mirror of
https://github.com/immich-app/immich.git
synced 2026-05-23 07:22:31 -04:00
Santo Shakil
b031548791
* fix(mobile): don't block app open on slow validateAccessToken AuthGuard.onNavigation was async so auto_route awaited the body through validateAccessToken's OS timeout. now it's sync and the validate runs in bg. kicks to login on 401. * fix(mobile): handle re-login race in AuthGuard validate if user logs out + logs back in during a slow validate, the old 401 was logging them out again. now we check the token hasn't changed before redirecting, and dedupe in-flight calls. --------- Co-authored-by: Alex <alex.tran1502@gmail.com>
77 lines
2.7 KiB
Dart
77 lines
2.7 KiB
Dart
import 'dart:async';
|
|
import 'dart:io';
|
|
|
|
import 'package:auto_route/auto_route.dart';
|
|
import 'package:immich_mobile/domain/models/store.model.dart';
|
|
import 'package:immich_mobile/domain/services/store.service.dart';
|
|
import 'package:immich_mobile/entities/store.entity.dart';
|
|
import 'package:immich_mobile/routing/router.dart';
|
|
import 'package:immich_mobile/services/api.service.dart';
|
|
import 'package:immich_mobile/services/auth.service.dart';
|
|
import 'package:logging/logging.dart';
|
|
import 'package:openapi/api.dart';
|
|
|
|
class AuthGuard extends AutoRouteGuard {
|
|
final ApiService _apiService;
|
|
final AuthService _authService;
|
|
final _log = Logger("AuthGuard");
|
|
bool _validateInFlight = false;
|
|
AuthGuard(this._apiService, this._authService);
|
|
@override
|
|
void onNavigation(NavigationResolver resolver, StackRouter router) {
|
|
// Synchronously check for the access token. auto_route awaits async
|
|
// guards, so we keep this function fully sync and validate the token in
|
|
// the background — otherwise a slow validateAccessToken() request would
|
|
// block the route transition for as long as the OS-level HTTP timeout.
|
|
try {
|
|
Store.get(StoreKey.accessToken);
|
|
} on StoreKeyNotFoundException catch (_) {
|
|
_log.warning('No access token in the store.');
|
|
resolver.next(false);
|
|
unawaited(router.replaceAll([const LoginRoute()]));
|
|
return;
|
|
}
|
|
|
|
resolver.next(true);
|
|
unawaited(_validateAccessTokenInBackground(router));
|
|
}
|
|
|
|
Future<void> _validateAccessTokenInBackground(StackRouter router) async {
|
|
if (_validateInFlight) {
|
|
return;
|
|
}
|
|
final token = Store.tryGet(StoreKey.accessToken);
|
|
if (token == null) {
|
|
return;
|
|
}
|
|
_validateInFlight = true;
|
|
try {
|
|
final res = await _apiService.authenticationApi.validateAccessToken();
|
|
if (res == null || res.authStatus != true) {
|
|
// Token may have changed during validation (user logged out + logged in
|
|
// again); only act if it still applies to the current session.
|
|
if (Store.tryGet(StoreKey.accessToken) != token) {
|
|
return;
|
|
}
|
|
_log.fine('User token is invalid. Redirecting to login');
|
|
await router.replaceAll([const LoginRoute()]);
|
|
await _authService.clearLocalData();
|
|
}
|
|
} on ApiException catch (e) {
|
|
if (e.code != HttpStatus.unauthorized) {
|
|
return;
|
|
}
|
|
if (Store.tryGet(StoreKey.accessToken) != token) {
|
|
return;
|
|
}
|
|
_log.warning("Unauthorized access token.");
|
|
await router.replaceAll([const LoginRoute()]);
|
|
await _authService.clearLocalData();
|
|
} catch (e) {
|
|
_log.warning('Error validating access token from server: $e');
|
|
} finally {
|
|
_validateInFlight = false;
|
|
}
|
|
}
|
|
}
|