From 194a401a5671b22b9ffb89f668f9492b06370b9a Mon Sep 17 00:00:00 2001 From: Tobias Johansson Date: Thu, 8 May 2025 09:20:48 +0000 Subject: [PATCH] Merged in fix/SW-2631-check-session-expiry (pull request #2004) fix(SW-2631): check if session is valid otherwise use service token * fix: check if session is valid otherwise use service token * fix: only use service token for queries and updated mutations to check for valid user token Approved-by: Michael Zetterberg --- .../payment-callback/page.tsx | 3 +- .../server/routers/booking/mutation.ts | 110 ++++++++++++++---- .../server/routers/booking/query.ts | 10 +- 3 files changed, 96 insertions(+), 27 deletions(-) diff --git a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx index 459bed33a..f7d9b7b31 100644 --- a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx +++ b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx @@ -16,6 +16,7 @@ import { auth } from "@/auth" import HandleErrorCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleErrorCallback" import HandleSuccessCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleSuccessCallback" import { encrypt } from "@/utils/encryption" +import { isValidSession } from "@/utils/session" import type { LangParams, PageArgs } from "@/types/params" @@ -41,7 +42,7 @@ export default async function PaymentCallbackPage({ let token = "" const session = await auth() - if (session) { + if (isValidSession(session)) { token = session.token.access_token } else { const serviceToken = await getServiceToken() diff --git a/apps/scandic-web/server/routers/booking/mutation.ts b/apps/scandic-web/server/routers/booking/mutation.ts index 0c908ffe2..c53f302dd 100644 --- a/apps/scandic-web/server/routers/booking/mutation.ts +++ b/apps/scandic-web/server/routers/booking/mutation.ts @@ -5,6 +5,7 @@ import { createCounter } from "@/server/telemetry" import { router, safeProtectedServiceProcedure } from "@/server/trpc" import { encrypt } from "@/utils/encryption" +import { isValidSession } from "@/utils/session" import { addPackageInput, @@ -22,8 +23,18 @@ const refIdPlugin = createRefIdPlugin() export const bookingMutationRouter = router({ create: safeProtectedServiceProcedure .input(createBookingInput) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx, input }) { - const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken const { language, ...inputWithoutLang } = input const { hotelId, checkInDate, checkOutDate } = inputWithoutLang @@ -39,7 +50,7 @@ export const bookingMutationRouter = router({ metricsCreateBooking.start() const headers = { - Authorization: `Bearer ${accessToken}`, + Authorization: `Bearer ${ctx.token}`, } const apiResponse = await api.post( @@ -82,18 +93,27 @@ export const bookingMutationRouter = router({ }), priceChange: safeProtectedServiceProcedure .concat(refIdPlugin.toConfirmationNumber) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx }) { - const { confirmationNumber } = ctx + const { confirmationNumber, token } = ctx const priceChangeCounter = createCounter("trpc.booking", "price-change") const metricsPriceChange = priceChangeCounter.init({ confirmationNumber }) metricsPriceChange.start() - const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken - const headers = { - Authorization: `Bearer ${accessToken}`, + Authorization: `Bearer ${token}`, } const apiResponse = await api.put( @@ -122,9 +142,19 @@ export const bookingMutationRouter = router({ cancel: safeProtectedServiceProcedure .input(cancelBookingsInput) .concat(refIdPlugin.toConfirmationNumbers) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx, input }) { - const token = ctx.session?.token.access_token ?? ctx.serviceToken - const { confirmationNumbers } = ctx + const { confirmationNumbers, token } = ctx const { language } = input const responses = await Promise.allSettled( @@ -155,9 +185,19 @@ export const bookingMutationRouter = router({ packages: safeProtectedServiceProcedure .input(addPackageInput) .concat(refIdPlugin.toConfirmationNumber) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx, input }) { - const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken - const { confirmationNumber } = ctx + const { confirmationNumber, token } = ctx const { language, refId, ...body } = input const addPackageCounter = createCounter("trpc.booking", "package.add") @@ -169,7 +209,7 @@ export const bookingMutationRouter = router({ metricsAddPackage.start() const headers = { - Authorization: `Bearer ${accessToken}`, + Authorization: `Bearer ${token}`, } const apiResponse = await api.post( @@ -200,9 +240,19 @@ export const bookingMutationRouter = router({ guarantee: safeProtectedServiceProcedure .input(guaranteeBookingInput) .concat(refIdPlugin.toConfirmationNumber) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx, input }) { - const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken - const { confirmationNumber } = ctx + const { confirmationNumber, token } = ctx const { language, refId, ...body } = input const guaranteeBookingCounter = createCounter("trpc.booking", "guarantee") @@ -214,7 +264,7 @@ export const bookingMutationRouter = router({ metricsGuaranteeBooking.start() const headers = { - Authorization: `Bearer ${accessToken}`, + Authorization: `Bearer ${token}`, } const apiResponse = await api.put( @@ -245,9 +295,19 @@ export const bookingMutationRouter = router({ update: safeProtectedServiceProcedure .input(updateBookingInput) .concat(refIdPlugin.toConfirmationNumber) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx, input }) { - const accessToken = ctx.session?.token.access_token || ctx.serviceToken - const { confirmationNumber } = ctx + const { confirmationNumber, token } = ctx const { language, refId, ...body } = input const updateBookingCounter = createCounter("trpc.booking", "update") @@ -263,7 +323,7 @@ export const bookingMutationRouter = router({ { body, headers: { - Authorization: `Bearer ${accessToken}`, + Authorization: `Bearer ${token}`, }, }, { language } @@ -289,9 +349,19 @@ export const bookingMutationRouter = router({ removePackage: safeProtectedServiceProcedure .input(removePackageInput) .concat(refIdPlugin.toConfirmationNumber) + .use(async ({ ctx, next }) => { + const token = isValidSession(ctx.session) + ? ctx.session.token.access_token + : ctx.serviceToken + + return next({ + ctx: { + token, + }, + }) + }) .mutation(async function ({ ctx, input }) { - const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken - const { confirmationNumber } = ctx + const { confirmationNumber, token } = ctx const { codes, language } = input const removePackageCounter = createCounter( @@ -307,7 +377,7 @@ export const bookingMutationRouter = router({ metricsRemovePackage.start() const headers = { - Authorization: `Bearer ${accessToken}`, + Authorization: `Bearer ${token}`, } const apiResponse = await api.remove( diff --git a/apps/scandic-web/server/routers/booking/query.ts b/apps/scandic-web/server/routers/booking/query.ts index 5cf325e8e..a22133320 100644 --- a/apps/scandic-web/server/routers/booking/query.ts +++ b/apps/scandic-web/server/routers/booking/query.ts @@ -31,6 +31,7 @@ export const bookingQueryRouter = router({ .concat(refIdPlugin.toConfirmationNumber) .use(async ({ ctx, input, next }) => { const lang = input.lang ?? ctx.lang + return next({ ctx: { lang, @@ -88,7 +89,6 @@ export const bookingQueryRouter = router({ }), findBooking: safeProtectedServiceProcedure .input(findBookingInput) - .query(async function ({ ctx, input: { confirmationNumber, lastName, firstName, email }, @@ -151,16 +151,14 @@ export const bookingQueryRouter = router({ .concat(refIdPlugin.toConfirmationNumber) .use(async ({ ctx, input, next }) => { const lang = input.lang ?? ctx.lang - const token = ctx.session?.token.access_token ?? ctx.serviceToken return next({ ctx: { lang, - token, }, }) }) .query(async function ({ ctx }) { - const { confirmationNumber, lang, token } = ctx + const { confirmationNumber, lang, serviceToken } = ctx const getLinkedReservationsCounter = createCounter( "trpc.booking", @@ -172,7 +170,7 @@ export const bookingQueryRouter = router({ metricsGetLinkedReservations.start() - const booking = await getBooking(confirmationNumber, lang, token) + const booking = await getBooking(confirmationNumber, lang, serviceToken) if (!booking) { return [] @@ -180,7 +178,7 @@ export const bookingQueryRouter = router({ const linkedReservationsResults = await Promise.allSettled( booking.linkedReservations.map((linkedReservation) => - getBooking(linkedReservation.confirmationNumber, lang, token) + getBooking(linkedReservation.confirmationNumber, lang, serviceToken) ) )