npm - @payez/next-mvp - Versions diffs - 4.0.43 → 4.0.45 - Mend

@payez/next-mvp 4.0.43 → 4.0.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/lib/api-handler.js CHANGED Viewed

@@ -173,7 +173,9 @@ class ApiHandler {
                 return { success: false, reason: 'SESSION_EXPIRED' };
             }
             const { session: sessionData } = sessionWithVersion;
-            let accessToken = sessionData.idpAccessToken || null;
+            // Sessions may store the access token under either field name
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            let accessToken = sessionData.idpAccessToken || sessionData.accessToken || null;
             let userRoles = Array.isArray(sessionData.roles) ? sessionData.roles : [];
             // Merge roles from JWT token
             try {
@@ -183,12 +185,19 @@ class ApiHandler {
                 }
             }
             catch { /* ignore */ }
-            // Check if token needs refresh
-            // Skip entirely if there's no refresh token — nothing to refresh with
+            // Check if token needs refresh.
+            // Skip the optimization (hasRefreshToken check) when access token is missing —
+            // some session shapes store the refresh token under different field names,
+            // and we still want a refresh attempt to populate the access token.
             const thresholdMs = 5 * 60 * 1000;
-            const expires = sessionData.idpAccessTokenExpires || 0;
-            const hasRefreshToken = !!sessionData.idpRefreshToken;
-            const needsRefresh = hasRefreshToken && (!accessToken || (expires - Date.now()) <= thresholdMs);
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const expires = sessionData.idpAccessTokenExpires || sessionData.accessTokenExpires || 0;
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const hasRefreshToken = !!(sessionData.idpRefreshToken || sessionData.refreshToken);
+            const accessTokenStale = !accessToken || (expires - Date.now()) <= thresholdMs;
+            // If we already have a fresh access token, skip refresh entirely (no lock).
+            // If we don't, only attempt refresh when we have a refresh token to use.
+            const needsRefresh = accessTokenStale && hasRefreshToken;
             if (needsRefresh) {
                 const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);
                 if (refreshResult.blocked) {
@@ -297,11 +306,17 @@ class ApiHandler {
             // Double-check if still needs refresh
             const latest = await (0, session_store_1.getSession)(sessionToken);
             const thresholdMs = 5 * 60 * 1000;
-            const stillNeeds = !latest?.accessToken || ((latest?.accessTokenExpires || 0) - Date.now()) <= thresholdMs;
-            if (!stillNeeds && latest?.accessToken) {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const latestAny = latest;
+            // Sessions may store the access token under either `accessToken` or `idpAccessToken`,
+            // and expiry under `accessTokenExpires` or `idpAccessTokenExpires`.
+            const latestAccessToken = latestAny?.accessToken || latestAny?.idpAccessToken;
+            const latestExpires = latestAny?.accessTokenExpires || latestAny?.idpAccessTokenExpires || 0;
+            const stillNeeds = !latestAccessToken || (latestExpires - Date.now()) <= thresholdMs;
+            if (!stillNeeds && latestAccessToken) {
                 return {
-                    accessToken: latest.accessToken,
-                    roles: Array.isArray(latest.roles) ? latest.roles : [],
+                    accessToken: latestAccessToken,
+                    roles: Array.isArray(latest?.roles) ? latest.roles : [],
                 };
             }
             // Use centralized internal API helper for server-to-server refresh calls
@@ -310,10 +325,12 @@ class ApiHandler {
                 return {};
             }
             const refreshed = await (0, session_store_1.getSession)(sessionToken);
-            if (refreshed?.accessToken) {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const refreshedAccessToken = refreshed?.accessToken || refreshed?.idpAccessToken;
+            if (refreshedAccessToken) {
                 return {
-                    accessToken: refreshed.accessToken,
-                    roles: Array.isArray(refreshed.roles) ? refreshed.roles : [],
+                    accessToken: refreshedAccessToken,
+                    roles: Array.isArray(refreshed?.roles) ? refreshed.roles : [],
                 };
             }
             return {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@payez/next-mvp",
-  "version": "4.0.43",
+  "version": "4.0.45",
   "sideEffects": false,
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/lib/api-handler.ts CHANGED Viewed

@@ -267,7 +267,9 @@ export class ApiHandler {
       }
       const { session: sessionData } = sessionWithVersion;
-      let accessToken = sessionData.idpAccessToken || null;
+      // Sessions may store the access token under either field name
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      let accessToken = sessionData.idpAccessToken || (sessionData as any).accessToken || null;
       let userRoles: string[] = Array.isArray(sessionData.roles) ? sessionData.roles : [];
       // Merge roles from JWT token
@@ -278,12 +280,19 @@ export class ApiHandler {
         }
       } catch { /* ignore */ }
-      // Check if token needs refresh
-      // Skip entirely if there's no refresh token — nothing to refresh with
+      // Check if token needs refresh.
+      // Skip the optimization (hasRefreshToken check) when access token is missing —
+      // some session shapes store the refresh token under different field names,
+      // and we still want a refresh attempt to populate the access token.
       const thresholdMs = 5 * 60 * 1000;
-      const expires = sessionData.idpAccessTokenExpires || 0;
-      const hasRefreshToken = !!sessionData.idpRefreshToken;
-      const needsRefresh = hasRefreshToken && (!accessToken || (expires - Date.now()) <= thresholdMs);
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const expires = sessionData.idpAccessTokenExpires || (sessionData as any).accessTokenExpires || 0;
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const hasRefreshToken = !!(sessionData.idpRefreshToken || (sessionData as any).refreshToken);
+      const accessTokenStale = !accessToken || (expires - Date.now()) <= thresholdMs;
+      // If we already have a fresh access token, skip refresh entirely (no lock).
+      // If we don't, only attempt refresh when we have a refresh token to use.
+      const needsRefresh = accessTokenStale && hasRefreshToken;
       if (needsRefresh) {
         const refreshResult = await this.handleCoordinatedRefresh(req, token, sessionData, ctx);
@@ -418,12 +427,18 @@ export class ApiHandler {
       // Double-check if still needs refresh
       const latest = await getSession(sessionToken);
       const thresholdMs = 5 * 60 * 1000;
-      const stillNeeds = !latest?.accessToken || ((latest?.accessTokenExpires || 0) - Date.now()) <= thresholdMs;
-      if (!stillNeeds && latest?.accessToken) {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const latestAny = latest as any;
+      // Sessions may store the access token under either `accessToken` or `idpAccessToken`,
+      // and expiry under `accessTokenExpires` or `idpAccessTokenExpires`.
+      const latestAccessToken = latestAny?.accessToken || latestAny?.idpAccessToken;
+      const latestExpires = latestAny?.accessTokenExpires || latestAny?.idpAccessTokenExpires || 0;
+      const stillNeeds = !latestAccessToken || (latestExpires - Date.now()) <= thresholdMs;
+      if (!stillNeeds && latestAccessToken) {
         return {
-          accessToken: latest.accessToken,
-          roles: Array.isArray(latest.roles) ? latest.roles : [],
+          accessToken: latestAccessToken,
+          roles: Array.isArray(latest?.roles) ? latest.roles : [],
         };
       }
@@ -440,10 +455,12 @@ export class ApiHandler {
       }
       const refreshed = await getSession(sessionToken);
-      if (refreshed?.accessToken) {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const refreshedAccessToken = (refreshed as any)?.accessToken || (refreshed as any)?.idpAccessToken;
+      if (refreshedAccessToken) {
         return {
-          accessToken: refreshed.accessToken,
-          roles: Array.isArray(refreshed.roles) ? refreshed.roles : [],
+          accessToken: refreshedAccessToken,
+          roles: Array.isArray(refreshed?.roles) ? refreshed.roles : [],
         };
       }