From 8a9a56a21957ce941e7588e97f019a64cac8f6ef Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Mon, 23 Sep 2024 09:39:10 +0100 Subject: [PATCH] log the user out if their acess token cant be renewed. lower session age --- web/app.js | 2 +- web/modules/authentication/getNewAccessToken.js | 10 ++++++++++ web/modules/products/controllers/get-fdc-products.js | 4 ++-- .../controllers/complete-current-sales-session.js | 4 ++-- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/web/app.js b/web/app.js index fb4df6d..2d69757 100644 --- a/web/app.js +++ b/web/app.js @@ -104,7 +104,7 @@ async function createApp() { cookie: { secure: true, // Set to true if you're using HTTPS httpOnly: true, // Ensures the cookie is only accessible via HTTP/HTTPS - maxAge: 1000 * 60 * 60 * 24 * 7, // Sets cookie to expire in 7 days, + maxAge: 1000 * 60 * 60 * 8, // Sets cookie to expire in 8 hours, sameSite: 'none' // Can be 'strict', 'lax', 'none', or boolean (true) } }) diff --git a/web/modules/authentication/getNewAccessToken.js b/web/modules/authentication/getNewAccessToken.js index a0ea098..52ddbda 100644 --- a/web/modules/authentication/getNewAccessToken.js +++ b/web/modules/authentication/getNewAccessToken.js @@ -13,6 +13,16 @@ export async function obtainValidAccessToken(userId) { }) } +export async function obtainValidAccessTokenOrDeleteSessionOnFailure(req) { + try { + const {accessToken} = await obtainValidAccessToken(req.user.id); + return accessToken; + } catch(error) { + req.session.destroy(); + throw error; + } +} + async function refresh(refreshToken) { const issuer = await Issuer.discover(process.env.OIDC_ISSUER); diff --git a/web/modules/products/controllers/get-fdc-products.js b/web/modules/products/controllers/get-fdc-products.js index e7e5c46..ccf51b4 100644 --- a/web/modules/products/controllers/get-fdc-products.js +++ b/web/modules/products/controllers/get-fdc-products.js @@ -2,7 +2,7 @@ import axios from 'axios'; import dotenv from 'dotenv'; import { join } from 'path'; import { generateShopifyFDCProducts } from '../../../connector/productUtils.js'; -import { obtainValidAccessToken } from '../../authentication/getNewAccessToken.js'; +import { obtainValidAccessTokenOrDeleteSessionOnFailure } from '../../authentication/getNewAccessToken.js'; dotenv.config({ path: join(process.cwd(), '.env') @@ -14,7 +14,7 @@ const getFDCProducts = async (req, res, next) => { // const { sinceId, remainingProductsCountBeforeNextFetch } = req.query; try { - const { accessToken } = await obtainValidAccessToken(req.user.id); + const accessToken = await obtainValidAccessTokenOrDeleteSessionOnFailure(req); const { data } = await axios.get( `${PRODUCER_SHOP_URL}api/dfc/Enterprises/${PRODUCER_SHOP}/SuppliedProducts`, diff --git a/web/modules/sales-session/controllers/complete-current-sales-session.js b/web/modules/sales-session/controllers/complete-current-sales-session.js index f39b8e2..9e180a9 100644 --- a/web/modules/sales-session/controllers/complete-current-sales-session.js +++ b/web/modules/sales-session/controllers/complete-current-sales-session.js @@ -1,12 +1,12 @@ import { getMostRecentActiveSalesSession, deactivateAllSalesSessions } from '../../../database/sales-sessions/salesSession.js'; import { completeOrder } from '../../producer-orders/order.js'; -import {obtainValidAccessToken} from '../../authentication/getNewAccessToken.js' +import {obtainValidAccessTokenOrDeleteSessionOnFailure} from '../../authentication/getNewAccessToken.js' const completeCurrentSalesSession = async (req, res, next) => { try { const currentSalesSession = await getMostRecentActiveSalesSession(); if (currentSalesSession.orderId) { - const {accessToken} = await obtainValidAccessToken(req.user.id); + const accessToken = await obtainValidAccessTokenOrDeleteSessionOnFailure(req); await completeOrder(currentSalesSession, accessToken); }