feat: token refresh

Author: agmmtoo

app/(auth)/refresh/actions.ts

@@ -0,0 +1,58 @@
+'use server'
+
+import { cookies } from 'next/headers'
+
+export async function refreshToken(from: string = '/') {
+  const refreshTokenName = process.env.REFRESH_TOKEN_COOKIE_NAME as string
+  const sessionName = process.env.SESSION_COOKIE_NAME as string
+
+  const cookieStore = await cookies()
+  const refreshToken = cookieStore.get(refreshTokenName)?.value
+
+  if (!refreshToken) {
+    return { success: false, error: 'No refresh token found' }
+  }
+
+  try {
+    const refreshResponse = await fetch(
+      `https://securetoken.googleapis.com/v1/token?key=${process.env.FIREBASE_API_KEY}`,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          grant_type: 'refresh_token',
+          refresh_token: refreshToken,
+        }),
+      }
+    )
+
+    if (!refreshResponse.ok) {
+      console.log('Refresh response not ok:', await refreshResponse.text())
+      return { success: false, error: 'Token refresh failed' }
+    }
+
+    const data = await refreshResponse.json()
+    const newIdToken = data.id_token
+    const newRefreshToken = data.refresh_token
+
+    cookieStore.set(sessionName, newIdToken, {
+      maxAge: 30 * 24 * 60 * 60, // 30 days
+      httpOnly: true,
+      secure: true,
+      sameSite: 'strict',
+    })
+
+    cookieStore.set(refreshTokenName, newRefreshToken, {
+      maxAge: 30 * 24 * 60 * 60, // 30 days
+      httpOnly: true,
+      secure: true,
+      sameSite: 'strict',
+    })
+
+    console.log('Token refresh successful')
+    return { success: true, redirectTo: from }
+  } catch (refreshError) {
+    console.error('Token refresh failed:', refreshError)
+    return { success: false, error: 'Token refresh failed' }
+  }
+}

app/(auth)/refresh/page.tsx

@@ -0,0 +1,31 @@
+'use client'
+
+import { use, useEffect, useRef } from 'react'
+import { useRouter } from 'next/navigation'
+import { refreshToken } from './actions'
+import type { Route } from 'next'
+
+export default function RefreshPage({
+  searchParams,
+}: {
+  searchParams: Promise<{ from?: string }>
+}) {
+  const router = useRouter()
+  const { from = '/' } = use(searchParams)
+  const hasRefreshed = useRef(false)
+
+  useEffect(() => {
+    if (hasRefreshed.current) return
+    hasRefreshed.current = true
+
+    refreshToken(from).then((result) => {
+      if (result.success && result.redirectTo) {
+        router.replace(result.redirectTo as Route)
+      } else {
+        router.replace(`/login?from=${from}` as Route)
+      }
+    })
+  }, [from, router])
+
+  return null
+}

lib/firebase/firebase.ts

@@ -47,7 +47,8 @@ export async function Verify({
   }
 
   if (forceRedirect && (!headers.has('X-Uid') || !headers.has('X-Client-Id'))) {
-    redirect(`/login?from=${encodeURIComponent(from)}`, RedirectType.replace)
+    // redirect(`/login?from=${encodeURIComponent(from)}`, RedirectType.replace)
+    redirect(`/refresh?from=${encodeURIComponent(from)}`, RedirectType.replace)
   }
 
   return headers