Should clean token cookie if current user not found

haishanh · Feb 24, 2024 · 5fa1eae · 5fa1eae
1 parent fa7840e
commit 5fa1eae
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 3 deletions.
diff --git a/src/lib/server/services/user.service.ts b/src/lib/server/services/user.service.ts
@@ -26,6 +26,14 @@ const USER_ATTRIBUTE = {
 
 export const DEFAULT_USER_ATTRIBUTE = 0;
 
+export enum UserServiceErrorCode {
+  UserNotFound,
+}
+
+export class UserServiceError {
+  constructor(public readonly code: UserServiceErrorCode) {}
+}
+
 export class UserService {
   constructor(private db: Database) {}
 
@@ -39,7 +47,7 @@ export class UserService {
 
   getUserByIdWithHydratedFeature(input: { id: number }) {
     const user = userDb.getUserById(this.db, input);
-    if (!user) throw new ApiError(HttpStatus.NOT_FOUND);
+    if (!user) throw new UserServiceError(UserServiceErrorCode.UserNotFound);
     const feature0 = user.feature;
     const ff: Record<string, boolean> = {};
     ff.strip_tracking_parameters = (feature0 & UserFeatureFlag.FF_STRIP_TRACKING_PARAMETERS) > 0;

diff --git a/src/routes/api/user/v1/+server.ts b/src/routes/api/user/v1/+server.ts
@@ -1,17 +1,29 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { json } from '@sveltejs/kit';
 
+import { dev } from '$app/environment';
+import { COOKIE_KEY_TOKEN, USE_INSECURE_COOKIE } from '$lib/env';
 import { ApiError, HttpStatus } from '$lib/server/api.error';
 import { ensureUser, genPat, requestBody } from '$lib/server/handlers/helper';
 import { wrap } from '$lib/server/handlers/wrap';
 import { getUserService } from '$lib/server/services/registry';
-import type { UserMe } from '$lib/type';
+import { UserServiceError, UserServiceErrorCode } from '$lib/server/services/user.service';
+import type { UserFromDbHydrated, UserMe } from '$lib/type';
+import * as cookieUtil from '$lib/utils/cookie.util';
 
 export const GET: RequestHandler = async (event) => {
   return wrap(event, async (event) => {
     const userId = ensureUser(event).userId;
     const userSrv = getUserService();
-    const user0 = userSrv.getUserByIdWithHydratedFeature({ id: userId });
+    let user0: UserFromDbHydrated;
+    try {
+      user0 = userSrv.getUserByIdWithHydratedFeature({ id: userId });
+    } catch (e) {
+      if (e instanceof UserServiceError && e.code === UserServiceErrorCode.UserNotFound) {
+        throw makeNotFoundAndCleanCookieResponse();
+      }
+      throw e;
+    }
     const { token } = await genPat({ id: user0.id, username: user0.username, feature: user0.feature });
     const { password, ...userRestProps } = user0;
     const user: UserMe = { ...userRestProps, passwordless: password ? false : true };
@@ -40,3 +52,15 @@ export const POST: RequestHandler = async (event) => {
     return new Response(undefined, { status: HttpStatus.NO_CONTENT });
   });
 };
+
+function makeNotFoundAndCleanCookieResponse() {
+  return new Response(undefined, {
+    status: HttpStatus.NOT_FOUND,
+    headers: {
+      'set-cookie': cookieUtil.gen(COOKIE_KEY_TOKEN, 'deleted', {
+        maxAge: 0,
+        insecure: USE_INSECURE_COOKIE || dev,
+      }),
+    },
+  });
+}