feat: Refresh Token for improved Session Security (#927)

* feat(api): refresh token logic

* feat(client): refresh token logic

* feat(data-provider): refresh token logic

* fix: SSE uses esm

* chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token

* chore: update scripts to more compatible bun methods, ran bun install again

* chore: update env.example and playwright workflow with JWT_REFRESH_SECRET

* chore: update breaking changes docs

* chore: add timeout to url visit

* chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions

* fix(e2e): refresh automatically in development environment to pass e2e tests

api/server/controllers/auth/LogoutController.js

@@ -1,12 +1,11 @@
 const { logoutUser } = require('../../services/AuthService');
+const cookies = require('cookie');
 
 const logoutController = async (req, res) => {
-  const { signedCookies = {} } = req;
-  const { refreshToken } = signedCookies;
+  const refreshToken = req.headers.cookie ? cookies.parse(req.headers.cookie).refreshToken : null;
   try {
-    const logout = await logoutUser(req.user, refreshToken);
+    const logout = await logoutUser(req.user._id, refreshToken);
     const { status, message } = logout;
-    res.clearCookie('token');
     res.clearCookie('refreshToken');
     return res.status(status).send({ message });
   } catch (err) {