@payez/next-mvp 4.0.33 → 4.0.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/api/auth-handler.js
CHANGED
|
@@ -235,6 +235,9 @@ function createAuthHandler(options = {}) {
|
|
|
235
235
|
function needsRefresh(auth) {
|
|
236
236
|
if (!autoRefresh)
|
|
237
237
|
return false;
|
|
238
|
+
// No refresh token = nothing to refresh with, skip entirely
|
|
239
|
+
if (!auth.refreshToken)
|
|
240
|
+
return false;
|
|
238
241
|
// Check if we have token expiry information
|
|
239
242
|
const token = auth.token;
|
|
240
243
|
const expiresAt = token.accessTokenExpires || token.exp;
|
package/dist/lib/api-handler.js
CHANGED
|
@@ -184,9 +184,11 @@ class ApiHandler {
|
|
|
184
184
|
}
|
|
185
185
|
catch { /* ignore */ }
|
|
186
186
|
// Check if token needs refresh
|
|
187
|
+
// Skip entirely if there's no refresh token — nothing to refresh with
|
|
187
188
|
const thresholdMs = 5 * 60 * 1000;
|
|
188
189
|
const expires = sessionData.idpAccessTokenExpires || 0;
|
|
189
|
-
const
|
|
190
|
+
const hasRefreshToken = !!sessionData.idpRefreshToken;
|
|
191
|
+
const needsRefresh = hasRefreshToken && (!accessToken || (expires - Date.now()) <= thresholdMs);
|
|
190
192
|
if (needsRefresh) {
|
|
191
193
|
const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);
|
|
192
194
|
if (refreshResult.blocked) {
|
|
@@ -408,7 +408,7 @@ async function acquireRefreshLock(sessionToken, requestId, maxWaitMs = 5000) {
|
|
|
408
408
|
// Try to acquire the lock atomically
|
|
409
409
|
const result = await redis_1.default.set(lockKey, JSON.stringify(lockInfo), 'PX', REFRESH_LOCK_TTL * 1000, 'NX');
|
|
410
410
|
if (result === 'OK') {
|
|
411
|
-
console.
|
|
411
|
+
console.debug('[SESSION-STORE] Refresh lock acquired', {
|
|
412
412
|
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
413
413
|
requestId,
|
|
414
414
|
lockVersion
|
|
@@ -418,7 +418,7 @@ async function acquireRefreshLock(sessionToken, requestId, maxWaitMs = 5000) {
|
|
|
418
418
|
else {
|
|
419
419
|
// Lock already exists, check if we should wait
|
|
420
420
|
if (maxWaitMs > 0) {
|
|
421
|
-
console.
|
|
421
|
+
console.debug('[SESSION-STORE] Refresh lock already exists, waiting for release', {
|
|
422
422
|
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
423
423
|
requestId,
|
|
424
424
|
maxWaitMs
|
|
@@ -506,7 +506,7 @@ async function releaseRefreshLock(sessionToken, requestId, lockVersion) {
|
|
|
506
506
|
`;
|
|
507
507
|
const result = await redis_1.default.eval(luaScript, 1, lockKey, requestId, lockVersion ? lockVersion.toString() : '');
|
|
508
508
|
if (result === 1) {
|
|
509
|
-
console.
|
|
509
|
+
console.debug('[SESSION-STORE] Refresh lock released successfully', {
|
|
510
510
|
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
511
511
|
requestId,
|
|
512
512
|
lockVersion
|
package/package.json
CHANGED
package/src/api/auth-handler.ts
CHANGED
|
@@ -337,6 +337,8 @@ export function createAuthHandler(options: AuthHandlerOptions = {}) {
|
|
|
337
337
|
*/
|
|
338
338
|
function needsRefresh(auth: AuthContext): boolean {
|
|
339
339
|
if (!autoRefresh) return false;
|
|
340
|
+
// No refresh token = nothing to refresh with, skip entirely
|
|
341
|
+
if (!auth.refreshToken) return false;
|
|
340
342
|
|
|
341
343
|
// Check if we have token expiry information
|
|
342
344
|
const token = auth.token as any;
|
package/src/lib/api-handler.ts
CHANGED
|
@@ -279,9 +279,11 @@ export class ApiHandler {
|
|
|
279
279
|
} catch { /* ignore */ }
|
|
280
280
|
|
|
281
281
|
// Check if token needs refresh
|
|
282
|
+
// Skip entirely if there's no refresh token — nothing to refresh with
|
|
282
283
|
const thresholdMs = 5 * 60 * 1000;
|
|
283
284
|
const expires = sessionData.idpAccessTokenExpires || 0;
|
|
284
|
-
const
|
|
285
|
+
const hasRefreshToken = !!sessionData.idpRefreshToken;
|
|
286
|
+
const needsRefresh = hasRefreshToken && (!accessToken || (expires - Date.now()) <= thresholdMs);
|
|
285
287
|
|
|
286
288
|
if (needsRefresh) {
|
|
287
289
|
const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);
|
package/src/lib/session-store.ts
CHANGED
|
@@ -480,7 +480,7 @@ export async function acquireRefreshLock(
|
|
|
480
480
|
const result = await redis.set(lockKey, JSON.stringify(lockInfo), 'PX', REFRESH_LOCK_TTL * 1000, 'NX');
|
|
481
481
|
|
|
482
482
|
if (result === 'OK') {
|
|
483
|
-
console.
|
|
483
|
+
console.debug('[SESSION-STORE] Refresh lock acquired', {
|
|
484
484
|
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
485
485
|
requestId,
|
|
486
486
|
lockVersion
|
|
@@ -490,7 +490,7 @@ export async function acquireRefreshLock(
|
|
|
490
490
|
} else {
|
|
491
491
|
// Lock already exists, check if we should wait
|
|
492
492
|
if (maxWaitMs > 0) {
|
|
493
|
-
console.
|
|
493
|
+
console.debug('[SESSION-STORE] Refresh lock already exists, waiting for release', {
|
|
494
494
|
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
495
495
|
requestId,
|
|
496
496
|
maxWaitMs
|
|
@@ -604,7 +604,7 @@ export async function releaseRefreshLock(
|
|
|
604
604
|
) as number;
|
|
605
605
|
|
|
606
606
|
if (result === 1) {
|
|
607
|
-
console.
|
|
607
|
+
console.debug('[SESSION-STORE] Refresh lock released successfully', {
|
|
608
608
|
sessionToken: sessionToken.substring(0, 8) + '...',
|
|
609
609
|
requestId,
|
|
610
610
|
lockVersion
|