From 1d31f2ec8921bb58d74458b057bbb31f4877c335 Mon Sep 17 00:00:00 2001 From: nsfisis Date: Thu, 1 Jan 2026 21:28:33 +0900 Subject: fix(auth): redirect to login when session expires MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the refresh token fails (session expired), the ApiClient now notifies the AuthProvider via a callback. This triggers a logout and React state update, causing ProtectedRoute to redirect to /login. Closes #7 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- src/client/api/client.ts | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/client/api/client.ts') diff --git a/src/client/api/client.ts b/src/client/api/client.ts index b39f064..c91160d 100644 --- a/src/client/api/client.ts +++ b/src/client/api/client.ts @@ -58,10 +58,13 @@ export function createClient(baseUrl: string): Client { return hc(baseUrl); } +export type SessionExpiredCallback = () => void; + export class ApiClient { private tokenStorage: TokenStorage; private refreshPromise: Promise | null = null; private baseUrl: string; + private sessionExpiredCallback: SessionExpiredCallback | null = null; public readonly rpc: Client; constructor(options: ApiClientOptions = {}) { @@ -70,6 +73,13 @@ export class ApiClient { this.rpc = this.createAuthenticatedClient(); } + onSessionExpired(callback: SessionExpiredCallback): () => void { + this.sessionExpiredCallback = callback; + return () => { + this.sessionExpiredCallback = null; + }; + } + private createAuthenticatedClient(): Client { return hc(this.baseUrl, { fetch: async (input: RequestInfo | URL, init?: RequestInit) => { @@ -156,8 +166,9 @@ export class ApiClient { }); if (!res.ok) { - // Clear tokens if refresh fails + // Clear tokens if refresh fails and notify listeners this.tokenStorage.clearTokens(); + this.sessionExpiredCallback?.(); return false; } -- cgit v1.2.3-70-g09d2