5d371a2a8b
Avant: ne rechargeait que sur 401/403 stricts → ratait la redirection IdP / page HTML de login (vrai cas d'expiration) → données vides nécessitant un refresh manuel. Maintenant: détecte redirection auth.targo.ca + HTML-au-lieu-de-JSON → reload auto (anti-boucle 20s), + 1 retry sur coupure réseau transitoire (ex: backend qui redémarre). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
69 lines
2.4 KiB
JavaScript
69 lines
2.4 KiB
JavaScript
import { BASE_URL } from 'src/config/erpnext'
|
|
|
|
// Token is optional — in production, nginx injects it server-side.
|
|
// Only needed for local dev (VITE_ERP_TOKEN in .env).
|
|
const SERVICE_TOKEN = import.meta.env.VITE_ERP_TOKEN || ''
|
|
|
|
// Reconnexion auto sur session Authentik expirée, anti-boucle (1 reload / 20 s max).
|
|
let _lastReload = 0
|
|
function _reauth (status) {
|
|
const now = Date.now()
|
|
if (now - _lastReload > 20000) {
|
|
_lastReload = now
|
|
window.location.reload()
|
|
}
|
|
return new Response('{}', { status: status || 401 })
|
|
}
|
|
|
|
export async function authFetch (url, opts = {}) {
|
|
opts.headers = SERVICE_TOKEN
|
|
? { ...opts.headers, Authorization: 'token ' + SERVICE_TOKEN }
|
|
: { ...opts.headers }
|
|
|
|
let res
|
|
try {
|
|
res = await fetch(url, opts)
|
|
} catch (e) {
|
|
// Coupure réseau transitoire (ex: backend qui redémarre) → 1 retry court avant d'abandonner
|
|
await new Promise(r => setTimeout(r, 800))
|
|
res = await fetch(url, opts)
|
|
}
|
|
|
|
// Détection « session Authentik expirée » (la cause du "il faut recharger") :
|
|
// - 401/403 explicites
|
|
// - réponse redirigée vers l'IdP (auth.targo.ca / /if/flow/)
|
|
// - page HTML de login renvoyée à la place du JSON attendu sur un /api/
|
|
const ct = (res.headers && res.headers.get && res.headers.get('content-type')) || ''
|
|
const redirectedToIdp = res.redirected && /auth\.targo\.ca|\/if\/flow\//.test(res.url || '')
|
|
const htmlForApi = res.status === 200 && ct.includes('text/html') && /\/api\//.test(String(url))
|
|
if (res.status === 401 || res.status === 403 || redirectedToIdp || htmlForApi) {
|
|
return _reauth(res.status)
|
|
}
|
|
return res
|
|
}
|
|
|
|
export async function getLoggedUser () {
|
|
// First try nginx whoami endpoint (returns Authentik email header)
|
|
try {
|
|
const res = await fetch(BASE_URL + '/auth/whoami')
|
|
if (res.ok) {
|
|
const data = await res.json()
|
|
if (data.email && data.email !== '') return data.email
|
|
}
|
|
} catch {}
|
|
// Fallback: ask ERPNext (returns API token owner, usually "Administrator")
|
|
try {
|
|
const headers = SERVICE_TOKEN ? { Authorization: 'token ' + SERVICE_TOKEN } : {}
|
|
const res = await fetch(BASE_URL + '/api/method/frappe.auth.get_logged_user', { headers })
|
|
if (res.ok) {
|
|
const data = await res.json()
|
|
return data.message || 'authenticated'
|
|
}
|
|
} catch {}
|
|
return 'authenticated'
|
|
}
|
|
|
|
export async function logout () {
|
|
window.location.href = 'https://auth.targo.ca/if/flow/default-invalidation-flow/'
|
|
}
|