refactor(auth): streamline session handling with authenticatedFetch

2026-06-28 21:49:40 +02:00 · 2026-06-26 22:05:11 +05:30 · 2026-06-26 22:05:11 +05:30 · 3ce759f1d6
commit 3ce759f1d6
parent 4b6bcaeb1b
2 changed files with 56 additions and 51 deletions
--- a/surfsense_web/lib/auth-fetch.ts
+++ b/surfsense_web/lib/auth-fetch.ts
@ -7,6 +7,12 @@ type DesktopAccessTokenOptions = {
 	forceRefresh?: boolean;
 };

+type AuthenticatedFetchOptions = RequestInit & {
+	skipAuthRedirect?: boolean;
+	skipRefresh?: boolean;
+	forceDesktopTokenRefresh?: boolean;
+};
+
 function subscribeToDesktopAuth(): void {
 	if (didSubscribeToDesktopAuth || typeof window === "undefined" || !window.electronAPI) {
 		return;
@ -40,42 +46,61 @@ export function getAuthHeaders(additionalHeaders?: Record<string, string>): Reco
 	};
 }

+async function fetchWithAuth(
+	url: string,
+	options: RequestInit,
+	{ forceDesktopTokenRefresh = false }: { forceDesktopTokenRefresh?: boolean } = {}
+): Promise<Response> {
+	const headers = new Headers(options.headers);
+	const token = await getDesktopAccessToken({ forceRefresh: forceDesktopTokenRefresh });
+	if (token) {
+		headers.set("Authorization", `Bearer ${token}`);
+	}
+
+	return fetch(url, {
+		...options,
+		headers,
+		credentials: options.credentials ?? "include",
+	});
+}
+
 export async function authenticatedFetch(
 	url: string,
-	options?: RequestInit & { skipAuthRedirect?: boolean; skipRefresh?: boolean }
+	options: AuthenticatedFetchOptions = {}
 ): Promise<Response> {
-	const { skipAuthRedirect = false, skipRefresh = false, ...fetchOptions } = options || {};
-	const token = await getDesktopAccessToken();
-	const headers = {
-		...(fetchOptions.headers as Record<string, string>),
-		...(token ? { Authorization: `Bearer ${token}` } : {}),
-	};
+	const {
+		skipAuthRedirect = false,
+		skipRefresh = false,
+		forceDesktopTokenRefresh = false,
+		...fetchOptions
+	} = options;

-	const response = await fetch(url, {
-		...fetchOptions,
-		headers,
-		credentials: "include",
+	const response = await fetchWithAuth(url, fetchOptions, {
+		forceDesktopTokenRefresh,
 	});

-	if (response.status === 401 && !skipAuthRedirect) {
-		if (!skipRefresh) {
-			const refreshed = await refreshSession();
-			if (refreshed) {
-				const newToken = await getDesktopAccessToken({ forceRefresh: true });
-				return fetch(url, {
-					...fetchOptions,
-					headers: {
-						...(fetchOptions.headers as Record<string, string>),
-						...(newToken ? { Authorization: `Bearer ${newToken}` } : {}),
-					},
-					credentials: "include",
-				});
-			}
-		}
+	if (response.status !== 401) {
+		return response;
+	}

+	let unauthorizedResponse = response;
+	if (!skipRefresh) {
+		const refreshed = await refreshSession();
+		if (refreshed) {
+			const retryResponse = await fetchWithAuth(url, fetchOptions, {
+				forceDesktopTokenRefresh: true,
+			});
+			if (retryResponse.status !== 401) {
+				return retryResponse;
+			}
+			unauthorizedResponse = retryResponse;
+		}
+	}
+
+	if (!skipAuthRedirect) {
 		handleUnauthorized();
 		throw new Error("Unauthorized: Redirecting to login page");
 	}

-	return response;
+	return unauthorizedResponse;
 }