fix: refresh token gets deleted on session end

backend/src/auth/dto/enableTotp.dto.ts

@@ -1,5 +1,4 @@
 import { PickType } from "@nestjs/mapped-types";
-import { IsEmail, IsOptional, IsString } from "class-validator";
 import { UserDTO } from "src/user/dto/user.dto";
 
 export class EnableTotpDTO extends PickType(UserDTO, ["password"] as const) {}

backend/src/auth/dto/verifyTotp.dto.ts

@@ -1,5 +1,5 @@
 import { PickType } from "@nestjs/mapped-types";
-import { IsEmail, IsOptional, IsString } from "class-validator";
+import { IsString } from "class-validator";
 import { UserDTO } from "src/user/dto/user.dto";
 
 export class VerifyTotpDTO extends PickType(UserDTO, ["password"] as const) {

frontend/src/components/auth/SignInForm.tsx

@@ -10,7 +10,6 @@ import {
 } from "@mantine/core";
 import { useForm, yupResolver } from "@mantine/form";
 import { showNotification } from "@mantine/notifications";
-import { setCookie } from "cookies-next";
 import Link from "next/link";
 import React from "react";
 import { TbInfoCircle } from "react-icons/tb";
@@ -59,8 +58,6 @@ const SignInForm = () => {
           });
           setLoginToken(response.data["loginToken"]);
         } else {
-          setCookie("access_token", response.data.accessToken);
-          setCookie("refresh_token", response.data.refreshToken);
           window.location.replace("/");
         }
       })
@@ -70,11 +67,7 @@ const SignInForm = () => {
   const signInTotp = (email: string, password: string, totp: string) => {
     authService
       .signInTotp(email, password, totp, loginToken)
-      .then((response) => {
-        setCookie("access_token", response.data.accessToken);
-        setCookie("refresh_token", response.data.refreshToken);
-        window.location.replace("/");
-      })
+      .then(() => window.location.replace("/"))
       .catch((error) => {
         if (error?.response?.data?.message == "Login token expired") {
           toast.error("Login token expired");

frontend/src/components/auth/SignUpForm.tsx

@@ -9,7 +9,6 @@ import {
   Title,
 } from "@mantine/core";
 import { useForm, yupResolver } from "@mantine/form";
-import { setCookie } from "cookies-next";
 import Link from "next/link";
 import * as yup from "yup";
 import useConfig from "../../hooks/config.hook";
@@ -37,11 +36,7 @@ const SignUpForm = () => {
   const signUp = (email: string, username: string, password: string) => {
     authService
       .signUp(email, username, password)
-      .then((response) => {
-        setCookie("access_token", response.data.accessToken);
-        setCookie("refresh_token", response.data.refreshToken);
-        window.location.replace("/");
-      })
+      .then(() => window.location.replace("/"))
       .catch(toast.axiosError);
   };
 

frontend/src/services/auth.service.ts

@@ -11,6 +11,12 @@ const signIn = async (emailOrUsername: string, password: string) => {
     ...emailOrUsernameBody,
     password,
   });
+
+  setCookie("access_token", response.data.accessToken);
+  setCookie("refresh_token", response.data.refreshToken, {
+    maxAge: 60 * 60 * 24 * 30 * 3,
+  });
+
   return response;
 };
 
@@ -34,7 +40,14 @@ const signInTotp = async (
 };
 
 const signUp = async (email: string, username: string, password: string) => {
-  return await api.post("auth/signUp", { email, username, password });
+  const response = await api.post("auth/signUp", { email, username, password });
+
+  setCookie("access_token", response.data.accessToken);
+  setCookie("refresh_token", response.data.refreshToken, {
+    maxAge: 60 * 60 * 24 * 30 * 3,
+  });
+
+  return response;
 };
 
 const signOut = () => {
@@ -45,14 +58,14 @@ const signOut = () => {
 
 const refreshAccessToken = async () => {
   try {
-    const currentAccessToken = getCookie("access_token") as string;
-    if (
-      currentAccessToken &&
-      (jose.decodeJwt(currentAccessToken).exp ?? 0) * 1000 <
-        Date.now() + 2 * 60 * 1000
-    ) {
+    const accessToken = getCookie("access_token") as string;
     const refreshToken = getCookie("refresh_token");
-
+    if (
+      (accessToken &&
+        (jose.decodeJwt(accessToken).exp ?? 0) * 1000 <
+          Date.now() + 2 * 60 * 1000) ||
+      (refreshToken && !accessToken)
+    ) {
       const response = await api.post("auth/token", { refreshToken });
       setCookie("access_token", response.data.accessToken);
     }