* [PATCH v1 0/2] Fix HTTP @ 2025-03-11 14:11 Muhammad Rizki 2025-03-11 14:11 ` [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response Muhammad Rizki 2025-03-11 14:11 ` [PATCH v1 2/2] chore(profile): refetch user data on profile Muhammad Rizki 0 siblings, 2 replies; 3+ messages in thread From: Muhammad Rizki @ 2025-03-11 14:11 UTC (permalink / raw) To: Ammar Faizi Cc: Muhammad Rizki, Alviro Iskandar Setiawan, GNU/Weeb Mailing List Hi sir, This series is to fix the HTTP interceptor which for handling response, additionally, I add a method to refetch `get_user_info` API to get the latest users data to prevent `localStorage` manipulation during profile form. Give it a test for related issue, thanks. Muhammad Rizki (2): fix(http): only logout on 401 `Unauthorized` response chore(profile): refetch user data on profile src/lib/hooks/http.svelte.ts | 2 +- .../(protected)/settings/profile/+page.ts | 34 ++++++++++++++----- 2 files changed, 27 insertions(+), 9 deletions(-) base-commit: 39e4cd1c605ca5a47eb4b5fbb58db2ea2783fd5e -- Muhammad Rizki ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response 2025-03-11 14:11 [PATCH v1 0/2] Fix HTTP Muhammad Rizki @ 2025-03-11 14:11 ` Muhammad Rizki 2025-03-11 14:11 ` [PATCH v1 2/2] chore(profile): refetch user data on profile Muhammad Rizki 1 sibling, 0 replies; 3+ messages in thread From: Muhammad Rizki @ 2025-03-11 14:11 UTC (permalink / raw) To: Ammar Faizi Cc: Muhammad Rizki, Alviro Iskandar Setiawan, GNU/Weeb Mailing List Previously, users were always redirected to the login page if the status code was not `200`. This commit fixes that issue by only logging out when the status code is `401` and the response indicates `Unauthorized`, meaning the token is either invalid or expired. Signed-off-by: Muhammad Rizki <[email protected]> --- src/lib/hooks/http.svelte.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/hooks/http.svelte.ts b/src/lib/hooks/http.svelte.ts index f30687d..6a67209 100644 --- a/src/lib/hooks/http.svelte.ts +++ b/src/lib/hooks/http.svelte.ts @@ -54,7 +54,7 @@ client.interceptors.response.use( const response = err.response as AxiosResponse<typing.ResponseAPI<typing.RenewTokenResponse>>; const status = response ? response.status : null; - if (status !== 200) { + if (status === 401 && response.data.res?.msg === "Unauthorized") { localStorage.removeItem("gwm_token"); localStorage.removeItem("gwm_token_exp_at"); localStorage.removeItem("gwm_uinfo"); -- Muhammad Rizki ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v1 2/2] chore(profile): refetch user data on profile 2025-03-11 14:11 [PATCH v1 0/2] Fix HTTP Muhammad Rizki 2025-03-11 14:11 ` [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response Muhammad Rizki @ 2025-03-11 14:11 ` Muhammad Rizki 1 sibling, 0 replies; 3+ messages in thread From: Muhammad Rizki @ 2025-03-11 14:11 UTC (permalink / raw) To: Ammar Faizi Cc: Muhammad Rizki, Alviro Iskandar Setiawan, GNU/Weeb Mailing List This commit will refetch user data to get the latest user data on `/settings/profile` page. This method is to prevent users manipulating any credentials on the localStorage, with refetching new data, it will be replaced every time users navigating or reloading the /settings/profile page. Signed-off-by: Muhammad Rizki <[email protected]> --- .../(protected)/settings/profile/+page.ts | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/src/routes/(protected)/settings/profile/+page.ts b/src/routes/(protected)/settings/profile/+page.ts index c3f9bd3..65afa6f 100644 --- a/src/routes/(protected)/settings/profile/+page.ts +++ b/src/routes/(protected)/settings/profile/+page.ts @@ -3,19 +3,37 @@ import { zod } from "sveltekit-superforms/adapters"; import { superValidate } from "sveltekit-superforms"; import { profileSchema } from "$lib/schemas/profile-schema"; import { useAuth } from "$lib/hooks/auth.svelte"; +import * as typing from "$typings" +import http from "$lib/hooks/http.svelte"; +import { redirect } from "@sveltejs/kit"; export const load: PageLoad = async () => { const auth = useAuth(); - auth.refresh(); - const data = { - username: auth.user?.username, - full_name: auth.user?.full_name, - ext_email: auth.user?.ext_email, - gender: auth.user?.gender, - socials: auth.user?.socials + const { status, data } = await http<{ user_info: typing.User }>({ + params: { action: "get_user_info" } + }); + + if (status !== 200) { + localStorage.setItem("gwm_invalid_creds", String(1)); + auth.clear(); + return redirect(307, "/"); + } + + auth.save({ + token: data.res?.renew_token?.token, + token_exp_at: data.res?.renew_token?.token_exp_at, + user_info: data.res?.user_info + }); + + const initialData = { + username: data.res?.user_info?.username, + full_name: data.res?.user_info?.full_name, + ext_email: data.res?.user_info?.ext_email, + gender: data.res?.user_info?.gender, + socials: data.res?.user_info?.socials }; - const form = await superValidate(data, zod(profileSchema)); + const form = await superValidate(initialData, zod(profileSchema)); return { form }; }; -- Muhammad Rizki ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-11 14:11 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-03-11 14:11 [PATCH v1 0/2] Fix HTTP Muhammad Rizki 2025-03-11 14:11 ` [PATCH v1 1/2] fix(http): only logout on 401 `Unauthorized` response Muhammad Rizki 2025-03-11 14:11 ` [PATCH v1 2/2] chore(profile): refetch user data on profile Muhammad Rizki
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox