Move auth-entry checks to router guard and simplify MainContainer route logic

Co-Authored-By: Codex <codex@openai.com>
2026-03-08 19:14:20 +08:00
parent f3d11ebbcb
commit 955e9ceda9
3 changed files with 48 additions and 192 deletions
--- a/tests/router/routerGuard.test.js
+++ b/tests/router/routerGuard.test.js
@@ -17,13 +17,17 @@ describe("router beforeEach guard logic", () => {
  });

  // Simulate the guard logic from router/index.ts
-  function runGuard(to) {
+  async function runGuard(to, options = {}) {
+    const { refreshSucceeds = true } = options;
    const hasLoginMarker = document.cookie
      .split(";")
      .some((c) => c.trim().startsWith("isLuciaLoggedIn="));
    const hasAccessToken = document.cookie
      .split(";")
      .some((c) => c.trim().startsWith("luciaToken="));
+    const hasRefreshToken = document.cookie
+      .split(";")
+      .some((c) => c.trim().startsWith("luciaRefreshToken="));
    const isAuthenticated = hasLoginMarker && hasAccessToken;

    if (to.name === "Login") {
@@ -32,6 +36,9 @@ describe("router beforeEach guard logic", () => {

    const requiresAuth = (to.matched || []).some((r) => r.meta?.requiresAuth);
    if (requiresAuth && !isAuthenticated) {
+      if (hasRefreshToken) {
+        if (refreshSucceeds) return undefined;
+      }
      return {
        path: "/login",
        query: {
@@ -46,15 +53,17 @@ describe("router beforeEach guard logic", () => {
  it("redirects logged-in user from Login to Files", () => {
    document.cookie = "isLuciaLoggedIn=true";
    document.cookie = "luciaToken=token";
-    expect(runGuard({ name: "Login" })).toEqual({ name: "Files" });
+    return expect(runGuard({ name: "Login" })).resolves.toEqual({
+      name: "Files",
+    });
  });

  it("allows unauthenticated user to visit Login", () => {
-    expect(runGuard({ name: "Login" })).toBeUndefined();
+    return expect(runGuard({ name: "Login" })).resolves.toBeUndefined();
  });

-  it("redirects unauthenticated user when route requiresAuth", () => {
-    const result = runGuard({
+  it("redirects unauthenticated user when route requiresAuth", async () => {
+    const result = await runGuard({
      name: "Files",
      path: "/files",
      fullPath: "/files",
@@ -64,16 +73,48 @@ describe("router beforeEach guard logic", () => {
    expect(atob(result.query["return-to"])).toBe("/files");
  });

+  it("allows requiresAuth route when refresh token can refresh session", () => {
+    document.cookie = "luciaRefreshToken=refresh-token";
+    return expect(
+      runGuard(
+        {
+          name: "Files",
+          path: "/files",
+          fullPath: "/files",
+          matched: [{ meta: { requiresAuth: true } }],
+        },
+        { refreshSucceeds: true },
+      ),
+    ).resolves.toBeUndefined();
+  });
+
+  it("redirects to login with return-to when refresh fails", async () => {
+    document.cookie = "luciaRefreshToken=refresh-token";
+    const result = await runGuard(
+      {
+        name: "Map",
+        path: "/discover/log/1/map",
+        fullPath: "/discover/log/1/map?view=summary#node-2",
+        matched: [{ meta: { requiresAuth: true } }],
+      },
+      { refreshSucceeds: false },
+    );
+    expect(result.path).toBe("/login");
+    expect(atob(result.query["return-to"])).toBe(
+      "/discover/log/1/map?view=summary#node-2",
+    );
+  });
+
  it("does not interfere with non-Login routes", () => {
    document.cookie = "isLuciaLoggedIn=true";
    document.cookie = "luciaToken=token";
-    expect(
+    return expect(
      runGuard({
        name: "Files",
        path: "/files",
        fullPath: "/files",
        matched: [{ meta: { requiresAuth: true } }],
      }),
-    ).toBeUndefined();
+    ).resolves.toBeUndefined();
  });
 });