fix(auth): stop logging users out on every deploy

Diagnostic on prod confirmed the backend keeps sessions valid across deploys (stable 64-char JWT key, 30-day access tokens, 62 refresh tokens persisting in Redis with appendonly; redis/db never restart on deploy). The forced logout was client-side: 1. The axios refresh path treated ANY refresh failure as "session gone" and nuked the tokens. During the ~30s API restart window of a deploy, the refresh POST gets a 502/timeout (transient) → user kicked to /login. Now refresh distinguishes a definitive 4xx (truly invalid/expired refresh → log out) from a transient network/5xx failure (reject + keep the session; retry later). Refresh tokens are opaque Redis GUIDs, so they survive even a key rotation — the only thing that was breaking sessions was this over-eager logout. 2. PWA service worker served a stale app shell after an update, pointing at JS chunks the new build replaced. Added skipWaiting + clientsClaim + cleanupOutdatedCaches and a NetworkFirst handler for navigations so the HTML and its chunk refs always match the live deploy; hashed static stays CacheFirst. Net: a normal update no longer logs anyone out. tsc clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-15 20:42:38 +03:30
parent 837805b6b8
commit 82d1cf8e9e
2 changed files with 70 additions and 27 deletions
@@ -12,8 +12,26 @@ const withPWA = withPWAInit({
  disable: process.env.NODE_ENV === "development",
  workboxOptions: {
    disableDevLogs: true,
+    // Pick up a new deploy promptly and never serve a stale shell that points
+    // at JS chunks the new build replaced (which looked like being logged out
+    // after every update).
+    skipWaiting: true,
+    clientsClaim: true,
+    cleanupOutdatedCaches: true,
    runtimeCaching: [
-      // App shell: cache-first, very long TTL
+      // HTML navigations: always try the network first so the document and its
+      // chunk references match the currently-deployed build; fall back to cache
+      // only when offline.
+      {
+        urlPattern: ({ request }: { request: Request }) => request.mode === "navigate",
+        handler: "NetworkFirst",
+        options: {
+          cacheName: "pages",
+          networkTimeoutSeconds: 5,
+          expiration: { maxEntries: 50, maxAgeSeconds: 24 * 60 * 60 },
+        },
+      },
+      // Hashed static chunks are immutable per build — cache-first is safe and fast.
      {
        urlPattern: /\/_next\/static\//,
        handler: "CacheFirst",
@@ -36,12 +36,17 @@ api.interceptors.request.use((config) => {
 * Shared in-flight refresh promise so that a burst of concurrent 401s triggers
 * exactly one POST /api/auth/refresh instead of one per failed request.
 */
-let refreshPromise: Promise<string | null> | null = null;
+let refreshPromise: Promise<RefreshResult> | null = null;

-async function refreshAccessToken(): Promise<string | null> {
-  if (typeof window === "undefined") return null;
+/** Result of a refresh attempt. `sessionInvalid` is true ONLY when the session
+ *  is definitively gone (no/expired/revoked refresh token) — never for a
+ *  transient failure like the API being briefly down during a deploy. */
+type RefreshResult = { token: string | null; sessionInvalid: boolean };
+
+async function refreshAccessToken(): Promise<RefreshResult> {
+  if (typeof window === "undefined") return { token: null, sessionInvalid: false };
  const refreshToken = localStorage.getItem("meezi_refresh_token");
-  if (!refreshToken) return null;
+  if (!refreshToken) return { token: null, sessionInvalid: true };
  try {
    // Bare axios call (not `api`) to avoid recursing through this interceptor.
    const { data } = await axios.post<ApiResponse<AuthTokenResponse>>(
@@ -49,21 +54,44 @@ async function refreshAccessToken(): Promise<string | null> {
      { refreshToken },
      { headers: { "Content-Type": "application/json" } }
    );
-    if (!data.success || !data.data) return null;
+    if (data.success && data.data) {
      useAuthStore.getState().setAuth(data.data);
-    return data.data.accessToken;
-  } catch {
-    return null;
+      return { token: data.data.accessToken, sessionInvalid: false };
    }
+    // Server answered but rejected the token → session truly invalid.
+    return { token: null, sessionInvalid: true };
+  } catch (err) {
+    // Only a definitive 4xx from /auth/refresh means the session is gone. A
+    // network error, timeout, or 5xx (e.g. the API restarting mid-deploy) is
+    // transient — do NOT log the user out for it.
+    const status = (err as AxiosError)?.response?.status;
+    const sessionInvalid = status === 400 || status === 401 || status === 403;
+    return { token: null, sessionInvalid };
+  }
+}
+
+function forceLogout(): void {
+  if (typeof window === "undefined") return;
+  const path = window.location.pathname;
+  const isPublicGuest = path.startsWith("/q");
+  const isAdmin = path.includes("/admin");
+  if (isPublicGuest || isAdmin) return;
+  localStorage.removeItem("meezi_access_token");
+  localStorage.removeItem("meezi_refresh_token");
+  localStorage.removeItem("meezi_auth");
+  const locale = path.split("/")[1] ?? "fa";
+  window.location.href = `/${locale}/login`;
 }

 api.interceptors.response.use(
  (response) => response,
  async (error: AxiosError<ApiResponse<unknown>>) => {
    const status = error.response?.status;
+    const apiError = error.response?.data?.error;
    const original = error.config as
      | (InternalAxiosRequestConfig & { _retry?: boolean })
      | undefined;
+    const onAuthPath = original?.url?.includes("/api/auth/") ?? false;

    // Expired access token → try a one-time refresh, then replay the request.
    if (
@@ -71,35 +99,32 @@ api.interceptors.response.use(
      original &&
      !original._retry &&
      typeof window !== "undefined" &&
-      !original.url?.includes("/api/auth/")
+      !onAuthPath
    ) {
      original._retry = true;
      refreshPromise ??= refreshAccessToken().finally(() => {
        refreshPromise = null;
      });
-      const newToken = await refreshPromise;
-      if (newToken) {
-        original.headers.Authorization = `Bearer ${newToken}`;
+      const { token, sessionInvalid } = await refreshPromise;
+      if (token) {
+        original.headers.Authorization = `Bearer ${token}`;
        return api(original);
      }
+      // Refresh couldn't get a new token. Log out ONLY if the session is
+      // definitively invalid — a transient failure (API redeploying, network
+      // blip) just rejects so the request can be retried, keeping the user
+      // logged in across deploys.
+      if (sessionInvalid) forceLogout();
+      return Promise.reject(
+        apiError?.code
+          ? new ApiClientError(apiError.code, apiError.message, undefined, status)
+          : error
+      );
    }

-    const apiError = error.response?.data?.error;
    if (apiError?.code) {
      return Promise.reject(new ApiClientError(apiError.code, apiError.message, undefined, status));
    }
-    if (status === 401 && typeof window !== "undefined") {
-      const path = window.location.pathname;
-      const isPublicGuest = path.startsWith("/q/") || path.startsWith("/q");
-      const isAdmin = path.includes("/admin");
-      if (!isPublicGuest && !isAdmin) {
-        localStorage.removeItem("meezi_access_token");
-        localStorage.removeItem("meezi_refresh_token");
-        localStorage.removeItem("meezi_auth");
-        const locale = path.split("/")[1] ?? "fa";
-        window.location.href = `/${locale}/login`;
-      }
-    }
    return Promise.reject(error);
  }
 );