fixed login loop
This commit is contained in:
+43
-28
@@ -194,6 +194,8 @@
|
||||
const authed = await ensureAuth();
|
||||
if (!authed) return;
|
||||
|
||||
const GRAPH_TOKEN_KEY = 'graphAccessToken';
|
||||
|
||||
// Initialize TokenManager for robust token handling
|
||||
tokenManager = new TokenManager(pb);
|
||||
await tokenManager.init();
|
||||
@@ -254,15 +256,25 @@
|
||||
if(userEmailEl && currentUserEmail) userEmailEl.textContent = currentUserEmail;
|
||||
|
||||
|
||||
// Ensure Graph token is present via TokenManager
|
||||
// Ensure Graph token is present via TokenManager (non-blocking).
|
||||
// If missing, let the backend fall back to its env token instead of forcing a re-auth redirect.
|
||||
async function ensureGraphToken(){
|
||||
const token = await tokenManager.getToken();
|
||||
if (token) return token;
|
||||
|
||||
// Only redirect if truly invalid (not just missing)
|
||||
console.warn('[ensureGraphToken] No token available');
|
||||
window.location.href = 'signin.html?reauth=1';
|
||||
throw new Error('GRAPH_TOKEN missing');
|
||||
console.warn('[ensureGraphToken] No Graph token available; proceeding without one');
|
||||
return null;
|
||||
}
|
||||
|
||||
// Attempt a graceful refresh of the Graph token without forcing logout
|
||||
async function refreshGraphToken(){
|
||||
if (!tokenManager) return null;
|
||||
try {
|
||||
const refreshed = await tokenManager.refreshToken();
|
||||
if (refreshed) return refreshed;
|
||||
} catch (err) {
|
||||
console.warn('[refreshGraphToken] Refresh failed', err);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
if (signOutBtn) {
|
||||
@@ -915,8 +927,13 @@
|
||||
if (!link || fileCache.has(link)) return; // Skip if no link or already cached
|
||||
|
||||
try {
|
||||
const graphToken = await ensureGraphToken();
|
||||
const headers = graphToken ? { 'x-graph-token': graphToken } : {};
|
||||
// Best-effort preload: only run when we already have a Graph token to avoid reauth popups
|
||||
const graphToken = await tokenManager.getToken();
|
||||
if (!graphToken) {
|
||||
console.warn('[preloadJobFiles] Skipping preload: missing Graph token');
|
||||
return;
|
||||
}
|
||||
const headers = { 'x-graph-token': graphToken };
|
||||
|
||||
const controller = new AbortController();
|
||||
const timeout = setTimeout(() => controller.abort(), 15000);
|
||||
@@ -1367,7 +1384,7 @@
|
||||
let resp = await fetch(`/api/job-files?link=${encodeURIComponent(link)}`, { headers, signal: controller.signal });
|
||||
clearTimeout(timeout);
|
||||
|
||||
// If unauthorized, try to refresh Graph token once, then retry
|
||||
// If unauthorized, try to refresh Graph token once, then retry (no redirects)
|
||||
if (resp.status === 401) {
|
||||
const refreshed = await refreshGraphToken();
|
||||
if (refreshed) {
|
||||
@@ -1379,8 +1396,17 @@
|
||||
}
|
||||
}
|
||||
|
||||
if (resp.status === 401) throw new Error('AUTH_EXPIRED');
|
||||
if (resp.status === 500) throw new Error('GRAPH_TOKEN missing or expired');
|
||||
// If still unauthorized or server missing token, prefer stale cache or open-in-new-tab without forcing reauth
|
||||
if (resp.status === 401 || resp.status === 500) {
|
||||
const cachedAgain = fileCache.get(link);
|
||||
if (cachedAgain) {
|
||||
fileListState.items = cachedAgain.items;
|
||||
iframeLoader.classList.add('hidden');
|
||||
renderFileGroups(link);
|
||||
return;
|
||||
}
|
||||
throw new Error('AUTH_OR_GRAPH_TOKEN');
|
||||
}
|
||||
if (!resp.ok) throw new Error(`File list failed: ${resp.status}`);
|
||||
const data = await resp.json();
|
||||
const rootDriveId = data.driveId || '';
|
||||
@@ -1397,13 +1423,13 @@
|
||||
renderFileGroups(link);
|
||||
} catch (err) {
|
||||
console.error('job-files error', err);
|
||||
const authExpired = err?.message === 'AUTH_EXPIRED' || String(err || '').includes('401');
|
||||
const authExpired = err?.message === 'AUTH_OR_GRAPH_TOKEN' || String(err || '').includes('401');
|
||||
const timedOut = err?.name === 'AbortError';
|
||||
const friendly = authExpired
|
||||
? 'Your Microsoft Graph session expired. Click Re-authenticate to sign in again.'
|
||||
: timedOut
|
||||
? 'Request timed out. If this keeps happening, re-authenticate and retry.'
|
||||
: (err?.message || 'Unknown error');
|
||||
const friendly = timedOut
|
||||
? 'Request timed out. If this keeps happening, open the folder directly.'
|
||||
: authExpired
|
||||
? 'Access token unavailable. Open the folder directly while keeping your prior sign-in.'
|
||||
: (err?.message || 'Unknown error');
|
||||
iframeLoader.classList.remove('hidden');
|
||||
iframeLoader.innerHTML = `
|
||||
<div class="text-center max-w-md mx-auto px-4 space-y-3">
|
||||
@@ -1411,20 +1437,9 @@
|
||||
<div class="text-gray-600 text-sm">${friendly}</div>
|
||||
<div class="flex items-center justify-center gap-2 flex-wrap">
|
||||
<a href="${link}" target="_blank" rel="noopener" class="px-4 py-2 bg-blue-600 text-white rounded-lg hover:bg-blue-700 inline-block">Open folder instead</a>
|
||||
<button id="reauthBtn" class="px-4 py-2 bg-gray-200 hover:bg-gray-300 rounded-lg text-sm text-gray-800">Re-authenticate</button>
|
||||
</div>
|
||||
</div>
|
||||
`;
|
||||
const reauthBtn = document.getElementById('reauthBtn');
|
||||
if (reauthBtn) {
|
||||
reauthBtn.addEventListener('click', () => {
|
||||
try { pb?.authStore?.clear?.(); } catch {}
|
||||
try { localStorage.removeItem(GRAPH_TOKEN_KEY); } catch {}
|
||||
try { localStorage.removeItem('pocketbase_auth'); } catch {}
|
||||
try { sessionStorage.clear(); } catch {}
|
||||
window.location.href = 'signin.html';
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user