log the user out if their acess token cant be renewed. lower session age

yalla-coop · Sep 23, 2024 · 8a9a56a · 8a9a56a
1 parent 77d5c94
commit 8a9a56a
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/web/app.js b/web/app.js
@@ -104,7 +104,7 @@ async function createApp() {
       cookie: {
         secure: true, // Set to true if you're using HTTPS
         httpOnly: true, // Ensures the cookie is only accessible via HTTP/HTTPS
-        maxAge: 1000 * 60 * 60 * 24 * 7, // Sets cookie to expire in 7 days,
+        maxAge: 1000 * 60 * 60 * 8, // Sets cookie to expire in 8 hours,
         sameSite: 'none' // Can be 'strict', 'lax', 'none', or boolean (true)
       }
     })

diff --git a/web/modules/authentication/getNewAccessToken.js b/web/modules/authentication/getNewAccessToken.js
@@ -13,6 +13,16 @@ export async function obtainValidAccessToken(userId) {
   })
 }
 
+export async function obtainValidAccessTokenOrDeleteSessionOnFailure(req) {
+  try {
+    const {accessToken} = await obtainValidAccessToken(req.user.id);
+    return accessToken;
+  } catch(error) {
+    req.session.destroy();
+    throw error;
+  }
+}
+
 async function refresh(refreshToken) {
   const issuer = await Issuer.discover(process.env.OIDC_ISSUER);
 

diff --git a/web/modules/products/controllers/get-fdc-products.js b/web/modules/products/controllers/get-fdc-products.js
@@ -2,7 +2,7 @@ import axios from 'axios';
 import dotenv from 'dotenv';
 import { join } from 'path';
 import { generateShopifyFDCProducts } from '../../../connector/productUtils.js';
-import { obtainValidAccessToken } from '../../authentication/getNewAccessToken.js';
+import { obtainValidAccessTokenOrDeleteSessionOnFailure } from '../../authentication/getNewAccessToken.js';
 
 dotenv.config({
   path: join(process.cwd(), '.env')
@@ -14,7 +14,7 @@ const getFDCProducts = async (req, res, next) => {
   // const { sinceId, remainingProductsCountBeforeNextFetch } = req.query;
 
   try {
-    const { accessToken } = await obtainValidAccessToken(req.user.id);
+    const accessToken = await obtainValidAccessTokenOrDeleteSessionOnFailure(req);
 
     const { data } = await axios.get(
       `${PRODUCER_SHOP_URL}api/dfc/Enterprises/${PRODUCER_SHOP}/SuppliedProducts`,

diff --git a/web/modules/sales-session/controllers/complete-current-sales-session.js b/web/modules/sales-session/controllers/complete-current-sales-session.js
@@ -1,12 +1,12 @@
 import { getMostRecentActiveSalesSession, deactivateAllSalesSessions } from '../../../database/sales-sessions/salesSession.js';
 import { completeOrder } from '../../producer-orders/order.js';
-import {obtainValidAccessToken} from  '../../authentication/getNewAccessToken.js'
+import {obtainValidAccessTokenOrDeleteSessionOnFailure} from  '../../authentication/getNewAccessToken.js'
 const completeCurrentSalesSession = async (req, res, next) => {
   try {
     const currentSalesSession = await getMostRecentActiveSalesSession();
 
     if (currentSalesSession.orderId) {
-      const {accessToken} = await obtainValidAccessToken(req.user.id);
+      const accessToken = await obtainValidAccessTokenOrDeleteSessionOnFailure(req);
       await completeOrder(currentSalesSession, accessToken);
     }