fix(@dpc-sdp/nuxt-ripple-preview): only send token if it's not expired

dpc-sdp · Oct 30, 2023 · 90528b8 · 90528b8
1 parent fb22651
commit 90528b8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/packages/nuxt-ripple/composables/use-tide-page.ts b/packages/nuxt-ripple/composables/use-tide-page.ts
@@ -67,7 +67,10 @@ export const useTidePage = async (
   // Need to manually pass the cookies needed for auth as they aren't automatically added when server rendered
   if (isPreviewPath(path)) {
     const accessTokenCookie = useCookie(AuthCookieNames.ACCESS_TOKEN)
-    headers.cookie = `${AuthCookieNames.ACCESS_TOKEN}=${accessTokenCookie.value};`
+    const accessTokenExpiryCookie = useCookie(
+      AuthCookieNames.ACCESS_TOKEN_EXPIRY
+    )
+    headers.cookie = `${AuthCookieNames.ACCESS_TOKEN}=${accessTokenCookie.value};${AuthCookieNames.ACCESS_TOKEN_EXPIRY}=${accessTokenExpiryCookie.value}`
   }
 
   let sectionCacheTags

diff --git a/packages/nuxt-ripple/server/api/tide/page.ts b/packages/nuxt-ripple/server/api/tide/page.ts
@@ -27,9 +27,17 @@ export const createPageHandler = async (
     }
 
     const tokenCookie = getCookie(event, AuthCookieNames.ACCESS_TOKEN)
+    const accessTokenExpiry = parseFloat(
+      getCookie(event, AuthCookieNames.ACCESS_TOKEN_EXPIRY)
+    )
+    const isTokenExpired = accessTokenExpiry
+      ? accessTokenExpiry < Date.now()
+      : true
+
     const headers = {}
 
-    if (tokenCookie) {
+    // Only pass the access token if it is not expired, otherwise it will be rejected by the API
+    if (tokenCookie && !isTokenExpired) {
       headers['X-OAuth2-Authorization'] = `Bearer ${tokenCookie}`
     }