggered! Tokens appear to be corrupt. Clearing storage.");
+            clearAllAuth();
+            return;
+        }
+
        if (refreshToken) {
-            console.log("Starting token refresh to rebuild cookies...");
+            console.log("Access token has expired. Starting refresh process...");
+            sessionStorage.setItem("is_refreshing", "true");
+
            const refreshSuccessful = await tryTokenRefresh(refreshToken);

            if (refreshSuccessful) {
-                console.log("Refresh successful! Redirecting to dashboard...");
-                window.location.href = "/dashboard";
+                console.log("Refresh successful! Reloading page to apply cookies...");
+                window.location.reload();
                return;
            } else {
-                console.log("Refresh failed. Refresh token is invalid/expired.");
+                console.log("Refresh failed. Refresh token has also expired.");
            }
        } else {
-            console.log("No refresh token present.");
+            console.log("No refresh token available for recovery.");
        }

        clearAllAuth();
-        console.log("Authentication completely failed. Staying on current guest page.");
+        console.log("Authentication completely failed. User remains on login page.");
    }

-    checkAuth();
+    setTimeout(checkAuth, 50);
 })();