scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in fix/SW-2631-check-session-expiry (pull request #2004)

Browse Source 
fix(SW-2631): check if session is valid otherwise use service token

* fix: check if session is valid otherwise use service token

* fix: only use service token for queries and updated mutations to check for valid user token


Approved-by: Michael Zetterberg
This commit is contained in:
Tobias Johansson
2025-05-08 09:20:48 +00:00
parent 15a899f48b
commit 194a401a56
3 changed files with 96 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx
View File

@@ -16,6 +16,7 @@ import { auth } from "@/auth"
import HandleErrorCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleErrorCallback"
import HandleSuccessCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleSuccessCallback"
import { encrypt } from "@/utils/encryption"
import { isValidSession } from "@/utils/session"
import type { LangParams, PageArgs } from "@/types/params"
@@ -41,7 +42,7 @@ export default async function PaymentCallbackPage({
let token = ""
const session = await auth()
if (session) {
if (isValidSession(session)) {
token = session.token.access_token
} else {
const serviceToken = await getServiceToken()

110
apps/scandic-web/server/routers/booking/mutation.ts
View File

@@ -5,6 +5,7 @@ import { createCounter } from "@/server/telemetry"
import { router, safeProtectedServiceProcedure } from "@/server/trpc"
import { encrypt } from "@/utils/encryption"
import { isValidSession } from "@/utils/session"
import {
addPackageInput,
@@ -22,8 +23,18 @@ const refIdPlugin = createRefIdPlugin()
export const bookingMutationRouter = router({
create: safeProtectedServiceProcedure
.input(createBookingInput)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx, input }) {
const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
const { language, ...inputWithoutLang } = input
const { hotelId, checkInDate, checkOutDate } = inputWithoutLang
@@ -39,7 +50,7 @@ export const bookingMutationRouter = router({
metricsCreateBooking.start()
const headers = {
Authorization: `Bearer ${accessToken}`,
Authorization: `Bearer ${ctx.token}`,
}
const apiResponse = await api.post(
@@ -82,18 +93,27 @@ export const bookingMutationRouter = router({
}),
priceChange: safeProtectedServiceProcedure
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx }) {
const { confirmationNumber } = ctx
const { confirmationNumber, token } = ctx
const priceChangeCounter = createCounter("trpc.booking", "price-change")
const metricsPriceChange = priceChangeCounter.init({ confirmationNumber })
metricsPriceChange.start()
const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
const headers = {
Authorization: `Bearer ${accessToken}`,
Authorization: `Bearer ${token}`,
}
const apiResponse = await api.put(
@@ -122,9 +142,19 @@ export const bookingMutationRouter = router({
cancel: safeProtectedServiceProcedure
.input(cancelBookingsInput)
.concat(refIdPlugin.toConfirmationNumbers)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx, input }) {
const token = ctx.session?.token.access_token ?? ctx.serviceToken
const { confirmationNumbers } = ctx
const { confirmationNumbers, token } = ctx
const { language } = input
const responses = await Promise.allSettled(
@@ -155,9 +185,19 @@ export const bookingMutationRouter = router({
packages: safeProtectedServiceProcedure
.input(addPackageInput)
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx, input }) {
const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
const { confirmationNumber } = ctx
const { confirmationNumber, token } = ctx
const { language, refId, ...body } = input
const addPackageCounter = createCounter("trpc.booking", "package.add")
@@ -169,7 +209,7 @@ export const bookingMutationRouter = router({
metricsAddPackage.start()
const headers = {
Authorization: `Bearer ${accessToken}`,
Authorization: `Bearer ${token}`,
}
const apiResponse = await api.post(
@@ -200,9 +240,19 @@ export const bookingMutationRouter = router({
guarantee: safeProtectedServiceProcedure
.input(guaranteeBookingInput)
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx, input }) {
const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
const { confirmationNumber } = ctx
const { confirmationNumber, token } = ctx
const { language, refId, ...body } = input
const guaranteeBookingCounter = createCounter("trpc.booking", "guarantee")
@@ -214,7 +264,7 @@ export const bookingMutationRouter = router({
metricsGuaranteeBooking.start()
const headers = {
Authorization: `Bearer ${accessToken}`,
Authorization: `Bearer ${token}`,
}
const apiResponse = await api.put(
@@ -245,9 +295,19 @@ export const bookingMutationRouter = router({
update: safeProtectedServiceProcedure
.input(updateBookingInput)
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx, input }) {
const accessToken = ctx.session?.token.access_token || ctx.serviceToken
const { confirmationNumber } = ctx
const { confirmationNumber, token } = ctx
const { language, refId, ...body } = input
const updateBookingCounter = createCounter("trpc.booking", "update")
@@ -263,7 +323,7 @@ export const bookingMutationRouter = router({
{
body,
headers: {
Authorization: `Bearer ${accessToken}`,
Authorization: `Bearer ${token}`,
},
},
{ language }
@@ -289,9 +349,19 @@ export const bookingMutationRouter = router({
removePackage: safeProtectedServiceProcedure
.input(removePackageInput)
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, next }) => {
const token = isValidSession(ctx.session)
? ctx.session.token.access_token
: ctx.serviceToken
return next({
ctx: {
token,
},
})
})
.mutation(async function ({ ctx, input }) {
const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
const { confirmationNumber } = ctx
const { confirmationNumber, token } = ctx
const { codes, language } = input
const removePackageCounter = createCounter(
@@ -307,7 +377,7 @@ export const bookingMutationRouter = router({
metricsRemovePackage.start()
const headers = {
Authorization: `Bearer ${accessToken}`,
Authorization: `Bearer ${token}`,
}
const apiResponse = await api.remove(

10
apps/scandic-web/server/routers/booking/query.ts
View File

@@ -31,6 +31,7 @@ export const bookingQueryRouter = router({
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, input, next }) => {
const lang = input.lang ?? ctx.lang
return next({
ctx: {
lang,
@@ -88,7 +89,6 @@ export const bookingQueryRouter = router({
}),
findBooking: safeProtectedServiceProcedure
.input(findBookingInput)
.query(async function ({
ctx,
input: { confirmationNumber, lastName, firstName, email },
@@ -151,16 +151,14 @@ export const bookingQueryRouter = router({
.concat(refIdPlugin.toConfirmationNumber)
.use(async ({ ctx, input, next }) => {
const lang = input.lang ?? ctx.lang
const token = ctx.session?.token.access_token ?? ctx.serviceToken
return next({
ctx: {
lang,
token,
},
})
})
.query(async function ({ ctx }) {
const { confirmationNumber, lang, token } = ctx
const { confirmationNumber, lang, serviceToken } = ctx
const getLinkedReservationsCounter = createCounter(
"trpc.booking",
@@ -172,7 +170,7 @@ export const bookingQueryRouter = router({
metricsGetLinkedReservations.start()
const booking = await getBooking(confirmationNumber, lang, token)
const booking = await getBooking(confirmationNumber, lang, serviceToken)
if (!booking) {
return []
@@ -180,7 +178,7 @@ export const bookingQueryRouter = router({
const linkedReservationsResults = await Promise.allSettled(
booking.linkedReservations.map((linkedReservation) =>
getBooking(linkedReservation.confirmationNumber, lang, token)
getBooking(linkedReservation.confirmationNumber, lang, serviceToken)
)
)