FIX: Implement automatic logout on DEK session invalidation and database sync

- Add 423 status code handling for DATA_LOCKED errors in frontend axios interceptor - Automatically clear JWT tokens and reload page when DEK becomes invalid - Prevent silent failures when server restarts invalidate DEK sessions - Add database save trigger after update operations for proper synchronization - Improve user experience by forcing re-authentication when data access is locked
2025-09-25 08:10:19 +08:00
parent a9dc8d9cb3
commit 7ee4b81f97
2 changed files with 24 additions and 0 deletions
--- a/src/backend/utils/simple-db-ops.ts
+++ b/src/backend/utils/simple-db-ops.ts
@@ -144,6 +144,9 @@ class SimpleDBOps {
      .where(where)
      .returning();

+    // Trigger database save after update
+    DatabaseSaveTrigger.triggerSave(`update_${tableName}`);
+
    // Decrypt return data using the same key
    const decryptedResults = DataCrypto.decryptRecords(
      tableName,
--- a/src/ui/main-axios.ts
+++ b/src/ui/main-axios.ts
@@ -280,6 +280,27 @@ function createApiInstance(
        }
      }

+      // Handle DEK (Data Encryption Key) invalidation
+      if (status === 423) {
+        const errorData = error.response?.data;
+        if (errorData?.error === "DATA_LOCKED" || errorData?.message?.includes("DATA_LOCKED")) {
+          // DEK session has expired (likely due to server restart or timeout)
+          // Force logout to require re-authentication and DEK unlock
+          if (isElectron()) {
+            localStorage.removeItem("jwt");
+          } else {
+            document.cookie =
+              "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;";
+            localStorage.removeItem("jwt");
+          }
+
+          // Trigger a page reload to redirect to login
+          if (typeof window !== "undefined") {
+            setTimeout(() => window.location.reload(), 100);
+          }
+        }
+      }
+
      return Promise.reject(error);
    },
  );