fix: false positive auth true by existing expired jwt

2025-04-25 12:22:04 +02:00 · 2025-04-25 12:22:04 +02:00 · e607f8c599
commit e607f8c599
parent a20c0d3ed3
1 changed files with 4 additions and 0 deletions
--- a/src/router/authGuard.ts
+++ b/src/router/authGuard.ts
@ -55,6 +55,7 @@ export async function isAuthenticatedPromise(forceRefresh: boolean = false): Pro
      // check jwt expiry
      const exp = decoded.exp ?? 0;
      const correctedLocalTime = new Date().getTime();
+      let failedRefresh = false;
      if (exp < Math.floor(correctedLocalTime / 1000) || forceRefresh) {
        await refreshToken()
          .then(() => {
@ -63,10 +64,13 @@ export async function isAuthenticatedPromise(forceRefresh: boolean = false): Pro
          .catch((err: string) => {
            console.log("expired");
            auth.setFailed();
+            failedRefresh = true;
            reject(err);
          });
      }

+      if (failedRefresh) return;
+
      var { userId, firstname, lastname, mail, username, permissions, isOwner } = decoded;

      if (Object.keys(permissions ?? {}).length === 0 && !isOwner) {