Merge pull request #334 from kinde-oss/feat/setup-queue

Author: DanielRivers

src/authMiddleware/authMiddleware.ts

@@ -10,6 +10,7 @@ import { getSplitCookies } from "../utils/cookies/getSplitSerializedCookies";
 import { getIdToken } from "../utils/getIdToken";
 import { OAuth2CodeExchangeResponse } from "@kinde-oss/kinde-typescript-sdk";
 import { copyCookiesToRequest } from "../utils/copyCookiesToRequest";
+import { getStandardCookieOptions } from "../utils/cookies/getStandardCookieOptions";
 
 const handleMiddleware = async (req, options, onSuccess) => {
   const { pathname } = req.nextUrl;
@@ -19,11 +20,13 @@ const handleMiddleware = async (req, options, onSuccess) => {
   const loginPage = options?.loginPage || `${config.apiPath}/${routes.login}`;
   const callbackPage = `${config.apiPath}/kinde_callback`;
   const registerPage = `${config.apiPath}/${routes.register}`;
+  const setupPage = `${config.apiPath}/${routes.setup}`;
 
   if (
     loginPage == pathname ||
     callbackPage == pathname ||
-    registerPage == pathname
+    registerPage == pathname ||
+    setupPage == pathname
   ) {
     return NextResponse.next();
   }
@@ -85,11 +88,36 @@ const handleMiddleware = async (req, options, onSuccess) => {
       console.log("authMiddleware: access token expired, refreshing");
     }
 
+    const sendResult = (debugMessage: string) => {
+      if (config.isDebugMode) {
+        console.error(debugMessage);
+      }
+      if (!isPublicPath) {
+        return NextResponse.redirect(
+          new URL(
+            loginRedirectUrl,
+            options?.redirectURLBase || config.redirectURL,
+          ),
+        );
+      }
+    };
+
     try {
       refreshResponse = await kindeClient.refreshTokens(session, false);
       kindeAccessToken = refreshResponse.access_token;
       kindeIdToken = refreshResponse.id_token;
+      if (config.isDebugMode) {
+        console.log(
+          "authMiddleware: tokens refreshed",
+          !!refreshResponse.access_token,
+          !!refreshResponse.id_token,
+        );
+      }
+    } catch (error) {
+      return sendResult("authMiddleware: error refreshing tokens");
+    }
 
+    try {
       // if we want layouts/pages to get immediate access to the new token,
       // we need to set the cookie on the response here
       const splitAccessTokenCookies = getSplitCookies(
@@ -108,7 +136,11 @@ const handleMiddleware = async (req, options, onSuccess) => {
         resp.cookies.set(cookie.name, cookie.value, cookie.options);
       });
 
-      resp.cookies.set("refresh_token", refreshResponse.refresh_token);
+      resp.cookies.set(
+        "refresh_token",
+        refreshResponse.refresh_token,
+        getStandardCookieOptions(),
+      );
 
       // copy the cookies from the response to the request
       // in Next versions prior to 14.2.8, the cookies function
@@ -117,24 +149,10 @@ const handleMiddleware = async (req, options, onSuccess) => {
       copyCookiesToRequest(req, resp);
 
       if (config.isDebugMode) {
-        console.log("authMiddleware: tokens refreshed");
+        console.log("authMiddleware: tokens refreshed and cookies updated");
       }
     } catch (error) {
-      // token is expired and refresh failed, redirect to login
-      if (config.isDebugMode) {
-        console.error(
-          "authMiddleware: token refresh failed, redirecting to login",
-        );
-      }
-
-      if (!isPublicPath) {
-        return NextResponse.redirect(
-          new URL(
-            loginRedirectUrl,
-            options?.redirectURLBase || config.redirectURL,
-          ),
-        );
-      }
+      sendResult("authMiddleware: error settings new token in cookie");
     }
   }
 

src/handlers/setup.ts

@@ -2,149 +2,155 @@ import { jwtDecoder } from "@kinde/jwt-decoder";
 import { KindeAccessToken, KindeIdToken } from "../types";
 import { config } from "../config/index";
 import { generateUserObject } from "../utils/generateUserObject";
-import { validateToken } from "@kinde/jwt-validator";
-import { refreshTokens } from "../utils/refreshTokens";
 import { getAccessToken } from "../utils/getAccessToken";
 import RouterClient from "../routerClients/RouterClient";
 import { getIdToken } from "../utils/getIdToken";
 import { isTokenExpired } from "../utils/jwt/validation";
 import { sessionManager } from "../session/sessionManager";
 import { kindeClient } from "../session/kindeServerClient";
+import { RequestQueueManager } from "../utils/workQueue";
 
 /**
  *
  * @param {RouterClient} routerClient
  * @returns
  */
 export const setup = async (routerClient: RouterClient) => {
-  try {
-    let accessTokenEncoded = await getAccessToken(routerClient.req);
-    let idTokenEncoded = await getIdToken(routerClient.req);
+  const queueManager = RequestQueueManager.getInstance();
 
-    if (!accessTokenEncoded || !idTokenEncoded) {
-      if (config.isDebugMode) {
-        console.log("setup: no access or id token - returning NOT_LOGGED_IN");
+  return queueManager.enqueue(async () => {
+    try {
+      let accessTokenEncoded = await getAccessToken(routerClient.req);
+      let idTokenEncoded = await getIdToken(routerClient.req);
+
+      if (!accessTokenEncoded || !idTokenEncoded) {
+        if (config.isDebugMode) {
+          console.log("setup: no access or id token - returning NOT_LOGGED_IN");
+        }
+        return routerClient.json(
+          {
+            message: "NOT_LOGGED_IN",
+          },
+          { status: 200 },
+        );
       }
-      return routerClient.json(
-        {
-          message: "NOT_LOGGED_IN",
-        },
-        { status: 200 },
-      );
-    }
 
-    const session = await sessionManager(routerClient.req);
+      const session = await sessionManager(routerClient.req);
 
-    if (isTokenExpired(accessTokenEncoded) || isTokenExpired(idTokenEncoded)) {
-      if (config.isDebugMode) {
-        console.log("setup: access or id token expired - attempting refresh");
+      if (
+        isTokenExpired(accessTokenEncoded) ||
+        isTokenExpired(idTokenEncoded)
+      ) {
+        if (config.isDebugMode) {
+          console.log("setup: access or id token expired - attempting refresh");
+        }
+        try {
+          const refreshResponse = await kindeClient.refreshTokens(session);
+          accessTokenEncoded = refreshResponse.access_token;
+          idTokenEncoded = refreshResponse.id_token;
+        } catch (error) {
+          if (config.isDebugMode) {
+            console.error("setup: refresh tokens failed - returning error");
+          }
+          return routerClient.json(
+            { message: "REFRESH_FAILED", error },
+            { status: 500 },
+          );
+        }
       }
+
+      let accessToken: KindeAccessToken | null = null;
+      let idToken: KindeIdToken | null = null;
+
       try {
-        const refreshResponse = await kindeClient.refreshTokens(session);
-        accessTokenEncoded = refreshResponse.access_token;
-        idTokenEncoded = refreshResponse.id_token;
+        accessToken = jwtDecoder<KindeAccessToken>(accessTokenEncoded);
       } catch (error) {
         if (config.isDebugMode) {
-          console.error("setup: refresh tokens failed - returning error");
+          console.error(
+            "setup: access token decode failed, redirecting to login",
+          );
         }
         return routerClient.json(
-          { message: "REFRESH_FAILED", error },
+          { message: "ACCESS_TOKEN_DECODE_FAILED", error },
           { status: 500 },
         );
       }
-    }
 
-    let accessToken: KindeAccessToken | null = null;
-    let idToken: KindeIdToken | null = null;
+      try {
+        idToken = jwtDecoder<KindeIdToken>(idTokenEncoded);
+      } catch (error) {
+        if (config.isDebugMode) {
+          console.error("setup: id token decode failed, redirecting to login");
+        }
+        return routerClient.json(
+          { message: "ID_TOKEN_DECODE_FAILED", error },
+          { status: 500 },
+        );
+      }
 
-    try {
-      accessToken = jwtDecoder<KindeAccessToken>(accessTokenEncoded);
-    } catch (error) {
-      if (config.isDebugMode) {
-        console.error(
-          "setup: access token decode failed, redirecting to login",
+      if (!accessToken || !idToken) {
+        return routerClient.json(
+          { message: "TOKENS_MISSING", error: "No access or id token" },
+          { status: 500 },
         );
       }
-      return routerClient.json(
-        { message: "ACCESS_TOKEN_DECODE_FAILED", error },
-        { status: 500 },
-      );
-    }
 
-    try {
-      idToken = jwtDecoder<KindeIdToken>(idTokenEncoded);
+      const permissions = accessToken.permissions;
+
+      const organization = accessToken.org_code;
+      const featureFlags = accessToken.feature_flags;
+      const userOrganizations = idToken.org_codes;
+      const orgName = accessToken.org_name;
+      const orgProperties = accessToken.organization_properties;
+      const orgNames = idToken.organizations;
+
+      return routerClient.json({
+        accessToken,
+        accessTokenEncoded,
+        accessTokenRaw: accessTokenEncoded,
+        idToken,
+        idTokenRaw: idTokenEncoded,
+        idTokenEncoded,
+        user: generateUserObject(idToken, accessToken),
+        permissions: {
+          permissions,
+          orgCode: organization,
+        },
+        needsRefresh: false,
+        message: "OK",
+        organization: {
+          orgCode: organization,
+          orgName,
+          properties: {
+            city: orgProperties?.kp_org_city?.v,
+            industry: orgProperties?.kp_org_industry?.v,
+            postcode: orgProperties?.kp_org_postcode?.v,
+            state_region: orgProperties?.kp_org_state_region?.v,
+            street_address: orgProperties?.kp_org_street_address?.v,
+            street_address_2: orgProperties?.kp_org_street_address_2?.v,
+          },
+        },
+        featureFlags,
+        userOrganizations: {
+          orgCodes: userOrganizations,
+          orgs: orgNames?.map((org) => ({
+            code: org?.id,
+            name: org?.name,
+          })),
+        },
+      });
     } catch (error) {
       if (config.isDebugMode) {
-        console.error("setup: id token decode failed, redirecting to login");
+        console.error("setup: failed, error: ", error);
       }
-      return routerClient.json(
-        { message: "ID_TOKEN_DECODE_FAILED", error },
-        { status: 500 },
-      );
-    }
 
-    if (!accessToken || !idToken) {
       return routerClient.json(
-        { message: "TOKENS_MISSING", error: "No access or id token" },
+        {
+          message: "SETUP_FAILED",
+          error,
+        },
         { status: 500 },
       );
     }
-
-    const permissions = accessToken.permissions;
-
-    const organization = accessToken.org_code;
-    const featureFlags = accessToken.feature_flags;
-    const userOrganizations = idToken.org_codes;
-    const orgName = accessToken.org_name;
-    const orgProperties = accessToken.organization_properties;
-    const orgNames = idToken.organizations;
-
-    return routerClient.json({
-      accessToken,
-      accessTokenEncoded,
-      accessTokenRaw: accessTokenEncoded,
-      idToken,
-      idTokenRaw: idTokenEncoded,
-      idTokenEncoded,
-      user: generateUserObject(idToken, accessToken),
-      permissions: {
-        permissions,
-        orgCode: organization,
-      },
-      needsRefresh: false,
-      message: "OK",
-      organization: {
-        orgCode: organization,
-        orgName,
-        properties: {
-          city: orgProperties?.kp_org_city?.v,
-          industry: orgProperties?.kp_org_industry?.v,
-          postcode: orgProperties?.kp_org_postcode?.v,
-          state_region: orgProperties?.kp_org_state_region?.v,
-          street_address: orgProperties?.kp_org_street_address?.v,
-          street_address_2: orgProperties?.kp_org_street_address_2?.v,
-        },
-      },
-      featureFlags,
-      userOrganizations: {
-        orgCodes: userOrganizations,
-        orgs: orgNames?.map((org) => ({
-          code: org?.id,
-          name: org?.name,
-        })),
-      },
-    });
-  } catch (error) {
-    if (config.isDebugMode) {
-      console.error("setup: failed, error: ", error);
-    }
-
-    return routerClient.json(
-      {
-        message: "SETUP_FAILED",
-        error,
-      },
-      { status: 500 },
-    );
-  }
+  });
 };

src/utils/cookies/getSplitSerializedCookies.ts

@@ -1,22 +1,13 @@
-import {
-  GLOBAL_COOKIE_OPTIONS,
-  MAX_COOKIE_LENGTH,
-  TWENTY_NINE_DAYS,
-} from "../constants";
+import { MAX_COOKIE_LENGTH } from "../constants";
 import { splitString } from "../splitString";
-import { config } from "../../config";
-import { RequestCookie } from "next/dist/compiled/@edge-runtime/cookies";
+import { getStandardCookieOptions } from "../../utils/cookies/getStandardCookieOptions";
 
 export const getSplitCookies = (cookieName: string, cookieValue: string) => {
   return splitString(cookieValue, MAX_COOKIE_LENGTH).map((value, index) => {
     return {
       name: cookieName + (index === 0 ? "" : index),
       value: value,
-      options: {
-        maxAge: TWENTY_NINE_DAYS,
-        domain: config.cookieDomain ? config.cookieDomain : undefined,
-        ...GLOBAL_COOKIE_OPTIONS,
-      } as Partial<RequestCookie>,
+      options: getStandardCookieOptions(),
     };
   });
 };