From 30a8196c126f30124b62653707b75dc86b066b5b Mon Sep 17 00:00:00 2001 From: "Gan, Jimmy" Date: Fri, 10 Jul 2026 22:57:31 +0800 Subject: [PATCH] fix: S06.6 guard window.isSecureContext in Login.svelte (SSR-safe) / S06.7 remove legacy localStorage refresh token --- dashboard/frontend/src/lib/api.js | 15 --------------- dashboard/frontend/src/routes/Login.svelte | 9 ++++++++- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/dashboard/frontend/src/lib/api.js b/dashboard/frontend/src/lib/api.js index 1f0b2c7..1d905e7 100644 --- a/dashboard/frontend/src/lib/api.js +++ b/dashboard/frontend/src/lib/api.js @@ -23,13 +23,7 @@ export function setRefreshToken() {} let refreshPromise = null; -function getLegacyRefreshToken() { - return localStorage.getItem("refresh_token") || ""; -} -function clearLegacyRefreshToken() { - localStorage.removeItem("refresh_token"); -} async function requestRefresh(body) { const r = await fetch(BASE + "/auth/refresh", { @@ -50,18 +44,9 @@ export async function tryRefreshSession() { try { const cookieRefreshed = await requestRefresh(); if (cookieRefreshed) { - clearLegacyRefreshToken(); return true; } - const legacyRefreshToken = getLegacyRefreshToken(); - if (!legacyRefreshToken) return false; - const legacyRefreshed = await requestRefresh({ refresh_token: legacyRefreshToken }); - if (legacyRefreshed) { - clearLegacyRefreshToken(); - return true; - } - clearLegacyRefreshToken(); return false; } catch { return false; diff --git a/dashboard/frontend/src/routes/Login.svelte b/dashboard/frontend/src/routes/Login.svelte index 931159b..998e09f 100644 --- a/dashboard/frontend/src/routes/Login.svelte +++ b/dashboard/frontend/src/routes/Login.svelte @@ -8,7 +8,14 @@ let error = $state(""); let loading = $state(false); let require2FA = $state(false); - let showPasswordForm = $state(!window.isSecureContext); + let showPasswordForm = $state(true); + let _isBrowser = $state(typeof window !== "undefined"); + $effect(() => { + if (_isBrowser) { + showPasswordForm = !window.isSecureContext; + } + }); + function base64urlToBuffer(b64) { const s = b64.replace(/-/g, '+').replace(/_/g, '/');