fix: S06.6 guard window.isSecureContext in Login.svelte (SSR-safe) / S06.7 remove legacy localStorage refresh token
This commit is contained in:
@@ -23,13 +23,7 @@ export function setRefreshToken() {}
|
||||
|
||||
let refreshPromise = null;
|
||||
|
||||
function getLegacyRefreshToken() {
|
||||
return localStorage.getItem("refresh_token") || "";
|
||||
}
|
||||
|
||||
function clearLegacyRefreshToken() {
|
||||
localStorage.removeItem("refresh_token");
|
||||
}
|
||||
|
||||
async function requestRefresh(body) {
|
||||
const r = await fetch(BASE + "/auth/refresh", {
|
||||
@@ -50,18 +44,9 @@ export async function tryRefreshSession() {
|
||||
try {
|
||||
const cookieRefreshed = await requestRefresh();
|
||||
if (cookieRefreshed) {
|
||||
clearLegacyRefreshToken();
|
||||
return true;
|
||||
}
|
||||
|
||||
const legacyRefreshToken = getLegacyRefreshToken();
|
||||
if (!legacyRefreshToken) return false;
|
||||
const legacyRefreshed = await requestRefresh({ refresh_token: legacyRefreshToken });
|
||||
if (legacyRefreshed) {
|
||||
clearLegacyRefreshToken();
|
||||
return true;
|
||||
}
|
||||
clearLegacyRefreshToken();
|
||||
return false;
|
||||
} catch {
|
||||
return false;
|
||||
|
||||
@@ -8,7 +8,14 @@
|
||||
let error = $state("");
|
||||
let loading = $state(false);
|
||||
let require2FA = $state(false);
|
||||
let showPasswordForm = $state(!window.isSecureContext);
|
||||
let showPasswordForm = $state(true);
|
||||
let _isBrowser = $state(typeof window !== "undefined");
|
||||
$effect(() => {
|
||||
if (_isBrowser) {
|
||||
showPasswordForm = !window.isSecureContext;
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
function base64urlToBuffer(b64) {
|
||||
const s = b64.replace(/-/g, '+').replace(/_/g, '/');
|
||||
|
||||
Reference in New Issue
Block a user