Merged in fix/SW-2631-check-session-expiry (pull request #2004)

fix(SW-2631): check if session is valid otherwise use service token

* fix: check if session is valid otherwise use service token

* fix: only use service token for queries and updated mutations to check for valid user token


Approved-by: Michael Zetterberg

apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx

@@ -16,6 +16,7 @@ import { auth } from "@/auth"
 import HandleErrorCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleErrorCallback"
 import HandleSuccessCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleSuccessCallback"
 import { encrypt } from "@/utils/encryption"
+import { isValidSession } from "@/utils/session"
 
 import type { LangParams, PageArgs } from "@/types/params"
 
@@ -41,7 +42,7 @@ export default async function PaymentCallbackPage({
 
   let token = ""
   const session = await auth()
-  if (session) {
+  if (isValidSession(session)) {
     token = session.token.access_token
   } else {
     const serviceToken = await getServiceToken()

apps/scandic-web/server/routers/booking/mutation.ts

@@ -5,6 +5,7 @@ import { createCounter } from "@/server/telemetry"
 import { router, safeProtectedServiceProcedure } from "@/server/trpc"
 
 import { encrypt } from "@/utils/encryption"
+import { isValidSession } from "@/utils/session"
 
 import {
   addPackageInput,
@@ -22,8 +23,18 @@ const refIdPlugin = createRefIdPlugin()
 export const bookingMutationRouter = router({
   create: safeProtectedServiceProcedure
     .input(createBookingInput)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx, input }) {
-      const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
       const { language, ...inputWithoutLang } = input
       const { hotelId, checkInDate, checkOutDate } = inputWithoutLang
 
@@ -39,7 +50,7 @@ export const bookingMutationRouter = router({
       metricsCreateBooking.start()
 
       const headers = {
-        Authorization: `Bearer ${accessToken}`,
+        Authorization: `Bearer ${ctx.token}`,
       }
 
       const apiResponse = await api.post(
@@ -82,18 +93,27 @@ export const bookingMutationRouter = router({
     }),
   priceChange: safeProtectedServiceProcedure
     .concat(refIdPlugin.toConfirmationNumber)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx }) {
-      const { confirmationNumber } = ctx
+      const { confirmationNumber, token } = ctx
 
       const priceChangeCounter = createCounter("trpc.booking", "price-change")
       const metricsPriceChange = priceChangeCounter.init({ confirmationNumber })
 
       metricsPriceChange.start()
 
-      const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
-
       const headers = {
-        Authorization: `Bearer ${accessToken}`,
+        Authorization: `Bearer ${token}`,
       }
 
       const apiResponse = await api.put(
@@ -122,9 +142,19 @@ export const bookingMutationRouter = router({
   cancel: safeProtectedServiceProcedure
     .input(cancelBookingsInput)
     .concat(refIdPlugin.toConfirmationNumbers)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx, input }) {
-      const token = ctx.session?.token.access_token ?? ctx.serviceToken
+      const { confirmationNumbers, token } = ctx
-      const { confirmationNumbers } = ctx
       const { language } = input
 
       const responses = await Promise.allSettled(
@@ -155,9 +185,19 @@ export const bookingMutationRouter = router({
   packages: safeProtectedServiceProcedure
     .input(addPackageInput)
     .concat(refIdPlugin.toConfirmationNumber)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx, input }) {
-      const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
+      const { confirmationNumber, token } = ctx
-      const { confirmationNumber } = ctx
       const { language, refId, ...body } = input
 
       const addPackageCounter = createCounter("trpc.booking", "package.add")
@@ -169,7 +209,7 @@ export const bookingMutationRouter = router({
       metricsAddPackage.start()
 
       const headers = {
-        Authorization: `Bearer ${accessToken}`,
+        Authorization: `Bearer ${token}`,
       }
 
       const apiResponse = await api.post(
@@ -200,9 +240,19 @@ export const bookingMutationRouter = router({
   guarantee: safeProtectedServiceProcedure
     .input(guaranteeBookingInput)
     .concat(refIdPlugin.toConfirmationNumber)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx, input }) {
-      const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
+      const { confirmationNumber, token } = ctx
-      const { confirmationNumber } = ctx
       const { language, refId, ...body } = input
 
       const guaranteeBookingCounter = createCounter("trpc.booking", "guarantee")
@@ -214,7 +264,7 @@ export const bookingMutationRouter = router({
       metricsGuaranteeBooking.start()
 
       const headers = {
-        Authorization: `Bearer ${accessToken}`,
+        Authorization: `Bearer ${token}`,
       }
 
       const apiResponse = await api.put(
@@ -245,9 +295,19 @@ export const bookingMutationRouter = router({
   update: safeProtectedServiceProcedure
     .input(updateBookingInput)
     .concat(refIdPlugin.toConfirmationNumber)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx, input }) {
-      const accessToken = ctx.session?.token.access_token || ctx.serviceToken
+      const { confirmationNumber, token } = ctx
-      const { confirmationNumber } = ctx
       const { language, refId, ...body } = input
 
       const updateBookingCounter = createCounter("trpc.booking", "update")
@@ -263,7 +323,7 @@ export const bookingMutationRouter = router({
         {
           body,
           headers: {
-            Authorization: `Bearer ${accessToken}`,
+            Authorization: `Bearer ${token}`,
           },
         },
         { language }
@@ -289,9 +349,19 @@ export const bookingMutationRouter = router({
   removePackage: safeProtectedServiceProcedure
     .input(removePackageInput)
     .concat(refIdPlugin.toConfirmationNumber)
+    .use(async ({ ctx, next }) => {
+      const token = isValidSession(ctx.session)
+        ? ctx.session.token.access_token
+        : ctx.serviceToken
+
+      return next({
+        ctx: {
+          token,
+        },
+      })
+    })
     .mutation(async function ({ ctx, input }) {
-      const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
+      const { confirmationNumber, token } = ctx
-      const { confirmationNumber } = ctx
       const { codes, language } = input
 
       const removePackageCounter = createCounter(
@@ -307,7 +377,7 @@ export const bookingMutationRouter = router({
       metricsRemovePackage.start()
 
       const headers = {
-        Authorization: `Bearer ${accessToken}`,
+        Authorization: `Bearer ${token}`,
       }
 
       const apiResponse = await api.remove(

apps/scandic-web/server/routers/booking/query.ts

@@ -31,6 +31,7 @@ export const bookingQueryRouter = router({
     .concat(refIdPlugin.toConfirmationNumber)
     .use(async ({ ctx, input, next }) => {
       const lang = input.lang ?? ctx.lang
+
       return next({
         ctx: {
           lang,
@@ -88,7 +89,6 @@ export const bookingQueryRouter = router({
     }),
   findBooking: safeProtectedServiceProcedure
     .input(findBookingInput)
-
     .query(async function ({
       ctx,
       input: { confirmationNumber, lastName, firstName, email },
@@ -151,16 +151,14 @@ export const bookingQueryRouter = router({
     .concat(refIdPlugin.toConfirmationNumber)
     .use(async ({ ctx, input, next }) => {
       const lang = input.lang ?? ctx.lang
-      const token = ctx.session?.token.access_token ?? ctx.serviceToken
       return next({
         ctx: {
           lang,
-          token,
         },
       })
     })
     .query(async function ({ ctx }) {
-      const { confirmationNumber, lang, token } = ctx
+      const { confirmationNumber, lang, serviceToken } = ctx
 
       const getLinkedReservationsCounter = createCounter(
         "trpc.booking",
@@ -172,7 +170,7 @@ export const bookingQueryRouter = router({
 
       metricsGetLinkedReservations.start()
 
-      const booking = await getBooking(confirmationNumber, lang, token)
+      const booking = await getBooking(confirmationNumber, lang, serviceToken)
 
       if (!booking) {
         return []
@@ -180,7 +178,7 @@ export const bookingQueryRouter = router({
 
       const linkedReservationsResults = await Promise.allSettled(
         booking.linkedReservations.map((linkedReservation) =>
-          getBooking(linkedReservation.confirmationNumber, lang, token)
+          getBooking(linkedReservation.confirmationNumber, lang, serviceToken)
         )
       )