feat(api-client): add global 401/403/5xx interceptor + AuthExpiredListener#681
Open
jun261930-tech wants to merge 1 commit into
Open
feat(api-client): add global 401/403/5xx interceptor + AuthExpiredListener#681jun261930-tech wants to merge 1 commit into
jun261930-tech wants to merge 1 commit into
Conversation
P1 of MC code-quality plan (see PLAN.md / PR-api-client.md):
- src/lib/api-client.ts (+120) ApiError + apiFetch<T> wrapper
- src/lib/__tests__/api-client.test.ts (+108) 8 vitest cases (200/401/403/500/network/loop/204/no-redirect)
- src/components/auth-expired-listener.tsx (+30) global mc:auth-expired -> /login redirect
- src/app/layout.tsx (+2) register listener
- eslint.config.mjs (+31) no-restricted-syntax warn for bare fetch('/api/...')
Quality gates passed:
- pnpm vitest run src/lib/__tests__/api-client.test.ts: 8/8 (2.5s)
- pnpm typecheck: 0 error
- pnpm lint: 0 error, 343 warn (~baseline 334 bare fetch + 9 pre-existing)
Out of scope: migrating existing 334 bare fetch sites (P2, separate PR).
P0 verification: playwright captured 19/19 /api/* returning 200 after login,
ruling out backend issue (cookie expired) — see p0-network-evidence.txt.
This was referenced May 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the UX bug where expired sessions silently fail — API calls return 401 but users see no feedback and stay on the current page.
Changes
New files
src/lib/api-client.ts— typed fetch wrapper with global 401/403/5xx interceptionsrc/lib/__tests__/api-client.test.ts— 8 vitest test cases covering all interception branchessrc/components/auth-expired-listener.tsx— Client Component that listens formc:auth-expiredand redirects to/login?from=<current-path>Modified files
src/app/layout.tsx— mounts<AuthExpiredListener />at root layouteslint.config.mjs— addsno-restricted-syntaxwarn rule for bare fetch('/api/...) calls (3 quote variants)Verification
Migration path
See
PR-api-client.mdin workspace for 3-phase incremental migration strategy.Related