34 lines
1.5 KiB
Markdown
34 lines
1.5 KiB
Markdown
---
|
|
# nuzlocke-tracker-tatg
|
|
title: 'Bug: Intermittent 401 errors / failed save-load requiring page reload'
|
|
status: todo
|
|
type: bug
|
|
priority: high
|
|
created_at: 2026-03-21T21:50:48Z
|
|
updated_at: 2026-03-21T21:50:48Z
|
|
---
|
|
|
|
## Problem
|
|
|
|
During gameplay, the app intermittently fails to load or save data. A page reload fixes the issue. Likely caused by expired Supabase JWT tokens not being refreshed automatically before API calls.
|
|
|
|
## Current Implementation
|
|
|
|
- Auth uses Supabase JWTs verified with HS256 (`backend/auth.py:39-44`)
|
|
- Frontend gets token via `supabase.auth.getSession()` in `client.ts:16-21`
|
|
- `getAuthHeaders()` returns the cached session token without checking expiry
|
|
- When the token expires between interactions, API calls return 401
|
|
- Page reload triggers a fresh `getSession()` which refreshes the token
|
|
|
|
## Root Cause Analysis
|
|
|
|
`getSession()` returns the cached token. If it's expired, the frontend sends an expired JWT to the backend, which rejects it with 401. The frontend doesn't call `refreshSession()` or handle token refresh before API calls.
|
|
|
|
## Proposed Fix
|
|
|
|
- [ ] Add token refresh logic before API calls (check expiry, call `refreshSession()` if needed)
|
|
- [ ] Add 401 response interceptor that automatically refreshes token and retries the request
|
|
- [ ] Verify Supabase client `autoRefreshToken` option is enabled
|
|
- [ ] Test with short-lived tokens to confirm refresh works
|
|
- [ ] Check if there's a race condition when multiple API calls trigger refresh simultaneously
|