fix: S06.6 guard window.isSecureContext in Login.svelte (SSR-safe) / S06.7 remove legacy localStorage refresh token

This commit is contained in:
Gan, Jimmy
2026-07-10 22:57:31 +08:00
parent 5b622e8232
commit 30a8196c12
2 changed files with 8 additions and 16 deletions
-15
View File
@@ -23,13 +23,7 @@ export function setRefreshToken() {}
let refreshPromise = null;
function getLegacyRefreshToken() {
return localStorage.getItem("refresh_token") || "";
}
function clearLegacyRefreshToken() {
localStorage.removeItem("refresh_token");
}
async function requestRefresh(body) {
const r = await fetch(BASE + "/auth/refresh", {
@@ -50,18 +44,9 @@ export async function tryRefreshSession() {
try {
const cookieRefreshed = await requestRefresh();
if (cookieRefreshed) {
clearLegacyRefreshToken();
return true;
}
const legacyRefreshToken = getLegacyRefreshToken();
if (!legacyRefreshToken) return false;
const legacyRefreshed = await requestRefresh({ refresh_token: legacyRefreshToken });
if (legacyRefreshed) {
clearLegacyRefreshToken();
return true;
}
clearLegacyRefreshToken();
return false;
} catch {
return false;
+8 -1
View File
@@ -8,7 +8,14 @@
let error = $state("");
let loading = $state(false);
let require2FA = $state(false);
let showPasswordForm = $state(!window.isSecureContext);
let showPasswordForm = $state(true);
let _isBrowser = $state(typeof window !== "undefined");
$effect(() => {
if (_isBrowser) {
showPasswordForm = !window.isSecureContext;
}
});
function base64urlToBuffer(b64) {
const s = b64.replace(/-/g, '+').replace(/_/g, '/');