mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-04-25 00:36:31 +02:00
Switch refresh token storage from cookies to localStorage
This commit is contained in:
CREDO23
parent
f3a9922eb9
commit
233852b681
7 changed files with 160 additions and 88 deletions
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
const REDIRECT_PATH_KEY = "surfsense_redirect_path";
|
||||
const BEARER_TOKEN_KEY = "surfsense_bearer_token";
|
||||
const REFRESH_TOKEN_KEY = "surfsense_refresh_token";
|
||||
|
||||
// Flag to prevent multiple simultaneous refresh attempts
|
||||
let isRefreshing = false;
|
||||
let refreshPromise: Promise<string | null> | null = null;
|
||||
|
||||
/**
|
||||
* Saves the current path and redirects to login page
|
||||
|
|
@ -21,8 +26,9 @@ export function handleUnauthorized(): void {
|
|||
localStorage.setItem(REDIRECT_PATH_KEY, currentPath);
|
||||
}
|
||||
|
||||
// Clear the token
|
||||
// Clear both tokens
|
||||
localStorage.removeItem(BEARER_TOKEN_KEY);
|
||||
localStorage.removeItem(REFRESH_TOKEN_KEY);
|
||||
|
||||
// Redirect to home page (which has login options)
|
||||
window.location.href = "/login";
|
||||
|
|
@ -66,6 +72,38 @@ export function clearBearerToken(): void {
|
|||
localStorage.removeItem(BEARER_TOKEN_KEY);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the refresh token from localStorage
|
||||
*/
|
||||
export function getRefreshToken(): string | null {
|
||||
if (typeof window === "undefined") return null;
|
||||
return localStorage.getItem(REFRESH_TOKEN_KEY);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the refresh token in localStorage
|
||||
*/
|
||||
export function setRefreshToken(token: string): void {
|
||||
if (typeof window === "undefined") return;
|
||||
localStorage.setItem(REFRESH_TOKEN_KEY, token);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears the refresh token from localStorage
|
||||
*/
|
||||
export function clearRefreshToken(): void {
|
||||
if (typeof window === "undefined") return;
|
||||
localStorage.removeItem(REFRESH_TOKEN_KEY);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clears all auth tokens from localStorage
|
||||
*/
|
||||
export function clearAllTokens(): void {
|
||||
clearBearerToken();
|
||||
clearRefreshToken();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the user is authenticated (has a token)
|
||||
*/
|
||||
|
|
@ -106,14 +144,66 @@ export function getAuthHeaders(additionalHeaders?: Record<string, string>): Reco
|
|||
}
|
||||
|
||||
/**
|
||||
* Authenticated fetch wrapper that handles 401 responses uniformly
|
||||
* Automatically redirects to login on 401 and saves the current path
|
||||
* Attempts to refresh the access token using the stored refresh token.
|
||||
* Returns the new access token if successful, null otherwise.
|
||||
*/
|
||||
async function refreshAccessToken(): Promise<string | null> {
|
||||
// If already refreshing, wait for that request to complete
|
||||
if (isRefreshing && refreshPromise) {
|
||||
return refreshPromise;
|
||||
}
|
||||
|
||||
const currentRefreshToken = getRefreshToken();
|
||||
if (!currentRefreshToken) {
|
||||
return null;
|
||||
}
|
||||
|
||||
isRefreshing = true;
|
||||
refreshPromise = (async () => {
|
||||
try {
|
||||
const backendUrl = process.env.NEXT_PUBLIC_BACKEND_URL || "";
|
||||
const response = await fetch(`${backendUrl}/auth/jwt/refresh`, {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
body: JSON.stringify({ refresh_token: currentRefreshToken }),
|
||||
});
|
||||
|
||||
if (!response.ok) {
|
||||
// Refresh failed, clear tokens
|
||||
clearAllTokens();
|
||||
return null;
|
||||
}
|
||||
|
||||
const data = await response.json();
|
||||
if (data.access_token && data.refresh_token) {
|
||||
setBearerToken(data.access_token);
|
||||
setRefreshToken(data.refresh_token);
|
||||
return data.access_token;
|
||||
}
|
||||
return null;
|
||||
} catch {
|
||||
return null;
|
||||
} finally {
|
||||
isRefreshing = false;
|
||||
refreshPromise = null;
|
||||
}
|
||||
})();
|
||||
|
||||
return refreshPromise;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticated fetch wrapper that handles 401 responses uniformly.
|
||||
* On 401, attempts to refresh the token and retry the request.
|
||||
* If refresh fails, redirects to login and saves the current path.
|
||||
*/
|
||||
export async function authenticatedFetch(
|
||||
url: string,
|
||||
options?: RequestInit & { skipAuthRedirect?: boolean }
|
||||
options?: RequestInit & { skipAuthRedirect?: boolean; skipRefresh?: boolean }
|
||||
): Promise<Response> {
|
||||
const { skipAuthRedirect = false, ...fetchOptions } = options || {};
|
||||
const { skipAuthRedirect = false, skipRefresh = false, ...fetchOptions } = options || {};
|
||||
|
||||
const headers = getAuthHeaders(fetchOptions.headers as Record<string, string>);
|
||||
|
||||
|
|
@ -124,6 +214,23 @@ export async function authenticatedFetch(
|
|||
|
||||
// Handle 401 Unauthorized
|
||||
if (response.status === 401 && !skipAuthRedirect) {
|
||||
// Try to refresh the token (unless skipRefresh is set to prevent infinite loops)
|
||||
if (!skipRefresh) {
|
||||
const newToken = await refreshAccessToken();
|
||||
if (newToken) {
|
||||
// Retry the original request with the new token
|
||||
const retryHeaders = {
|
||||
...(fetchOptions.headers as Record<string, string>),
|
||||
Authorization: `Bearer ${newToken}`,
|
||||
};
|
||||
return fetch(url, {
|
||||
...fetchOptions,
|
||||
headers: retryHeaders,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Refresh failed or was skipped, redirect to login
|
||||
handleUnauthorized();
|
||||
throw new Error("Unauthorized: Redirecting to login page");
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue