npm - @payez/next-mvp - Versions diffs - 4.0.43 → 4.0.44 - Mend

@payez/next-mvp 4.0.43 → 4.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/lib/api-handler.js CHANGED Viewed

@@ -183,12 +183,18 @@ class ApiHandler {
                 }
             }
             catch { /* ignore */ }
-            // Check if token needs refresh
-            // Skip entirely if there's no refresh token — nothing to refresh with
+            // Check if token needs refresh.
+            // Skip the optimization (hasRefreshToken check) when access token is missing —
+            // some session shapes store the refresh token under different field names,
+            // and we still want a refresh attempt to populate the access token.
             const thresholdMs = 5 * 60 * 1000;
             const expires = sessionData.idpAccessTokenExpires || 0;
-            const hasRefreshToken = !!sessionData.idpRefreshToken;
-            const needsRefresh = hasRefreshToken && (!accessToken || (expires - Date.now()) <= thresholdMs);
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const hasRefreshToken = !!(sessionData.idpRefreshToken || sessionData.refreshToken);
+            const accessTokenStale = !accessToken || (expires - Date.now()) <= thresholdMs;
+            // If we already have a fresh access token, skip refresh entirely (no lock).
+            // If we don't, only attempt refresh when we have a refresh token to use.
+            const needsRefresh = accessTokenStale && hasRefreshToken;
             if (needsRefresh) {
                 const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);
                 if (refreshResult.blocked) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@payez/next-mvp",
-  "version": "4.0.43",
+  "version": "4.0.44",
   "sideEffects": false,
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/lib/api-handler.ts CHANGED Viewed

@@ -278,12 +278,18 @@ export class ApiHandler {
         }
       } catch { /* ignore */ }
-      // Check if token needs refresh
-      // Skip entirely if there's no refresh token — nothing to refresh with
+      // Check if token needs refresh.
+      // Skip the optimization (hasRefreshToken check) when access token is missing —
+      // some session shapes store the refresh token under different field names,
+      // and we still want a refresh attempt to populate the access token.
       const thresholdMs = 5 * 60 * 1000;
       const expires = sessionData.idpAccessTokenExpires || 0;
-      const hasRefreshToken = !!sessionData.idpRefreshToken;
-      const needsRefresh = hasRefreshToken && (!accessToken || (expires - Date.now()) <= thresholdMs);
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const hasRefreshToken = !!(sessionData.idpRefreshToken || (sessionData as any).refreshToken);
+      const accessTokenStale = !accessToken || (expires - Date.now()) <= thresholdMs;
+      // If we already have a fresh access token, skip refresh entirely (no lock).
+      // If we don't, only attempt refresh when we have a refresh token to use.
+      const needsRefresh = accessTokenStale && hasRefreshToken;
       if (needsRefresh) {
         const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);