fix: sso refresh token race condition (#405)

With NextAuth, there is a race condition of the current implementation
of refreshToken using multiple tab. Because getSession() is broadcasted
(or triggered by another component, window focus or such), we may ask
for the jwt() to be refreshed at the same time.

The problem is the first time will go correctly, while all others calls
will be rejected as they are using a revoked token.

This redis lock is per-user, and will use redis lock as a source of
truth.

www/middleware.ts

@@ -56,52 +56,3 @@ export default withAuth(
     },
   },
 );
-
-/**
-
-import { NextResponse, NextRequest } from "next/server";
-
-// import { getFiefAuthMiddleware } from "./app/lib/fief";
-import { getToken } from "next-auth/jwt";
-import { getConfig } from "./app/lib/edgeConfig";
-import { authOptions } from "./app/api/auth/[...nextauth]/route";
-
-
-export async function middleware(request: NextRequest) {
-  const config = await getConfig();
-
-  console.log(
-    "---------------------------------------------------------------",
-  );
-  console.log(
-    "middleware",
-    "request.nextUrl.pathname",
-    request.nextUrl.pathname,
-  );
-  console.log("middleware", "config", config);
-
-  if (
-    request.nextUrl.pathname.match(
-      "^/((?!api|_next/static|_next/image|favicon.ico).*)",
-    )
-  ) {
-    // Feature-flag protedted paths
-    if (
-      (!config.features.browse &&
-        request.nextUrl.pathname.startsWith("/browse")) ||
-      (!config.features.rooms && request.nextUrl.pathname.startsWith("/rooms"))
-    ) {
-      console.log("!! redirecting to", request.nextUrl.origin);
-      return NextResponse.redirect(request.nextUrl.origin);
-    }
-
-    if (config.features.requireLogin) {
-      const fiefMiddleware = await getFiefAuthMiddleware(request.nextUrl);
-      const fiefResponse = await fiefMiddleware(request);
-      return fiefResponse;
-    }
-  }
-
-  return NextResponse.next();
-}
-**/