Commit Graph

2 Commits

Author SHA1 Message Date
kjh2064 08e9e07458 fix: Critical runtime bug - TokenRefreshHandler JS interop in Blazor Server
TaxBaik CI/CD / build-and-deploy (push) Successful in 47s
**Problem:**
TokenRefreshHandler (DelegatingHandler) runs on a non-circuit thread.
ILocalStorageService (JS interop) only works during component render.
Production: 401 response → token refresh → JS interop fails silently.

**Solution:**
1. ITokenStore - Scoped in-memory token store (no JS interop)
   - Properties: AccessToken, RefreshToken, TokenExpiryTicks
   - Method: IsAccessTokenExpired()

2. TokenStore implementation
   - Replaces localStorage as primary token source
   - DelegatingHandler reads/writes only to TokenStore
   - Pages reload → GetAuthenticationStateAsync restores from localStorage

3. CustomAuthenticationStateProvider
   - Accepts ITokenStore injection
   - LoginAsync: Write to both TokenStore + localStorage
   - LogoutAsync: Clear both
   - GetAuthenticationStateAsync: Read from TokenStore first, fallback to localStorage

4. AdminDashboardClient BaseAddress fix
   - Was: new Uri("/taxbaik/api/") - relative URI (runtime error)
   - Now: Configured in Program.cs as absolute URI
   - Program.cs: AddHttpClient(..., client => client.BaseAddress = new Uri("http://localhost:5001/taxbaik/api/"))

**Architecture:**
- TokenStore: Scoped in-memory (DelegatingHandler use)
- localStorage: Persistent (page reload recovery)
- Pattern: Server-side token management without JS interop

This fixes the cascading failure that would occur on any 401 in production.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-28 10:54:11 +09:00
kjh2064 0334a5f607 refactor: Phase 4 - Dashboard Blazor → API client (Service Locator → Dependency Injection)
TaxBaik CI/CD / build-and-deploy (push) Successful in 1m19s
**Implementation:**
- AdminDashboardClient: HTTP API client interface
  - GetSummaryAsync: Fetch dashboard metrics
  - GetUpcomingFilingsAsync: 30-day filings forecast
  - GetRecentInquiriesAsync: Latest inquiries
  - GetMonthlyStatsAsync: Monthly statistics
- Program.cs: Register IAdminDashboardClient
- Dashboard.razor: Replace service injection with API client
  - Remove: Direct AdminDashboardService/TaxFilingService injection
  - Add: IAdminDashboardClient injection
  - Add: Error handling & loading state
  - Change: OnInitializedAsync() calls API endpoints

**SOLID Principles Applied:**
✓ D (Dependency Inversion): Blazor depends on IAdminDashboardClient abstraction
✓ S (Single Responsibility): Client handles only HTTP communication
✓ O (Open/Closed): Can extend API without changing Blazor component

**Architecture Pattern:**
- Before: Blazor → Service (server-side logic) → Repository → DB
- After: Blazor → HTTP → API → Service → Repository → DB

**Benefits:**
- Clear separation of concerns
- Easier to test (mock HTTP)
- Foundation for token refresh middleware
- Prepare for SignalR integration

Status: Ready for Phase 5 (JWT token refresh)
Next: Implement automatic token refresh on 401 responses

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-28 10:47:29 +09:00