feat(http): implement token refresh mechanism and JWT invalidation in new http feature#32
Merged
feat(http): implement token refresh mechanism and JWT invalidation in new http feature#32
Conversation
There was a problem hiding this comment.
Pull request overview
This PR implements a token refresh mechanism for the HTTP layer, allowing expired JWTs to be automatically renewed without requiring user re-login. It also reorganizes HTTP-related files into a dedicated http/ feature folder and introduces a cyclic dependency breaking pattern using AuthCubitHandle.
Changes:
- Implements
TokenRefreshAuthenticatorto automatically refresh expired JWTs on 401 responses and retry failed requests - Adds
AuthCubitHandleto break the cyclic dependency between HTTP layer and authentication logic - Introduces a debug-only JWT invalidation feature for testing token refresh behavior
- Reorganizes HTTP components into a dedicated feature folder with a barrel export file
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
lib/http/http.dart |
New barrel file exporting HTTP-related modules and generated API clients |
lib/http/make_http_client.dart |
Factory function creating configured ChopperClient with authenticator and interceptor |
lib/http/network_request_interceptor.dart |
Updated to use extracted AuthTokenStore; added documentation |
lib/http/network_request_executor.dart |
Updated import to use new http barrel file |
lib/http/token_refresh_authenticator.dart |
New authenticator implementing automatic token refresh on 401 responses |
lib/login/bloc/auth_cubit_handle.dart |
New handle class breaking cyclic dependency between HTTP and auth layers |
lib/login/bloc/authentication_cubit.dart |
Removed unimplemented refreshToken method |
lib/login/data/auth_token_store.dart |
Extracted from network_request_interceptor into separate file with documentation |
lib/login/data/authentication_token_repository.dart |
Added invalidateJwt method for debug testing and updated import |
lib/login/data/authentication_tokens.dart |
Added toString method for debugging |
lib/login/data/login_repository.dart |
Updated imports to use http barrel file |
lib/core/failures.dart |
Fixed field name typo (statuscode → statusCode) and improved error messages |
lib/core/widgets/app_bar.dart |
Added debug-only button to invalidate JWT tokens for testing |
lib/app/dependencies_provider.dart |
Updated dependency wiring to support token refresh architecture |
lib/tickets/my_tickets/data/owned_tickets_remote_data_provider.dart |
Updated imports to use http barrel file |
test/router_test.dart |
Updated imports to use http barrel file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds a token refresh mechanism to the http layer so expired JWTs are renewed transparently, without requiring the user to log in again. There is a cyclic dependency between the token refresher and AuthCubit (which handles logout logic), so this is fixed with an AuthCubitHandle.
HTTP-related files are now moved into a dedicated
http/feature folder.Type of Change