Fix ZeroGPU Pro quota: fetch fresh x-ip-token before each regen call

The JWT token expires in ~170s. Previously we fetched once on page load
and cached it, so by the time the user triggers regen the token was
already expired. Now _fetchIpToken() returns a Promise and fireRegen()
awaits a fresh token immediately before every queue/join call, ensuring
quota is always attributed to the logged-in Pro user.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app.py

@@ -1970,52 +1970,46 @@ _GLOBAL_JS = """
   if (window._wf_global_listener) return;  // already registered
   window._wf_global_listener = true;
 
-  // Fetch the x-ip-token via a Gradio endpoint where HF's proxy injects it.
-  // Store in window.__hf_ip_token so all regen fetch() calls can include it,
-  // ensuring ZeroGPU attributes quota to the logged-in user's Pro account.
-  window.__hf_ip_token = '';
+  // Fetch a fresh x-ip-token via a Gradio endpoint where HF's proxy injects it.
+  // Returns a Promise<string> — resolves with the token (or '' on failure).
+  // Called immediately before each regen fetch so the token is always fresh
+  // (the JWT expires in ~170s, so caching across regen calls is unreliable).
   function _fetchIpToken() {
-    fetch('/gradio_api/queue/join', {
-      method: 'POST',
-      credentials: 'include',
-      headers: {'Content-Type': 'application/json'},
-      body: JSON.stringify({
-        data: [], fn_index: null, session_hash: window.__gradio_session_hash__,
-        event_data: null, trigger_id: null
-      })
-    }).catch(function() {});
-    // Use the dedicated get_ip_token endpoint
-    var ipFnIndex = null;
-    var deps = window.gradio_config && window.gradio_config.dependencies;
-    if (deps) deps.forEach(function(d, i) { if (d.api_name === 'get_ip_token') ipFnIndex = i; });
-    if (ipFnIndex === null) return;
-    fetch('/gradio_api/queue/join', {
-      method: 'POST',
-      credentials: 'include',
-      headers: {'Content-Type': 'application/json'},
-      body: JSON.stringify({
-        data: [], fn_index: ipFnIndex,
-        session_hash: window.__gradio_session_hash__,
-        event_data: null, trigger_id: null
-      })
-    }).then(function(r) { return r.json(); }).then(function(j) {
-      if (!j.event_id) return;
-      var es = new EventSource('/gradio_api/queue/data?session_hash=' + window.__gradio_session_hash__);
-      es.onmessage = function(e) {
-        var msg; try { msg = JSON.parse(e.data); } catch(_) { return; }
-        if (msg.event_id !== j.event_id) return;
-        if (msg.msg === 'process_completed') {
-          es.close();
-          var token = msg.output && msg.output.data && msg.output.data[0];
-          if (token) { window.__hf_ip_token = token; console.log('[zerogpu] x-ip-token acquired, length:', token.length); }
-        }
-        if (msg.msg === 'close_stream') es.close();
-      };
-      es.onerror = function() { es.close(); };
-    }).catch(function() {});
+    return new Promise(function(resolve) {
+      var ipFnIndex = null;
+      var deps = window.gradio_config && window.gradio_config.dependencies;
+      if (deps) deps.forEach(function(d, i) { if (d.api_name === 'get_ip_token') ipFnIndex = i; });
+      if (ipFnIndex === null) { resolve(''); return; }
+      fetch('/gradio_api/queue/join', {
+        method: 'POST',
+        credentials: 'include',
+        headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify({
+          data: [], fn_index: ipFnIndex,
+          session_hash: window.__gradio_session_hash__,
+          event_data: null, trigger_id: null
+        })
+      }).then(function(r) { return r.json(); }).then(function(j) {
+        if (!j.event_id) { resolve(''); return; }
+        var es = new EventSource('/gradio_api/queue/data?session_hash=' + window.__gradio_session_hash__);
+        var done = false;
+        es.onmessage = function(e) {
+          var msg; try { msg = JSON.parse(e.data); } catch(_) { return; }
+          if (msg.event_id !== j.event_id) return;
+          if (msg.msg === 'process_completed') {
+            es.close(); done = true;
+            var token = msg.output && msg.output.data && msg.output.data[0];
+            console.log('[zerogpu] fresh x-ip-token acquired, length:', token ? token.length : 0);
+            resolve(token || '');
+          }
+          if (msg.msg === 'close_stream') { es.close(); if (!done) { done = true; resolve(''); } }
+        };
+        es.onerror = function() { es.close(); if (!done) { done = true; resolve(''); } };
+        // Timeout safety: if SSE hangs, don't block regen forever
+        setTimeout(function() { if (!done) { done = true; es.close(); resolve(''); } }, 5000);
+      }).catch(function() { resolve(''); });
+    });
   }
-  // Run after Gradio config is ready
-  setTimeout(_fetchIpToken, 1500);
 
   // Cache: api_name -> fn_index, built once from gradio_config.dependencies
   let _fnIndexCache = null;
@@ -2139,19 +2133,24 @@ _GLOBAL_JS = """
       console.warn('[fireRegen] fn_index not found for api_name:', apiName);
       return;
     }
-    var regenHeaders = {'Content-Type': 'application/json'};
-    if (window.__hf_ip_token) regenHeaders['x-ip-token'] = window.__hf_ip_token;
-    fetch('/gradio_api/queue/join', {
-      method: 'POST',
-      credentials: 'include',
-      headers: regenHeaders,
-      body: JSON.stringify({
-        data: data,
-        fn_index: fnIndex,
-        session_hash: window.__gradio_session_hash__,
-        event_data: null,
-        trigger_id: null
-      })
+    // Fetch a fresh x-ip-token immediately before queuing (JWT expires ~170s,
+    // so we always grab a new one to ensure Pro quota attribution).
+    _fetchIpToken().then(function(ipToken) {
+      var regenHeaders = {'Content-Type': 'application/json'};
+      if (ipToken) { regenHeaders['x-ip-token'] = ipToken; console.log('[fireRegen] using fresh x-ip-token, len:', ipToken.length); }
+      else { console.warn('[fireRegen] no x-ip-token available, regen may use anonymous quota'); }
+      return fetch('/gradio_api/queue/join', {
+        method: 'POST',
+        credentials: 'include',
+        headers: regenHeaders,
+        body: JSON.stringify({
+          data: data,
+          fn_index: fnIndex,
+          session_hash: window.__gradio_session_hash__,
+          event_data: null,
+          trigger_id: null
+        })
+      });
     }).then(function(r) { return r.json(); }).then(function(j) {
       if (!j.event_id) { console.error('[fireRegen] no event_id:', j); return; }
       console.log('[fireRegen] queued, event_id:', j.event_id);
@@ -2607,8 +2606,8 @@ with gr.Blocks(title="Generate Audio for Video", css=_SLOT_CSS, js=_GLOBAL_JS) a
     # HF's proxy injects it on browser requests but NOT on raw JS fetch() calls.
     # Solution: expose a lightweight Gradio endpoint that reads the token from the
     # incoming request (where HF DOES inject it) and returns it. The JS _GLOBAL_JS
-    # calls this on page load, stores the result in window.__hf_ip_token, and
-    # includes it as a header on all subsequent queue/join fetch calls.
+    # calls _fetchIpToken() immediately before each regen fetch, getting a fresh
+    # token every time (the JWT expires ~170s so caching is unreliable).
     _ip_token_tb = gr.Textbox(render=False)
     def _get_ip_token(request: gr.Request):
         return request.headers.get("x-ip-token", "")