From 13e81ba9fb237e2d9d42c5ddf14857e234b3af76 Mon Sep 17 00:00:00 2001
From: saridsa2 <s.satya.suman@globaluniversityfoundation.com>
Date: Tue, 24 Mar 2026 15:22:39 +0530
Subject: [PATCH] fix: await logout before navigating, prevent cancelled fetch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Logout is now async — awaits sidecar /auth/logout before clearing tokens
- confirmSignOut awaits logout() before navigate('/login')
- 5 second timeout on logout fetch to prevent indefinite hang
- Added console.warn on logout failure

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/components/layout/sidebar.tsx |  4 ++--
 src/providers/auth-provider.tsx   | 17 +++++++++++------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/components/layout/sidebar.tsx b/src/components/layout/sidebar.tsx
index 9a5eeb5..82f5be0 100644
--- a/src/components/layout/sidebar.tsx
+++ b/src/components/layout/sidebar.tsx
@@ -132,9 +132,9 @@ export const Sidebar = ({ activeUrl = "/" }: SidebarProps) => {
         setLogoutOpen(true);
     };
 
-    const confirmSignOut = () => {
+    const confirmSignOut = async () => {
         setLogoutOpen(false);
-        logout();
+        await logout();
         navigate('/login');
     };
 
diff --git a/src/providers/auth-provider.tsx b/src/providers/auth-provider.tsx
index 6643974..ea88821 100644
--- a/src/providers/auth-provider.tsx
+++ b/src/providers/auth-provider.tsx
@@ -95,15 +95,20 @@ export const AuthProvider = ({ children }: AuthProviderProps) => {
         setIsAuthenticated(true);
     }, []);
 
-    const logout = useCallback(() => {
-        // Notify sidecar to unlock Redis session + Ozonetel logout
+    const logout = useCallback(async () => {
+        // Notify sidecar to unlock Redis session + Ozonetel logout — await before clearing tokens
         const token = localStorage.getItem('helix_access_token');
         if (token) {
             const apiUrl = import.meta.env.VITE_API_URL ?? 'http://localhost:4100';
-            fetch(`${apiUrl}/auth/logout`, {
-                method: 'POST',
-                headers: { Authorization: `Bearer ${token}` },
-            }).catch(() => {});
+            try {
+                await fetch(`${apiUrl}/auth/logout`, {
+                    method: 'POST',
+                    headers: { Authorization: `Bearer ${token}` },
+                    signal: AbortSignal.timeout(5000),
+                });
+            } catch (err) {
+                console.warn('Logout cleanup failed:', err);
+            }
         }
 
         setUser(DEFAULT_USER);