Avoid clearing sessions on permission errors

2026-06-08 16:20:52 +08:00
parent 560a7baddc
commit 85a174bcb5
1 changed files with 12 additions and 0 deletions
@@ -248,6 +248,17 @@ function isNonAuthErrorCode(code: string | undefined): boolean {
  ].includes(code);
 }

+function isAuthFailureResponse(status: number, payload: unknown): boolean {
+  if (status === 401) return true;
+  if (status !== 403) return false;
+
+  const code = getPayloadCode(payload);
+  if (code === "SESSION_REPLACED" || code === "TOKEN_EXPIRED" || code === "ACCOUNT_DISABLED") return true;
+
+  const message = getPayloadMessage(payload) || "";
+  return /账号已禁用|登录已过期|登录状态|session|token|企业信息不存在/i.test(message);
+}
+
 function notifySessionExpired(status: number, response: Response, payload: unknown): void {
  if (status !== 401 && status !== 403) return;
  if (typeof window === "undefined") return;
@@ -263,6 +274,7 @@ function notifySessionExpired(status: number, response: Response, payload: unkno
  // Non-auth 403 errors (enterprise model access, insufficient balance) must
  // not trigger session expiry.
  if (status === 403 && isNonAuthErrorCode(getPayloadCode(payload))) return;
+  if (!isAuthFailureResponse(status, payload)) return;

  const now = Date.now();
  if (now - lastSessionExpiredEventAt < 1500) return;