kyle/flxn-app
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'more auth ree' (#18) from development into main
All checks were successful
CI/CD Pipeline / Build and Push App Docker Image (push) Successful in 2m24s
Details
CI/CD Pipeline / Build and Push PocketBase Docker Image (push) Successful in 8s
Details
CI/CD Pipeline / Deploy to Kubernetes (push) Successful in 43s
Details

Browse Source 
Reviewed-on: #18
This commit is contained in:
kyle
2026-03-02 23:17:54 -06:00
parent bccadd18e2 fda8751642
commit 70d591f925
2 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/lib/supertokens/recipes/start-session.ts
View File

@@ -10,14 +10,32 @@ export async function getSessionForStart(request: Request, options?: { sessionRe
if (cookieHeader) { if (cookieHeader) {
const tokens = cookieHeader.match(/sAccessToken=([^;]+)/g); const tokens = cookieHeader.match(/sAccessToken=([^;]+)/g);
if (tokens && tokens.length > 1) { if (tokens && tokens.length > 1) {
logger.warn(`Detected ${tokens.length} duplicate sAccessToken cookies - session is broken, forcing cleanup`); logger.warn(`Detected ${tokens.length} duplicate sAccessToken cookies, cleaning up`);
return { const parsedTokens = tokens.map(tokenStr => {
hasToken: false, const token = tokenStr.replace('sAccessToken=', '');
needsRefresh: true, try {
error: 'DUPLICATE_COOKIES_DETECTED', const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
duplicateCount: tokens.length return { token, exp: payload.exp, iat: payload.iat };
}; } catch (e) {
logger.error('Failed to parse token', e);
return { token, exp: 0, iat: 0 };
}
});
parsedTokens.sort((a, b) => b.exp - a.exp);
const freshestToken = parsedTokens[0];
logger.info(`Using freshest token: exp=${freshestToken.exp}, iat=${freshestToken.iat}`);
const cleanedCookie = cookieHeader
.split(';')
.filter(c => !c.trim().startsWith('sAccessToken='))
.join(';') + `; sAccessToken=${freshestToken.token}`;
const cleanedHeaders = new Headers(request.headers);
cleanedHeaders.set('cookie', cleanedCookie);
request = new Request(request, { headers: cleanedHeaders });
} }
} }

12
src/utils/supertokens.ts
View File

@@ -55,11 +55,17 @@ export const getSessionContext = createServerOnlyFn(async (request: Request, opt
if (options?.isServerFunction) { if (options?.isServerFunction) {
throw new Error("SESSION_REFRESH_REQUIRED"); throw new Error("SESSION_REFRESH_REQUIRED");
} }
const url = new URL(request.url); const url = new URL(request.url);
if (url.pathname === '/refresh-session') {
logger.warn("Already on refresh-session page but session needs refresh - treating as unauthenticated");
throw new Error("Unauthenticated");
}
const from = encodeURIComponent(url.pathname + url.search); const from = encodeURIComponent(url.pathname + url.search);
throw redirect({ throw redirect({
to: "/refresh-session", to: "/refresh-session",
search: { redirect: from } search: { redirect: from }
}); });
} }