feat: redirect to /settings with error banner when Gitea API token is expired

Add isTokenError() helper that detects HTTP 401/403 responses from the
Gitea API, and redirectOnTokenError() that redirects to /settings with
an error=token_expired query parameter. Update Dashboard, ListIssues,
and ListPulls handlers to check for token errors. The settings page now
displays an error banner explaining the token needs to be refreshed.

Closes leeworks-agents/gitea-mobile#192

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/gitea/client.go

@@ -760,33 +760,6 @@ func (c *Client) GetPull(ctx context.Context, token, owner, repo string, index i
 	return &pr, nil
 }
 
-// ChangedFile represents a file changed in a pull request.
-type ChangedFile struct {
-	Filename    string `json:"filename"`
-	Status      string `json:"status"` // "added", "modified", "removed", "renamed"
-	Additions   int    `json:"additions"`
-	Deletions   int    `json:"deletions"`
-	Changes     int    `json:"changes"`
-	PreviousFilename string `json:"previous_filename,omitempty"`
-}
-
-// GetChangedFiles fetches the list of files changed in a pull request.
-func (c *Client) GetChangedFiles(ctx context.Context, token, owner, repo string, index int64) ([]ChangedFile, error) {
-	path := fmt.Sprintf("/repos/%s/%s/pulls/%d/files?limit=50", owner, repo, index)
-	resp, err := c.doRequest(ctx, token, http.MethodGet, path, nil)
-	if err != nil {
-		return nil, fmt.Errorf("fetching changed files: %w", err)
-	}
-	defer resp.Body.Close()
-
-	var files []ChangedFile
-	if err := json.NewDecoder(resp.Body).Decode(&files); err != nil {
-		return nil, fmt.Errorf("decoding changed files: %w", err)
-	}
-
-	return files, nil
-}
-
 // GetIssueComments fetches comments for an issue or pull request.
 func (c *Client) GetIssueComments(ctx context.Context, token, owner, repo string, index int64) ([]Comment, error) {
 	path := fmt.Sprintf("/repos/%s/%s/issues/%d/comments?limit=50", owner, repo, index)

internal/gitea/client_test.go

@@ -1456,63 +1456,3 @@ func TestRetryDelay_ExponentialBackoff(t *testing.T) {
 		}
 	}
 }
-
-func TestGetChangedFiles(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != http.MethodGet {
-			t.Errorf("expected GET, got %s", r.Method)
-		}
-		if r.URL.Path != "/api/v1/repos/owner1/repo1/pulls/5/files" {
-			t.Errorf("unexpected path: %s", r.URL.Path)
-		}
-		if r.Header.Get("Authorization") != "token test-token" {
-			t.Error("missing or wrong Authorization header")
-		}
-
-		files := []ChangedFile{
-			{Filename: "main.go", Status: "modified", Additions: 10, Deletions: 3, Changes: 13},
-			{Filename: "new_file.go", Status: "added", Additions: 25, Deletions: 0, Changes: 25},
-			{Filename: "old_file.go", Status: "removed", Additions: 0, Deletions: 15, Changes: 15},
-		}
-		json.NewEncoder(w).Encode(files)
-	}))
-	defer server.Close()
-
-	c := NewClient(server.URL)
-	files, err := c.GetChangedFiles(context.Background(), "test-token", "owner1", "repo1", 5)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if len(files) != 3 {
-		t.Fatalf("got %d files, want 3", len(files))
-	}
-	if files[0].Filename != "main.go" {
-		t.Errorf("files[0].Filename = %q, want %q", files[0].Filename, "main.go")
-	}
-	if files[0].Status != "modified" {
-		t.Errorf("files[0].Status = %q, want %q", files[0].Status, "modified")
-	}
-	if files[1].Status != "added" {
-		t.Errorf("files[1].Status = %q, want %q", files[1].Status, "added")
-	}
-	if files[2].Status != "removed" {
-		t.Errorf("files[2].Status = %q, want %q", files[2].Status, "removed")
-	}
-}
-
-func TestGetChangedFiles_Error(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusNotFound)
-		fmt.Fprintln(w, `{"message":"pull request not found"}`)
-	}))
-	defer server.Close()
-
-	c := NewClient(server.URL)
-	_, err := c.GetChangedFiles(context.Background(), "test-token", "owner1", "repo1", 999)
-	if err == nil {
-		t.Fatal("expected error for 404 response, got nil")
-	}
-	if !strings.Contains(err.Error(), "404") {
-		t.Errorf("error should contain status code 404, got: %v", err)
-	}
-}

internal/handlers/handlers.go

@@ -78,6 +78,31 @@ func getToken(r *http.Request) string {
 	return middleware.TokenFromContext(r.Context())
 }
 
+// isTokenError returns true if the error indicates an expired or revoked API token.
+func isTokenError(err error) bool {
+	if err == nil {
+		return false
+	}
+	msg := err.Error()
+	return strings.Contains(msg, "API error 401") || strings.Contains(msg, "API error 403")
+}
+
+// redirectOnTokenError checks if the error is a token auth error and redirects
+// to /settings with an error banner. Returns true if a redirect was performed.
+func redirectOnTokenError(w http.ResponseWriter, r *http.Request, err error) bool {
+	if !isTokenError(err) {
+		return false
+	}
+	slog.Warn("Gitea API token expired or revoked, redirecting to settings", "error", err)
+	if isHTMX(r) {
+		w.Header().Set("HX-Redirect", "/settings?error=token_expired")
+		w.WriteHeader(http.StatusOK)
+	} else {
+		http.Redirect(w, r, "/settings?error=token_expired", http.StatusSeeOther)
+	}
+	return true
+}
+
 // getUserOrgs returns the list of org names the user belongs to.
 func (h *Handler) getUserOrgs(r *http.Request) []string {
 	token := getToken(r)
@@ -263,6 +288,9 @@ func (h *Handler) Dashboard(w http.ResponseWriter, r *http.Request) {
 
 		queue, err := h.Client.GetTriageQueue(r.Context(), token, queryOrgs)
 		if err != nil {
+			if redirectOnTokenError(w, r, err) {
+				return
+			}
 			slog.Error("failed to get triage queue", "error", err)
 			data.Error = "Error loading triage queue."
 		} else {
@@ -346,6 +374,9 @@ func (h *Handler) ListIssues(w http.ResponseWriter, r *http.Request) {
 
 		result, err := h.Client.ListAllIssues(r.Context(), token, queryOrgs, selectedState, page, selectedLabel, selectedRepo)
 		if err != nil {
+			if redirectOnTokenError(w, r, err) {
+				return
+			}
 			slog.Error("failed to list issues", "error", err)
 			data.Error = "Error loading issues."
 		} else {
@@ -451,6 +482,9 @@ func (h *Handler) ListPulls(w http.ResponseWriter, r *http.Request) {
 
 		result, err := h.Client.ListAllPullRequests(r.Context(), token, queryOrgs, selectedState, page, selectedLabel, selectedRepo)
 		if err != nil {
+			if redirectOnTokenError(w, r, err) {
+				return
+			}
 			slog.Error("failed to list pull requests", "error", err)
 			data.Error = "Error loading pull requests."
 		} else {

internal/handlers/settings.go

@@ -45,6 +45,13 @@ func (h *SettingsHandler) handleGet(w http.ResponseWriter, r *http.Request) {
 	}
 
 	data := settingsData{HasToken: hasToken}
+
+	// Show error banner when redirected due to expired/revoked token.
+	if r.URL.Query().Get("error") == "token_expired" {
+		data.Message = "Your Gitea API token is expired or has been revoked. Please enter a new token."
+		data.MessageType = "error"
+	}
+
 	h.renderSettings(w, data)
 }