From 6e4a3ff1996f55d99896a0e8267c1915de09dd39 Mon Sep 17 00:00:00 2001
From: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
Date: Sun, 4 Sep 2022 14:30:11 +0000
Subject: [PATCH] fix: authenticate per request (#2258)

Co-authored-by: Dominik Pschenitschni <mail@celement.de>
Reviewed-on: https://kolaente.dev/vikunja/frontend/pulls/2258
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
Co-committed-by: Dominik Pschenitschni <dpschen@noreply.kolaente.de>
---
 src/http-common/index.ts        | 34 +++++++++++++++++++++++++--------
 src/services/abstractService.ts | 16 ++--------------
 src/store/modules/auth.ts       |  2 +-
 3 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/src/http-common/index.ts b/src/http-common/index.ts
index e6c116cd6..16dee8efb 100644
--- a/src/http-common/index.ts
+++ b/src/http-common/index.ts
@@ -2,17 +2,35 @@ import axios from 'axios'
 import {getToken} from '@/helpers/auth'
 
 export function HTTPFactory() {
-	return axios.create({
-		baseURL: window.API_URL,
+	const instance = axios.create({baseURL: window.API_URL})
+
+	instance.interceptors.request.use((config) => {
+		// by setting the baseURL fresh for every request
+		// we make sure that it is never outdated in case it is updated
+		config.baseURL = window.API_URL
+
+		return config
 	})
+
+	return instance
 }
 
-export function AuthenticatedHTTPFactory(token = getToken()) {	
-	return axios.create({
-		baseURL: window.API_URL,
-		headers: {
-			Authorization: `Bearer ${token}`,
+export function AuthenticatedHTTPFactory() {	
+	const instance = HTTPFactory()
+
+	instance.interceptors.request.use((config) => {
+		config.headers = {
+			...config.headers,
 			'Content-Type': 'application/json',
-		},
+		}
+
+		// Set the default auth header if we have a token
+		const token = getToken()
+		if (token !== null) {
+			config.headers['Authorization'] = `Bearer ${token}`
+		}
+		return config
 	})
+
+	return instance
 }
diff --git a/src/services/abstractService.ts b/src/services/abstractService.ts
index 78caa0d0b..c2a7b4578 100644
--- a/src/services/abstractService.ts
+++ b/src/services/abstractService.ts
@@ -1,6 +1,5 @@
-import axios from 'axios'
 import {objectToSnakeCase} from '@/helpers/case'
-import {getToken} from '@/helpers/auth'
+import {AuthenticatedHTTPFactory} from '@/http-common'
 
 function convertObject(o) {
 	if (o instanceof Date) {
@@ -56,12 +55,7 @@ export default class AbstractService {
 	 * @param [paths] An object with all paths. Default values are specified above.
 	 */
 	constructor(paths) {
-		this.http = axios.create({
-			baseURL: window.API_URL,
-			headers: {
-				'Content-Type': 'application/json',
-			},
-		})
+		this.http = AuthenticatedHTTPFactory()
 
 		// Set the interceptors to process every request
 		this.http.interceptors.request.use((config) => {
@@ -88,12 +82,6 @@ export default class AbstractService {
 			return config
 		})
 
-		// Set the default auth header if we have a token
-		const token = getToken()
-		if (token !== null) {
-			this.http.defaults.headers.common['Authorization'] = `Bearer ${token}`
-		}
-
 		if (paths) {
 			this.paths = {
 				create: paths.create !== undefined ? paths.create : '',
diff --git a/src/store/modules/auth.ts b/src/store/modules/auth.ts
index 6273e5c1e..a9c694c4c 100644
--- a/src/store/modules/auth.ts
+++ b/src/store/modules/auth.ts
@@ -215,7 +215,7 @@ export default {
 				return
 			}
 
-			const HTTP = AuthenticatedHTTPFactory(jwt)
+			const HTTP = AuthenticatedHTTPFactory()
 			try {
 				const response = await HTTP.get('user')
 				const info = new UserModel(response.data)