Fix: Implement automatic expired token handling #1783
Description
Problem
The current app doesn't handle expired tokens correctly. Users have to manually hit the logout button and log back in when their token expires, rather than the app detecting and automatically handling the expired token.
Current Implementation Issues
Frontend (frontend/src/hooks/useAuth.ts)
- Token is stored in localStorage but never validated for expiration
- No automatic token refresh mechanism
- API calls with expired tokens fail without proper handling
Backend (backend/app/api/deps.py)
get_current_user()throws 403 Forbidden for expired tokens- No differentiation between invalid and expired tokens
API Client (frontend/src/client/core/request.ts)
- No interceptors to handle 401/403 responses
- No automatic retry logic for token refresh
Proposed Solution
1. Frontend Token Management
- Add token expiration checking in
useAuth.ts - Implement automatic logout on token expiry
- Add request interceptor to detect 401 responses
2. Backend Token Response
- Differentiate between expired and invalid tokens
- Return 401 for expired tokens (instead of 403)
3. API Client Enhancement
- Add response interceptor to handle 401 responses
- Automatically redirect to login on token expiry
Test Plan
- Test token expiration detection
- Test automatic logout on expired token
- Test API calls with expired tokens
- Test user experience during token expiry
- Test manual logout still works correctly
Files to Modify
frontend/src/hooks/useAuth.ts- Add token validationfrontend/src/client/core/request.ts- Add response interceptorbackend/app/api/deps.py- Improve error handling- Add tests for new functionality
🤖 Generated with Claude Code