fix: Critical runtime bug - TokenRefreshHandler JS interop in Blazor Server
TaxBaik CI/CD / build-and-deploy (push) Successful in 47s

**Problem:**
TokenRefreshHandler (DelegatingHandler) runs on a non-circuit thread.
ILocalStorageService (JS interop) only works during component render.
Production: 401 response → token refresh → JS interop fails silently.

**Solution:**
1. ITokenStore - Scoped in-memory token store (no JS interop)
   - Properties: AccessToken, RefreshToken, TokenExpiryTicks
   - Method: IsAccessTokenExpired()

2. TokenStore implementation
   - Replaces localStorage as primary token source
   - DelegatingHandler reads/writes only to TokenStore
   - Pages reload → GetAuthenticationStateAsync restores from localStorage

3. CustomAuthenticationStateProvider
   - Accepts ITokenStore injection
   - LoginAsync: Write to both TokenStore + localStorage
   - LogoutAsync: Clear both
   - GetAuthenticationStateAsync: Read from TokenStore first, fallback to localStorage

4. AdminDashboardClient BaseAddress fix
   - Was: new Uri("/taxbaik/api/") - relative URI (runtime error)
   - Now: Configured in Program.cs as absolute URI
   - Program.cs: AddHttpClient(..., client => client.BaseAddress = new Uri("http://localhost:5001/taxbaik/api/"))

**Architecture:**
- TokenStore: Scoped in-memory (DelegatingHandler use)
- localStorage: Persistent (page reload recovery)
- Pattern: Server-side token management without JS interop

This fixes the cascading failure that would occur on any 401 in production.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-28 10:54:11 +09:00
parent 58edbd9c8f
commit 08e9e07458
5 changed files with 97 additions and 24 deletions
+12 -17
View File
@@ -10,12 +10,12 @@ using System.Text.Json;
/// </summary>
public class TokenRefreshHandler : DelegatingHandler
{
private readonly ILocalStorageService _localStorage;
private readonly ITokenStore _tokenStore;
private readonly ILogger<TokenRefreshHandler> _logger;
public TokenRefreshHandler(ILocalStorageService localStorage, ILogger<TokenRefreshHandler> logger)
public TokenRefreshHandler(ITokenStore tokenStore, ILogger<TokenRefreshHandler> logger)
{
_localStorage = localStorage;
_tokenStore = tokenStore;
_logger = logger;
}
@@ -24,10 +24,9 @@ public class TokenRefreshHandler : DelegatingHandler
CancellationToken cancellationToken)
{
// 요청에 access token 추가
var accessToken = await _localStorage.GetItemAsStringAsync("accessToken");
if (!string.IsNullOrEmpty(accessToken))
if (!string.IsNullOrEmpty(_tokenStore.AccessToken))
{
request.Headers.Authorization = new("Bearer", accessToken);
request.Headers.Authorization = new("Bearer", _tokenStore.AccessToken);
}
var response = await base.SendAsync(request, cancellationToken);
@@ -35,17 +34,15 @@ public class TokenRefreshHandler : DelegatingHandler
// 401 응답이면 토큰 갱신 시도
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
var refreshToken = await _localStorage.GetItemAsStringAsync("refreshToken");
if (!string.IsNullOrEmpty(refreshToken))
if (!string.IsNullOrEmpty(_tokenStore.RefreshToken))
{
var newTokenPair = await RefreshTokenAsync(refreshToken, request, cancellationToken);
var newTokenPair = await RefreshTokenAsync(_tokenStore.RefreshToken, request, cancellationToken);
if (newTokenPair != null)
{
// 토큰 저장
await _localStorage.SetItemAsStringAsync("accessToken", newTokenPair.AccessToken);
await _localStorage.SetItemAsStringAsync("refreshToken", newTokenPair.RefreshToken);
await _localStorage.SetItemAsStringAsync("tokenExpiry",
DateTime.UtcNow.AddSeconds(newTokenPair.ExpiresIn).Ticks.ToString());
// TokenStore에 토큰 저장
_tokenStore.AccessToken = newTokenPair.AccessToken;
_tokenStore.RefreshToken = newTokenPair.RefreshToken;
_tokenStore.TokenExpiryTicks = DateTime.UtcNow.AddSeconds(newTokenPair.ExpiresIn).Ticks;
// 새 토큰으로 재요청
request.Headers.Authorization = new("Bearer", newTokenPair.AccessToken);
@@ -54,9 +51,7 @@ public class TokenRefreshHandler : DelegatingHandler
else
{
_logger.LogWarning("토큰 갱신 실패 - 로그아웃");
await _localStorage.RemoveItemAsync("accessToken");
await _localStorage.RemoveItemAsync("refreshToken");
await _localStorage.RemoveItemAsync("tokenExpiry");
_tokenStore.Clear();
}
}
}