kmobile/lib/api/interceptors/auth_interceptor.dart

import 'package:dio/dio.dart';
import '../../data/repositories/auth_repository.dart';

class AuthInterceptor extends Interceptor {
  final AuthRepository _authRepository;
  final Dio _dio;

  AuthInterceptor(this._authRepository, this._dio);

  @override
  Future<void> onRequest(
    RequestOptions options,
    RequestInterceptorHandler handler,
  ) async {
    // Skip auth header for login and refresh endpoints
    if (options.path.contains('/login') ||
        options.path.contains('/auth/refresh')) {
      return handler.next(options);
    }

    // Get token and add to request
    final token = await _authRepository.getAccessToken();
    if (token != null) {
      options.headers['Authorization'] = 'Bearer $token';
    }

    return handler.next(options);
  }

  @override
  Future<void> onError(
    DioException err,
    ErrorInterceptorHandler handler,
  ) async {
    // Handle 401 errors by refreshing token and retrying
    final response = err.response;
    if (response?.statusCode == 401) {
      final data = response?.data;
      // Only refresh token if error is NOT INCORRECT_TPIN (or similar business error)
      if (data is Map && data['error'] == 'INCORRECT_TPIN') {
        // Pass the error through, do not retry
        return handler.next(err);
      }
      // On 401, try to get a new token
      final token = await _authRepository.getAccessToken();

      if (token != null) {
        // If we have a new token, retry the request
        final opts = err.requestOptions;
        opts.headers['Authorization'] = 'Bearer $token';

        try {
          final response = await _dio.fetch(opts);
          return handler.resolve(response);
        } on DioException catch (e) {
          return handler.next(e);
        }
      }
    }

    return handler.next(err);
  }
}