fix: close auth, permission, contract and e2e review blockers

2026-05-28 15:19:13 +08:00
parent f33e39a702
commit 6be90ddff8
29 changed files with 1356 additions and 259 deletions
--- a/frontend/admin/src/lib/http/client.ts
+++ b/frontend/admin/src/lib/http/client.ts
@@ -18,6 +18,7 @@ import { CSRF_PROTECTED_METHODS, getCSRFHeaders } from './csrf'
 import type { TokenBundle } from '@/types'

 const DEFAULT_TIMEOUT = 30_000
+let inFlightRefreshBundle: Promise<TokenBundle> | null = null

 function isFormDataBody(body: unknown): body is FormData {
  return typeof FormData !== 'undefined' && body instanceof FormData
@@ -145,6 +146,40 @@ async function refreshAccessToken(): Promise<TokenBundle> {
  return result.data
 }

+async function performTokenRefresh(): Promise<TokenBundle> {
+  if (inFlightRefreshBundle) {
+    return inFlightRefreshBundle
+  }
+
+  startRefreshing()
+  const promise = (async () => {
+    try {
+      const tokenBundle = await refreshAccessToken()
+      setAccessToken(tokenBundle.access_token, tokenBundle.expires_in)
+      setRefreshToken(tokenBundle.refresh_token)
+      return tokenBundle
+    } finally {
+      endRefreshing()
+      clearRefreshPromise()
+      inFlightRefreshBundle = null
+    }
+  })()
+
+  inFlightRefreshBundle = promise
+  setRefreshPromise(
+    promise.then(
+      () => undefined,
+      () => undefined,
+    ),
+  )
+
+  return promise
+}
+
+export async function refreshSessionBundle(): Promise<TokenBundle> {
+  return await performTokenRefresh()
+}
+
 async function performRefresh(): Promise<string> {
  if (isRefreshing()) {
    const promise = getRefreshPromise()
@@ -160,26 +195,8 @@ async function performRefresh(): Promise<string> {
    return token
  }

-  startRefreshing()
-  const promise = (async () => {
-    try {
-      const tokenBundle = await refreshAccessToken()
-      setAccessToken(tokenBundle.access_token, tokenBundle.expires_in)
-      setRefreshToken(tokenBundle.refresh_token)
-      return tokenBundle.access_token
-    } finally {
-      endRefreshing()
-      clearRefreshPromise()
-    }
-  })()
-
-  setRefreshPromise(
-    promise.then(
-      () => undefined,
-      () => undefined,
-    ),
-  )
-  return promise
+  const tokenBundle = await performTokenRefresh()
+  return tokenBundle.access_token
 }

 async function resolveAuthorizationHeader(auth: boolean): Promise<string | null> {