cleanup: trim oversized comments across recent SaaS fixes

Reduce multi-paragraph comment blocks to short two-line notes and drop
history-style references; no behaviour changes.
This commit is contained in:
Anthony Stirling
2026-06-10 14:30:29 +01:00
parent bf18af4708
commit 5b412c0fed
11 changed files with 30 additions and 95 deletions
@@ -365,11 +365,8 @@ export function FolderProvider({ children }: FolderProviderProps) {
// guaranteed-to-403 round-trip per session.
const { config: appConfig } = useAppConfig();
const storageBackedByServer = appConfig?.storageEnabled === true;
// Don't hit the authenticated storage API on auth routes (/login, /signup,
// /auth/*, ...). The global FolderProvider is mounted everywhere, including
// the login screen where the user has no session yet, so an unguarded pull
// fires a guaranteed-401 GET /api/v1/storage/folders before sign-in. Mirror
// the auth-route skip used by LicenseContext / AppConfigContext.
// Skip server pulls on auth routes: FolderProvider is mounted globally and
// /login has no session yet, so the pull would be a guaranteed 401.
const location = useLocation();
const onAuthRoute = isAuthRoute(location.pathname);
useEffect(() => {
@@ -128,10 +128,8 @@ export function useMultipleEndpointsEnabled(endpoints: string[]): {
"[useEndpointConfig] Fetching all endpoint statuses from server",
);
// Fetch all endpoints at once - no query params needed.
// Fires automatically on app load; a 401 here (e.g. backend rejecting
// an otherwise-valid session) must fail silently rather than reach the
// global handler, which hard-redirects to /login and can loop.
// Fetch all endpoints at once; auto-fires on app load, so a 401 must
// fail silently instead of triggering the global login redirect.
const response = await apiClient.get<
Record<string, EndpointAvailabilityDetails>
>(`/api/v1/config/endpoints-availability`, {
@@ -28,9 +28,8 @@ export const accountService = {
* This is a public endpoint - doesn't require authentication
*/
async getLoginPageData(): Promise<LoginPageData> {
// Public endpoint, but also auto-called by the onboarding orchestrator
// when a stale stirling_jwt is in localStorage — a 401 must never trigger
// the global login redirect (it would loop on every page load).
// Also auto-called by onboarding when a stale stirling_jwt exists; a 401
// must never trigger the global login redirect.
const response = await apiClient.get<LoginPageData>(
"/api/v1/proprietary/ui-data/login",
{ suppressErrorToast: true, skipAuthRedirect: true },
@@ -62,15 +62,8 @@ function toFolderRecord(dto: ServerFolder): FolderRecord {
export const folderSyncService = {
async list(): Promise<FolderRecord[]> {
// Background sync fired automatically by the global FolderProvider on
// every (non-auth-route) load. If the backend rejects the request with a
// 401 - e.g. the storage API doesn't accept this deployment's session
// token - the error must NOT reach the global 401 handler: that handler
// hard-redirects to /login, the login page sees a valid session and
// bounces back to /, FolderProvider pulls again, and the app loops
// login->/->login forever. FolderContext.pullFromServer already handles
// 4xx locally (flips serverReachable, no banner), so fail silently here -
// mirroring fileSyncService's /api/v1/storage/files pull.
// Auto-fired by FolderProvider on every load; a persistent 401 must fail
// silently here or the global handler redirects to /login and loops.
const response = await apiClient.get<ServerFolder[]>(
"/api/v1/storage/folders",
{
@@ -46,12 +46,8 @@ function stashPostLoginRedirect(path: string): void {
}
}
// Loop breaker for the 401 hard-redirect below. If the backend persistently
// 401s an automatic call while the auth session is actually valid, the
// redirect lands on /login, the login page sees the valid session and bounces
// back, the call 401s again and we redirect again — forever. sessionStorage
// survives the full-page navigations of that cycle (per tab), so a second
// redirect within the window means we're looping, not expiring.
// Loop breaker: a second 401 redirect within this window means the login page
// bounced us back with a live session — redirecting again would loop forever.
const LOGIN_REDIRECT_THROTTLE_KEY = "stirling_last_401_redirect";
const LOGIN_REDIRECT_THROTTLE_MS = 10_000;