Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068)

Browse source
This commit is contained in:
Danny Avila 2023-10-17 08:34:14 -04:00 committed by GitHub
parent 377f2c7c19
commit ddf56db316
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/server/controllers/AuthController.js
View file

@ -112,7 +112,9 @@ const refreshController = async (req, res) => {
res.status(401).send('Refresh token expired or not found for this user');
}
} catch (err) {
res.status(401).send('Invalid refresh token');
console.error('Refresh token error', refreshToken);
console.error(err);
res.status(403).send('Invalid refresh token');
}
};

19
packages/data-provider/src/request.ts
View file

@ -21,20 +21,19 @@ const processQueue = (error: AxiosError | null, token: string | null = null) =>
axios.interceptors.response.use(
(response) => response,
(error) => {
async (error) => {
const originalRequest = error.config;
if (error.response.status === 401 && !originalRequest._retry) {
if (isRefreshing) {
return new Promise(function (resolve, reject) {
failedQueue.push({ resolve, reject });
})
.then((token) => {
originalRequest.headers['Authorization'] = 'Bearer ' + token;
return axios(originalRequest);
})
.catch((err) => {
return Promise.reject(err);
try {
const token = await new Promise(function (resolve, reject) {
failedQueue.push({ resolve, reject });
});
originalRequest.headers['Authorization'] = 'Bearer ' + token;
return await axios(originalRequest);
} catch (err) {
return await Promise.reject(err);
}
}
originalRequest._retry = true;