MiauInv/frontend/assets/js/auth.js

// auth.js
(() => {
    const currentPath = window.location.pathname;

    if (currentPath !== "/" && currentPath !== "/login" && currentPath !== "/register") {
        return;
    }

    function getCookie(name) {
        const value = `; ${document.cookie}`;
        const parts = value.split(`; ${name}=`);
        if (parts.length === 2) return parts.pop().split(';').shift();
        return null;
    }

    function clearAllAuth() {
        console.log("Clearing all auth remnants from everywhere...");
        localStorage.removeItem("access_token");
        localStorage.removeItem("refresh_token");
        sessionStorage.removeItem("is_refreshing");
        document.cookie = "access_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax;";
        document.cookie = "refresh_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax;";
    }

    async function tryTokenRefresh(refreshToken) {
        if (!refreshToken) return false;

        try {
            console.log("Sending refresh token to /api/refresh...");
            const response = await fetch("/api/refresh", {
                method: "POST",
                headers: { "Content-Type": "application/json" },
                body: JSON.stringify({ refresh_token: refreshToken })
            });

            if (response.ok) {
                const data = await response.json();
                localStorage.setItem("access_token", data.access_token);
                localStorage.setItem("refresh_token", data.refresh_token);
                document.cookie = `access_token=${data.access_token}; path=/; max-age=900; SameSite=Lax; Secure`;
                document.cookie = `refresh_token=${data.refresh_token}; path=/; max-age=604800; SameSite=Lax; Secure`;
                return true;
            }
        } catch (err) {
            console.error("Refresh request failed:", err);
        }

        return false;
    }

    async function checkAuth() {
        const cookieAccessToken = getCookie("access_token");
        const cookieRefreshToken = getCookie("refresh_token");
        const localAccessToken = localStorage.getItem("access_token");
        const localRefreshToken = localStorage.getItem("refresh_token");

        const accessToken = cookieAccessToken || localAccessToken;
        const refreshToken = cookieRefreshToken || localRefreshToken;

        console.log("Auth check started...");
        console.log("AccessToken available (Cookie/Local):", !!cookieAccessToken, "/", !!localAccessToken);
        console.log("RefreshToken available (Cookie/Local):", !!cookieRefreshToken, "/", !!localRefreshToken);

        if (!accessToken && !refreshToken) {
            console.log("No tokens found in cookies or localStorage. User is a guest.");
            return;
        }

        if (accessToken) {
            try {
                console.log("Validating token against /api/userinfo...");

                const response = await fetch("/api/userinfo", {
                    method: "GET",
                    headers: { "Authorization": `Bearer ${accessToken}` }
                });

                if (response.ok) {
                    console.log("Token is perfectly valid!");
                    sessionStorage.removeItem("is_refreshing");

                    if (!cookieAccessToken) {
                        document.cookie = `access_token=${accessToken}; path=/; max-age=900; SameSite=Lax; Secure`;
                    }
                    if (!cookieRefreshToken && localRefreshToken) {
                        document.cookie = `refresh_token=${localRefreshToken}; path=/; max-age=604800; SameSite=Lax; Secure`;
                    }

                    console.log("Redirecting to dashboard...");
                    window.location.href = "/dashboard";
                    return;
                } else {
                    console.log("Token rejected by /api/userinfo. Status:", response.status);
                }
            } catch (err) {
                console.error("Network error during token verification:", err);
            }
        }

        if (sessionStorage.getItem("is_refreshing") === "true") {
            console.warn("Loop protection triggered! Tokens appear to be corrupt. Clearing storage.");
            clearAllAuth();
            return;
        }

        if (refreshToken) {
            console.log("Access token has expired. Starting refresh process...");
            sessionStorage.setItem("is_refreshing", "true");

            const refreshSuccessful = await tryTokenRefresh(refreshToken);

            if (refreshSuccessful) {
                console.log("Refresh successful! Reloading page to apply cookies...");
                window.location.reload();
                return;
            } else {
                console.log("Refresh failed. Refresh token has also expired.");
            }
        } else {
            console.log("No refresh token available for recovery.");
        }

        clearAllAuth();
        console.log("Authentication completely failed. User remains on login page.");
    }

    setTimeout(checkAuth, 50);
})();