Davron/plagiat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vulneribilty fixed

Browse Source
This commit is contained in:
nabijonovdavronbek619@gmail.com
2026-04-09 12:00:06 +05:00
parent dfb8d3bdbc
commit 73158a1972
26 changed files with 553 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/shared/request/apiRequest.ts
View File

@@ -4,8 +4,44 @@ import axios, {
AxiosError,
InternalAxiosRequestConfig,
} from 'axios';
import { toast } from 'react-toastify';
import { getRouteLang } from './getLanguage';
// ─── Error message extractor ───────────────────────────────────────────────────
function extractErrorMessage(error: AxiosError): string {
const data = error.response?.data as Record<string, unknown> | undefined;
if (!data) {
if (error.code === 'ECONNABORTED')
return 'Request timed out. Please try again.';
if (!navigator.onLine) return 'No internet connection.';
return error.message || 'An unexpected error occurred.';
}
// Simple string fields: { message, detail, error }
if (typeof data.message === 'string' && data.message) return data.message;
if (typeof data.detail === 'string' && data.detail) return data.detail;
if (typeof data.error === 'string' && data.error) return data.error;
// Wrapped: { errors: { field: ["msg"] } }
if (data.errors && typeof data.errors === 'object') {
const first = Object.values(data.errors as Record<string, unknown>)[0];
if (Array.isArray(first) && first.length > 0) return String(first[0]);
if (typeof first === 'string') return first;
}
// DRF field-level errors at top level: { phone: ["msg"], name: ["msg"] }
for (const val of Object.values(data)) {
if (Array.isArray(val) && val.length > 0 && typeof val[0] === 'string') {
return val[0];
}
if (typeof val === 'string' && val) return val;
}
return 'An unexpected error occurred.';
}
// ─── Constants ─────────────────────────────────────────────────────────────────
// const baseUrl = process.env.NEXT_PUBLIC_API_BASE_URL;
@@ -107,9 +143,14 @@ api.interceptors.response.use(
};
const status = error.response?.status;
const requestUrl = originalRequest.url ?? '';
const isAuthEndpoint =
requestUrl.includes('/users/login/') ||
requestUrl.includes('/users/register/');
// Only attempt refresh on 401 and only once per request
if (status !== 401 || originalRequest._retry) {
// For auth endpoints, 401 means wrong credentials — show error, don't refresh
if (isAuthEndpoint || status !== 401 || originalRequest._retry) {
toast.error(extractErrorMessage(error));
return Promise.reject(error);
}