From 73e953f57986c7b21a30c87776885dd4a543eb19 Mon Sep 17 00:00:00 2001
From: JamesFlare1212 <jamesflare1212@protonmail.com>
Date: Sat, 11 Apr 2026 11:43:35 -0400
Subject: [PATCH] fix(auth): distinguish 500 (cookie expired) from other 5xx
 (real outage)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

KEY INSIGHT:
- 500 = cookie expiration (early signal, re-login immediately)
- 502/503/504 = real server outage (bad gateway, service unavailable, gateway timeout)

BEHAVIOR:
- On 500: throw AuthenticationError → immediate re-login
- On 502/503/504: preserve cache, don't re-login (server is down)
- On 401/403: throw AuthenticationError → re-login

This prevents unnecessary re-login attempts during actual server outages
while still handling cookie expiration immediately.
---
 engage-api/get-activity.ts | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/engage-api/get-activity.ts b/engage-api/get-activity.ts
index 0cb7d3e..dad35d1 100644
--- a/engage-api/get-activity.ts
+++ b/engage-api/get-activity.ts
@@ -79,16 +79,19 @@ async function getActivityDetailsRaw(
       if (response.status !== 200) {
         logger.error(`Non-200 status ${response.status} for activity ${activityId}. NOT updating cache to preserve local data.`);
         
-        // IMPORTANT: 5xx errors are actually early signs of cookie expiration
-        // The backend returns 500 when cookie is expired but not yet invalidated
-        // It takes several hours before it returns 401/403
-        // So on 5xx, we should immediately re-login, not wait for next request
-        if (response.status >= 500 && response.status < 600) {
-          logger.warn(`Server error ${response.status} - this is likely cookie expiration. Throwing AuthenticationError to trigger immediate re-login.`);
-          throw new AuthenticationError(`Received ${response.status} for activity ${activityId} - likely expired cookie`, response.status);
+        // IMPORTANT: Only 500 is cookie expiration. Other 5xx (502/503/504) are real server outages.
+        // The backend returns 500 when cookie is expired but session not yet invalidated.
+        // It takes several hours before it returns 401/403.
+        // 502/503/504 are real server errors (bad gateway, service unavailable, gateway timeout)
+        if (response.status === 500) {
+          logger.warn(`Server error 500 - this is cookie expiration. Throwing AuthenticationError to trigger immediate re-login.`);
+          throw new AuthenticationError(`Received 500 for activity ${activityId} - expired cookie`, 500);
+        } else if (response.status >= 500 && response.status < 600) {
+          // Real server outage (502/503/504), preserve cache and don't re-login
+          logger.error(`Real server outage ${response.status} - preserving local cache, not re-login.`);
         }
         
-        // Return null immediately on other non-200 errors
+        // Return null immediately on non-200 errors
         return null;
       }
       
@@ -117,13 +120,15 @@ async function getActivityDetailsRaw(
 
       if (error.response) {
         logger.error(`Status: ${error.response.status}, Data (getActivityDetailsRaw): ${ String(error.response.data).slice(0,100)}...`);
-        // IMPORTANT: 5xx errors are actually early signs of cookie expiration
-        // The backend returns 500 when cookie is expired but not yet invalidated
-        // It takes several hours before it returns 401/403
-        // So on 5xx, throw AuthenticationError to trigger immediate re-login
-        if (error.response.status >= 500 && error.response.status < 600) {
-          logger.warn(`Server error ${error.response.status} - this is likely cookie expiration. Throwing AuthenticationError to trigger immediate re-login.`);
-          throw new AuthenticationError(`Received ${error.response.status} for activity ${activityId} - likely expired cookie`, error.response.status);
+        // IMPORTANT: Only 500 is cookie expiration. Other 5xx (502/503/504) are real server outages.
+        // The backend returns 500 when cookie is expired but session not yet invalidated.
+        // 502/503/504 are real server errors (bad gateway, service unavailable, gateway timeout)
+        if (error.response.status === 500) {
+          logger.warn(`Server error 500 - this is cookie expiration. Throwing AuthenticationError to trigger immediate re-login.`);
+          throw new AuthenticationError(`Received 500 for activity ${activityId} - expired cookie`, 500);
+        } else if (error.response.status >= 500 && error.response.status < 600) {
+          // Real server outage (502/503/504), preserve cache and don't re-login
+          logger.error(`Real server outage ${error.response.status} - preserving local cache, not re-login.`);
         }
       }
       if (attempt === maxRetries - 1) {