Yicong-Huang opened a new pull request, #5392: URL: https://github.com/apache/texera/pull/5392
### What changes were proposed in this PR? Adds `UnauthorizedHttpInterceptor` that watches every HTTP response: when the server returns 401 to a request that carried an `Authorization` header, it clears the stored JWT, surfaces a "session expired" notification, and routes to `/about` with `returnUrl` so the user can return after re-login. 401 responses to anonymous requests pass through unchanged so a 401 on a public endpoint never wipes a freshly-stored token. Flips `JwtModule.forRoot`'s `skipWhenExpired` from `false` to `true`, so a stale `localStorage` token is no longer auto-appended to public pre-login endpoints (`/api/config/gui`, `/api/config/user-system`). That auto-append is the exact mechanism that caused the revert of #4903 in #5025 — without it, an expired token reaches public endpoints, gets rejected, and breaks the login page before the user can re-authenticate. ### Any related issues, documentation, discussions? Closes #5391. Prerequisite for a re-attempt of #4901 (whose first try, #4903, was reverted by #5025 because of #5026). Discussion: https://lists.apache.org/thread/w5jmczrffxd5doc5hnss2zm7dbhnbhyy ### How was this PR tested? Added `unauthorized-http-interceptor.service.spec.ts` covering: 401 with Authorization → logout + notify + navigate; 401 without Authorization → no-op; non-401 with Authorization → no-op; root path → omits `returnUrl`. Full `yarn test` and `yarn format:ci` pass locally. ### Was this PR authored or co-authored using generative AI tooling? Generated-by: Claude Code (Opus 4.7) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
