🐛 fix: fix oidc auth timeout issue on the desktop (lobehub#10025)

* add tests

* fix auth timeout issue

* update locale

* fix tests

Author: arvinxx

apps/desktop/src/main/controllers/AuthCtr.ts

@@ -14,39 +14,38 @@ const logger = createLogger('controllers:AuthCtr');
 
 /**
  * Authentication Controller
- * 使用中间页 + 轮询的方式实现 OAuth 授权流程
+ * Implements OAuth authorization flow using intermediate page + polling mechanism
  */
 export default class AuthCtr extends ControllerModule {
   /**
-   * 远程服务器配置控制器
+   * Remote server configuration controller
    */
   private get remoteServerConfigCtr() {
     return this.app.getController(RemoteServerConfigCtr);
   }
 
   /**
-   * 当前的 PKCE 参数
+   * Current PKCE parameters
    */
   private codeVerifier: string | null = null;
   private authRequestState: string | null = null;
 
   /**
-   * 轮询相关参数
+   * Polling related parameters
    */
   // eslint-disable-next-line no-undef
   private pollingInterval: NodeJS.Timeout | null = null;
   private cachedRemoteUrl: string | null = null;
 
   /**
-   * 自动刷新定时器
+   * Auto-refresh timer
    */
   // eslint-disable-next-line no-undef
   private autoRefreshTimer: NodeJS.Timeout | null = null;
 
   /**
-   * 构造 redirect_uri，确保授权和令牌交换时使用相同的 URI
-   * @param remoteUrl 远程服务器 URL
-   * @param includeHandoffId 是否包含 handoff ID（仅在授权时需要）
+   * Construct redirect_uri, ensuring the same URI is used for authorization and token exchange
+   * @param remoteUrl Remote server URL
    */
   private constructRedirectUri(remoteUrl: string): string {
     const callbackUrl = new URL('/oidc/callback/desktop', remoteUrl);
@@ -59,9 +58,12 @@ export default class AuthCtr extends ControllerModule {
    */
   @ipcClientEvent('requestAuthorization')
   async requestAuthorization(config: DataSyncConfig) {
+    // 清理任何旧的授权状态
+    this.clearAuthorizationState();
+
     const remoteUrl = await this.remoteServerConfigCtr.getRemoteServerUrl(config);
 
-    // 缓存远程服务器 URL 用于后续轮询
+    // Cache remote server URL for subsequent polling
     this.cachedRemoteUrl = remoteUrl;
 
     logger.info(
@@ -115,7 +117,7 @@ export default class AuthCtr extends ControllerModule {
   }
 
   /**
-   * 启动轮询机制获取凭证
+   * Start polling mechanism to retrieve credentials
    */
   private startPolling() {
     if (!this.authRequestState) {
@@ -133,7 +135,7 @@ export default class AuthCtr extends ControllerModule {
         // Check if polling has timed out
         if (Date.now() - startTime > maxPollTime) {
           logger.warn('Credential polling timed out');
-          this.stopPolling();
+          this.clearAuthorizationState();
           this.broadcastAuthorizationFailed('Authorization timed out');
           return;
         }
@@ -167,14 +169,14 @@ export default class AuthCtr extends ControllerModule {
         }
       } catch (error) {
         logger.error('Error during credential polling:', error);
-        this.stopPolling();
+        this.clearAuthorizationState();
         this.broadcastAuthorizationFailed('Polling error: ' + error.message);
       }
     }, pollInterval);
   }
 
   /**
-   * 停止轮询
+   * Stop polling
    */
   private stopPolling() {
     if (this.pollingInterval) {
@@ -184,18 +186,30 @@ export default class AuthCtr extends ControllerModule {
   }
 
   /**
-   * 启动自动刷新定时器
+   * 清理授权状态
+   * 在开始新的授权流程前或授权失败/超时后调用
+   */
+  private clearAuthorizationState() {
+    logger.debug('Clearing authorization state');
+    this.stopPolling();
+    this.codeVerifier = null;
+    this.authRequestState = null;
+    this.cachedRemoteUrl = null;
+  }
+
+  /**
+   * Start auto-refresh timer
    */
   private startAutoRefresh() {
-    // 先停止现有的定时器
+    // Stop existing timer first
     this.stopAutoRefresh();
 
-    const checkInterval = 2 * 60 * 1000; // 每 2 分钟检查一次
+    const checkInterval = 2 * 60 * 1000; // Check every 2 minutes
     logger.debug('Starting auto-refresh timer');
 
     this.autoRefreshTimer = setInterval(async () => {
       try {
-        // 检查 token 是否即将过期 (提前 5 分钟刷新)
+        // Check if token is expiring soon (refresh 5 minutes in advance)
         if (this.remoteServerConfigCtr.isTokenExpiringSoon()) {
           const expiresAt = this.remoteServerConfigCtr.getTokenExpiresAt();
           logger.info(
@@ -208,7 +222,7 @@ export default class AuthCtr extends ControllerModule {
             this.broadcastTokenRefreshed();
           } else {
             logger.error(`Auto-refresh failed: ${result.error}`);
-            // 如果自动刷新失败，停止定时器并清除 token
+            // If auto-refresh fails, stop timer and clear token
             this.stopAutoRefresh();
             await this.remoteServerConfigCtr.clearTokens();
             await this.remoteServerConfigCtr.setRemoteServerConfig({ active: false });
@@ -222,7 +236,7 @@ export default class AuthCtr extends ControllerModule {
   }
 
   /**
-   * 停止自动刷新定时器
+   * Stop auto-refresh timer
    */
   private stopAutoRefresh() {
     if (this.autoRefreshTimer) {
@@ -233,44 +247,44 @@ export default class AuthCtr extends ControllerModule {
   }
 
   /**
-   * 轮询获取凭证
-   * 直接发送 HTTP 请求到远程服务器
+   * Poll for credentials
+   * Sends HTTP request directly to remote server
    */
   private async pollForCredentials(): Promise<{ code: string; state: string } | null> {
     if (!this.authRequestState || !this.cachedRemoteUrl) {
       return null;
     }
 
     try {
-      // 使用缓存的远程服务器 URL
+      // Use cached remote server URL
       const remoteUrl = this.cachedRemoteUrl;
 
-      // 构造请求 URL
+      // Construct request URL
       const url = new URL('/oidc/handoff', remoteUrl);
       url.searchParams.set('id', this.authRequestState);
       url.searchParams.set('client', 'desktop');
 
       logger.debug(`Polling for credentials: ${url.toString()}`);
 
-      // 直接发送 HTTP 请求
+      // Send HTTP request directly
       const response = await fetch(url.toString(), {
         headers: {
           'Content-Type': 'application/json',
         },
         method: 'GET',
       });
 
-      // 检查响应状态
+      // Check response status
       if (response.status === 404) {
-        // 凭证还未准备好，这是正常情况
+        // Credentials not ready yet, this is normal
         return null;
       }
 
       if (!response.ok) {
         throw new Error(`HTTP ${response.status}: ${response.statusText}`);
       }
 
-      // 解析响应数据
+      // Parse response data
       const data = (await response.json()) as {
         data: {
           id: string;
@@ -511,15 +525,15 @@ export default class AuthCtr extends ControllerModule {
   }
 
   /**
-   * 应用启动后初始化
+   * Initialize after app is ready
    */
   afterAppReady() {
     logger.debug('AuthCtr initialized, checking for existing tokens');
     this.initializeAutoRefresh();
   }
 
   /**
-   * 清理所有定时器
+   * Clean up all timers
    */
   cleanup() {
     logger.debug('Cleaning up AuthCtr timers');
@@ -528,59 +542,59 @@ export default class AuthCtr extends ControllerModule {
   }
 
   /**
-   * 初始化自动刷新功能
-   * 在应用启动时检查是否有有效的 token，如果有就启动自动刷新定时器
+   * Initialize auto-refresh functionality
+   * Checks for valid token at app startup and starts auto-refresh timer if token exists
    */
   private async initializeAutoRefresh() {
     try {
       const config = await this.remoteServerConfigCtr.getRemoteServerConfig();
 
-      // 检查是否配置了远程服务器且处于活动状态
+      // Check if remote server is configured and active
       if (!config.active || !config.remoteServerUrl) {
         logger.debug(
           'Remote server not active or configured, skipping auto-refresh initialization',
         );
         return;
       }
 
-      // 检查是否有有效的访问令牌
+      // Check if valid access token exists
       const accessToken = await this.remoteServerConfigCtr.getAccessToken();
       if (!accessToken) {
         logger.debug('No access token found, skipping auto-refresh initialization');
         return;
       }
 
-      // 检查是否有过期时间信息
+      // Check if token expiration time exists
       const expiresAt = this.remoteServerConfigCtr.getTokenExpiresAt();
       if (!expiresAt) {
         logger.debug('No token expiration time found, skipping auto-refresh initialization');
         return;
       }
 
-      // 检查 token 是否已经过期
+      // Check if token has already expired
       const currentTime = Date.now();
       if (currentTime >= expiresAt) {
         logger.info('Token has expired, attempting to refresh it');
 
-        // 尝试刷新 token
+        // Attempt to refresh token
         const refreshResult = await this.remoteServerConfigCtr.refreshAccessToken();
         if (refreshResult.success) {
           logger.info('Token refresh successful during initialization');
           this.broadcastTokenRefreshed();
-          // 重新启动自动刷新定时器
+          // Restart auto-refresh timer
           this.startAutoRefresh();
           return;
         } else {
           logger.error(`Token refresh failed during initialization: ${refreshResult.error}`);
-          // 只有在刷新失败时才清除 token 并要求重新授权
+          // Clear token and require re-authorization only on refresh failure
           await this.remoteServerConfigCtr.clearTokens();
           await this.remoteServerConfigCtr.setRemoteServerConfig({ active: false });
           this.broadcastAuthorizationRequired();
           return;
         }
       }
 
-      // 启动自动刷新定时器
+      // Start auto-refresh timer
       logger.info(
         `Token is valid, starting auto-refresh timer. Token expires at: ${new Date(expiresAt).toISOString()}`,
       );