fix: token+apiKey 共存時のセッション切れを修正#98
Conversation
canRefresh() が apiKey の存在で常に false を返し、token (JWT) で認証 しているにも関わらずリフレッシュが一切発動しなかった問題を修正。 apiKey-only(token なし)の場合のみリフレッシュを無効化するように変更。 併せて、リクエスト前に JWT の exp を確認し期限切れ/期限間近なら 事前にリフレッシュするプロアクティブ方式を追加。
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughリクエスト前にJWTの Changes
Sequence DiagramsequenceDiagram
autonumber
participant Client as Client
participant TokenMgr as Token Manager
participant API as API Service
Client->>Client: request()/rawRequest()開始
Client->>TokenMgr: proactiveRefresh()
TokenMgr->>TokenMgr: getTokenStatus(token)
alt token is expired or expiring soon
TokenMgr->>TokenMgr: performTokenRefresh()
TokenMgr-->>Client: 新しいtokenを返す
else token valid or non-JWT
TokenMgr-->>Client: 既存tokenを返す
end
Client->>API: HTTPリクエスト(Authorization: Bearer <token>)
API-->>Client: レスポンス
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@CHANGELOG.md`:
- Around line 11-12: The two CHANGELOG entries mentioning the fix for
canRefresh() and the proactive JWT refresh are missing the required PR suffix;
update both lines so each ends with the PR number in parentheses like
"(`#98`)"—specifically append " (`#98`)" to the end of the line that contains
"canRefresh()" and to the line that describes the proactive JWT `exp` check so
both entries match the project's PR-suffix convention.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: be6756c1-68c7-4841-a4b7-d7f3d372e7e7
📒 Files selected for processing (3)
CHANGELOG.mdsrc/client.tstests/client.test.ts
Summary
canRefresh()が&& !this.apiKeyの条件により、token と apiKey が config に共存すると JWT のリフレッシュが一切発動しない問題を修正expを確認し、期限切れ/期限間近なら事前にリフレッシュするプロアクティブ方式を追加Root Cause
auth loginで取得した token (JWT) と、別途設定した apiKey が同一プロファイルに共存する場合:buildHeaders()は token を優先してAuthorization: Bearerで送信canRefresh()は&& !this.apiKeyでfalseを返し、リフレッシュを完全にブロックChanges
src/client.ts:canRefresh()の条件を修正 — apiKey-only (token なし) の場合のみリフレッシュを無効化src/client.ts:proactiveRefresh()を追加 —request()/rawRequest()の前に JWT exp をチェックtests/client.test.ts: token+apiKey 共存時のリフレッシュテスト、プロアクティブリフレッシュのテスト (11件追加)Verification
geonic me --verboseで修正前: 401 → リフレッシュなし → エラーTest plan
geonic meが 200 OK で復旧Summary by CodeRabbit
リリースノート
バグ修正
新機能