From 5e39b53a44839f266e2a39a4ecd5db1ab79e7280 Mon Sep 17 00:00:00 2001 From: Pascal Martineau Date: Wed, 28 Jan 2026 21:37:20 -0500 Subject: [PATCH] feat: enhance refreshAuthToken to prevent duplicate requests --- .../themes/moonshine/server/utils/auth.ts | 34 +++++++++++++++---- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/wp-content/themes/moonshine/server/utils/auth.ts b/wp-content/themes/moonshine/server/utils/auth.ts index a6aef8e..cb1960d 100644 --- a/wp-content/themes/moonshine/server/utils/auth.ts +++ b/wp-content/themes/moonshine/server/utils/auth.ts @@ -40,15 +40,35 @@ function getAuthUser(user: AuthUserFragment): User { }; } +// Track in-flight refreshAuthToken calls to prevent duplicate requests +const refreshTokenPromises = new Map>(); + // Refresh auth token by calling remote GraphQL endpoint directly export async function refreshAuthToken(refreshToken: string): Promise { - const { public: { wpUrl } } = useRuntimeConfig(); - const endpoint = `${wpUrl}/graphql`; - const { data } = await executeGraphQLHTTP>({ - query: AuthRefreshTokenDocument, - variables: { refreshToken }, - }, { endpoint }); - return data?.refreshToken?.authToken || undefined; + // Return existing in-flight promise if available + const inFlight = refreshTokenPromises.get(refreshToken); + if (inFlight) { + return inFlight; + } + + const refreshPromise = (async () => { + const { wpUrl } = useRuntimeConfig(); + const endpoint = `${wpUrl}/graphql`; + const { data } = await executeGraphQLHTTP>({ + query: AuthRefreshTokenDocument, + variables: { refreshToken }, + }, { endpoint }); + return data?.refreshToken?.authToken || undefined; + })(); + + refreshTokenPromises.set(refreshToken, refreshPromise); + + return refreshPromise.finally(() => { + const current = refreshTokenPromises.get(refreshToken); + if (current === refreshPromise) { + refreshTokenPromises.delete(refreshToken); + } + }); } // Get auth token from user session (refresh if needed)