add redirects

Author: theodormarcu

frontend/src/pages/api/auth/[...nextauth].ts

@@ -1,6 +1,6 @@
 import prisma from "@/lib/prisma/prisma";
 import { PrismaAdapter } from "@next-auth/prisma-adapter";
-import NextAuth, { SessionStrategy } from "next-auth";
+import NextAuth, { Session, TokenSet, User } from "next-auth";
 import GoogleProvider from "next-auth/providers/google";
 
 declare module "next-auth" {
@@ -31,15 +31,82 @@ export const getAuthOptions = () => {
     pages: {
       signIn: "/auth/signin",
     },
-    session: {
-      strategy: "jwt" as SessionStrategy,
-    },
-    jwt: {
-      // The maximum age of the NextAuth.js issued JWT in seconds.
-      // Defaults to `session.maxAge`.
-      maxAge: 60 * 60 * 24 * 30,
-    },
     adapter: PrismaAdapter(prisma),
+    callbacks: {
+      async session({ session, user }: { session: Session; user: User }) {
+        const [google] = await prisma.account.findMany({
+          where: { userId: user.id, provider: "google" },
+        });
+        if (
+          google.expires_at !== null &&
+          google.refresh_token !== null &&
+          google.expires_at * 1000 < Date.now()
+        ) {
+          // If the access token has expired, try to refresh it
+          try {
+            const googleClientSecret = process.env.GOOGLE_CLIENT_SECRET;
+            const googleClientId = process.env.GOOGLE_CLIENT_ID;
+            if (
+              googleClientSecret === undefined ||
+              googleClientId === undefined
+            ) {
+              throw new Error("Missing Google client secret or client id");
+            }
+            // https://accounts.google.com/.well-known/openid-configuration
+            // We need the `token_endpoint`.
+            const response = await fetch(
+              "https://oauth2.googleapis.com/token",
+              {
+                headers: {
+                  "Content-Type": "application/x-www-form-urlencoded",
+                },
+                body: new URLSearchParams({
+                  client_id: googleClientId,
+                  client_secret: googleClientSecret,
+                  grant_type: "refresh_token",
+                  refresh_token: google.refresh_token,
+                }),
+                method: "POST",
+              }
+            );
+
+            const tokens: TokenSet = (await response.json()) as TokenSet;
+
+            if (!response.ok) throw tokens;
+
+            if (
+              tokens.expires_in === undefined ||
+              tokens.expires_in === null ||
+              typeof tokens.expires_in !== "number"
+            ) {
+              throw new Error("Missing expires_in");
+            }
+            const newExpiresAt = Math.floor(
+              Date.now() / 1000 + tokens.expires_in
+            );
+
+            await prisma.account.update({
+              data: {
+                access_token: tokens.access_token,
+                expires_at: newExpiresAt,
+                refresh_token: tokens.refresh_token ?? google.refresh_token,
+              },
+              where: {
+                provider_providerAccountId: {
+                  provider: "google",
+                  providerAccountId: google.providerAccountId,
+                },
+              },
+            });
+          } catch (error) {
+            console.error("Error refreshing access token", error);
+            // The error property will be used client-side to handle the refresh token error
+            session.error = "RefreshAccessTokenError";
+          }
+        }
+        return session;
+      },
+    },
   };
   return options;
 };

frontend/src/pages/auth/signin.tsx

@@ -54,9 +54,6 @@ export async function getServerSideProps(context: GetServerSidePropsContext) {
     getAuthOptions()
   );
 
-  // If the user is already logged in, redirect.
-  // Note: Make sure not to redirect to the same page
-  // To avoid an infinite loop!
   if (session !== null) {
     return { redirect: { destination: "/query" } };
   }

frontend/src/pages/index.tsx

@@ -3,6 +3,11 @@ import { IndexHeader } from "@/components/page/index/IndexHeader";
 import { CHAKRA_100VH } from "@/style/constants";
 import { Flex } from "@chakra-ui/react";
 
+import type { GetServerSidePropsContext } from "next";
+import { getServerSession } from "next-auth/next";
+import { getProviders } from "next-auth/react";
+import { getAuthOptions } from "./api/auth/[...nextauth]";
+
 export default function Home() {
   return (
     <Flex direction={"column"} h={CHAKRA_100VH}>
@@ -19,3 +24,21 @@ export default function Home() {
     </Flex>
   );
 }
+
+export async function getServerSideProps(context: GetServerSidePropsContext) {
+  const session = await getServerSession(
+    context.req,
+    context.res,
+    getAuthOptions()
+  );
+
+  if (session !== null) {
+    return { redirect: { destination: "/query" } };
+  }
+
+  const providers = await getProviders();
+
+  return {
+    props: { providers: providers ?? [] },
+  };
+}

frontend/src/pages/query.tsx

@@ -113,7 +113,7 @@ export async function getServerSideProps(context: GetServerSidePropsContext) {
   // If the user is already logged in, redirect.
   // Note: Make sure not to redirect to the same page
   // To avoid an infinite loop!
-  if (session !== null) {
+  if (session === null) {
     return { redirect: { destination: "/" } };
   }