fix(dashboard,auth): today-window on @db.Date + query-cache cleared across logins
Two dashboard bugs reported after clock-in: 1. 'Dochazka dnes' / 'Pritomni dnes' showed everyone absent even after refresh: attendance.shift_date is @db.Date and Prisma truncates filter Dates to their UTC date part, so the local-midnight boundaries (new Date(y,m,d) = 22:00/23:00Z of the previous day) queried [yesterday, today) and matched zero of today's punches. Boundaries are now UTC-midnight instants of the local (Prague) calendar day. Reproduced empirically against real rows; route-level regression test added (dashboard.test.ts). 2. After logout + login as a different user, cached dashboards/buttons from the previous user were served: query keys are user-agnostic and the React Query cache outlives the session. logout(), login() and the 2FA verify path now clear the whole cache. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -9,6 +9,7 @@ import {
|
||||
type ReactNode,
|
||||
} from "react";
|
||||
import { setSessionExpired, setTokenGetter, setRefreshFn } from "../utils/api";
|
||||
import { queryClient } from "../lib/queryClient";
|
||||
|
||||
const API_BASE = "/api/admin";
|
||||
|
||||
@@ -232,6 +233,10 @@ export function AuthProvider({ children }: { children: ReactNode }) {
|
||||
remember,
|
||||
};
|
||||
}
|
||||
// Query keys are user-agnostic (["dashboard"], ["attendance"], …),
|
||||
// so anything cached from a previously logged-in user would be
|
||||
// served to this one — drop the whole cache on every login.
|
||||
queryClient.clear();
|
||||
setAccessTokenFn(data.data.access_token, data.data.expires_in);
|
||||
setUser(mapUser(data.data.user));
|
||||
cachedUserRef.current = mapUser(data.data.user);
|
||||
@@ -288,6 +293,9 @@ export function AuthProvider({ children }: { children: ReactNode }) {
|
||||
);
|
||||
const data = await response.json();
|
||||
if (data.success) {
|
||||
// Same reason as in login(): the cache may hold the previous
|
||||
// user's data under user-agnostic keys.
|
||||
queryClient.clear();
|
||||
setAccessTokenFn(data.data.access_token, data.data.expires_in);
|
||||
setUser(mapUser(data.data.user));
|
||||
cachedUserRef.current = mapUser(data.data.user);
|
||||
@@ -327,6 +335,10 @@ export function AuthProvider({ children }: { children: ReactNode }) {
|
||||
clearTimeout(refreshTimeoutRef.current);
|
||||
refreshTimeoutRef.current = null;
|
||||
}
|
||||
// The React Query cache outlives the session — without this, the next
|
||||
// user to log in on this browser sees the previous user's cached
|
||||
// dashboards/lists until each query refetches.
|
||||
queryClient.clear();
|
||||
}
|
||||
}, [getAccessTokenFn]);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user