feat: Refresh Token for improved Session Security (#927)

* feat(api): refresh token logic

* feat(client): refresh token logic

* feat(data-provider): refresh token logic

* fix: SSE uses esm

* chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token

* chore: update scripts to more compatible bun methods, ran bun install again

* chore: update env.example and playwright workflow with JWT_REFRESH_SECRET

* chore: update breaking changes docs

* chore: add timeout to url visit

* chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions

* fix(e2e): refresh automatically in development environment to pass e2e tests

packages/data-provider/src/sse.js

@@ -4,6 +4,9 @@
  * All rights reserved.
  */
 
+import { refreshToken } from './data-service';
+import { setTokenHeader } from './headers-helpers';
+
 var SSE = function (url, options) {
   if (!(this instanceof SSE)) {
     return new SSE(url, options);
@@ -102,12 +105,27 @@ var SSE = function (url, options) {
     this.close();
   };
 
-  this._onStreamProgress = function (e) {
+  this._onStreamProgress = async function (e) {
     if (!this.xhr) {
       return;
     }
 
-    if (this.xhr.status !== 200) {
+    if (this.xhr.status === 401 && !this._retry) {
+      this._retry = true;
+      try {
+        const refreshResponse = await refreshToken();
+        this.headers = {
+          'Content-Type': 'application/json',
+          Authorization: `Bearer ${refreshResponse.token}`,
+        };
+        setTokenHeader(refreshResponse.token);
+        window.dispatchEvent(new CustomEvent('tokenUpdated', { detail: refreshResponse.token }));
+        this.stream();
+      } catch (err) {
+        this._onStreamFailure(e);
+        return;
+      }
+    } else if (this.xhr.status !== 200) {
       this._onStreamFailure(e);
       return;
     }