fix(front+backend): actually make auth token refresh work

backend/src/main/java/io/papermc/hangar/controller/LoginController.java

@@ -27,6 +27,7 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.servlet.view.RedirectView;
@@ -77,8 +78,8 @@ public class LoginController extends HangarComponent {
         return addBaseAndRedirect(url);
     }
 
+    @ResponseBody
     @GetMapping("/refresh")
-    @ResponseStatus(HttpStatus.NO_CONTENT)
     public String refreshAccessToken(@CookieValue(name = SecurityConfig.REFRESH_COOKIE_NAME, required = false) String refreshToken) {
         return tokenService.refreshAccessToken(refreshToken).accessToken();
     }

frontend/src/composables/useAuth.ts

@@ -55,7 +55,7 @@ class Auth {
       }
 
       try {
-        authLog("do request");
+        authLog("do refresh request");
         const headers: AxiosRequestHeaders = {};
         if (import.meta.env.SSR) {
           headers.cookie = "HangarAuth_REFRESH=" + refreshToken;
@@ -65,7 +65,7 @@ class Auth {
         if (response.status === 299) {
           authLog("had no cookie");
           resolve(false);
-        } else if (response.status === 204) {
+        } else if (response.status === 200) {
           // forward cookie header to renew refresh cookie
           if (import.meta.env.SSR && response.headers["set-cookie"]) {
             useRequestEvent().node.res?.setHeader("set-cookie", response.headers["set-cookie"]);
@@ -73,6 +73,7 @@ class Auth {
           // validate and return token
           const token = response.data;
           if (useAuth.validateToken(token)) {
+            authLog("got valid token");
             resolve(response.data);
           } else {
             authLog("refreshed token is not valid?", token);

frontend/src/plugins/axios.ts

@@ -16,14 +16,8 @@ export default defineNuxtPlugin((nuxtApp: NuxtApp) => {
   axiosInstance.interceptors.request.use(
     (config) => {
       const authStore = useAuthStore();
-      const token = authStore.token;
       // forward auth token
-      if (!config.headers) {
-        config.headers = {};
-      }
-      if (token) {
-        config.headers.Authorization = "HangarAuth " + token;
-      }
+      addAuthHeader(config, authStore.token);
       // forward other headers for ssr
       forwardRequestHeaders(config, nuxtApp);
       // axiosLog("calling with headers", config.headers);
@@ -42,28 +36,30 @@ export default defineNuxtPlugin((nuxtApp: NuxtApp) => {
     },
     async (err) => {
       const authStore = useAuthStore();
-      const originalConfig = err.config;
-
-      const transformedError = {
-        code: err?.code,
-        requestUrl: err?.request?.path,
-        status: err?.response?.status,
-        data: err?.response?.data,
-      };
-      axiosLog("got error", transformedError);
+      const originalConfig = err.config as AxiosRequestConfig & { _retry: boolean };
 
       if (originalConfig?.url !== "/refresh" && originalConfig?.url !== "/invalidate" && err.response) {
         // token expired
-        if (err.response.status === 401 && !originalConfig._retry) {
+        if (err.response.status === 403 && err.response.data?.message === "JWT was expired" && !originalConfig._retry) {
           originalConfig._retry = true;
 
-          authLog("Request to", originalConfig.url, "failed with", err.response.status, "==> refreshing token");
+          authLog("Request to", originalConfig.url, "failed with", err.response.status, err.response.data, "==> refreshing token");
           const refreshedToken = await useAuth.refreshToken();
           if (refreshedToken) {
             authStore.token = refreshedToken;
+            authLog("redo request", originalConfig.url);
+            addAuthHeader(originalConfig, refreshedToken);
             return axiosInstance(originalConfig);
           }
         }
+      } else {
+        const transformedError = {
+          code: err?.code,
+          requestUrl: err?.request?.path,
+          status: err?.response?.status,
+          data: err?.response?.data,
+        };
+        axiosLog("got error", transformedError);
       }
 
       throw err;
@@ -77,6 +73,15 @@ export default defineNuxtPlugin((nuxtApp: NuxtApp) => {
   };
 });
 
+function addAuthHeader(config: AxiosRequestConfig, token: string | undefined) {
+  if (!config.headers) {
+    config.headers = {};
+  }
+  if (token) {
+    config.headers.Authorization = "HangarAuth " + token;
+  }
+}
+
 function forwardRequestHeaders(config: AxiosRequestConfig, nuxtApp: NuxtApp) {
   if (!process.server) return;
   const req = useRequestEvent(nuxtApp).node.req;