fix: sync backend and frontend token refresh logic (#614)

* sync backend and frontend token refresh logic * return react strict mode --------- Co-authored-by: Igor Loskutov <igor.loskutoff@gmail.com>
2025-12-20 20:29:06 +00:00 · 2025-09-08 10:40:18 -04:00
parent 02a3938822
commit 5a5b323382
3 changed files with 15 additions and 8 deletions
--- a/www/app/lib/SessionAutoRefresh.tsx
+++ b/www/app/lib/SessionAutoRefresh.tsx
@@ -9,9 +9,7 @@

 import { useEffect } from "react";
 import { useAuth } from "./AuthProvider";
-import { REFRESH_ACCESS_TOKEN_BEFORE } from "./auth";
-
-const REFRESH_BEFORE = REFRESH_ACCESS_TOKEN_BEFORE;
+import { shouldRefreshToken } from "./auth";

 export function SessionAutoRefresh({ children }) {
  const auth = useAuth();
@@ -25,8 +23,7 @@ export function SessionAutoRefresh({ children }) {
    const INTERVAL_REFRESH_MS = 5000;
    const interval = setInterval(() => {
      if (accessTokenExpires === null) return;
-      const timeLeft = accessTokenExpires - Date.now();
-      if (timeLeft < REFRESH_BEFORE) {
+      if (shouldRefreshToken(accessTokenExpires)) {
        auth
          .update()
          .then(() => {})
--- a/www/app/lib/auth.ts
+++ b/www/app/lib/auth.ts
@@ -2,6 +2,11 @@ export const REFRESH_ACCESS_TOKEN_ERROR = "RefreshAccessTokenError" as const;
 // 4 min is 1 min less than default authentic value. here we assume that authentic won't be set to access tokens < 4 min
 export const REFRESH_ACCESS_TOKEN_BEFORE = 4 * 60 * 1000;

+export const shouldRefreshToken = (accessTokenExpires: number): boolean => {
+  const timeLeft = accessTokenExpires - Date.now();
+  return timeLeft < REFRESH_ACCESS_TOKEN_BEFORE;
+};
+
 export const LOGIN_REQUIRED_PAGES = [
  "/transcripts/[!new]",
  "/browse(.*)",
--- a/www/app/lib/authBackend.ts
+++ b/www/app/lib/authBackend.ts
@@ -10,6 +10,7 @@ import {
 import {
  REFRESH_ACCESS_TOKEN_BEFORE,
  REFRESH_ACCESS_TOKEN_ERROR,
+  shouldRefreshToken,
 } from "./auth";
 import {
  getTokenCache,
@@ -85,9 +86,13 @@ export const authOptions: AuthOptions = {
        "currentToken from cache",
        JSON.stringify(currentToken, null, 2),
        "will be returned?",
-        currentToken && Date.now() < currentToken.token.accessTokenExpires,
+        currentToken &&
+          !shouldRefreshToken(currentToken.token.accessTokenExpires),
      );
-      if (currentToken && Date.now() < currentToken.token.accessTokenExpires) {
+      if (
+        currentToken &&
+        !shouldRefreshToken(currentToken.token.accessTokenExpires)
+      ) {
        return currentToken.token;
      }

@@ -128,7 +133,7 @@ async function lockedRefreshAccessToken(
      if (cached) {
        if (Date.now() - cached.timestamp > TOKEN_CACHE_TTL) {
          await deleteTokenCache(tokenCacheRedis, `token:${token.sub}`);
-        } else if (Date.now() < cached.token.accessTokenExpires) {
+        } else if (!shouldRefreshToken(cached.token.accessTokenExpires)) {
          console.debug("returning cached token", cached.token);
          return cached.token;
        }