feat: implement refresh token functionality and update local storage management

2026-02-28 23:02:43 +01:00
parent 5ef6eafc63
commit bce56fa64d
3 changed files with 25 additions and 6 deletions
--- a/lib/auth/context.tsx
+++ b/lib/auth/context.tsx
@@ -51,9 +51,25 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
  const router = useRouter()
  const pathname = usePathname()

+  const refreshToken = useCallback(async (): Promise<boolean> => {
+    try {
+      const res = await fetch('/api/auth/refresh', {
+        method: 'POST',
+        credentials: 'include',
+      })
+      if (res.ok) {
+        localStorage.setItem('ciphera_token_refreshed_at', Date.now().toString())
+      }
+      return res.ok
+    } catch {
+      return false
+    }
+  }, [])
+
  const login = (userData: User) => {
    // * We still store user profile in localStorage for optimistic UI, but NOT the token
    localStorage.setItem('user', JSON.stringify(userData))
+    localStorage.setItem('ciphera_token_refreshed_at', Date.now().toString())
    setUser(userData)
    router.refresh()
    // * Fetch full profile (including display_name) so header shows correct name without page refresh
@@ -76,6 +92,8 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
    setIsLoggingOut(true)
    await logoutAction()
    localStorage.removeItem('user')
+    localStorage.removeItem('ciphera_token_refreshed_at')
+    localStorage.removeItem('ciphera_last_activity')
    // * Broadcast logout to other tabs (BroadcastChannel will handle if available)
    if (typeof window !== 'undefined' && 'BroadcastChannel' in window) {
      const channel = new BroadcastChannel('ciphera_session')
@@ -131,6 +149,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
        if (session) {
            setUser(session)
            localStorage.setItem('user', JSON.stringify(session))
+            localStorage.setItem('ciphera_token_refreshed_at', Date.now().toString())
            // * Fetch full profile (including display_name) from API; preserve org_id/role from session
            try {
              const userData = await apiRequest<User>('/auth/user/me')
@@ -221,7 +240,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
      {isLoggingOut && <LoadingOverlay logoSrc="/pulse_icon_no_margins.png" title="Pulse" />}
      <SessionExpiryWarning
        isAuthenticated={!!user}
-        onExtendSession={refresh}
+        onRefreshToken={refreshToken}
        onExpired={logout}
      />
      {children}