From 71ade841fbeadfa958f9769b3f39dad9edc6e01c Mon Sep 17 00:00:00 2001
From: QTom <qt@truesightai.com>
Date: Fri, 27 Mar 2026 13:35:48 +0800
Subject: [PATCH] =?UTF-8?q?fix(privacy):=20=E5=88=B7=E6=96=B0=E4=BB=A4?=
 =?UTF-8?q?=E7=89=8C=E5=A4=B1=E8=B4=A5=E6=97=B6=E4=B9=9F=E5=B0=9D=E8=AF=95?=
 =?UTF-8?q?=E8=AE=BE=E7=BD=AE=20OpenAI=20=E9=9A=90=E7=A7=81=E6=A8=A1?=
 =?UTF-8?q?=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

刷新失败不代表 access_token 无效，在后台定时刷新（不可重试错误 +
重试耗尽）和前端批量/单次刷新的失败路径中，均利用可能仍有效的
access_token 调用隐私设置。

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 backend/internal/service/token_refresh_service.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/internal/service/token_refresh_service.go b/backend/internal/service/token_refresh_service.go
index 24b7424f..4fa2fe97 100644
--- a/backend/internal/service/token_refresh_service.go
+++ b/backend/internal/service/token_refresh_service.go
@@ -300,6 +300,8 @@ func (s *TokenRefreshService) refreshWithRetry(ctx context.Context, account *Acc
 					"error", setErr,
 				)
 			}
+			// 刷新失败但 access_token 可能仍有效，尝试设置隐私
+			s.ensureOpenAIPrivacy(ctx, account)
 			return err
 		}
 
@@ -327,6 +329,9 @@ func (s *TokenRefreshService) refreshWithRetry(ctx context.Context, account *Acc
 		"error", lastErr,
 	)
 
+	// 刷新失败但 access_token 可能仍有效，尝试设置隐私
+	s.ensureOpenAIPrivacy(ctx, account)
+
 	// 设置临时不可调度 10 分钟（不标记 error，保持 status=active 让下个刷新周期能继续尝试）
 	until := time.Now().Add(tokenRefreshTempUnschedDuration)
 	reason := fmt.Sprintf("token refresh retry exhausted: %v", lastErr)