chore: run unauthenticated fetch before authenticated

.github/workflows/ci.yml

@@ -58,7 +58,7 @@ jobs:
       - run: rm .gitignore
       - uses: JamesIves/[email protected]
         with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
           BRANCH: gh-pages
           FOLDER: build
           CLEAN: true

src/ldf-client-worker.js

@@ -28,8 +28,37 @@ function initEngine(config) {
     config.context.httpProxyHandler = new ProxyHandlerStatic(config.context.httpProxy);
 
   // Set up authenticated fetch
-  if (config.context.workerSolidAuth)
-    config.context.fetch = workerToWindowHandler.buildAuthenticatedFetch();
+  if (config.context.workerSolidAuth) {
+    function getNamespace(input) {
+      const url = new URL(new Request(input).url);
+      return url.origin + url.pathname;
+    }
+
+    const authenticatedFetch = workerToWindowHandler.buildAuthenticatedFetch();
+    const authUrls = {};
+
+    async function comunicaFetch(...args) {
+      if (authUrls[getNamespace(args[0])]) {
+        // In future we should check if this is a 403? (double check code) response
+        // and if so try the *unathenticated* fetch. This handles cases like a qpf endpoint
+        // changing an endpoint from being auth-required to public halfway through a session
+        return await authenticatedFetch(...args);
+      }
+
+      const response = await global.fetch(...args);
+
+      if (response.status === 401) {
+        // In the future we should probably also cache any URLs that we
+        // are redirected to as well as the URL we started with
+        authUrls[getNamespace(args[0])] = true;
+        return await authenticatedFetch(...args);
+      }
+
+      return response;
+    }
+
+    config.context.fetch = comunicaFetch;
+  }
 
   // Transform query format to expected structure
   if (config.context.queryFormat)