feat(authentication): remove cookies for tokens and use local storage

Author: Ismaestro

src/app/core/interceptors/authentication.interceptor.ts

@@ -9,9 +9,15 @@ import { BehaviorSubject, throwError } from 'rxjs';
 import { catchError, filter, switchMap, take } from 'rxjs/operators';
 import { inject } from '@angular/core';
 import { Router } from '@angular/router';
-import { AuthenticationService } from '~features/authentication/services/authentication.service';
+import {
+  ACCESS_TOKEN_KEY,
+  AuthenticationService,
+} from '~features/authentication/services/authentication.service';
 import { AppError } from '~core/enums/app-error.enum';
 import { AUTH_URLS } from '~core/constants/urls.constants';
+import { LOCAL_STORAGE } from '~core/providers/local-storage';
+import { translations } from '../../../locale/translations';
+import { AlertService } from '~core/services/alert.service';
 
 const isRefreshing = new BehaviorSubject<boolean>(false);
 
@@ -20,24 +26,74 @@ export function authenticationInterceptor(
   next: HttpHandlerFn,
 ): Observable<HttpEvent<unknown>> {
   const authenticationService = inject(AuthenticationService);
+  const alertService = inject(AlertService);
+  const storageService = inject(LOCAL_STORAGE);
   const router = inject(Router);
-  return next(request).pipe(
-    catchError((errorResponse: HttpErrorResponse) => {
-      if (isAccessTokenError(errorResponse)) {
-        return tryRefreshToken(request, next, authenticationService);
-      }
-
-      if (isRefreshTokenError(errorResponse)) {
-        authenticationService.logOut();
-        void router.navigate([AUTH_URLS.logIn]);
-        return throwError(() => new Error('Session expired. Please log in again.'));
-      }
-
-      return throwError(() => errorResponse);
-    }),
+
+  const clonedRequest = attachAccessToken(request, storageService);
+  return handleRequest({
+    request: clonedRequest,
+    next,
+    authenticationService,
+    alertService,
+    storageService,
+    router,
+  });
+}
+
+function attachAccessToken(
+  request: HttpRequest<unknown>,
+  storageService: Storage | null,
+): HttpRequest<unknown> {
+  const accessToken = storageService?.getItem(ACCESS_TOKEN_KEY);
+  if (accessToken) {
+    return request.clone({
+      setHeaders: { Authorization: `Bearer ${accessToken}` },
+    });
+  }
+  return request;
+}
+
+function handleRequest(parameters: {
+  request: HttpRequest<unknown>;
+  next: HttpHandlerFn;
+  authenticationService: AuthenticationService;
+  alertService: AlertService;
+  storageService: Storage | null;
+  router: Router;
+}): Observable<HttpEvent<unknown>> {
+  return parameters.next(parameters.request).pipe(
+    catchError((errorResponse: HttpErrorResponse) =>
+      handleErrors({
+        errorResponse,
+        ...parameters,
+      }),
+    ),
   );
 }
 
+function handleErrors(parameters: {
+  request: HttpRequest<unknown>;
+  next: HttpHandlerFn;
+  authenticationService: AuthenticationService;
+  alertService: AlertService;
+  storageService: Storage | null;
+  router: Router;
+  errorResponse: HttpErrorResponse;
+}): Observable<HttpEvent<unknown>> {
+  if (isAccessTokenError(parameters.errorResponse)) {
+    return tryRefreshToken(parameters);
+  }
+
+  if (isRefreshTokenError(parameters.errorResponse)) {
+    parameters.authenticationService.logOut();
+    void parameters.router.navigate([AUTH_URLS.logIn]);
+    return throwError(() => new Error('Session expired. Please log in again.'));
+  }
+
+  return throwError(() => parameters.errorResponse);
+}
+
 function isAccessTokenError(errorResponse: HttpErrorResponse): boolean {
   return (
     errorResponse.status === 401 &&
@@ -56,30 +112,76 @@ function isRefreshTokenError(errorResponse: HttpErrorResponse): boolean {
   );
 }
 
-// eslint-disable-next-line @typescript-eslint/max-params
-function tryRefreshToken(
-  request: HttpRequest<unknown>,
-  next: HttpHandlerFn,
-  authenticationService: AuthenticationService,
-): Observable<HttpEvent<unknown>> {
+function tryRefreshToken(parameters: {
+  request: HttpRequest<unknown>;
+  next: HttpHandlerFn;
+  authenticationService: AuthenticationService;
+  alertService: AlertService;
+  storageService: Storage | null;
+  router: Router;
+}): Observable<HttpEvent<unknown>> {
   if (!isRefreshing.getValue()) {
-    isRefreshing.next(true);
-
-    return authenticationService.refreshToken().pipe(
-      switchMap(() => {
-        isRefreshing.next(false);
-        return next(request.clone({ withCredentials: true }));
-      }),
-      catchError((error: HttpErrorResponse) => {
-        isRefreshing.next(false);
-        return throwError(() => error);
-      }),
-    );
+    return handleTokenRefresh(parameters);
   }
 
+  return waitForTokenRefresh(parameters);
+}
+
+function handleTokenRefresh(parameters: {
+  request: HttpRequest<unknown>;
+  next: HttpHandlerFn;
+  authenticationService: AuthenticationService;
+  alertService: AlertService;
+  storageService: Storage | null;
+  router: Router;
+}): Observable<HttpEvent<unknown>> {
+  isRefreshing.next(true);
+
+  return parameters.authenticationService.refreshToken().pipe(
+    switchMap(() => {
+      isRefreshing.next(false);
+      return retryRequestWithRefreshedToken(parameters);
+    }),
+    catchError((error: HttpErrorResponse) => {
+      isRefreshing.next(false);
+      handleRefreshError(parameters);
+      return throwError(() => error);
+    }),
+  );
+}
+
+function waitForTokenRefresh(parameters: {
+  request: HttpRequest<unknown>;
+  next: HttpHandlerFn;
+  storageService: Storage | null;
+}): Observable<HttpEvent<unknown>> {
   return isRefreshing.pipe(
     filter((refreshing) => !refreshing),
     take(1),
-    switchMap(() => next(request.clone({ withCredentials: true }))),
+    switchMap(() => retryRequestWithRefreshedToken(parameters)),
   );
 }
+
+function retryRequestWithRefreshedToken(parameters: {
+  request: HttpRequest<unknown>;
+  next: HttpHandlerFn;
+  storageService: Storage | null;
+}): Observable<HttpEvent<unknown>> {
+  const refreshedToken = parameters.storageService?.getItem(ACCESS_TOKEN_KEY);
+  const clonedRequest = refreshedToken
+    ? parameters.request.clone({
+        setHeaders: { Authorization: `Bearer ${refreshedToken}` },
+      })
+    : parameters.request;
+  return parameters.next(clonedRequest);
+}
+
+function handleRefreshError(parameters: {
+  authenticationService: AuthenticationService;
+  alertService: AlertService;
+  router: Router;
+}): void {
+  parameters.authenticationService.logOut();
+  parameters.alertService.createErrorAlert(translations.sessionExpired);
+  void parameters.router.navigate([AUTH_URLS.logIn]);
+}

src/app/features/authentication/services/authentication.service.ts

@@ -18,7 +18,8 @@ import type {
 import { LanguageService } from '~core/services/language.service';
 import type { User } from '~features/authentication/types/user.type';
 
-const IS_SESSION_ALIVE_KEY = 'isSessionAlive';
+export const ACCESS_TOKEN_KEY = 'access-token';
+export const REFRESH_TOKEN_KEY = 'refresh-token';
 
 @Injectable({
   providedIn: 'root',
@@ -27,9 +28,7 @@ export class AuthenticationService {
   private readonly storageService = inject(LOCAL_STORAGE);
   private readonly httpClient = inject(HttpClient);
   private readonly languageService = inject(LanguageService);
-  private readonly isUserLoggedInSignal = signal(
-    !!this.storageService?.getItem(IS_SESSION_ALIVE_KEY),
-  );
+  private readonly isUserLoggedInSignal = signal(!!this.storageService?.getItem(ACCESS_TOKEN_KEY));
 
   private readonly apiUrl = environment.apiBaseUrl;
 
@@ -46,7 +45,6 @@ export class AuthenticationService {
           terms: registerRequest.terms,
         },
         {
-          withCredentials: true,
           headers: {
             'Accept-Language': this.languageService.convertLocaleToAcceptLanguage(),
           },
@@ -55,7 +53,7 @@ export class AuthenticationService {
       .pipe(
         map((response: RegisterResponse) => {
           const { data } = response;
-          this.storageService?.setItem(IS_SESSION_ALIVE_KEY, 'true');
+          this.saveTokens(data);
           this.isUserLoggedInSignal.set(true);
           return data;
         }),
@@ -65,18 +63,14 @@ export class AuthenticationService {
   logIn(loginRequest: LoginRequest): Observable<User> {
     const loginEndpoint = `${this.apiUrl}/v1/authentication/login`;
     return this.httpClient
-      .post<LoginResponse>(
-        loginEndpoint,
-        {
-          email: loginRequest.email.trim().toLowerCase(),
-          password: loginRequest.password,
-        },
-        { withCredentials: true },
-      )
+      .post<LoginResponse>(loginEndpoint, {
+        email: loginRequest.email.trim().toLowerCase(),
+        password: loginRequest.password,
+      })
       .pipe(
         map((response: LoginResponse) => {
           const { data } = response;
-          this.storageService?.setItem(IS_SESSION_ALIVE_KEY, 'true');
+          this.saveTokens(data);
           this.isUserLoggedInSignal.set(true);
           return data.user;
         }),
@@ -85,19 +79,37 @@ export class AuthenticationService {
 
   refreshToken(): Observable<RefreshTokenResponseData> {
     const refreshTokenEndpoint = `${this.apiUrl}/v1/authentication/token/refresh`;
-    return this.httpClient.post<RefreshTokenResponse>(
-      refreshTokenEndpoint,
-      {},
-      { withCredentials: true },
-    );
+    return this.httpClient
+      .post<RefreshTokenResponse>(refreshTokenEndpoint, {
+        refreshToken: this.storageService?.getItem(REFRESH_TOKEN_KEY),
+      })
+      .pipe(
+        map((response: RefreshTokenResponse) => {
+          const { data } = response;
+          this.saveTokens(data);
+          return data;
+        }),
+      );
   }
 
   logOut() {
-    this.storageService?.removeItem(IS_SESSION_ALIVE_KEY);
+    this.removeTokens();
     this.isUserLoggedInSignal.set(false);
   }
 
   isUserLoggedIn(): boolean {
     return this.isUserLoggedInSignal();
   }
+
+  private saveTokens(data: { accessToken: string; refreshToken?: string }) {
+    this.storageService?.setItem(ACCESS_TOKEN_KEY, data.accessToken);
+    if (data.refreshToken) {
+      this.storageService?.setItem(REFRESH_TOKEN_KEY, data.refreshToken);
+    }
+  }
+
+  private removeTokens() {
+    this.storageService?.removeItem(ACCESS_TOKEN_KEY);
+    this.storageService?.removeItem(REFRESH_TOKEN_KEY);
+  }
 }

src/app/features/authentication/services/user.service.ts

@@ -25,7 +25,6 @@ export class UserService {
     return this.httpClient
       .get<GetMeResponse>(getMeEndpoint, {
         context: new HttpContext().set(CACHING_ENABLED, cache),
-        withCredentials: true,
       })
       .pipe(
         map((response: GetMeResponse) => {
@@ -37,24 +36,18 @@ export class UserService {
 
   updateUser(updateUserRequest: UpdateUserRequest): Observable<User> {
     const updateUserEndpoint = `${this.apiUrl}/v1/user`;
-    return this.httpClient
-      .patch<UpdateUserResponse>(updateUserEndpoint, updateUserRequest, {
-        withCredentials: true,
-      })
-      .pipe(
-        map((response: UpdateUserResponse) => {
-          const { data } = response;
-          return data.user;
-        }),
-      );
+    return this.httpClient.patch<UpdateUserResponse>(updateUserEndpoint, updateUserRequest).pipe(
+      map((response: UpdateUserResponse) => {
+        const { data } = response;
+        return data.user;
+      }),
+    );
   }
 
   catchPokemon(catchPokemonRequest: CatchPokemonRequest): Observable<User> {
     const catchPokemonEndpoint = `${this.apiUrl}/v1/user/pokemon/catch`;
     return this.httpClient
-      .post<CatchPokemonResponse>(catchPokemonEndpoint, catchPokemonRequest, {
-        withCredentials: true,
-      })
+      .post<CatchPokemonResponse>(catchPokemonEndpoint, catchPokemonRequest)
       .pipe(
         map((response: CatchPokemonResponse) => {
           const { data } = response;

src/app/features/authentication/types/login-response.type.ts

@@ -2,6 +2,8 @@ import type { User } from '~features/authentication/types/user.type';
 import type { ApiResponse } from '~core/types/api-response.type';
 
 export type LoginResponseData = {
+  accessToken: string;
+  refreshToken: string;
   user: User;
 };
 

src/app/features/authentication/types/refresh-token.response.type.ts

@@ -1,5 +1,7 @@
 import type { ApiResponse } from '~core/types/api-response.type';
 
-export type RefreshTokenResponseData = object;
+export type RefreshTokenResponseData = {
+  accessToken: string;
+};
 
 export type RefreshTokenResponse = ApiResponse<RefreshTokenResponseData>;

src/app/features/authentication/types/register-response.type.ts

@@ -2,6 +2,8 @@ import type { User } from '~features/authentication/types/user.type';
 import type { ApiResponse } from '~core/types/api-response.type';
 
 export type RegisterResponseData = {
+  accessToken: string;
+  refreshToken: string;
   user: User;
 };
 

src/locale/messages.es.xlf

@@ -479,6 +479,10 @@
         <source>No real email validation. Field required. Format: [email protected]</source>
         <target state="new">Sin validación real de correo electrónico. Campo requerido. Formato: [email protected]</target>
       </trans-unit>
+      <trans-unit id="1476832105912939227" datatype="html">
+        <source>Session expired. Please log in.</source>
+        <target state="new">La sesión ha caducado. Vuelve a hacer log in.</target>
+      </trans-unit>
     </body>
   </file>
 </xliff>

src/locale/messages.xlf

@@ -355,6 +355,9 @@
       <trans-unit id="381575201384767307" datatype="html">
         <source>No real email validation. Field required. Format: [email protected]</source>
       </trans-unit>
+      <trans-unit id="1476832105912939227" datatype="html">
+        <source>Session expired. Please log in.</source>
+      </trans-unit>
     </body>
   </file>
 </xliff>