暂存

src/lib/api.ts

@@ -1,6 +1,7 @@
 import axios from "axios";
 import { config } from "@config/config";
 import { useProjectStore } from "@/store/projectStore";
+import { getAccessToken } from "@/lib/authToken";
 
 export const API_URL = process.env.NEXT_PUBLIC_API_URL || config.BACKEND_URL;
 
@@ -8,11 +9,26 @@ export const api = axios.create({
   baseURL: API_URL,
 });
 
-api.interceptors.request.use((request) => {
-  const projectId = useProjectStore.getState().currentProjectId;
-  if (projectId) {
+const isMetaProjectsRequest = (request: {
+  baseURL?: string;
+  url?: string;
+}) => {
+  const url = `${request.baseURL ?? ""}${request.url ?? ""}`;
+  return url.includes("/api/v1/meta/projects");
+};
+
+api.interceptors.request.use(async (request) => {
+  const accessToken = await getAccessToken();
+  if (accessToken) {
     request.headers = request.headers ?? {};
-    request.headers["X-Project-ID"] = projectId;
+    request.headers.Authorization = `Bearer ${accessToken}`;
   }
+
+  const projectId = useProjectStore.getState().currentProjectId;
+  if (projectId && !isMetaProjectsRequest(request)) {
+    request.headers = request.headers ?? {};
+    request.headers["X-Project-Id"] = projectId;
+  }
+
   return request;
 });

src/lib/apiFetch.ts

@@ -1,10 +1,28 @@
 import { useProjectStore } from "@/store/projectStore";
+import { getAccessToken } from "@/lib/authToken";
 
-export const apiFetch = (input: RequestInfo | URL, init: RequestInit = {}) => {
+const resolveUrl = (input: RequestInfo | URL) => {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.toString();
+  if (input instanceof Request) return input.url;
+  return "";
+};
+
+const isMetaProjectsRequest = (input: RequestInfo | URL) =>
+  resolveUrl(input).includes("/api/v1/meta/projects");
+
+export const apiFetch = async (
+  input: RequestInfo | URL,
+  init: RequestInit = {},
+) => {
   const projectId = useProjectStore.getState().currentProjectId;
   const headers = new Headers(init.headers ?? {});
-  if (projectId) {
-    headers.set("X-Project-ID", projectId);
+  const accessToken = await getAccessToken();
+  if (accessToken) {
+    headers.set("Authorization", `Bearer ${accessToken}`);
+  }
+  if (projectId && !isMetaProjectsRequest(input)) {
+    headers.set("X-Project-Id", projectId);
   }
   return fetch(input, { ...init, headers });
 };

src/lib/authToken.ts

@@ -0,0 +1,51 @@
+import { getSession } from "next-auth/react";
+import { useAuthStore } from "@/store/authStore";
+
+const decodeJwtPayload = (token: string) => {
+  const parts = token.split(".");
+  if (parts.length < 2) {
+    console.warn("Invalid JWT format.");
+    return null;
+  }
+  const base64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64.padEnd(Math.ceil(base64.length / 4) * 4, "=");
+  try {
+    const json =
+      typeof window !== "undefined"
+        ? window.atob(padded)
+        : Buffer.from(padded, "base64").toString("utf-8");
+    return JSON.parse(json);
+  } catch (error) {
+    console.warn("Failed to decode JWT payload.", error);
+    return null;
+  }
+};
+
+const isTokenExpired = (token: string) => {
+  const payload = decodeJwtPayload(token);
+  if (!payload) {
+    return true;
+  }
+  if (typeof payload.exp !== "number") {
+    return false;
+  }
+  const now = Date.now();
+  return now >= payload.exp * 1000 - 30_000;
+};
+
+export const getAccessToken = async () => {
+  const { accessToken, setAccessToken } = useAuthStore.getState();
+  if (accessToken && !isTokenExpired(accessToken)) {
+    return accessToken;
+  }
+  if (accessToken) {
+    setAccessToken(null);
+  }
+  const session = await getSession();
+  const token = typeof session?.accessToken === "string" ? session.accessToken : null;
+  if (token && !isTokenExpired(token)) {
+    setAccessToken(token);
+    return token;
+  }
+  return null;
+};