hardening

2026-05-16 10:44:20 +00:00
parent 52e3d680f7
commit cc26ed9b2c
18 changed files with 315 additions and 169 deletions
@@ -2,7 +2,7 @@

 import { useEffect, useState } from 'react'
 import { useRouter } from 'next/navigation'
-import { authFetch, clearToken, getApiBase, getToken } from '../lib/auth'
+import { authFetchOrThrow, getApiBase, getToken, UnauthorizedError } from '../lib/auth'

 type Profile = {
  username?: string
@@ -24,15 +24,17 @@ export default function FeedbackPage() {
    const load = async () => {
      try {
        const baseUrl = getApiBase()
-        const response = await authFetch(`${baseUrl}/auth/me`)
+        const response = await authFetchOrThrow(`${baseUrl}/auth/me`)
        if (!response.ok) {
-          clearToken()
-          router.push('/login')
-          return
+          throw new Error('Could not load profile.')
        }
        const data = await response.json()
        setProfile({ username: data?.username })
      } catch (error) {
+        if (error instanceof UnauthorizedError) {
+          router.push('/login')
+          return
+        }
        console.error(error)
      }
    }
@@ -49,7 +51,7 @@ export default function FeedbackPage() {
    setSubmitting(true)
    try {
      const baseUrl = getApiBase()
-      const response = await authFetch(`${baseUrl}/feedback`, {
+      const response = await authFetchOrThrow(`${baseUrl}/feedback`, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({
@@ -58,17 +60,16 @@ export default function FeedbackPage() {
        }),
      })
      if (!response.ok) {
-        if (response.status === 401) {
-          clearToken()
-          router.push('/login')
-          return
-        }
        const text = await response.text()
        throw new Error(text || `Request failed: ${response.status}`)
      }
      setMessage('')
      setStatus('Thanks! Your message has been sent.')
    } catch (error) {
+      if (error instanceof UnauthorizedError) {
+        router.push('/login')
+        return
+      }
      console.error(error)
      setStatus('That did not send. Please try again.')
    } finally {