feat: add refresh token handling and update session management

Author: maamokun

package.json

@@ -8,7 +8,7 @@
 		"dist"
 	],
 	"license": "WTFPL",
-	"version": "1.0.3",
+	"version": "1.0.4",
 	"type": "module",
 	"keywords": [
 		"auth",

src/index.ts

@@ -7,6 +7,7 @@ export interface Session {
 	};
 	expires: string;
 	accessToken?: string;
+	refreshToken?: string;
 }
 
 export interface Config {

src/lib/oauth.ts

@@ -38,3 +38,41 @@ export const ExchangeCodeForTokens = async (config: Config, code: string) => {
 		expiresIn: data.expires_in,
 	};
 };
+
+export const RefreshAccessToken = async (config: Config, refreshToken: string) => {
+	const response = await fetch("https://discord.com/api/oauth2/token", {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/x-www-form-urlencoded",
+		},
+		body: new URLSearchParams({
+			client_id: config.clientId,
+			client_secret: config.clientSecret,
+			grant_type: "refresh_token",
+			refresh_token: refreshToken,
+			scope: config.scopes.join(" "),
+		}),
+	});
+
+	if (!response.ok) {
+		const error = (await response.json()) as {
+			error_description?: string;
+			message?: string;
+		};
+		throw new Error(
+			`Failed to refresh access token: ${error.error_description || error.message}`,
+		);
+	}
+
+	const data = (await response.json()) as {
+		refresh_token: string;
+		access_token: string;
+		expires_in: number;
+	};
+
+	return {
+		accessToken: data.access_token,
+		refreshToken: data.refresh_token || refreshToken,
+		expiresIn: data.expires_in,
+	};
+}

src/redirect.ts

@@ -53,6 +53,8 @@ export const handleRedirect = async (req: NextRequest) => {
 			avatar: `https://cdn.discordapp.com/avatars/${userData.id}/${userData.avatar}.png`
 		},
 		expires: new Date(Date.now() + response.expiresIn * 1000).toISOString(),
+		accessToken: response.accessToken,
+		refreshToken: response.refreshToken,
 	};
 
 	const token = jwt.sign(session, config.jwtSecret, {

src/server-actions.ts

@@ -3,6 +3,7 @@ import { headers } from "next/headers";
 import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
 import { type Session, getGlobalConfig } from "./index";
+import { RefreshAccessToken } from "./lib/oauth";
 import jwt from "jsonwebtoken";
 
 export const getSession = async (): Promise<Session | null> => {
@@ -12,7 +13,28 @@ export const getSession = async (): Promise<Session | null> => {
 	if (!token) return null;
 
 	try {
-		return jwt.verify(token, config.jwtSecret) as Session;
+		const session = jwt.verify(token, config.jwtSecret) as Session;
+		if (session.expires) {
+			const expiresAt = new Date(session.expires);
+			if (expiresAt < new Date()) {
+				cookieStore.delete("AUTH_SESSION");
+				return null;
+			} else {
+				const timeUntilExpiration = expiresAt.getTime() - Date.now();
+				if (timeUntilExpiration < 5 * 60 * 1000) { // less than 5 minutes
+					const refreshedSession = await RefreshAccessToken(config, session.refreshToken || "");
+					if (refreshedSession) {
+						session.accessToken = refreshedSession.accessToken;
+						session.refreshToken = refreshedSession.refreshToken;
+						session.expires = new Date(Date.now() + refreshedSession.expiresIn * 1000).toISOString();
+						const newToken = jwt.sign(session, config.jwtSecret);
+						cookieStore.set("AUTH_SESSION", newToken, { sameSite: "lax", httpOnly: true, secure: true });
+					}
+				}
+				return session;
+			}
+		}
+		return null;
 	} catch (error) {
 		console.error("Invalid token:", error);
 		return null;

types/index.d.ts

@@ -7,6 +7,7 @@ export interface Session {
 	};
 	expires: string;
 	accessToken?: string;
+	refreshToken?: string;
 }
 
 export interface Config {