Company listing, authentication, and page error handling are all working
This commit is contained in:
+77
-37
@@ -1,27 +1,19 @@
|
||||
import { api, user } from "$lib";
|
||||
// src/hooks.server.ts
|
||||
import { optima } from "$lib";
|
||||
import { redirect, type Handle } from "@sveltejs/kit";
|
||||
import { access } from "fs";
|
||||
import { a } from "vitest/dist/chunks/suite.d.FvehnV49.js";
|
||||
|
||||
export const handle: Handle = async ({ event, resolve }) => {
|
||||
const accessToken = event.cookies.get("access_token");
|
||||
const refreshToken = event.cookies.get("refresh_token");
|
||||
|
||||
event.locals.session = {
|
||||
accessToken: accessToken || "",
|
||||
refreshToken: refreshToken || "",
|
||||
};
|
||||
const accessToken = event.cookies.get("accessToken") || null;
|
||||
const refreshToken = event.cookies.get("refreshToken") || null;
|
||||
|
||||
if (event.url.pathname === "/logout") {
|
||||
event.cookies.delete("access_token", { path: "/" });
|
||||
event.cookies.delete("refresh_token", { path: "/" });
|
||||
event.cookies.delete("accessToken", { path: "/" });
|
||||
event.cookies.delete("refreshToken", { path: "/" });
|
||||
|
||||
redirect(303, "/login");
|
||||
|
||||
return resolve(event);
|
||||
return redirect(303, "/login");
|
||||
}
|
||||
|
||||
if (event.url.pathname.startsWith("/login") && user.isLoggedIn()) {
|
||||
if (event.url.pathname.startsWith("/login") && optima.user.isLoggedIn()) {
|
||||
return redirect(303, "/");
|
||||
}
|
||||
|
||||
@@ -29,31 +21,79 @@ export const handle: Handle = async ({ event, resolve }) => {
|
||||
return await resolve(event);
|
||||
}
|
||||
|
||||
if (!accessToken || !refreshToken) {
|
||||
user.logout(event);
|
||||
return resolve(event);
|
||||
if (!accessToken && !refreshToken) {
|
||||
optima.user.logout(event);
|
||||
redirect(303, "/login");
|
||||
}
|
||||
|
||||
try {
|
||||
if (accessToken && refreshToken) {
|
||||
const newSession = await user.refreshSession(refreshToken);
|
||||
// Check if the access token is expired or near expiry and refresh if needed
|
||||
let currentAccessToken = accessToken;
|
||||
let currentRefreshToken = refreshToken;
|
||||
|
||||
console.log(newSession);
|
||||
if (currentAccessToken) {
|
||||
try {
|
||||
const [, payload] = currentAccessToken.split(".");
|
||||
const decoded = JSON.parse(
|
||||
Buffer.from(payload, "base64url").toString("utf8"),
|
||||
);
|
||||
const nowSec = Math.floor(Date.now() / 1000);
|
||||
const thresholdSec = 60; // refresh if < 60s remaining
|
||||
|
||||
event.cookies.set("access_token", newSession.accessToken, {
|
||||
httpOnly: true,
|
||||
path: "/",
|
||||
});
|
||||
event.cookies.set("refresh_token", newSession.refreshToken, {
|
||||
httpOnly: true,
|
||||
path: "/",
|
||||
});
|
||||
if (!decoded?.exp || decoded.exp - nowSec < thresholdSec) {
|
||||
// Token is expired or about to expire — try to refresh
|
||||
if (currentRefreshToken) {
|
||||
const refreshed =
|
||||
await optima.user.refreshSession(currentRefreshToken);
|
||||
currentAccessToken = refreshed.accessToken;
|
||||
currentRefreshToken = refreshed.refreshToken ?? currentRefreshToken;
|
||||
} else {
|
||||
// No refresh token available, force re-login
|
||||
optima.user.logout(event);
|
||||
return redirect(303, "/login");
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
// Token is malformed or refresh failed — try refresh as fallback
|
||||
if (currentRefreshToken) {
|
||||
try {
|
||||
const refreshed =
|
||||
await optima.user.refreshSession(currentRefreshToken);
|
||||
currentAccessToken = refreshed.accessToken;
|
||||
currentRefreshToken = refreshed.refreshToken ?? currentRefreshToken;
|
||||
} catch {
|
||||
// Refresh also failed, force re-login
|
||||
optima.user.logout(event);
|
||||
return redirect(303, "/login");
|
||||
}
|
||||
} else {
|
||||
optima.user.logout(event);
|
||||
return redirect(303, "/login");
|
||||
}
|
||||
}
|
||||
} else if (currentRefreshToken) {
|
||||
// No access token but have a refresh token — try to get a new one
|
||||
try {
|
||||
const refreshed = await optima.user.refreshSession(currentRefreshToken);
|
||||
currentAccessToken = refreshed.accessToken;
|
||||
currentRefreshToken = refreshed.refreshToken ?? currentRefreshToken;
|
||||
} catch {
|
||||
optima.user.logout(event);
|
||||
return redirect(303, "/login");
|
||||
}
|
||||
} catch (err) {
|
||||
console.trace(err);
|
||||
|
||||
user.logout(event);
|
||||
} finally {
|
||||
return await resolve(event);
|
||||
}
|
||||
|
||||
const setTokens = async (accessToken: string, refreshToken: string) => {
|
||||
event.cookies.set("accessToken", accessToken, { path: "/" });
|
||||
event.cookies.set("refreshToken", refreshToken, { path: "/" });
|
||||
|
||||
event.locals.session = { accessToken, refreshToken, set: setTokens };
|
||||
|
||||
return;
|
||||
};
|
||||
|
||||
// Persist any refreshed tokens into cookies
|
||||
await setTokens(currentAccessToken!, currentRefreshToken!);
|
||||
|
||||
const response = await resolve(event);
|
||||
return response;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user