From 23c128dd0d494f80cd9164eaff94ecc1148cb366 Mon Sep 17 00:00:00 2001
From: Anish Sarkar <104695310+AnishSarkar22@users.noreply.github.com>
Date: Fri, 26 Jun 2026 21:24:44 +0530
Subject: [PATCH] feat: improve fetchZeroContext with enhanced session handling

- Refactored fetchZeroContext to include a buildHeaders function for better header management.
- Added a request function to handle 401 errors and refresh sessions as needed.
- Improved overall session management for desktop authentication.
---
 .../components/providers/ZeroProvider.tsx     | 44 ++++++++++++++-----
 1 file changed, 32 insertions(+), 12 deletions(-)

diff --git a/surfsense_web/components/providers/ZeroProvider.tsx b/surfsense_web/components/providers/ZeroProvider.tsx
index 1a157a854..05ff1b4b1 100644
--- a/surfsense_web/components/providers/ZeroProvider.tsx
+++ b/surfsense_web/components/providers/ZeroProvider.tsx
@@ -31,21 +31,41 @@ function getCacheURL() {
 }
 
 async function fetchZeroContext(isDesktop: boolean): Promise<LoadedZeroContext | null> {
-	const headers: HeadersInit = {};
-	let desktopAuth: string | undefined;
+	const buildHeaders = async (
+		forceRefresh = false
+	): Promise<{ headers: HeadersInit; desktopAuth?: string } | null> => {
+		const headers: HeadersInit = {};
 
-	if (isDesktop) {
-		const token = await getDesktopAccessToken();
-		if (!token) return null;
-		desktopAuth = token;
-		headers.Authorization = `Bearer ${token}`;
+		if (isDesktop) {
+			const token = await getDesktopAccessToken({ forceRefresh });
+			if (!token) return null;
+			headers.Authorization = `Bearer ${token}`;
+			return { headers, desktopAuth: token };
+		}
+
+		return { headers };
+	};
+
+	const request = async (forceRefresh = false) => {
+		const auth = await buildHeaders(forceRefresh);
+		if (!auth) return null;
+		const response = await fetch(buildBackendUrl("/zero/context"), {
+			credentials: "include",
+			headers: auth.headers,
+		});
+		return { response, desktopAuth: auth.desktopAuth };
+	};
+
+	let result = await request();
+	if (result?.response.status === 401) {
+		const refreshed = await refreshSession();
+		if (refreshed) {
+			result = await request(true);
+		}
 	}
 
-	const response = await fetch(buildBackendUrl("/zero/context"), {
-		credentials: "include",
-		headers,
-	});
-
+	if (!result) return null;
+	const { response, desktopAuth } = result;
 	if (!response.ok) return null;
 
 	return {