moonming opened a new issue, #3415:
URL: https://github.com/apache/apisix-dashboard/issues/3415

   ### Issue description
   
   The global axios response interceptor converts every **401** into a 
*successful* response carrying fabricated empty data:
   
   ```ts
   // src/config/req.ts
   if (res.status === HttpStatusCode.Unauthorized) {
     getDefaultStore().set(isSettingsOpenAtom, true);
     return Promise.resolve({ data: {} });   // ← auth failure becomes success
   }
   ```
   
   Every request helper then runs `.then((v) => v.data)`, so all downstream 
callers receive `{}` as a **success**. Depending on which page you're on when 
the admin key expires or is wrong, this produces four different (and 
contradictory) behaviors:
   
   1. **False success on mutations** — a 401'd `DELETE` still shows the green 
"delete success" toast (`DeleteResourceBtn` chains `onSuccess` off the resolved 
promise) and invalidates queries; a 401'd `PUT` shows "Edit … Successfully". 
Nothing was actually deleted/saved.
   2. **Crash after create** — the add pages' `onSuccess` handlers read 
`data.data.value.id` for navigation (e.g. `src/routes/upstreams/add.tsx`); with 
the fabricated `{}` this throws a TypeError.
   3. **Crash on detail pages** — suspense queries resolve with `{}`, then e.g. 
`routes/detail.$id.tsx` dereferences `routeData.value.upstream` → TypeError → 
error boundary.
   4. **Empty-cluster illusion on list pages** — the list renders as if the 
cluster had zero routes/services, which is indistinguishable from real data.
   
   ### Expected behavior
   
   A 401 should open the settings modal (as it does today) **and reject the 
promise**, so callers take their normal error path: no success toasts, no 
fabricated data flowing into `onSuccess`/render.
   
   ### How to Reproduce
   
   1. Log into the dashboard with a valid admin key; open any resource list.
   2. Change the admin key on the APISIX side (or corrupt the stored key in 
localStorage).
   3. Delete any resource from the list → observe the green success toast while 
the resource still exists; or open a detail page → observe the crash/error 
boundary.
   
   ### Suggested fix
   
   ```ts
   if (res.status === HttpStatusCode.Unauthorized) {
     getDefaultStore().set(isSettingsOpenAtom, true);
   }
   return Promise.reject(err);
   ```
   
   One-line change; the settings modal behavior is preserved. I'm preparing a 
PR with an e2e asserting a 401'd mutation shows no success toast and no crash.
   
   ### Environment
   
   - apisix-dashboard: master (`9979b31`)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to