🔄 refactor(ui): remove auth user TTL cache in favor of request deduplication

Author: s-b-e-n-s-o-n

ui/src/services/auth.ts

@@ -4,31 +4,12 @@
 
 import { errorMessage } from '../utils/error';
 
-export const AUTH_USER_CACHE_TTL_MS = 5_000;
-
-let cachedUser: unknown = undefined;
-let cachedUserExpiresAt = 0;
-let hasCachedUser = false;
 let pendingUserRequest: Promise<unknown> | undefined;
 
-function setCachedUser(user: unknown, now = Date.now()) {
-  cachedUser = user;
-  cachedUserExpiresAt = now + AUTH_USER_CACHE_TTL_MS;
-  hasCachedUser = true;
-  return user;
-}
-
 function clearCachedUser() {
-  cachedUser = undefined;
-  cachedUserExpiresAt = 0;
-  hasCachedUser = false;
   pendingUserRequest = undefined;
 }
 
-function hasFreshUserCache(now = Date.now()) {
-  return hasCachedUser && cachedUserExpiresAt > now;
-}
-
 function getPayloadErrorMessage(payload: unknown): string {
   if (typeof payload !== 'object' || payload === null) {
     return '';
@@ -61,27 +42,25 @@ async function getStrategies(): Promise<{
  * @returns {Promise<*>}
  */
 async function getUser() {
-  if (hasFreshUserCache()) {
-    return cachedUser;
-  }
-
   if (pendingUserRequest) {
     return pendingUserRequest;
   }
 
   pendingUserRequest = (async () => {
     try {
+      // Only dedupe concurrent callers. Always revalidate settled auth state so
+      // logout/session expiry in another tab is reflected on the next check.
       const response = await fetch('/auth/user', {
         redirect: 'manual',
         credentials: 'include',
       });
       if (response.ok) {
-        return setCachedUser(await response.json());
+        return await response.json();
       }
-      return setCachedUser(undefined);
+      return undefined;
     } catch (e: unknown) {
       console.debug(`Unable to fetch current user: ${errorMessage(e)}`);
-      return setCachedUser(undefined);
+      return undefined;
     } finally {
       pendingUserRequest = undefined;
     }
@@ -122,7 +101,8 @@ async function loginBasic(username: string, password: string, remember: boolean
 
     throw new Error(message || 'Username or password error');
   }
-  return setCachedUser(await response.json());
+  clearCachedUser();
+  return await response.json();
 }
 
 /**

ui/tests/services/auth.spec.ts

@@ -69,27 +69,20 @@ describe('Auth Service', () => {
       }
     });
 
-    it('reuses a fresh cached user without refetching', async () => {
-      vi.useFakeTimers();
-      const { AUTH_USER_CACHE_TTL_MS, getUser } = await loadAuthService();
+    it('revalidates a settled authenticated user on the next call', async () => {
+      const { getUser } = await loadAuthService();
       const mockUser = { username: 'cached-user', roles: ['admin'] };
       fetchMock.mockResolvedValueOnce({
         ok: true,
         json: async () => mockUser,
       });
-
-      expect(await getUser()).toEqual(mockUser);
-      expect(await getUser()).toEqual(mockUser);
-
-      expect(fetchMock).toHaveBeenCalledTimes(1);
-
-      vi.advanceTimersByTime(AUTH_USER_CACHE_TTL_MS + 1);
       fetchMock.mockResolvedValueOnce({
-        ok: true,
-        json: async () => mockUser,
+        ok: false,
+        status: 401,
       });
 
       expect(await getUser()).toEqual(mockUser);
+      expect(await getUser()).toBeUndefined();
       expect(fetchMock).toHaveBeenCalledTimes(2);
     });
 
@@ -115,6 +108,23 @@ describe('Auth Service', () => {
       await expect(first).resolves.toEqual(mockUser);
       await expect(second).resolves.toEqual(mockUser);
     });
+
+    it('does not keep an unauthenticated result cached after the request settles', async () => {
+      const { getUser } = await loadAuthService();
+      const mockUser = { username: 'fresh-user', roles: ['admin'] };
+      fetchMock.mockResolvedValueOnce({
+        ok: false,
+        status: 401,
+      });
+      fetchMock.mockResolvedValueOnce({
+        ok: true,
+        json: async () => mockUser,
+      });
+
+      expect(await getUser()).toBeUndefined();
+      expect(await getUser()).toEqual(mockUser);
+      expect(fetchMock).toHaveBeenCalledTimes(2);
+    });
   });
 
   describe('loginBasic', () => {