wip: Phase 3 UAT in progress — 2/10 tests pass, upload XHR bug open
Fixes applied this session: - frontend/src/api/client.js: noRefreshPaths exclusion prevents auth 401s from triggering session-expired error on login/register/refresh - frontend/src/router/index.js: async beforeEach with silent refresh() restores session from httpOnly cookie on page reload UAT state: 2 pass (cold-start, admin block), 1 open (XHR upload network error), 7 pending. MinIO PUT fails in browser — needs console output to diagnose. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
@@ -46,11 +46,16 @@ const router = createRouter({
|
||||
})
|
||||
|
||||
// Navigation guard (D-10): redirect unauthenticated users to /login.
|
||||
// Preserves the intended destination via ?redirect= query param.
|
||||
router.beforeEach((to) => {
|
||||
// On page reload the access token is gone (memory-only per CLAUDE.md), so we attempt
|
||||
// a silent refresh via the httpOnly cookie before concluding the session is gone.
|
||||
router.beforeEach(async (to) => {
|
||||
const authStore = useAuthStore()
|
||||
if (!to.meta.public && !authStore.accessToken) {
|
||||
return { path: '/login', query: { redirect: to.fullPath } }
|
||||
try {
|
||||
await authStore.refresh()
|
||||
} catch {
|
||||
return { path: '/login', query: { redirect: to.fullPath } }
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user