fix: 修复未登录态授权刷新循环

2026-04-20 22:01:04 +08:00
parent 75944b1f1f
commit 39c7f0735f
5 changed files with 103 additions and 13 deletions
--- a/src/services/apiClient.ts
+++ b/src/services/apiClient.ts
@@ -351,12 +351,15 @@ export function setStoredAccessToken(
  }

  const nextToken = token.trim();
+  const previousToken = getStoredAccessToken();
  if (nextToken) {
    window.localStorage.setItem(ACCESS_TOKEN_KEY, nextToken);
  } else {
    window.localStorage.removeItem(ACCESS_TOKEN_KEY);
  }
-  if (options.emit !== false) {
+
+  // 只有登录态令牌真的发生变化时才广播事件，避免无意义的鉴权重算。
+  if (options.emit !== false && previousToken !== nextToken) {
    emitAuthStateChange();
  }
 }
@@ -370,8 +373,11 @@ export function clearStoredAccessToken(
    return;
  }

+  const previousToken = getStoredAccessToken();
  window.localStorage.removeItem(ACCESS_TOKEN_KEY);
-  if (options.emit !== false) {
+
+  // 未登录态下重复清空 token 不应触发状态刷新，否则会放大 401 循环。
+  if (options.emit !== false && previousToken) {
    emitAuthStateChange();
  }
 }
@@ -487,14 +493,20 @@ export async function fetchWithApiAuth(

  for (;;) {
    try {
+      const requestHeaders = withAuthorizationHeaders(init.headers, options);
+      const hasAuthHeader = Boolean(
+        requestHeaders.Authorization?.trim() ||
+          requestHeaders.authorization?.trim(),
+      );
      const response = await fetch(input, {
        credentials: 'same-origin',
        ...init,
-        headers: withAuthorizationHeaders(init.headers, options),
+        headers: requestHeaders,
      });

      if (
        response.status === 401 &&
+        hasAuthHeader &&
        !options.skipAuth &&
        !options.skipRefresh &&
        !refreshAttempted