fix: auto refresh if access token not in cookies

2026-02-02 11:51:17 +00:00 · 2025-12-15 00:38:23 +00:00
parent 05edf69ca7
commit 3b37a8d189
1 changed files with 24 additions and 2 deletions
--- a/apps/backend/internal/auth/middleware.go
+++ b/apps/backend/internal/auth/middleware.go
@@ -36,11 +36,33 @@ func NewAuthMiddleware(s *Service, db *bun.DB, cookieConfig CookieConfig) fiber.
 			setCookies = true
 		}

-		if at == "" {
-			slog.Info("no access token")
+		if at == "" && rt == "" {
+			slog.Info("no access token or refresh token")
 			return c.SendStatus(fiber.StatusUnauthorized)
 		}

+		if at == "" {
+			// if there is no access token, attempt to get new access token using the refresh token.
+			tx, err := db.BeginTx(c.Context(), nil)
+			if err != nil {
+				return c.SendStatus(fiber.StatusUnauthorized)
+			}
+			defer tx.Rollback()
+
+			newTokens, err := s.RefreshAccessToken(c.Context(), tx, rt)
+			if err != nil {
+				return c.SendStatus(fiber.StatusUnauthorized)
+			}
+
+			if err := tx.Commit(); err != nil {
+				return c.SendStatus(fiber.StatusUnauthorized)
+			}
+
+			setAuthCookies(c, newTokens.AccessToken, newTokens.RefreshToken, cookieConfig)
+			at = newTokens.AccessToken
+			rt = newTokens.RefreshToken
+		}
+
 		authResult, err := s.AuthenticateWithAccessToken(c.Context(), db, at)
 		if err != nil {
 			var e *InvalidAccessTokenError