Trying to make it so you don't have to auth in the discord application every time.

Author: Darkside138

gradle.properties

@@ -1,2 +1,2 @@
-projectVersion=4.1.51
+projectVersion=4.1.52
 org.gradle.configuration-cache=false

src/frontend/src/hooks/useAuth.ts

@@ -1,4 +1,4 @@
-import { useState, useEffect } from 'react';
+import { useState, useEffect, useCallback } from 'react';
 import {
   loadAuth,
   initiateDiscordLogin,
@@ -8,13 +8,71 @@ import {
   handleOAuthRedirect,
   refreshToken,
   fetchDefaultPermissions,
+  isTokenExpired,
+  getTokenExpirationTime,
   type DiscordUser
 } from '../utils/auth';
+import { TOKEN_EXPIRED_EVENT } from '../utils/api';
 
 export function useAuth() {
   const [authUser, setAuthUser] = useState<DiscordUser | null>(null);
   const [authLoading, setAuthLoading] = useState<boolean>(true);
 
+  // Handle token expiration - switch to guest user
+  const handleTokenExpired = useCallback(async () => {
+    const guestUser = await fetchDefaultPermissions();
+    setAuthUser(guestUser);
+  }, []);
+
+  // Listen for token expired events from API calls
+  useEffect(() => {
+    const handleExpiredEvent = () => {
+      handleTokenExpired();
+    };
+
+    window.addEventListener(TOKEN_EXPIRED_EVENT, handleExpiredEvent);
+    return () => {
+      window.removeEventListener(TOKEN_EXPIRED_EVENT, handleExpiredEvent);
+    };
+  }, [handleTokenExpired]);
+
+  // Periodic token expiration check
+  useEffect(() => {
+    const checkTokenExpiration = () => {
+      const storedAuth = loadAuth();
+      if (storedAuth.accessToken && isTokenExpired(storedAuth.accessToken)) {
+        clearAuth();
+        handleTokenExpired();
+      }
+    };
+
+    // Check every minute
+    const interval = setInterval(checkTokenExpiration, 60000);
+
+    // Also set up a timer for exact expiration time
+    const storedAuth = loadAuth();
+    if (storedAuth.accessToken) {
+      const expirationTime = getTokenExpirationTime(storedAuth.accessToken);
+      if (expirationTime) {
+        const timeUntilExpiry = expirationTime - Date.now();
+        if (timeUntilExpiry > 0) {
+          const timeout = setTimeout(() => {
+            clearAuth();
+            handleTokenExpired();
+          }, timeUntilExpiry);
+          return () => {
+            clearInterval(interval);
+            clearTimeout(timeout);
+          };
+        }
+      }
+    }
+
+    return () => {
+      clearInterval(interval);
+    };
+  }, [authUser, handleTokenExpired]);
+
   // Handle Discord OAuth callback
   useEffect(() => {
     const handleCallback = async () => {

src/frontend/src/utils/api.ts

@@ -1,6 +1,16 @@
-import { loadAuth } from './auth';
+import { loadAuth, isTokenExpired, clearAuth } from './auth';
 import Cookies from 'js-cookie';
 
+// Custom event for token expiration
+export const TOKEN_EXPIRED_EVENT = 'auth:token-expired';
+
+/**
+ * Dispatch token expired event to notify the app
+ */
+function dispatchTokenExpiredEvent(): void {
+  window.dispatchEvent(new CustomEvent(TOKEN_EXPIRED_EVENT));
+}
+
 /**
  * Get the CSRF token from cookie
  */
@@ -51,6 +61,13 @@ export function getAuthHeadersWithCsrf(): HeadersInit {
 export async function fetchWithAuth(url: string, options: RequestInit = {}): Promise<Response> {
   const auth = loadAuth();
 
+  // Check if token is expired before making request
+  if (auth.accessToken && isTokenExpired(auth.accessToken)) {
+    clearAuth();
+    dispatchTokenExpiredEvent();
+    throw new Error('Token expired');
+  }
+
   const headers: HeadersInit = {
     ...options.headers,
   };
@@ -68,11 +85,19 @@ export async function fetchWithAuth(url: string, options: RequestInit = {}): Pro
     }
   }
 
-  return fetch(url, {
+  const response = await fetch(url, {
     ...options,
     credentials: 'include', // Always include cookies for CSRF token
     headers,
   });
+
+  // If we get a 401, the token is invalid/expired
+  if (response.status === 401) {
+    clearAuth();
+    dispatchTokenExpiredEvent();
+  }
+
+  return response;
 }
 
 /**

src/frontend/src/utils/auth.ts

@@ -86,12 +86,40 @@ function decodeJWT(token: string): any {
     const payload = parts[1];
     const decoded = atob(payload);
     return JSON.parse(decoded);
-  } catch (error) {
-    console.error('Error decoding JWT:', error);
+  } catch {
     return null;
   }
 }
 
+/**
+ * Check if a JWT token is expired
+ * Returns true if expired or invalid, false if still valid
+ */
+export function isTokenExpired(token: string | null): boolean {
+  if (!token) return true;
+
+  const payload = decodeJWT(token);
+  if (!payload || !payload.exp) return true;
+
+  // exp is in seconds, Date.now() is in milliseconds
+  // Add 30 second buffer to handle clock skew
+  const expirationTime = payload.exp * 1000;
+  return Date.now() >= expirationTime - 30000;
+}
+
+/**
+ * Get the expiration time of a JWT token in milliseconds
+ * Returns null if token is invalid
+ */
+export function getTokenExpirationTime(token: string | null): number | null {
+  if (!token) return null;
+
+  const payload = decodeJWT(token);
+  if (!payload || !payload.exp) return null;
+
+  return payload.exp * 1000;
+}
+
 export function saveAuth(authState: AuthState): void {
   localStorage.setItem(AUTH_STORAGE_KEY, JSON.stringify(authState));
 }

src/main/resources/application.yml

@@ -23,7 +23,6 @@ spring:
             authorizationGrantType: authorization_code
             scope:
               - identify
-              - email
             redirectUri: "{baseUrl}/login/oauth2/code/{registrationId}"
             clientName: Discord Soundboard
         provider: