From 387993da92066fcf7b2d83f939b0a189361299ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BE=9D=E7=91=AA=E8=B2=93?= <imacat@mail.imacat.idv.tw>
Date: Mon, 9 Mar 2026 14:10:36 +0800
Subject: [PATCH] Add response structure validation in auth token refresh

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/api/auth.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/api/auth.js b/src/api/auth.js
index cd5fb21..dbcc079 100644
--- a/src/api/auth.js
+++ b/src/api/auth.js
@@ -34,8 +34,11 @@ export async function refreshTokenAndGetNew() {
   };
 
   const response = await axios.post(api, data, config);
-  const newAccessToken = response.data.access_token;
-  const newRefreshToken = response.data.refresh_token;
+  const newAccessToken = response.data?.access_token;
+  const newRefreshToken = response.data?.refresh_token;
+  if (!newAccessToken || !newRefreshToken) {
+    throw new Error("Invalid token response structure");
+  }
 
   setCookieWithoutExpiration("luciaToken", newAccessToken);
   // Expire in ~6 months