feat: Expire session cookie (#419)

* Set session cookie to expire after 4 hours * Handle unauthenticated GraphQL errors
USSF-ORBIT · Dec 10, 2021 · 14ccee4 · 14ccee4
1 parent 02faafd
commit 14ccee4
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 9 deletions.
diff --git a/src/apolloClient.tsx b/src/apolloClient.tsx
@@ -1,6 +1,34 @@
-import { ApolloClient, InMemoryCache } from '@apollo/client'
+import { ApolloClient, InMemoryCache, HttpLink, from } from '@apollo/client'
+import { onError } from '@apollo/client/link/error'
+
+const httpLink = new HttpLink({
+  uri: `/api/graphql`,
+})
+
+const errorLink = onError(({ graphQLErrors, networkError }) => {
+  if (graphQLErrors)
+    graphQLErrors.forEach(({ message, locations, path, extensions }) => {
+      // TODO - log error
+      // eslint-disable-next-line no-console
+      console.error(
+        `[GraphQL error]: Message: ${message}, Location: ${locations}, Path: ${path}`
+      )
+
+      // Check for auth
+      if (extensions.code === 'UNAUTHENTICATED') {
+        // Redirect
+        window.location.href = '/login'
+      }
+    })
+
+  if (networkError) {
+    // TODO - log error
+    // eslint-disable-next-line no-console
+    console.error(`[Network error]: ${networkError}`)
+  }
+})
 
 export const client = new ApolloClient({
-  uri: '/api/graphql',
+  link: from([errorLink, httpLink]),
   cache: new InMemoryCache(),
 })
diff --git a/src/lib/session.ts b/src/lib/session.ts
@@ -13,8 +13,7 @@ export const getSession = nextSession({
   cookie: {
     httpOnly: true,
     secure: process.env.NODE_ENV === 'production',
-    // TODO: set cookie max age
-    maxAge: 2 * 7 * 24 * 60 * 60, // 2 weeks
+    maxAge: 60 * 60 * 4, // 4 hours
     sameSite: 'strict',
   },
 })

diff --git a/src/pages/api/graphql.tsx b/src/pages/api/graphql.tsx
@@ -25,15 +25,16 @@ export const apolloServer = new ApolloServer({
   resolvers,
   plugins: [ApolloServerPluginLandingPageGraphQLPlayground],
   context: async ({ req, res }) => {
+    const session = await getSession(req, res)
+
+    if (!session || !session.passport || !session.passport.user) {
+      throw new AuthenticationError('No user in session')
+    }
+
     try {
-      const session = await getSession(req, res)
       const client = await clientPromise
       const db = client.db(process.env.MONGODB_DB)
 
-      if (!session || !session.passport || !session.passport.user) {
-        throw new AuthenticationError('No user in session')
-      }
-
       const user = session.passport.user as SessionUser
       const { userId } = user