From 66b9c60c68de20bfc3e82923a894f6087da843a0 Mon Sep 17 00:00:00 2001
From: Claude <claude@havari.me>
Date: Thu, 30 Apr 2026 16:30:44 +0300
Subject: [PATCH] =?UTF-8?q?tower-ui=200.61.18=20=E2=80=94=20refresh-and-re?=
 =?UTF-8?q?try=20on=20401?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Frontend authFetch was bouncing every 401 straight to /login,
ignoring the 30-day refresh-token cookie the backend already issues.
Result: access-token TTL is 15 min, so the operator was kicked to
login every 15 min of idle.

Now: on 401, authFetch silently calls /api/auth/refresh, retries
the original request once with the new access token, and only
bounces to /login if refresh ALSO fails (refresh cookie expired or
revoked). Concurrent 401s coalesce onto a single in-flight refresh
to avoid rotating the refresh-token jti N times in a burst.
---
 values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values.yaml b/values.yaml
index 5b42b33..4bda7f6 100644
--- a/values.yaml
+++ b/values.yaml
@@ -29,7 +29,7 @@ frontend:
   enabled: true
   image:
     repository: registry.odoosky.cloud/odoosky/docker-mirror/tower-ui
-    tag: "0.61.17"
+    tag: "0.61.18"
     pullPolicy: IfNotPresent
   imagePullSecrets:
     - name: docker-mirror-pull