feat(users): add reset password functionality for users and implement forgot password page

2026-02-03 17:33:47 +07:00
parent 9bc15192ec
commit dca363275e
35 changed files with 1592 additions and 321 deletions
--- a/config/request_dev.ts
+++ b/config/request_dev.ts
@@ -1,43 +1,48 @@
 import { HTTPSTATUS } from '@/constants';
+import { API_PATH_REFRESH_TOKEN } from '@/constants/api';
 import { ROUTE_LOGIN } from '@/constants/routes';
-import { getToken, removeToken } from '@/utils/storage';
-import { history, RequestConfig } from '@umijs/max';
+import { apiRefreshToken } from '@/services/master/AuthController';
+import { checkRefreshTokenExpired } from '@/utils/jwt';
+import {
+  clearAllData,
+  getAccessToken,
+  getRefreshToken,
+  setAccessToken,
+} from '@/utils/storage';
+import { history, request, RequestConfig } from '@umijs/max';
 import { message } from 'antd';

-// Error handling scheme: Error types
-// enum ErrorShowType {
-//   SILENT = 0,
-//   WARN_MESSAGE = 1,
-//   ERROR_MESSAGE = 2,
-//   NOTIFICATION = 3,
-//   REDIRECT = 9,
-// }
-// Response data structure agreed with the backend
-// interface ResponseStructure<T = any> {
-//   success: boolean;
-//   data: T;
-//   errorCode?: number;
-//   errorMessage?: string;
-//   showType?: ErrorShowType;
-// }
+// Trạng thái dùng chung cho cơ chế refresh token + hàng đợi
+let refreshingTokenPromise: Promise<string | null> | null = null;

-// const codeMessage = {
-//   200: 'The server successfully returned the requested data。',
-//   201: 'New or modified data succeeded。',
-//   202: 'A request has been queued in the background (asynchronous task)。',
-//   204: 'Data deleted successfully。',
-//   400: 'There is an error in the request sent, the server did not perform the operation of creating or modifying data。',
-//   401: 'The user does not have permission (token, username, password is wrong) 。',
-//   403: 'User is authorized, but access is prohibited。',
-//   404: 'The request issued was for a non-existent record, the server did not operate。',
-//   406: 'The requested format is not available。',
-//   410: 'The requested resource is permanently deleted and will no longer be available。',
-//   422: 'When creating an object, a validation error occurred。',
-//   500: 'Server error, please check the server。',
-//   502: 'Gateway error。',
-//   503: 'Service unavailable, server temporarily overloaded or maintained。',
-//   504: 'Gateway timeout。',
-// };
+async function getValidAccessToken(): Promise<string | null> {
+  const refreshToken = getRefreshToken();
+
+  if (!refreshToken || checkRefreshTokenExpired(refreshToken)) {
+    return null;
+  }
+
+  if (!refreshingTokenPromise) {
+    refreshingTokenPromise = apiRefreshToken({ refresh_token: refreshToken })
+      .then((resp) => {
+        if (resp?.access_token) {
+          setAccessToken(resp.access_token);
+          return resp.access_token;
+        }
+        return null;
+      })
+      .catch((err) => {
+        // eslint-disable-next-line no-console
+        console.error('Refresh token failed:', err);
+        return null;
+      })
+      .finally(() => {
+        refreshingTokenPromise = null;
+      });
+  }
+
+  return refreshingTokenPromise;
+}

 // Runtime configuration
 export const handleRequestConfig: RequestConfig = {
@@ -45,7 +50,9 @@ export const handleRequestConfig: RequestConfig = {
  timeout: 20000,
  validateStatus: (status) => {
    return (
-      (status >= 200 && status < 300) || status === HTTPSTATUS.HTTP_NOTFOUND
+      (status >= 200 && status < 300) ||
+      status === HTTPSTATUS.HTTP_NOTFOUND ||
+      status === HTTPSTATUS.HTTP_UNAUTHORIZED
    );
  },
  headers: { 'X-Requested-With': 'XMLHttpRequest' },
@@ -76,8 +83,8 @@ export const handleRequestConfig: RequestConfig = {
        //   'Unknown error';

        if (status === HTTPSTATUS.HTTP_UNAUTHORIZED) {
-          removeToken();
-          history.push(ROUTE_LOGIN);
+          // 401 đã được xử lý trong responseInterceptors (refresh token + redirect nếu cần)
+          return;
        } else if (status === HTTPSTATUS.HTTP_SERVERERROR) {
          // message.error('💥 Internal server error!');
        } else {
@@ -93,7 +100,7 @@ export const handleRequestConfig: RequestConfig = {
  // Request interceptors
  requestInterceptors: [
    (url: string, options: any) => {
-      const token = getToken();
+      const token = getAccessToken();
      // console.log('Token: ', token);

      return {
@@ -113,14 +120,67 @@ export const handleRequestConfig: RequestConfig = {

  // Unwrap data from backend response
  responseInterceptors: [
-    (response) => {
+    async (response: any, options: any) => {
+      const isRefreshRequest = response.url?.includes(API_PATH_REFRESH_TOKEN);
+      const alreadyRetried = options?.skipAuthRefresh === true;
+
+      // Xử lý 401: đưa request vào hàng đợi, gọi refresh token, rồi gọi lại
+      if (
+        response.status === HTTPSTATUS.HTTP_UNAUTHORIZED &&
+        // Không tự refresh cho chính API refresh token để tránh vòng lặp vô hạn
+        !isRefreshRequest &&
+        !alreadyRetried
+      ) {
+        const newToken = await getValidAccessToken();
+        console.log('Access Token hết hạn, đang refresh...');
+
+        // Không refresh được => xoá dữ liệu, điều hướng về trang login
+        if (!newToken) {
+          console.log('Access Token hết hạn và không thể refresh');
+          const { pathname } = history.location;
+          clearAllData();
+          if (pathname !== ROUTE_LOGIN) {
+            console.log(
+              'Request dev: Chuyển về trang login và có pathname ',
+              pathname,
+            );
+
+            history.push(`${ROUTE_LOGIN}?redirect=${pathname}`);
+          } else {
+            console.log(
+              'Request dev: Chuyển về trang login và không có pathname',
+            );
+            history.push(ROUTE_LOGIN);
+          }
+          return Promise.reject(
+            new Error('Unauthorized and refresh token is invalid'),
+          );
+        }
+
+        const newOptions = {
+          ...options,
+          headers: {
+            ...(options.headers || {}),
+            Authorization: `${newToken}`,
+          },
+          skipAuthRefresh: true,
+        };
+
+        // Gọi lại request gốc với accessToken mới
+        return request(response.url, newOptions);
+      }
+
+      if (
+        response.status === HTTPSTATUS.HTTP_UNAUTHORIZED &&
+        (isRefreshRequest || alreadyRetried)
+      ) {
+        clearAllData();
+        history.push(ROUTE_LOGIN);
+        return Promise.reject(new Error('Unauthorized'));
+      }
+
      // console.log('Response from server: ', response);

-      // const res = response.data as ResponseStructure<any>;
-      // if (res && res.success) {
-      //   // ✅ Trả ra data luôn thay vì cả object
-      //   return res.data;
-      // }
      return {
        status: response.status,
        statusText: response.statusText,
@@ -129,5 +189,5 @@ export const handleRequestConfig: RequestConfig = {
        data: response.data,
      };
    },
-  ],
+  ] as any,
 };