75 lines
2.3 KiB
TypeScript
75 lines
2.3 KiB
TypeScript
import { resfreshTokenAction } from '@/feactures/auth/actions/refresh-token-action';
|
|
import { auth } from '@/lib/auth';
|
|
import { cookies } from 'next/headers';
|
|
import { cache } from 'react';
|
|
|
|
export const getValidAccessToken = cache(async () => {
|
|
const session = await auth();
|
|
|
|
if (!session?.access_token) {
|
|
// console.log('No hay Access Token');
|
|
return null
|
|
}
|
|
// console.log('Si hay Access Token');
|
|
|
|
|
|
const now = Math.floor(Date.now() / 1000);
|
|
// Restamos 10s para tener margen de seguridad
|
|
const isValid = (session.access_expire_in as number) - 10 > now;
|
|
|
|
// A. Si es válido, lo retornamos directo
|
|
if (isValid) return session.access_token;
|
|
// console.log('Access Token Expiró');
|
|
|
|
// B. Si expiró, buscamos la cookie
|
|
const cookieStore = cookies();
|
|
const cookie = await cookieStore
|
|
const refreshToken = cookie.get('refresh_token')?.value;
|
|
const teaToken = cookie.get('tea_token')?.value;
|
|
|
|
if (!refreshToken) {
|
|
// console.log('No hay Refresh Token');
|
|
// Si no hay refres pero si access token pero ya expiro borrar la cookie para forzar cierre de session
|
|
(await cookieStore).delete('authjs.session-token');// comentar si por algun motivo da error
|
|
return null
|
|
} // No hay refresh token, fin del juego
|
|
// console.log('Si hay Refresh Token');
|
|
|
|
if (teaToken) {
|
|
return teaToken
|
|
}
|
|
|
|
// C. Intentamos refrescar
|
|
const newTokens = await resfreshTokenAction({ refreshToken });
|
|
|
|
if (!newTokens) {
|
|
// console.log('No hay token nuevo');
|
|
// Si falla el refresh (token revocado o expirado), borramos cookies
|
|
(await cookieStore).delete('refresh_token');
|
|
(await cookieStore).delete('authjs.session-token');// comentar si por algun motivo da error
|
|
return null;
|
|
}
|
|
// console.log('Si hay token nuevo');
|
|
|
|
// console.log('Guardamos refresh');
|
|
// D. Guardamos el nuevo refresh token en cookie y retornamos el access token
|
|
(await cookieStore).set('refresh_token', newTokens.refresh_token, {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
path: '/',
|
|
maxAge: 7 * 24 * 60 * 60,
|
|
});
|
|
|
|
// console.log('guardamo tea');
|
|
(await cookieStore).set('tea_token', newTokens.access_token, {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
path: '/',
|
|
maxAge: 7 * 24 * 60 * 60,
|
|
});
|
|
|
|
return newTokens.access_token;
|
|
});
|