From 438cd055710005ef0acffbc06ff94614bc960c13 Mon Sep 17 00:00:00 2001
From: Diego Santos <106088657+dizerdev@users.noreply.github.com>
Date: Wed, 8 Oct 2025 15:35:35 +0000
Subject: [PATCH 1/2] fix: add `await` to `runUpdateQuery()` in
 `session.renew()`

---
 models/session.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/models/session.js b/models/session.js
index 51e0144..5e3e4e9 100644
--- a/models/session.js
+++ b/models/session.js
@@ -62,7 +62,7 @@ async function create(userId) {
 
 async function renew(sessionId) {
   const expiresAt = new Date(Date.now() + EXPIRATION_IN_MILLISECONDS);
-  const renewedSessionObject = runUpdateQuery(sessionId, expiresAt);
+  const renewedSessionObject = await runUpdateQuery(sessionId, expiresAt);
   return renewedSessionObject;
 
   async function runUpdateQuery(sessionId, expiresAt) {

From 0d62e664697186a3ef143be5fc1ef8d300334650 Mon Sep 17 00:00:00 2001
From: Diego Santos <106088657+dizerdev@users.noreply.github.com>
Date: Wed, 8 Oct 2025 15:36:01 +0000
Subject: [PATCH 2/2] feat: invalidate session cookie on unauthorized error

---
 infra/controller.js                       | 11 ++++++-----
 tests/integration/api/v1/user/get.test.js | 13 +++++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/infra/controller.js b/infra/controller.js
index bee5225..c1b7a39 100644
--- a/infra/controller.js
+++ b/infra/controller.js
@@ -14,11 +14,12 @@ function onNoMatchHandler(request, response) {
 }
 
 function onErrorHandler(error, request, response) {
-  if (
-    error instanceof ValidationError ||
-    error instanceof NotFoundError ||
-    error instanceof UnauthorizedError
-  ) {
+  if (error instanceof ValidationError || error instanceof NotFoundError) {
+    return response.status(error.statusCode).json(error);
+  }
+
+  if (error instanceof UnauthorizedError) {
+    clearSessionCookie(response);
     return response.status(error.statusCode).json(error);
   }
 
diff --git a/tests/integration/api/v1/user/get.test.js b/tests/integration/api/v1/user/get.test.js
index 2cceaf9..8302f83 100644
--- a/tests/integration/api/v1/user/get.test.js
+++ b/tests/integration/api/v1/user/get.test.js
@@ -116,6 +116,19 @@ describe("GET api/v1/user", () => {
         action: "Verifique se este usuário está logado e tente novamente.",
         status_code: 401,
       });
+
+      // Set-Cookie assertions
+      const parsedSetCookie = setCookieParser(response, {
+        map: true,
+      });
+
+      expect(parsedSetCookie.session_id).toEqual({
+        name: "session_id",
+        value: "invalid",
+        maxAge: -1,
+        path: "/",
+        httpOnly: true,
+      });
     });
   });
 });