AI Analysis and Content Strategy fixes. Enhanced Strategy Routes refactoring.
This commit is contained in:
ajaysi
130
backend/api/content_planning/docs/AUTHENTICATION_FIX_SUMMARY.md
Normal file
130
backend/api/content_planning/docs/AUTHENTICATION_FIX_SUMMARY.md
Normal file
@@ -0,0 +1,130 @@
|
||||
# Authentication Fix Summary
|
||||
|
||||
## Problem
|
||||
- Backend logs show: "AUTHENTICATION ERROR: No credentials provided for authenticated endpoint: GET /api/content-planning/enhanced-strategies/"
|
||||
- Frontend window reloads and redirects to home page
|
||||
- Cannot capture frontend logs due to redirect loop
|
||||
|
||||
## Root Cause Analysis
|
||||
|
||||
1. **Request Interceptor Issue**: The interceptor was allowing requests to proceed even when `authTokenGetter` returned `null`, which caused requests to be sent without Authorization headers.
|
||||
|
||||
2. **Response Interceptor Redirect**: When backend returned 401, the response interceptor was immediately redirecting to home page, even for content-planning routes during initialization.
|
||||
|
||||
3. **Race Condition**: There might be a timing issue where:
|
||||
- ProtectedRoute renders the component (user appears authenticated)
|
||||
- But TokenInstaller's useEffect hasn't run yet, or
|
||||
- Token getter returns null because Clerk token isn't ready yet
|
||||
|
||||
## Fixes Applied
|
||||
|
||||
### 1. Enhanced Request Interceptor ✅
|
||||
|
||||
**File**: `frontend/src/api/client.ts`
|
||||
|
||||
**Change**: Reject requests when token getter returns `null` (not just when it's not set)
|
||||
|
||||
**Before**:
|
||||
```typescript
|
||||
if (token) {
|
||||
// Add token
|
||||
} else {
|
||||
// Still proceed with request - backend will return 401
|
||||
}
|
||||
```
|
||||
|
||||
**After**:
|
||||
```typescript
|
||||
if (token) {
|
||||
// Add token
|
||||
} else {
|
||||
// Reject request to prevent 401 errors
|
||||
return Promise.reject(new Error('Authentication token not available...'));
|
||||
}
|
||||
```
|
||||
|
||||
### 2. Prevent Redirects for Content-Planning Routes ✅
|
||||
|
||||
**File**: `frontend/src/api/client.ts`
|
||||
|
||||
**Change**: Added `isContentPlanningRoute` check to prevent redirects during initialization
|
||||
|
||||
**Before**:
|
||||
```typescript
|
||||
if (!isRootRoute && !isOnboardingRoute) {
|
||||
// Redirect to home
|
||||
}
|
||||
```
|
||||
|
||||
**After**:
|
||||
```typescript
|
||||
const isContentPlanningRoute = window.location.pathname.includes('/content-planning');
|
||||
|
||||
if (!isRootRoute && !isOnboardingRoute && !isContentPlanningRoute) {
|
||||
// Redirect to home
|
||||
} else if (isContentPlanningRoute) {
|
||||
// Just log - ProtectedRoute will handle redirect if needed
|
||||
console.warn('401 Unauthorized for content-planning route - ProtectedRoute should handle this');
|
||||
}
|
||||
```
|
||||
|
||||
### 3. Aligned with Established Pattern ✅
|
||||
|
||||
**Files**:
|
||||
- `ContentStrategyTab.tsx`
|
||||
- `ContentPlanningDashboard.tsx`
|
||||
|
||||
**Change**: Removed component-level auth checks, relying on ProtectedRoute (matches BlogWriter/StoryWriter pattern)
|
||||
|
||||
## Expected Behavior After Fix
|
||||
|
||||
1. **Request Interceptor**:
|
||||
- ✅ Rejects requests if `authTokenGetter` is not set
|
||||
- ✅ Rejects requests if `authTokenGetter` returns `null`
|
||||
- ✅ Only proceeds with requests that have valid tokens
|
||||
|
||||
2. **Response Interceptor**:
|
||||
- ✅ Prevents redirect loops for content-planning routes
|
||||
- ✅ Allows ProtectedRoute to handle authentication state
|
||||
- ✅ Still redirects for other routes on 401 (after retry fails)
|
||||
|
||||
3. **Components**:
|
||||
- ✅ Rely on ProtectedRoute for authentication checks
|
||||
- ✅ Make API calls directly (no redundant auth checks)
|
||||
- ✅ API interceptor handles token injection
|
||||
|
||||
## Testing Checklist
|
||||
|
||||
- [ ] Navigate to `/content-planning` when signed in
|
||||
- [ ] Verify no 401 errors in backend logs
|
||||
- [ ] Verify no redirect to home page
|
||||
- [ ] Verify API calls include Authorization header
|
||||
- [ ] Verify frontend console shows token being added to requests
|
||||
- [ ] Test with slow network (to catch race conditions)
|
||||
- [ ] Test navigation from main dashboard to content-planning
|
||||
|
||||
## Next Steps if Issue Persists
|
||||
|
||||
1. **Add More Logging**:
|
||||
- Log when TokenInstaller sets authTokenGetter
|
||||
- Log when request interceptor runs
|
||||
- Log token value (first few chars) to verify it's not null
|
||||
|
||||
2. **Check TokenInstaller Timing**:
|
||||
- Verify TokenInstaller runs before ProtectedRoute renders children
|
||||
- Consider adding a small delay or state check
|
||||
|
||||
3. **Verify Clerk Token Template**:
|
||||
- Check if `REACT_APP_CLERK_JWT_TEMPLATE` is set correctly
|
||||
- Verify Clerk dashboard has the JWT template configured
|
||||
|
||||
4. **Backend Logging**:
|
||||
- Add logging to see if Authorization header is received
|
||||
- Check if header format is correct (`Bearer <token>`)
|
||||
|
||||
## Status: ✅ FIXES APPLIED
|
||||
|
||||
All fixes have been applied. The system should now:
|
||||
- Reject requests without tokens (preventing 401s)
|
||||
- Not redirect content-planning routes during initialization
|
||||
- Follow the same authentication pattern as other components
|
||||
Reference in New Issue
Block a user