fix(desktop): stop forcing login window on business API 401
Desktop Client Build / Resolve Build Metadata (push) Successful in 29s
Frontend CI / Frontend (push) Successful in 4m48s
Desktop Client Build / Build Desktop Client (push) Successful in 26m5s
Desktop Client Build / Publish Client Artifacts to NAS (push) Successful in 42s

Business calls (heartbeat, account sync, lease/pull/resume tasks,
preempt monitoring lease) used to short-circuit any 401 into
handleAuthExpired, which tore down the runtime and switched the
window to login. That stole the screen on transient or per-request
auth glitches and conflicted with the renderer-side proactive token
renewal.

Now business 401s fall through to the existing warn/danger activity
log paths and runtime keeps running. The login redirect is owned
solely by the renderer's renewAuthenticatedSession → on refresh /
rotate failure → forceLogoutAfterRenewFailure path. Server-side
revocation via error code 40991 is unaffected.

Removed the now-orphan plumbing: handleAuthExpired,
isApiClientError helper, emitRuntimeAuthExpired /
onRuntimeAuthExpired events, and forceLoginWindowForAuthExpired
listener registration.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-08 18:55:10 +08:00
parent e54efdacee
commit 94c6b5d5a5
3 changed files with 2 additions and 102 deletions
@@ -1,11 +1,5 @@
type RuntimeInvalidationReason = 'account-health' | 'publish-task-lease'
type RuntimeAuthExpiredListener = (event: {
reason: 'client-auth-expired'
at: number
message: string
}) => void
type RuntimeInvalidationListener = (event: {
reason: RuntimeInvalidationReason
at: number
@@ -14,7 +8,6 @@ type RuntimeInvalidationListener = (event: {
}) => void
const listeners = new Set<RuntimeInvalidationListener>()
const authExpiredListeners = new Set<RuntimeAuthExpiredListener>()
export function emitRuntimeInvalidated(
reason: RuntimeInvalidationReason,
@@ -44,28 +37,3 @@ export function onRuntimeInvalidated(listener: RuntimeInvalidationListener): ()
listeners.delete(listener)
}
}
export function emitRuntimeAuthExpired(message: string): void {
const event = {
reason: 'client-auth-expired',
at: Date.now(),
message,
} as const
for (const listener of authExpiredListeners) {
try {
listener(event)
} catch (error) {
console.warn('[desktop-runtime] auth-expired listener failed', {
message: error instanceof Error ? error.message : String(error),
})
}
}
}
export function onRuntimeAuthExpired(listener: RuntimeAuthExpiredListener): () => void {
authExpiredListeners.add(listener)
return () => {
authExpiredListeners.delete(listener)
}
}