Merge pull request #120 from njxue/fix-auth

njxue · web-flow · commit 63646a5a1846 · 2024-11-12T22:56:37.000+08:00
Fix auth
diff --git a/backend/user-service/.env.example b/backend/user-service/.env.example
@@ -47,4 +47,9 @@ SMTP_PASSWORD=scdqcveqpurzzajj
 APP_URL=http://localhost:3000
 
 # Feature flags
-DEFAULT_ADMIN_ON_REGISTER_FEATURE=true
+DEFAULT_ADMIN_ON_REGISTER_FEATURE=true
+
+# Token expiry duration
+JWT_ACCESS_TOKEN_EXPIRY="1d"
+JWT_REFRESH_TOKEN_EXPIRY="7d"
+JWT_RESET_TOKEN_EXPIRY="15m"
diff --git a/backend/user-service/config/authConfig.js b/backend/user-service/config/authConfig.js
@@ -4,13 +4,13 @@ dotenv.config();
 
 export const jwtConfig = {
   refreshTokenOptions: {
-    expiresIn: process.env.ENV === "production" ? "7d" : "1d", // Shorter duration in dev for testing
+    expiresIn: process.env.JWT_REFRESH_TOKEN_EXPIRY
   },
   accessTokenOptions: {
-    expiresIn: process.env.ENV === "production" ? "15m" : "30s", // Shorter duration in dev for testing
+    expiresIn: process.env.JWT_ACCESS_TOKEN_EXPIRY
   },
   resetTokenOptions: {
-    expiresIn: "15m",
+    expiresIn: process.env.JWT_RESET_TOKEN_EXPIRY,
   },
   accessTokenSecret: process.env.JWT_ACCESS_TOKEN_SECRET,
   refreshTokenSecret: process.env.JWT_REFRESH_TOKEN_SECRET,
diff --git a/frontend/src/infrastructure/Api/BaseApi.ts b/frontend/src/infrastructure/Api/BaseApi.ts
@@ -21,7 +21,7 @@ export class BaseApi {
             baseURL: API_URL + baseUrl,
             timeout: 10000,
             headers: {
-                "Content-Type": "application/json",
+                "Content-Type": "application/json"
             },
             withCredentials: true
         });
@@ -42,21 +42,26 @@ export class BaseApi {
 
     private setUpResponseInterceptors(axiosInstance: AxiosInstance): number {
         return axiosInstance.interceptors.response.use(
-            (response: AxiosResponse) => response,
+            (response: AxiosResponse) => {
+                return response;
+            },
             async (err: AxiosError) => {
                 const prevRequest = err?.config;
                 if (prevRequest && err?.response?.status === 401) {
                     try {
                         // Eject to prevent infinite loop
-                        this.protectedAxiosInstance.interceptors.response.eject(this.protectedResponseInterceptorId);
                         const newAccessToken = await userUseCases.refreshToken();
                         prevRequest.headers["Authorization"] = `Bearer ${newAccessToken}`;
-                        AuthClientStore.setAccessToken(newAccessToken);
+                        if (newAccessToken) {
+                            AuthClientStore.setAccessToken(newAccessToken);
+                        }
                         return this.protectedAxiosInstance(prevRequest);
                     } catch (error) {
                         // Refresh token expired/invalid
                         console.error(error);
                         return Promise.reject(error);
+                    } finally {
+                        this.protectedAxiosInstance.interceptors.response.eject(this.protectedResponseInterceptorId);
                     }
                 }
                 return Promise.reject(err);
