* [PATCH v1 0/2] Fix HTTP
@ 2025-03-11 14:11 Muhammad Rizki
2025-03-11 14:11 ` [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response Muhammad Rizki
2025-03-11 14:11 ` [PATCH v1 2/2] chore(profile): refetch user data on profile Muhammad Rizki
0 siblings, 2 replies; 3+ messages in thread
From: Muhammad Rizki @ 2025-03-11 14:11 UTC (permalink / raw)
To: Ammar Faizi
Cc: Muhammad Rizki, Alviro Iskandar Setiawan, GNU/Weeb Mailing List
Hi sir,
This series is to fix the HTTP interceptor which for handling response,
additionally, I add a method to refetch `get_user_info` API to get the
latest users data to prevent `localStorage` manipulation during profile
form.
Give it a test for related issue, thanks.
Muhammad Rizki (2):
fix(http): only logout on 401 `Unauthorized` response
chore(profile): refetch user data on profile
src/lib/hooks/http.svelte.ts | 2 +-
.../(protected)/settings/profile/+page.ts | 34 ++++++++++++++-----
2 files changed, 27 insertions(+), 9 deletions(-)
base-commit: 39e4cd1c605ca5a47eb4b5fbb58db2ea2783fd5e
--
Muhammad Rizki
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response
2025-03-11 14:11 [PATCH v1 0/2] Fix HTTP Muhammad Rizki
@ 2025-03-11 14:11 ` Muhammad Rizki
2025-03-11 14:11 ` [PATCH v1 2/2] chore(profile): refetch user data on profile Muhammad Rizki
1 sibling, 0 replies; 3+ messages in thread
From: Muhammad Rizki @ 2025-03-11 14:11 UTC (permalink / raw)
To: Ammar Faizi
Cc: Muhammad Rizki, Alviro Iskandar Setiawan, GNU/Weeb Mailing List
Previously, users were always redirected to the login page if the status
code was not `200`. This commit fixes that issue by only logging out
when the status code is `401` and the response indicates `Unauthorized`,
meaning the token is either invalid or expired.
Signed-off-by: Muhammad Rizki <[email protected]>
---
src/lib/hooks/http.svelte.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/hooks/http.svelte.ts b/src/lib/hooks/http.svelte.ts
index f30687d..6a67209 100644
--- a/src/lib/hooks/http.svelte.ts
+++ b/src/lib/hooks/http.svelte.ts
@@ -54,7 +54,7 @@ client.interceptors.response.use(
const response = err.response as AxiosResponse<typing.ResponseAPI<typing.RenewTokenResponse>>;
const status = response ? response.status : null;
- if (status !== 200) {
+ if (status === 401 && response.data.res?.msg === "Unauthorized") {
localStorage.removeItem("gwm_token");
localStorage.removeItem("gwm_token_exp_at");
localStorage.removeItem("gwm_uinfo");
--
Muhammad Rizki
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v1 2/2] chore(profile): refetch user data on profile
2025-03-11 14:11 [PATCH v1 0/2] Fix HTTP Muhammad Rizki
2025-03-11 14:11 ` [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response Muhammad Rizki
@ 2025-03-11 14:11 ` Muhammad Rizki
1 sibling, 0 replies; 3+ messages in thread
From: Muhammad Rizki @ 2025-03-11 14:11 UTC (permalink / raw)
To: Ammar Faizi
Cc: Muhammad Rizki, Alviro Iskandar Setiawan, GNU/Weeb Mailing List
This commit will refetch user data to get the latest user data on
`/settings/profile` page. This method is to prevent users manipulating
any credentials on the localStorage, with refetching new data, it will
be replaced every time users navigating or reloading the
/settings/profile page.
Signed-off-by: Muhammad Rizki <[email protected]>
---
.../(protected)/settings/profile/+page.ts | 34 ++++++++++++++-----
1 file changed, 26 insertions(+), 8 deletions(-)
diff --git a/src/routes/(protected)/settings/profile/+page.ts b/src/routes/(protected)/settings/profile/+page.ts
index c3f9bd3..65afa6f 100644
--- a/src/routes/(protected)/settings/profile/+page.ts
+++ b/src/routes/(protected)/settings/profile/+page.ts
@@ -3,19 +3,37 @@ import { zod } from "sveltekit-superforms/adapters";
import { superValidate } from "sveltekit-superforms";
import { profileSchema } from "$lib/schemas/profile-schema";
import { useAuth } from "$lib/hooks/auth.svelte";
+import * as typing from "$typings"
+import http from "$lib/hooks/http.svelte";
+import { redirect } from "@sveltejs/kit";
export const load: PageLoad = async () => {
const auth = useAuth();
- auth.refresh();
- const data = {
- username: auth.user?.username,
- full_name: auth.user?.full_name,
- ext_email: auth.user?.ext_email,
- gender: auth.user?.gender,
- socials: auth.user?.socials
+ const { status, data } = await http<{ user_info: typing.User }>({
+ params: { action: "get_user_info" }
+ });
+
+ if (status !== 200) {
+ localStorage.setItem("gwm_invalid_creds", String(1));
+ auth.clear();
+ return redirect(307, "/");
+ }
+
+ auth.save({
+ token: data.res?.renew_token?.token,
+ token_exp_at: data.res?.renew_token?.token_exp_at,
+ user_info: data.res?.user_info
+ });
+
+ const initialData = {
+ username: data.res?.user_info?.username,
+ full_name: data.res?.user_info?.full_name,
+ ext_email: data.res?.user_info?.ext_email,
+ gender: data.res?.user_info?.gender,
+ socials: data.res?.user_info?.socials
};
- const form = await superValidate(data, zod(profileSchema));
+ const form = await superValidate(initialData, zod(profileSchema));
return { form };
};
--
Muhammad Rizki
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-11 14:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-11 14:11 [PATCH v1 0/2] Fix HTTP Muhammad Rizki
2025-03-11 14:11 ` [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response Muhammad Rizki
2025-03-11 14:11 ` [PATCH v1 2/2] chore(profile): refetch user data on profile Muhammad Rizki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox