Refactor authentication and token management: Update authController.js to use environment variable for JWT expiration. Enhance axios.js and store/index.js for improved token usability checks and cleanup on logout, ensuring a more robust authentication flow.

2026-04-29 18:52:16 +02:00
parent 7d5e2526d3
commit 0b58579258
3 changed files with 68 additions and 11 deletions
--- a/src/axios.js
+++ b/src/axios.js
@@ -1,6 +1,4 @@
 import axios from 'axios';
-import store from './store';
-import router from './router';

 // Einheitliche Basis-URL:
 // - immer relativ zur aktuellen Origin
@@ -8,11 +6,45 @@ import router from './router';
 axios.defaults.baseURL = '/api';
 console.log('Axios baseURL:', axios.defaults.baseURL);

+function clearStoredLogin() {
+  localStorage.removeItem('isLoggedIn');
+  localStorage.removeItem('user');
+  localStorage.removeItem('token');
+  delete axios.defaults.headers.common.Authorization;
+}
+
+function getTokenPayload(token) {
+  try {
+    const payload = token.split('.')[1];
+    const normalized = payload.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = normalized.padEnd(normalized.length + (4 - normalized.length % 4) % 4, '=');
+    return JSON.parse(atob(padded));
+  } catch (error) {
+    return null;
+  }
+}
+
+function isTokenUsable(token) {
+  if (!token || token === 'undefined' || token === 'null') {
+    return false;
+  }
+  const payload = getTokenPayload(token);
+  if (!payload || !payload.exp) {
+    return true;
+  }
+  return payload.exp * 1000 > Date.now();
+}
+
 axios.interceptors.request.use(
  config => {
-    const token = store.state.token || localStorage.getItem('token');
+    const token = localStorage.getItem('token');
    if (token) {
-      config.headers.Authorization = `Bearer ${token}`;
+      if (isTokenUsable(token)) {
+        config.headers.Authorization = `Bearer ${token}`;
+      } else {
+        clearStoredLogin();
+        delete config.headers.Authorization;
+      }
    }
    return config;
  },
@@ -31,9 +63,9 @@ axios.interceptors.response.use(
    const isLogoutRequest = requestUrl.includes('/auth/logout');

    if (error.response && error.response.status === 401 && !isLoginRequest && !isLogoutRequest) {
-      store.commit('logout');
-      if (router.currentRoute.value.path !== '/auth/login') {
-        router.replace('/auth/login');
+      clearStoredLogin();
+      if (window.location.pathname !== '/auth/login') {
+        window.location.replace('/auth/login');
      }
    }
    return Promise.reject(error);