feat: enhance refreshAuthToken to prevent duplicate requests

wp-content/themes/moonshine/server/utils/auth.ts

@@ -40,15 +40,35 @@ function getAuthUser(user: AuthUserFragment): User {
   };
 }
 
+// Track in-flight refreshAuthToken calls to prevent duplicate requests
+const refreshTokenPromises = new Map<string, Promise<string | undefined>>();
+
 // Refresh auth token by calling remote GraphQL endpoint directly
 export async function refreshAuthToken(refreshToken: string): Promise<string | undefined> {
-  const { public: { wpUrl } } = useRuntimeConfig();
+  // Return existing in-flight promise if available
+  const inFlight = refreshTokenPromises.get(refreshToken);
+  if (inFlight) {
+    return inFlight;
+  }
+
+  const refreshPromise = (async () => {
+    const { wpUrl } = useRuntimeConfig();
     const endpoint = `${wpUrl}/graphql`;
     const { data } = await executeGraphQLHTTP<ResultOf<"AuthRefreshToken">>({
       query: AuthRefreshTokenDocument,
       variables: { refreshToken },
     }, { endpoint });
     return data?.refreshToken?.authToken || undefined;
+  })();
+
+  refreshTokenPromises.set(refreshToken, refreshPromise);
+
+  return refreshPromise.finally(() => {
+    const current = refreshTokenPromises.get(refreshToken);
+    if (current === refreshPromise) {
+      refreshTokenPromises.delete(refreshToken);
+    }
+  });
 }
 
 // Get auth token from user session (refresh if needed)