From 7d100a9efc5bd08bfc126b3acc7b61a4a8531e3f Mon Sep 17 00:00:00 2001
From: XuqmGroup <noreply@xuqm.com>
Date: Mon, 18 May 2026 14:12:03 +0800
Subject: [PATCH] fix(auth): use auth.logout() instead of
 localStorage.removeItem in interceptors

When a 401/expired-token fires in client.ts or file.ts, the handlers were
clearing localStorage but not the Pinia auth.token ref. The route guard
reads Pinia, so router.push('/login') was immediately bounced back to
/dashboard, leaving the user in a ghost-authenticated state where all API
calls failed with 401.

Calling auth.logout() clears both Pinia state and localStorage atomically,
so the route guard correctly allows the redirect to /login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 tenant-platform/src/api/client.ts | 5 +++--
 tenant-platform/src/api/file.ts   | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/tenant-platform/src/api/client.ts b/tenant-platform/src/api/client.ts
index 6767893..1ee1202 100644
--- a/tenant-platform/src/api/client.ts
+++ b/tenant-platform/src/api/client.ts
@@ -2,6 +2,7 @@ import axios from 'axios'
 import { ElMessage } from 'element-plus'
 import router from '@/router'
 import { isJwtExpired } from '@/utils/jwt'
+import { useAuthStore } from '@/stores/auth'
 
 const client = axios.create({
   baseURL: import.meta.env.VITE_API_BASE_URL ?? '/api',
@@ -31,7 +32,7 @@ client.interceptors.request.use((config) => {
   if (token && !isJwtExpired(token)) {
     config.headers.Authorization = `Bearer ${token}`
   } else if (token && isJwtExpired(token)) {
-    localStorage.removeItem('token')
+    useAuthStore().logout()
     if (router.currentRoute.value.path !== '/login') {
       router.push('/login?reason=' + encodeURIComponent('登录已失效，请重新登录'))
     }
@@ -41,7 +42,7 @@ client.interceptors.request.use((config) => {
 })
 
 function handleAuthFailure(message: string) {
-  localStorage.removeItem('token')
+  useAuthStore().logout()
   if (router.currentRoute.value.path !== '/login') {
     router.push('/login')
   }
diff --git a/tenant-platform/src/api/file.ts b/tenant-platform/src/api/file.ts
index af4279c..f74d18b 100644
--- a/tenant-platform/src/api/file.ts
+++ b/tenant-platform/src/api/file.ts
@@ -2,6 +2,7 @@ import axios from 'axios'
 import { ElMessage } from 'element-plus'
 import router from '@/router'
 import { isJwtExpired } from '@/utils/jwt'
+import { useAuthStore } from '@/stores/auth'
 
 export type UploadProgressHandler = (percent: number) => void
 
@@ -33,7 +34,7 @@ fileClient.interceptors.request.use((config) => {
   if (token && !isJwtExpired(token)) {
     config.headers.Authorization = `Bearer ${token}`
   } else if (token && isJwtExpired(token)) {
-    localStorage.removeItem('token')
+    useAuthStore().logout()
     if (router.currentRoute.value.path !== '/login') {
       router.push('/login?reason=' + encodeURIComponent('登录已失效，请重新登录'))
     }
@@ -47,7 +48,7 @@ fileClient.interceptors.response.use(
   (error) => {
     const status = error.response?.status
     if (status === 401) {
-      localStorage.removeItem('token')
+      useAuthStore().logout()
       if (router.currentRoute.value.path !== '/login') {
         router.push('/login')
       }