fix(bug): delete session on 403 response from tokens updates

Author: chertik77

app/routes/api/auth.ts

@@ -140,8 +140,6 @@ authRouter.post(
   '/tokens',
   validateRequestBody(RefreshTokenSchema),
   async ({ body }, res, next) => {
-    let sessionId = ''
-
     try {
       const { id, sid } = jwt.verify(
         body.refreshToken,
@@ -151,32 +149,28 @@ authRouter.post(
         sid: string
       }
 
-      sessionId = sid
-
       const user = await prisma.user.findFirst({ where: { id } })
 
       if (!user) {
         return next(createHttpError(403))
       }
 
       const currentSession = await prisma.session.findFirst({
-        where: { id: sessionId }
+        where: { id: sid }
       })
 
       if (!currentSession) {
         return next(createHttpError(403))
       }
 
-      await prisma.session.delete({ where: { id: sessionId } })
+      await prisma.session.delete({ where: { id: sid } })
 
       const newSid = await prisma.session.create({ data: { userId: user.id } })
 
       const tokens = getNewTokens({ id: user.id, sid: newSid.id })
 
       res.json({ ...tokens })
     } catch (e) {
-      await prisma.session.delete({ where: { id: sessionId } })
-
       return next(createHttpError(403))
     }
   }