fix(auth): avoid logout on license activation errors

[s0up4200]

qui would logout on license activation errors due to shared status codes

Summary by CodeRabbit

• Bug Fixes
  • Improved API error message handling with clearer error feedback to users
  • Enhanced session expiry detection with automatic redirect to login
  • Better support for empty API responses

[coderabbitai]

Walkthrough

The API client introduces centralized error handling by extracting error messages from responses and delegating authentication errors to a new handler, replacing per-endpoint redirect logic. Empty responses are now handled by returning undefined. Four private helper methods manage error extraction, auth error handling, logout determination, and auth-endpoint identification.

Changes

Cohort / File(s)	Summary
Centralized Error Handling web/src/lib/api.ts	Added extractErrorMessage() to parse JSON/text error bodies with fallbacks. Added handleAuthError() to manage session expiry redirects. Added shouldForceLogout() to conditionally determine logout necessity. Added isAuthCheckEndpoint() to identify auth endpoints. Integrated these into error flows including empty response handling (204, content-length 0) and updated exportTorrent error handling.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant ApiClient
    participant Server
    participant ErrorHandler
    participant Router

    Client->>ApiClient: fetch(endpoint)
    ApiClient->>Server: HTTP request
    
    alt Success Response
        Server-->>ApiClient: 200 OK / Data
        ApiClient->>Client: Return data
    else Empty Response
        Server-->>ApiClient: 204 / Content-Length: 0
        ApiClient->>Client: Return undefined
    else Error Response
        Server-->>ApiClient: Non-OK status
        ApiClient->>ApiClient: extractErrorMessage()
        ApiClient->>ApiClient: shouldForceLogout(status, endpoint, message)
        
        alt Auth Error Detected
            ApiClient->>ErrorHandler: handleAuthError(status, endpoint, message)
            ErrorHandler->>Router: Redirect to login
            ErrorHandler-->>ApiClient: Throw error
        else Other Error
            ApiClient-->>Client: Throw error with message
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Auth error logic: Review shouldForceLogout() conditions for status codes, endpoints, and path-based decisions to ensure proper session expiry detection.
• Error message extraction: Verify extractErrorMessage() handles malformed JSON, missing content-type headers, and edge cases gracefully.
• Endpoint classification: Confirm isAuthCheckEndpoint() correctly identifies auth-check endpoints and their use in logout logic.
• Integration points: Trace error handling changes in exportTorrent() and other affected methods to ensure consistent behavior.

Poem

🐰 A rabbit hops through API calls,
Where errors once scattered down halls,
Now centralized and neat,
The handlers compete,
To catch every auth session's falls!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main fix: preventing logout on license activation errors, which directly aligns with the PR's objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/auth-license-activation-errors

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

web/src/lib/api.ts (1)

116-142: extractErrorMessage is robust; consider optional support for additional fields

This helper is nicely defensive: it handles empty bodies, JSON with error/message, plain-text bodies, and falls back to a generic status string without risking double body reads.

If your backend ever emits error details under other keys (e.g. detail or nested errors[0].message), you could extend the JSON parsing to check those as well, but that’s purely optional and can be added when needed.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd6db45 and 08f625a.

📒 Files selected for processing (1)

• web/src/lib/api.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

web/src/lib/api.ts (1)

web/src/lib/base-url.ts (1)

• withBasePath (24-29)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run tests

🔇 Additional comments (2)

web/src/lib/api.ts (2)

103-114: Centralized error handling and empty-response handling in request look good

Wiring extractErrorMessage and handleAuthError into request is clean and gives you a single place to manage auth vs. non-auth failures. Treating 204 / content-length: "0" as undefined also pairs nicely with callers like getLatestVersion that already do response ?? null.

No issues from my side here.

---

1045-1047: Reusing shared auth/error handling in exportTorrent is a good improvement

Hooking exportTorrent into extractErrorMessage + handleAuthError makes its error behavior consistent with the rest of the client, including proper session-expiry redirects and better error messages for other failures. The explicit endpoint string you pass into handleAuthError also ensures isAuthCheckEndpoint and future endpoint-based checks behave predictably.

Looks good as-is.