mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-16 19:33:11 +02:00
fix: send Supabase token on raw fetch in SaaS chat
This commit is contained in:
@@ -13,7 +13,11 @@ export function setupApiInterceptors(client: AxiosInstance): void {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Auth headers for raw fetch() calls (SSE streams, etc.). Proprietary overrides with JWT + XSRF. */
|
/**
|
||||||
export function getAuthHeaders(): Record<string, string> {
|
* Auth headers for raw fetch() calls (SSE streams, etc.).
|
||||||
|
* Proprietary overrides with stored JWT + XSRF; SaaS overrides with the live
|
||||||
|
* Supabase access token. Async because SaaS has to consult the auth client.
|
||||||
|
*/
|
||||||
|
export async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||||
return {};
|
return {};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -467,7 +467,7 @@ export function ChatProvider({ children }: { children: ReactNode }) {
|
|||||||
{
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
body: formData,
|
body: formData,
|
||||||
headers: getAuthHeaders(),
|
headers: await getAuthHeaders(),
|
||||||
credentials: "include",
|
credentials: "include",
|
||||||
signal: controller.signal,
|
signal: controller.signal,
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -100,8 +100,11 @@ async function refreshAuthToken(client: AxiosInstance): Promise<string> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Auth headers for raw fetch() calls (SSE streams, etc.). */
|
/**
|
||||||
export function getAuthHeaders(): Record<string, string> {
|
* Auth headers for raw fetch() calls (SSE streams, etc.).
|
||||||
|
* Async to match the SaaS override, which has to await the Supabase session.
|
||||||
|
*/
|
||||||
|
export async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||||
const headers: Record<string, string> = {};
|
const headers: Record<string, string> = {};
|
||||||
const jwt = getJwtTokenFromStorage();
|
const jwt = getJwtTokenFromStorage();
|
||||||
if (jwt) {
|
if (jwt) {
|
||||||
@@ -117,8 +120,8 @@ export function getAuthHeaders(): Record<string, string> {
|
|||||||
export function setupApiInterceptors(client: AxiosInstance): void {
|
export function setupApiInterceptors(client: AxiosInstance): void {
|
||||||
// Install request interceptor to add JWT token
|
// Install request interceptor to add JWT token
|
||||||
client.interceptors.request.use(
|
client.interceptors.request.use(
|
||||||
(config) => {
|
async (config) => {
|
||||||
const authHeaders = getAuthHeaders();
|
const authHeaders = await getAuthHeaders();
|
||||||
for (const [key, value] of Object.entries(authHeaders)) {
|
for (const [key, value] of Object.entries(authHeaders)) {
|
||||||
if (!config.headers[key]) {
|
if (!config.headers[key]) {
|
||||||
config.headers[key] = value;
|
config.headers[key] = value;
|
||||||
|
|||||||
@@ -446,7 +446,7 @@ export function ChatProvider({ children }: { children: ReactNode }) {
|
|||||||
{
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
body: formData,
|
body: formData,
|
||||||
headers: getAuthHeaders(),
|
headers: await getAuthHeaders(),
|
||||||
credentials: "include",
|
credentials: "include",
|
||||||
signal: controller.signal,
|
signal: controller.signal,
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -0,0 +1,41 @@
|
|||||||
|
import type { AxiosInstance } from "axios";
|
||||||
|
import { supabase } from "@app/auth/supabase";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SaaS auth headers for raw fetch() calls (e.g. AI chat streaming).
|
||||||
|
*
|
||||||
|
* Pulls the live Supabase access token. Required because the SaaS apiClient's
|
||||||
|
* axios interceptor attaches this header to every axios call, but raw fetch()
|
||||||
|
* calls bypass that path and end up with no Authorization header → backend
|
||||||
|
* returns 401. The chat streaming endpoint uses fetch() (not axios) because
|
||||||
|
* axios doesn't stream SSE responses well, so this override exists to give
|
||||||
|
* it the same bearer token the axios calls already get.
|
||||||
|
*
|
||||||
|
* supabase.auth.getSession() reads from in-memory cache when possible; only
|
||||||
|
* issues a network request if the session needs refreshing. Adds an Accept
|
||||||
|
* header so the backend negotiates JSON correctly.
|
||||||
|
*/
|
||||||
|
export async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||||
|
const headers: Record<string, string> = {};
|
||||||
|
try {
|
||||||
|
const {
|
||||||
|
data: { session },
|
||||||
|
} = await supabase.auth.getSession();
|
||||||
|
if (session?.access_token) {
|
||||||
|
headers["Authorization"] = `Bearer ${session.access_token}`;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
console.warn("[apiClientSetup] Failed to read Supabase session", e);
|
||||||
|
}
|
||||||
|
return headers;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SaaS apiClient wires up its own interceptors inline (see saas/services/apiClient.ts).
|
||||||
|
* This re-export exists so the cascade through @app/services/apiClientSetup
|
||||||
|
* remains consistent for callers that import setupApiInterceptors — currently
|
||||||
|
* none in SaaS mode, but keeps the shape uniform.
|
||||||
|
*/
|
||||||
|
export function setupApiInterceptors(_client: AxiosInstance): void {
|
||||||
|
// No-op: SaaS apiClient handles its own interceptors with the Supabase session.
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user