Fix issues #6, #7, #11, #12, #13: med reminders, push notifications, auth persistence, scheduling conflicts

- Fix TIME object vs string comparison in scheduler preventing adaptive med reminders from ever firing (#12, #6) - Add frequency filtering to midnight schedule creation for every_n_days meds - Require start_date and interval_days for every_n_days medications - Add refresh token support (30-day) to API and bot for persistent sessions (#13) - Add "trusted device" checkbox to frontend login for long-lived sessions (#7) - Auto-refresh expired tokens in both bot (apiRequest) and frontend (api.ts) - Restore bot sessions from cache on restart using refresh tokens - Duration-aware routine scheduling conflict detection (#11) - Add conflict check when starting routine sessions against medication times - Add diagnostic logging to notification delivery channels Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:05:48 -06:00
parent 6850abf7d2
commit d4adbde3df
10 changed files with 474 additions and 69 deletions
--- a/synculous-client/src/lib/api.ts
+++ b/synculous-client/src/lib/api.ts
@@ -11,11 +11,57 @@ function setToken(token: string): void {

 function clearToken(): void {
  localStorage.removeItem('token');
+  localStorage.removeItem('refresh_token');
+}
+
+function getRefreshToken(): string | null {
+  if (typeof window === 'undefined') return null;
+  return localStorage.getItem('refresh_token');
+}
+
+function setRefreshToken(token: string): void {
+  localStorage.setItem('refresh_token', token);
+}
+
+let refreshPromise: Promise<boolean> | null = null;
+
+async function tryRefreshToken(): Promise<boolean> {
+  // Deduplicate concurrent refresh attempts
+  if (refreshPromise) return refreshPromise;
+
+  refreshPromise = (async () => {
+    const refreshToken = getRefreshToken();
+    if (!refreshToken) return false;
+    try {
+      const resp = await fetch(`${API_URL}/api/refresh`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ refresh_token: refreshToken }),
+      });
+      if (resp.ok) {
+        const data = await resp.json();
+        if (data.token) {
+          setToken(data.token);
+          return true;
+        }
+      }
+      // Refresh token is invalid/expired - clear everything
+      clearToken();
+      return false;
+    } catch {
+      return false;
+    } finally {
+      refreshPromise = null;
+    }
+  })();
+
+  return refreshPromise;
 }

 async function request<T>(
  endpoint: string,
-  options: RequestInit = {}
+  options: RequestInit = {},
+  _retried = false,
 ): Promise<T> {
  const token = getToken();
  const headers: HeadersInit = {
@@ -31,6 +77,14 @@ async function request<T>(
    headers,
  });

+  // Auto-refresh on 401
+  if (response.status === 401 && !_retried) {
+    const refreshed = await tryRefreshToken();
+    if (refreshed) {
+      return request<T>(endpoint, options, true);
+    }
+  }
+
  if (!response.ok) {
    const body = await response.text();
    let errorMsg = 'Request failed';
@@ -49,12 +103,15 @@ async function request<T>(
 export const api = {
  // Auth
  auth: {
-    login: async (username: string, password: string) => {
-      const result = await request<{ token: string }>('/api/login', {
+    login: async (username: string, password: string, trustDevice = false) => {
+      const result = await request<{ token: string; refresh_token?: string }>('/api/login', {
        method: 'POST',
-        body: JSON.stringify({ username, password }),
+        body: JSON.stringify({ username, password, trust_device: trustDevice }),
      });
      setToken(result.token);
+      if (result.refresh_token) {
+        setRefreshToken(result.refresh_token);
+      }
      return result;
    },