Fix potential desync issue when opening setup shortly after joining (#894)

Author: rainbowdashlabs

frontend/src/App.vue

@@ -80,7 +80,7 @@ async function loadSession() {
   // If token exists, try to load session data
   if (storedToken) {
     try {
-      const [userSessionData, tokensData] = await Promise.all([
+      let [userSessionData, tokensData] = await Promise.all([
         api.getSession(),
         api.getUserTokens()
       ]);
@@ -94,12 +94,28 @@ async function loadSession() {
       // 3. First guild with admin role
       // 4. First guild in list
       let guildId: string | null = urlParams.get('guild') || (route.query.guild as string | null);
+      const requestedGuildId = guildId;
 
       if (!guildId) {
         // Fallback to localStorage if no query param
         guildId = localStorage.getItem('reputation_bot_guild_id');
       }
 
+      // If a specific guild was requested but not in the session (e.g. bot just joined),
+      // refresh the session from Discord to pick up newly added guilds
+      if (requestedGuildId && !userSessionData.guilds[requestedGuildId] && !isBotOwner) {
+        try {
+          const refreshed = await api.refreshSession();
+          setUserSession(refreshed);
+          userSessionData = refreshed;
+          if (userSessionData.guilds[requestedGuildId]) {
+            guildId = requestedGuildId;
+          }
+        } catch (e) {
+          console.error('Failed to refresh session for new guild:', e);
+        }
+      }
+
       if (!guildId || (!userSessionData.guilds[guildId] && !isBotOwner)) {
         // Find first admin guild
         const adminGuild = Object.entries(userSessionData.guilds)

frontend/src/views/SetupView.vue

@@ -31,7 +31,8 @@ const router = useRouter()
 const route = useRoute()
 const {session, loadSettings, settingsLoading, settingsError, refreshGuilds} = useSession()
 
-const hasAttemptedRefresh = ref(false)
+const SETUP_REFRESH_KEY = 'reputation-bot-setup-refresh-attempted'
+const hasAttemptedRefresh = ref(!!sessionStorage.getItem(SETUP_REFRESH_KEY))
 const isAutoRefreshing = ref(false)
 
 // Watch session and load settings as soon as session becomes available
@@ -122,6 +123,7 @@ const currentStepData = computed(() => steps.find(s => s.id === currentStep.valu
 watch([currentStepData, session], async ([stepData, sess]) => {
   if (stepData?.requiresSettings && !sess && !hasAttemptedRefresh.value) {
     hasAttemptedRefresh.value = true
+    sessionStorage.setItem(SETUP_REFRESH_KEY, 'true')
     isAutoRefreshing.value = true
     try {
       const success = await refreshGuilds()
@@ -132,6 +134,10 @@ watch([currentStepData, session], async ([stepData, sess]) => {
       isAutoRefreshing.value = false
     }
   }
+  // Clear the refresh flag once session is available (refresh succeeded)
+  if (sess && hasAttemptedRefresh.value) {
+    sessionStorage.removeItem(SETUP_REFRESH_KEY)
+  }
 }, {immediate: true})
 
 const canProceed = ref(true)

src/main/java/de/chojo/repbot/web/routes/v1/session/SessionRoute.java

@@ -125,7 +125,7 @@ private static void getGuildSettings(@NotNull Context ctx) {
             })
     private void refreshUserSession(@NotNull Context ctx) {
         UserSession session = ctx.sessionAttribute(SessionAttribute.USER_SESSION);
-        sessionService.invalidateUserSession(session.token());
+        sessionService.invalidateUserSessionFull(session.token(), session.userId());
         UserSession refreshed = sessionService
                 .getUserSession(ctx)
                 .orElseThrow(() -> new io.javalin.http.UnauthorizedResponse("Session expired"));

src/main/java/de/chojo/repbot/web/services/DiscordOAuthService.java

@@ -129,6 +129,10 @@ public synchronized List<DiscordGuild> getUserGuilds(String accessToken) throws
      * Revokes a Discord OAuth token for the current application.
      * See https://discord.com/developers/docs/topics/oauth2#revoking-tokens
      */
+    public void invalidateGuildsCache(String accessToken) {
+        userGuildsCache.invalidate(accessToken);
+    }
+
     public void revokeToken(String token) throws IOException, InterruptedException {
         userCache.invalidate(token);
         userGuildsCache.invalidate(token);

src/main/java/de/chojo/repbot/web/services/SessionService.java

@@ -153,6 +153,18 @@ public void invalidateUserSession(String token) {
         userSessions.invalidate(token);
     }
 
+    /**
+     * Fully refreshes a user session by invalidating both the session cache
+     * and the Discord guild list cache, ensuring fresh data from Discord API.
+     */
+    public void invalidateUserSessionFull(String token, long userId) {
+        userSessions.invalidate(token);
+        userRepository
+                .byId(userId)
+                .token()
+                .ifPresent(userToken -> discordOAuthService.invalidateGuildsCache(userToken.accessToken()));
+    }
+
     public void invalidateAllUserSessions() {
         userSessions.invalidateAll();
     }