1

src/services/authService.ts

@@ -22,6 +22,7 @@ import type {
   LogoutResponse,
 } from '../../packages/shared/src/contracts/auth';
 import {
+  type ApiRequestOptions,
   ApiClientError,
   clearStoredAccessToken,
   clearStoredAutoAuthCredentials,
@@ -60,6 +61,13 @@ let pendingAutoAuthUser: Promise<{
   credentials: AutoAuthCredentials;
 }> | null = null;
 
+// 登录前公开认证入口不能误带旧 token，也不能先触发 refresh 探测，
+// 否则无会话用户点击“获取验证码”时会先打出一条无意义的 /auth/refresh 401。
+const PUBLIC_AUTH_REQUEST_OPTIONS = {
+  skipAuth: true,
+  skipRefresh: true,
+} satisfies ApiRequestOptions;
+
 export function normalizePhoneInput(phoneInput: string) {
   return phoneInput.replace(/[^\d+]/gu, '').trim();
 }
@@ -147,6 +155,7 @@ export async function sendPhoneLoginCode(
       }),
     },
     '发送验证码失败',
+    PUBLIC_AUTH_REQUEST_OPTIONS,
   );
 
   return response;
@@ -164,6 +173,7 @@ export async function loginWithPhoneCode(phone: string, code: string) {
       }),
     },
     '登录失败',
+    PUBLIC_AUTH_REQUEST_OPTIONS,
   );
 
   setStoredAccessToken(response.token, { emit: false });
@@ -212,6 +222,7 @@ export async function startWechatLogin() {
       method: 'GET',
     },
     '微信登录暂不可用',
+    PUBLIC_AUTH_REQUEST_OPTIONS,
   );
 
   window.location.assign(response.authorizationUrl);
@@ -224,6 +235,7 @@ export async function getAuthLoginOptions() {
       method: 'GET',
     },
     '读取登录方式失败',
+    PUBLIC_AUTH_REQUEST_OPTIONS,
   );
 }
 
@@ -237,6 +249,7 @@ export async function authEntry(username: string, password: string) {
       body: JSON.stringify(credentials),
     },
     '登录失败',
+    PUBLIC_AUTH_REQUEST_OPTIONS,
   );
 
   setStoredAccessToken(response.token, { emit: false });