fix: auth not properly working because of a race condition

Dun-sin · Dun-sin · commit 0ac1ce665a8a · 2025-11-03T12:07:58.000+01:00
diff --git a/app/api/auth/refreshToken/route.ts b/app/api/auth/refreshToken/route.ts
@@ -11,23 +11,25 @@ export async function POST(req: Request) {
 	const refreshToken = res.refresh_token;
 
 	if (!refreshToken) {
-		return Response.json({ error: 'Invalid request' }, { status: 400 });
+		return NextResponse.json({ error: 'Invalid request' }, { status: 400 });
 	}
 
 	try {
+		const body = new URLSearchParams({
+			grant_type: 'refresh_token',
+			refresh_token: refreshToken,
+			client_id: client_id || '',
+		}).toString();
+
 		const response = await axios.post(
 			'https://accounts.spotify.com/api/token',
-			{
-				grant_type: 'refresh_token',
-				client_id,
-				refresh_token: refreshToken,
-			},
+			body,
 			{
 				headers: {
-					'content-Type': 'application/x-www-form-urlencoded',
+					'Content-Type': 'application/x-www-form-urlencoded',
 					Authorization:
 						'Basic ' +
-						Buffer.from(client_id + ':' + client_secret).toString('base64'),
+						Buffer.from(`${client_id}:${client_secret}`).toString('base64'),
 				},
 			},
 		);
@@ -39,8 +41,17 @@ export async function POST(req: Request) {
 			{ status: 200 },
 		);
 	} catch (error) {
-		error = error as AxiosError;
+		console.error('Spotify refresh token exchange failed');
+		const axiosErr = error as AxiosError | any;
+		if (axiosErr?.response?.data) {
+			console.error('Spotify response:', axiosErr.response.data);
+			return NextResponse.json(
+				{ spotify_error: axiosErr.response.data },
+				{ status: 400 },
+			);
+		}
 
-		return NextResponse.json({ error }, { status: 400 });
+		console.error(error);
+		return NextResponse.json({ error: 'Unknown error' }, { status: 500 });
 	}
 }
diff --git a/app/api/auth/route.ts b/app/api/auth/route.ts
@@ -1,9 +1,8 @@
 import axios, { AxiosError } from "axios";
 
 import { NextResponse } from "next/server";
-import { getUser } from "@/app/lib/spotify";
-import { sql } from "@vercel/postgres";
-import prisma from "@/app/lib/prisma";
+import { getUser } from '@/app/lib/spotify';
+import prisma from '@/app/lib/prisma';
 
 const redirect_uri = process.env.REDIRECT_URL;
 const client_id = process.env.SPOTIFY_CLIENT_ID;
@@ -12,29 +11,45 @@ const client_secret = process.env.SPOTIFY_CLIENT_SECRET;
 export async function POST(req: Request) {
 	const res = await req.json();
 	const code = res.code;
+
+	// Log the incoming authorization code to help debugging (non-secret, short lived)
+	console.info('Received Spotify authorization code:', code);
+	// Log some diagnostics about the code
+	console.info('Auth code length:', code?.length);
+	if (code && /\s/.test(code)) {
+		console.warn(
+			'Auth code contains whitespace characters which may indicate copying issues',
+		);
+	}
 	if (!code) {
-		return Response.json({ error: "Invalid request" }, { status: 400 });
+		return NextResponse.json({ error: 'Invalid request' }, { status: 400 });
 	}
 
 	try {
+		const body = new URLSearchParams({
+			grant_type: 'authorization_code',
+			code,
+			redirect_uri: redirect_uri || '',
+		}).toString();
+
+		// Log the redirect and client id used for the token exchange to help
+		// diagnose redirect_uri mismatches which commonly cause invalid_grant.
+		console.info('Token exchange using redirect_uri:', redirect_uri);
+		console.info('Token exchange using client_id:', client_id);
+
 		const response = await axios.post(
-			"https://accounts.spotify.com/api/token",
-			{
-				grant_type: "authorization_code",
-				code,
-				redirect_uri,
-			},
+			'https://accounts.spotify.com/api/token',
+			body,
 			{
 				headers: {
 					Authorization:
-						"Basic " +
-						Buffer.from(client_id + ":" + client_secret).toString("base64"),
-					"content-Type": "application/x-www-form-urlencoded",
+						'Basic ' +
+						Buffer.from(`${client_id}:${client_secret}`).toString('base64'),
+					'Content-Type': 'application/x-www-form-urlencoded',
 				},
-			}
+			},
 		);
 
-
 		const { access_token, refresh_token, expires_in } = response.data;
 		const user = await getUser(access_token);
 
@@ -50,14 +65,23 @@ export async function POST(req: Request) {
 			});
 		}
 
-
 		return NextResponse.json(
 			{ expires_in, refresh_token, access_token, user },
-			{ status: 200 }
+			{ status: 200 },
 		);
 	} catch (error) {
-		console.log(error);
-		error = error as AxiosError;
-		return NextResponse.json({ error }, { status: 400 });
+		console.error('Spotify token exchange failed');
+		// If axios error, surface Spotify's error body for debugging
+		const axiosErr = error as AxiosError | any;
+		if (axiosErr?.response?.data) {
+			console.error('Spotify response:', axiosErr.response.data);
+			return NextResponse.json(
+				{ spotify_error: axiosErr.response.data },
+				{ status: 400 },
+			);
+		}
+
+		console.error(error);
+		return NextResponse.json({ error: 'Unknown error' }, { status: 500 });
 	}
 }
diff --git a/app/components/ConnectSpotify/index.tsx b/app/components/ConnectSpotify/index.tsx
@@ -1,48 +1,75 @@
 'use client';
 
-import { useAuth } from '@/app/context/authContext';
-import useRefreshToken from '@/app/hooks/useRefreshToken';
-import spotifyApi from '@/app/lib/spotifyApi';
-import { decrypt, encrypt } from '@/app/lib/utils';
 import axios, { AxiosResponse } from 'axios';
+import { decrypt, encrypt } from '@/app/lib/utils';
+import { useEffect, useRef, useState } from 'react';
 import { usePathname, useRouter, useSearchParams } from 'next/navigation';
-import { useEffect, useState } from 'react';
+
+import spotifyApi from '@/app/lib/spotifyApi';
+import { useAuth } from '@/app/context/authContext';
+import useRefreshToken from '@/app/hooks/useRefreshToken';
 
 const ConnectSpotify = ({ authUrl }: { authUrl: string }) => {
 	const { isAuthInProgress, isLoggedIn, authInProgress, logIn, setUserData } =
 		useAuth();
 
 	const [expires, setExpires] = useState<number | null>(null);
+  const isExchangingCode = useRef(false);
 
 	const currentPath = usePathname();
 
 	const searchParams = useSearchParams();
 	const router = useRouter();
 
 	useEffect(() => {
-		const current = new URLSearchParams(Array.from(searchParams.entries()));
-		const extractedCode = searchParams.get('code');
-
-		if (extractedCode && extractedCode !== '') {
-			if (isAuthInProgress) return;
-			authInProgress(true);
-			loginUser(extractedCode);
-			current.delete('code');
-
-			const search = current.toString();
-			const query = search ? `?${search}` : '';
-
-			router.push(`${currentPath}${query}`);
-			return;
-		}
-
-		refreshAccessToken();
+    (async () => {
+      const current = new URLSearchParams(Array.from(searchParams.entries()));
+      const extractedCode = searchParams.get('code');
+
+      if (extractedCode && extractedCode !== '') {
+        if (isAuthInProgress || isExchangingCode.current) return;
+        isExchangingCode.current = true;
+        authInProgress(true);
+
+        // Attempt to exchange the code. Only remove `code` from the URL
+        // if the exchange succeeds. If it fails, keep the code visible
+        // so the developer can copy it for debugging.
+        const response = await loginUser(extractedCode);
+        if (response?.status === 200) {
+          current.delete('code');
+
+          const search = current.toString();
+          const query = search ? `?${search}` : '';
+
+          router.push(`${currentPath}${query}`);
+        } else {
+          // leave the code in the URL for debugging; authInProgress
+          // will be set to false in loginUser when a failure occurs
+          isExchangingCode.current = false;
+        }
+
+        return;
+      }
+
+      refreshAccessToken();
+    })();
 	}, []);
 
 	async function loginUser(code: string) {
-		if (!code) return;
-		const response = await axios.post('/api/auth', { code });
-		processResponse(response);
+    if (!code) return null;
+    try {
+      const response = await axios.post('/api/auth', { code });
+      processResponse(response);
+      return response;
+    } catch (err: any) {
+      // If server returned spotify_error, surface it on client console
+      console.error('Login exchange failed', err?.response?.data || err);
+      authInProgress(false);
+      // If the code expired, quickly redirect to start a fresh auth
+      const isExpired = err?.response?.data?.spotify_error?.error_description === 'Authorization code expired';
+      if (isExpired) window.location.href = authUrl;
+      return err?.response || null;
+    }
 	}
 
 	async function refreshAccessToken() {
diff --git a/app/components/DiscoverTracks/SubmitButtion.tsx b/app/components/DiscoverTracks/SubmitButtion.tsx
@@ -1,35 +1,35 @@
 'use client';
 
+import {
+  addTracksToPlayList,
+  createPlayList,
+  getAllTracksInAPlaylist,
+} from '@/app/lib/spotify';
 import {
 	extractPlaylistId,
 	getAllTracks,
 	getEveryAlbum,
 	isValidPlaylistLink,
 } from '@/app/lib/utils';
-import {
-	addTracksToPlayList,
-	createPlayList,
-	getAllTracksInAPlaylist,
-} from '@/app/lib/spotify';
 
 import { GoogleGenerativeAI } from '@google/generative-ai';
 import React from 'react';
 import SubmitButtionContainer from '../SubmitButtonContainer';
+import { addToUrl } from '@/app/lib/clientUtils';
 import { addUserHistory } from '@/app/lib/db';
+import { toast } from 'react-toastify';
 import { useAuth } from '@/app/context/authContext';
 import { useGeneralState } from '@/app/context/generalStateContext';
 import { useHistory } from '@/app/context/HistoryContext';
 import { useInput } from '@/app/context/inputContext';
 import { useLoading } from '@/app/context/loadingContext';
 import { useOptions } from '@/app/context/optionsContext';
 import { useType } from '@/app/context/DiscoverTracks/typeContext';
-import { toast } from 'react-toastify';
-import { addToUrl } from '@/app/lib/clientUtils';
 
 const API_KEY = process.env.NEXT_PUBLIC_API_KEY;
 const genAI = new GoogleGenerativeAI(API_KEY as string);
 
-const model = genAI.getGenerativeModel({ model: 'gemini-2.0-flash' });
+const model = genAI.getGenerativeModel({ model: 'gemini-2.5-flash' });
 
 const SubmitButtion = () => {
 	const { setLoading } = useLoading();
@@ -60,11 +60,7 @@ const SubmitButtion = () => {
 				? 'completely different from'
 				: 'similar to';
 			const popularity = isNotPopularArtists ? 'not popular' : 'popular';
-			const prompt = `Give me 20 musicians who are ${popularity} and ${type} the following artists provided: ${artists.join(
-				', ',
-			)}. Be sure none of the musicians listed overlap with those provided and that the result is not in list form and not more than 20 musicians. The results should also be separated by a comma.`;
-
-			// const newPrompt = `Please analyze the following list of musicians: '${artists.join(', ')}', and identify the sub-genre that is associated with 70 - 90% of them. Based on this analysis, please provide a list of 20 musicians who are ${popularity} and are ${type} as the sub-genres. Please ensure that the resulting list does not include any of the musicians from the original list provided. To help narrow down the results, please only provide the list of recommended musicians separated by commas.`
+      const prompt = `Please analyze the following list of musicians: '${artists.join(', ')}', and identify the sub-genre that is associated with 70 - 90% of them. Based on this analysis, please provide a list of 20 musicians who are ${popularity} and are ${type} as the sub-genres. Please ensure that the resulting list does not include any of the musicians from the original list provided. To help narrow down the results, please only provide the list of recommended musicians separated by commas.`
 
 			setLoadingMessage(`Getting the list of new artists`);
 			const result = await model.generateContent(prompt);
diff --git a/app/components/History/index.tsx b/app/components/History/index.tsx
@@ -4,9 +4,9 @@ import React, { useEffect, useState } from 'react';
 
 import HistoryCard from './HistoryCard';
 import axios from 'axios';
+import { getUser } from '@/app/lib/spotify';
 import { useAuth } from '@/app/context/authContext';
 import { useHistory } from '@/app/context/HistoryContext';
-import { getUser } from '@/app/lib/spotify';
 
 const History = () => {
 	const { user, logOut } = useAuth();
@@ -22,7 +22,7 @@ const History = () => {
 		}
 
 		const response = await axios.get(`api/users/${user.user_id}/history`);
-		const data = response.data.message.map(
+    const data = response?.data?.message?.map(
 			({ text, lastUsed }: { text: string; lastUsed: string }) => ({
 				text,
 				lastUsed: new Date(lastUsed),
