Merge pull request #1292 from trycompai/claudio/fix-portal

claudfuen · web-flow · commit fd7adb0936f7 · 2025-08-06T13:51:57.000-04:00
[dev] [claudfuen] claudio/fix-portal
diff --git a/apps/app/src/app/layout.tsx b/apps/app/src/app/layout.tsx
@@ -89,10 +89,6 @@ export default async function Layout({ children }: { children: React.ReactNode }
   return (
     <html lang="en" suppressHydrationWarning>
       <head>
-        <link rel="icon" href="/favicon.ico" sizes="any" />
-        <link rel="icon" href="/favicon-96x96.png" type="image/png" sizes="96x96" />
-        <link rel="apple-touch-icon" href="/apple-touch-icon.png" sizes="180x180" />
-        <link rel="manifest" href="/site.webmanifest" />
         {dubIsEnabled && dubReferUrl && (
           <DubAnalytics
             domainsConfig={{
diff --git a/apps/app/src/lib/api-client.ts b/apps/app/src/lib/api-client.ts
@@ -1,7 +1,7 @@
 'use client';
 
 import { env } from '@/env.mjs';
-import { getJwtToken } from '@/utils/auth-client';
+import { jwtManager } from '@/utils/jwt-manager';
 
 interface ApiCallOptions extends Omit<RequestInit, 'headers'> {
   organizationId?: string;
@@ -46,10 +46,12 @@ export class ApiClient {
     // Add JWT token for authentication
     if (typeof window !== 'undefined') {
       try {
-        const token = await getJwtToken();
+        // Get a valid (non-stale) JWT token
+        const token = await jwtManager.getValidToken();
+
         if (token) {
           headers['Authorization'] = `Bearer ${token}`;
-          console.log('🎯 Using JWT token for API authentication');
+          console.log('🎯 Using fresh JWT token for API authentication');
         } else {
           console.log('⚠️ No JWT token available for API authentication');
         }
diff --git a/apps/app/src/utils/auth-client.ts b/apps/app/src/utils/auth-client.ts
@@ -25,10 +25,16 @@ export const authClient = createAuthClient({
   ],
   fetchOptions: {
     onSuccess: (ctx) => {
+      // JWT tokens are now managed by jwtManager for better expiry handling
+      // Just log that we received tokens - jwtManager will handle storage
       const authToken = ctx.response.headers.get('set-auth-token');
       if (authToken) {
-        localStorage.setItem('bearer_token', authToken);
-        console.log('🎯 Bearer token captured and stored');
+        console.log('🎯 Bearer token available in response');
+      }
+
+      const jwtToken = ctx.response.headers.get('set-auth-jwt');
+      if (jwtToken) {
+        console.log('🎯 JWT token available in response');
       }
     },
     auth: {
diff --git a/apps/app/src/utils/jwt-manager.ts b/apps/app/src/utils/jwt-manager.ts
@@ -0,0 +1,218 @@
+'use client';
+
+import { authClient } from './auth-client';
+
+interface TokenInfo {
+  token: string;
+  expiresAt: number; // Unix timestamp
+}
+
+class JWTManager {
+  private refreshTimer: NodeJS.Timeout | null = null;
+  private readonly REFRESH_THRESHOLD = 5 * 60 * 1000; // Refresh 5 minutes before expiry
+  private readonly STORAGE_KEY = 'bearer_token';
+  private readonly EXPIRY_KEY = 'bearer_token_expiry';
+
+  /**
+   * Get the current JWT token, refreshing if needed
+   */
+  async getValidToken(): Promise<string | null> {
+    try {
+      const stored = this.getStoredToken();
+
+      // If no token or expired, get a fresh one
+      if (!stored || this.isTokenExpiringSoon(stored.expiresAt)) {
+        console.log('🔄 JWT token missing or expiring soon, fetching fresh token...');
+        return await this.refreshToken();
+      }
+
+      console.log('✅ Using cached JWT token');
+      return stored.token;
+    } catch (error) {
+      console.error('❌ Error getting valid JWT token:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Get a fresh JWT token from Better Auth
+   */
+  async refreshToken(): Promise<string | null> {
+    try {
+      console.log('🔄 Refreshing JWT token...');
+
+      let newToken: string | null = null;
+
+      // Try to get JWT from session call
+      const sessionResponse = await authClient.getSession({
+        fetchOptions: {
+          onSuccess: (ctx) => {
+            const jwtToken = ctx.response.headers.get('set-auth-jwt');
+            if (jwtToken) {
+              newToken = jwtToken;
+              console.log('✅ JWT token refreshed via session');
+            }
+          },
+        },
+      });
+
+      // If that didn't work, try the explicit token endpoint
+      if (!newToken) {
+        try {
+          const tokenResponse = await fetch('/api/auth/token', {
+            credentials: 'include',
+          });
+
+          if (tokenResponse.ok) {
+            const tokenData = await tokenResponse.json();
+            newToken = tokenData.token;
+            console.log('✅ JWT token refreshed via token endpoint');
+          }
+        } catch (error) {
+          console.warn('⚠️ Token endpoint failed, using session token');
+        }
+      }
+
+      if (newToken) {
+        this.storeToken(newToken);
+        this.scheduleRefresh(newToken);
+        return newToken;
+      }
+
+      console.error('❌ Failed to refresh JWT token');
+      return null;
+    } catch (error) {
+      console.error('❌ Error refreshing JWT token:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Store token with expiry information
+   */
+  private storeToken(token: string): void {
+    try {
+      const payload = this.decodeJWTPayload(token);
+      const expiresAt = payload.exp * 1000; // Convert to milliseconds
+
+      localStorage.setItem(this.STORAGE_KEY, token);
+      localStorage.setItem(this.EXPIRY_KEY, expiresAt.toString());
+
+      console.log(`🔐 JWT token stored, expires at: ${new Date(expiresAt).toISOString()}`);
+    } catch (error) {
+      console.error('❌ Error storing JWT token:', error);
+    }
+  }
+
+  /**
+   * Get stored token with expiry info
+   */
+  private getStoredToken(): TokenInfo | null {
+    try {
+      const token = localStorage.getItem(this.STORAGE_KEY);
+      const expiryStr = localStorage.getItem(this.EXPIRY_KEY);
+
+      if (!token || !expiryStr) return null;
+
+      return {
+        token,
+        expiresAt: parseInt(expiryStr, 10),
+      };
+    } catch (error) {
+      console.error('❌ Error getting stored token:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Check if token is expiring soon
+   */
+  private isTokenExpiringSoon(expiresAt: number): boolean {
+    const now = Date.now();
+    const timeUntilExpiry = expiresAt - now;
+    return timeUntilExpiry <= this.REFRESH_THRESHOLD;
+  }
+
+  /**
+   * Decode JWT payload without verification (client-side only)
+   */
+  private decodeJWTPayload(token: string): any {
+    try {
+      const parts = token.split('.');
+      const payload = JSON.parse(atob(parts[1]));
+      return payload;
+    } catch (error) {
+      throw new Error('Invalid JWT token format');
+    }
+  }
+
+  /**
+   * Schedule automatic token refresh
+   */
+  private scheduleRefresh(token: string): void {
+    try {
+      // Clear existing timer
+      if (this.refreshTimer) {
+        clearTimeout(this.refreshTimer);
+      }
+
+      const payload = this.decodeJWTPayload(token);
+      const expiresAt = payload.exp * 1000;
+      const now = Date.now();
+      const refreshIn = Math.max(0, expiresAt - now - this.REFRESH_THRESHOLD);
+
+      console.log(`⏰ Scheduling JWT refresh in ${Math.round(refreshIn / 1000 / 60)} minutes`);
+
+      this.refreshTimer = setTimeout(async () => {
+        console.log('⏰ Auto-refreshing JWT token...');
+        await this.refreshToken();
+      }, refreshIn);
+    } catch (error) {
+      console.error('❌ Error scheduling token refresh:', error);
+    }
+  }
+
+  /**
+   * Initialize the JWT manager (call this once on app start)
+   */
+  async initialize(): Promise<void> {
+    console.log('🚀 Initializing JWT Manager...');
+
+    // Get a valid token and set up refresh schedule
+    const token = await this.getValidToken();
+
+    if (token) {
+      this.scheduleRefresh(token);
+    }
+  }
+
+  /**
+   * Clean up timers and storage
+   */
+  cleanup(): void {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+
+    localStorage.removeItem(this.STORAGE_KEY);
+    localStorage.removeItem(this.EXPIRY_KEY);
+    console.log('🧹 JWT Manager cleaned up');
+  }
+
+  /**
+   * Force refresh token (useful for testing or manual refresh)
+   */
+  async forceRefresh(): Promise<string | null> {
+    console.log('🔄 Force refreshing JWT token...');
+    return await this.refreshToken();
+  }
+}
+
+// Export a singleton instance
+export const jwtManager = new JWTManager();
+
+// Auto-initialize when imported
+if (typeof window !== 'undefined') {
+  jwtManager.initialize();
+}
