feat(upload): pre-flight auth check before destructive upload step (#1350)
an expired session during upload was producing a misleading "lost
connection to server" error from the SSE pipeline (uploader.svelte.ts
:240) after the user had filled out the entire form. worst possible
moment for an ambiguous failure — the user just spent time entering
metadata, picked files, attested rights, and gets thrown back to a
form with no clear path forward.
now: before kicking off the destructive XHR step, ping /auth/me and
distinguish three outcomes:
- ok: proceed with upload
- expired (401/403): for the track form, stash the metadata to
sessionStorage; redirect to /login with a return URL of /upload.
on return, rehydrate the form and prompt the user to reattach
the audio file (file objects can't be serialized).
- unverified (network error / 5xx): don't redirect (session may be
fine), don't proceed (upload would fail anyway). user retries.
a `preflightAuth` helper is used instead of `auth.refresh()` because
refresh treats network errors as session loss, which would bounce
healthy users to /login on any transient blip.
album-mode form preservation is deferred — the auth check still
fires for album uploads and the user gets a clear redirect with
return URL, but the album form metadata is lost on redirect.
will be addressed as a follow-up.
closes #1346
Co-authored-by: Claude Opus 4 (1M context) <noreply@anthropic.com>
authored by