From 017e9bc6da8c30ef5e6b3ebc768ce8408f810092 Mon Sep 17 00:00:00 2001 From: Zerebos Date: Sun, 17 May 2026 04:00:34 -0400 Subject: [PATCH] Authenticated fetch jwt settings --- src/core/auth.ts | 81 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 55 insertions(+), 26 deletions(-) diff --git a/src/core/auth.ts b/src/core/auth.ts index be23108..a7f7c3e 100644 --- a/src/core/auth.ts +++ b/src/core/auth.ts @@ -119,28 +119,47 @@ function withExpiryFromSettings( } async function fetchJwtSettings(base: string): Promise { - const res = await fetch(`${base}/api/graphql`, { - method: "POST", - credentials: "omit", - headers: { "Content-Type": "application/json" }, - body: gqlBody( - `query GetJWTSettings { - settings { - jwtAudience - jwtRefreshExpiry - jwtTokenExpiry - } - }`, - ), - signal: timeoutSignal(5000), - }); + const res = await fetchAuthenticated( + `${base}/api/graphql`, + { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: gqlBody( + `query GetJWTSettings { + settings { + jwtAudience + jwtRefreshExpiry + jwtTokenExpiry + } + }`, + ), + }, + timeoutSignal(5000), + ); + + if (!res.ok) { + authDebug("JWT settings fetch failed", { status: res.status }); + return null; + } - if (!res.ok) return null; const json = await res.json(); - if (json?.errors?.length) return null; + if (json?.errors?.length) { + authDebug("JWT settings query error", { errors: json.errors }); + return null; + } const settings = json?.data?.settings; - if (!settings || typeof settings !== "object") return null; + if (!settings || typeof settings !== "object") { + authDebug("JWT settings missing or invalid", { settings }); + return null; + } + + authDebug("JWT settings fetched", { + hasAudience: !!settings.jwtAudience, + tokenExpiry: settings.jwtTokenExpiry, + refreshExpiry: settings.jwtRefreshExpiry, + }); + return { jwtAudience: typeof settings.jwtAudience === "string" ? settings.jwtAudience : null, jwtRefreshExpiry: typeof settings.jwtRefreshExpiry === "string" ? settings.jwtRefreshExpiry : null, @@ -505,6 +524,12 @@ export function getUiAuthDebugStatus(now = Date.now()): UiAuthDebugStatus { const accessExpiresAt = session?.accessExpiresAt ?? null; const refreshExpiresAt = session?.refreshExpiresAt ?? null; + console.log("Calculating debug status", { + session, + accessExpiresAt, + refreshExpiresAt, + }); + return { mode: (store.settings.serverAuthMode ?? "NONE") as AuthMode, serverBase: getServerBase(), @@ -543,15 +568,19 @@ export async function loginUI(user: string, pass: string): Promise { const refreshToken: string | undefined = payload?.refreshToken; if (!accessToken || !refreshToken) throw new Error(json?.errors?.[0]?.message ?? "Login failed"); + authDebug("login success", { user }); + + const preliminarySession = { + accessToken, + refreshToken, + clientMutationId: typeof payload?.clientMutationId === "string" ? payload.clientMutationId : undefined, + }; + + uiAuth.setLoginSession(preliminarySession, null); + const jwt = await getJwtSettings(true).catch(() => null); - uiAuth.setLoginSession( - { - accessToken, - refreshToken, - clientMutationId: typeof payload?.clientMutationId === "string" ? payload.clientMutationId : undefined, - }, - jwt, - ); + uiAuth.setLoginSession(preliminarySession, jwt); + updateSettings({ serverAuthMode: "UI_LOGIN", serverAuthUser: user, serverAuthPass: "" }); }