forgot stuff
This commit is contained in:
Rene Kievits
@@ -34,7 +34,6 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
return true
|
||||
}
|
||||
|
||||
// Token expired or invalid → try refresh
|
||||
if (res.status === 401) {
|
||||
const refreshed = await refreshToken()
|
||||
if (refreshed) return await fetchUser()
|
||||
@@ -88,7 +87,6 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
* Refresh the access token using refresh cookie.
|
||||
*/
|
||||
async function refreshToken() {
|
||||
// Skip if no refresh cookie (expired or logged out)
|
||||
if (!document.cookie.includes('refresh_token')) return false
|
||||
|
||||
try {
|
||||
@@ -116,7 +114,6 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
function startAutoRefresh() {
|
||||
if (refreshInterval) clearInterval(refreshInterval)
|
||||
|
||||
// Refresh every 7.5 minutes (half of 15m access token)
|
||||
refreshInterval = setInterval(async () => {
|
||||
if (!user.value) return
|
||||
const success = await refreshToken()
|
||||
@@ -130,7 +127,6 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
}
|
||||
}, 7.5 * 60 * 1000)
|
||||
|
||||
// Also refresh immediately if tab comes back from background
|
||||
document.addEventListener('visibilitychange', async () => {
|
||||
if (document.visibilityState === 'visible' && user.value) {
|
||||
const success = await refreshToken()
|
||||
|
||||
@@ -14,7 +14,7 @@ function createAccessToken(user: any) {
|
||||
return jwt.sign(
|
||||
{ sub: user._id, role: user.role },
|
||||
ACCESS_TOKEN_SECRET,
|
||||
{ expiresIn: '15m' },
|
||||
{ expiresIn: '7d' },
|
||||
)
|
||||
}
|
||||
|
||||
@@ -53,7 +53,9 @@ router.post('/login', async (req: Request, res: Response) => {
|
||||
res.cookie('access_token', accessToken, {
|
||||
httpOnly: true, sameSite: 'lax', secure: process.env.NODE_ENV !== 'dev', maxAge: 7 * 24 * 60 * 60 * 1000,
|
||||
})
|
||||
const refreshMaxAge = remember > 7 ? 365 * 24 * 60 * 60 * 1000 : 7 * 24 * 60 * 60 * 1000
|
||||
const refreshMaxAge = remember
|
||||
? 365 * 24 * 60 * 60 * 1000
|
||||
: 7 * 24 * 60 * 60 * 1000
|
||||
|
||||
res.cookie('refreshToken', refreshToken, {
|
||||
httpOnly: true, sameSite: 'lax', secure: process.env.NODE_ENV !== 'dev', maxAge: refreshMaxAge,
|
||||
@@ -79,7 +81,7 @@ router.post('/refresh', async (req: Request, res: Response) => {
|
||||
|
||||
try {
|
||||
const payload = jwt.verify(token, REFRESH_TOKEN_SECRET) as any
|
||||
const user = await UserModel.findById(payload.sub)
|
||||
const user = await UserModel.findById(payload.id)
|
||||
if (!user || user.refreshToken !== token)
|
||||
return res.status(403).json({ error: 'Invalid refresh token' })
|
||||
|
||||
|
||||
Reference in New Issue
Block a user