:bug fix(auth-refresh): update supertokens verifySession mocks

Author: victor-enogwe

packages/backend/src/__tests__/helpers/mock.setup.ts

@@ -1,10 +1,18 @@
-import { Handler, Response } from "express";
+import { Handler, NextFunction, Response } from "express";
 import { GoogleApis } from "googleapis";
 import mergeWith, { default as mockMergeWith } from "lodash.mergewith";
 import { randomUUID } from "node:crypto";
 import { SessionRequest } from "supertokens-node/framework/express";
-import { BaseResponse } from "supertokens-node/lib/build/framework";
-import { SessionContainerInterface } from "supertokens-node/lib/build/recipe/session/types";
+import {
+  ExpressRequest,
+  ExpressResponse,
+} from "supertokens-node/lib/build/framework/express/framework";
+import {
+  APIOptions,
+  SessionContainerInterface,
+  VerifySessionOptions,
+} from "supertokens-node/lib/build/recipe/session/types";
+import { UserContext } from "supertokens-node/lib/build/types";
 import { createMockCalendarListEntry as mockCalendarListCreate } from "@core/__tests__/helpers/gcal.factory";
 import { gSchema$CalendarListEntry } from "@core/types/gcal";
 import { UserMetadata } from "@core/types/user.types";
@@ -49,12 +57,12 @@ function mockGoogleapis() {
 function mockSuperToken() {
   const userMetadata = new Map<string, UserMetadata>();
 
-  function verifySession() {
-    return (
-      req: SessionRequest,
-      _res: Response & BaseResponse,
-      next?: (err?: unknown) => void,
-    ) => {
+  function verifySession(input: {
+    verifySessionOptions?: VerifySessionOptions;
+    options: APIOptions;
+    userContext: UserContext;
+  }) {
+    return (req: SessionRequest, _res: Response, next?: NextFunction) => {
       try {
         const cookies = (req.headers.cookie?.split(";") ?? [])?.reduce(
           (items, item) => {
@@ -98,10 +106,13 @@ function mockSuperToken() {
             },
           } as SessionContainerInterface;
 
-          return next ? next() : undefined;
+          return next?.();
         }
 
-        throw new Error("invalid superToken session");
+        if (input?.verifySessionOptions?.sessionRequired) {
+          console.log("Invalid session detected in mock");
+          throw new Error("invalid superToken session");
+        }
       } catch (error) {
         if (next) {
           next(error);
@@ -163,6 +174,45 @@ function mockSuperToken() {
       return mergeWith(userMetadataModule, { default: userMetadataModule });
     },
   );
+
+  mockModule(
+    "supertokens-node/lib/build/recipe/session/recipe",
+    (
+      session: typeof import("supertokens-node/lib/build/recipe/session/recipe"),
+    ) => {
+      const getInstanceOrThrowError =
+        session.default.getInstanceOrThrowError.bind(session.default);
+
+      const sessionModule = mergeWith(session, {
+        default: mergeWith(session.default, {
+          getInstanceOrThrowError: jest.fn(() => {
+            const instance = getInstanceOrThrowError();
+
+            return mergeWith(instance, {
+              apiImpl: mergeWith(instance.apiImpl, {
+                verifySession: jest.fn(
+                  async (input: {
+                    verifySessionOptions: VerifySessionOptions | undefined;
+                    options: APIOptions;
+                    userContext: UserContext;
+                  }) => {
+                    const req = input.options.req as ExpressRequest;
+                    const res = input.options.res as ExpressResponse;
+
+                    verifySession(input)(req.original, res.original);
+
+                    return Promise.resolve(req.original.session);
+                  },
+                ),
+              }),
+            });
+          }),
+        }),
+      });
+
+      return sessionModule;
+    },
+  );
 }
 
 function mockWinstonLogger() {

packages/backend/src/servers/websocket/websocket.server.ts

@@ -225,7 +225,7 @@ class WebSocketServer {
       const userContext = makeDefaultUserContextFromAPI(request);
       const sessionRecipe = SessionRecipe.getInstanceOrThrowError();
       const session = await sessionRecipe.verifySession(
-        { sessionRequired: false },
+        { sessionRequired: true },
         request,
         response,
         userContext,
@@ -237,11 +237,13 @@ class WebSocketServer {
     } catch (err) {
       const error = err as SessionError;
 
+      logger.error(error.message, error);
+
       res.writeHead(Status.UNAUTHORIZED, {
         "Content-Type": "application/json",
       });
 
-      res.end(JSON.stringify({ type: error.type, message: error.message }));
+      res.end(JSON.stringify({ type: error.type, message: "Invalid Session" }));
     }
   }