Date: 2026-04-04
Stale comments on post navigation
PostProvider is a single app-level instance. Navigating from post A to post B without clearing state first meant post A's comments briefly appeared under post B, and a race condition could attach a new comment to the wrong post. Fixed by calling provider.clear() at the start of PostDetailScreen.initState() before loading the new post.
Token deleted on server restart
After every deploy, users had to log out and back in to see their profile name. The sequence: deploy triggers a systemd restart, the browser loads the new JS bundle and calls checkAuthStatus, getMe() hits the API during the restart window and gets a network error, the catch block calls deleteToken() — permanently wiping stored credentials. The app then redirects to login.
The fix: remove deleteToken() from the checkAuthStatus catch block. The API interceptor already calls deleteToken() on 401 (genuinely invalid token). Network errors and server restarts should not destroy valid credentials.
DioException shown to users
Error messages like DioException [bad response]: ... were leaking into snackbars and dialogs. The backend returns structured errors as {"error":{"code":"...","message":"..."}} but the app wasn't reading them.
Fixed in ApiService: each method now catches DioException, extracts the message field from the response body, and rethrows as a plain Exception. Falls back to generic human-readable strings by status code when no body is present. All existing error display code gets clean strings automatically — no changes needed at call sites.