Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions apps/api/src/modules/auth/handlers/oauth-callback.logic.ts
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,14 @@ export async function processOauthCallback(
}

try {
const ipAddress =
c.req.header("x-forwarded-for")?.split(",")[0]?.trim() || c.req.header("x-real-ip");

const result = await OAuthService.handleCallback(provider, code, {
callbackData: { user, idToken: id_token },
metadata: {
...(ipAddress && { ipAddress }),
},
});

const { user: authUser, session } = result;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,15 @@ export type PostRefreshTokenRoute = typeof postRefreshTokenRoute;
export const postRefreshTokenHandler: AppRouteHandler<PostRefreshTokenRoute> = async (c) => {
try {
const { sessionId } = c.req.valid("json");
const ipAddress =
c.req.header("x-forwarded-for")?.split(",")[0]?.trim() || c.req.header("x-real-ip");

// Refresh access token
const result = await TokenService.refreshAccessToken(sessionId);
const result = await TokenService.refreshAccessToken(sessionId, {
metadata: {
...(ipAddress && { ipAddress }),
},
});

logger.audit("Access token refreshed", {
module: "auth",
Expand Down
6 changes: 5 additions & 1 deletion apps/api/src/modules/auth/services/oauth.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import {
type DBTransaction,
type SessionProvider,
SessionStatus,
type SessionMetadata,
} from "@repo/db";
import { encrypt, logger, type OAuthProvider } from "@repo/shared";
import { oauthProviderFactory } from "../providers";
Expand Down Expand Up @@ -118,6 +119,7 @@ async function executeOAuthCallbackTransaction(
userInfo: OAuthUserInfoPayload,
oauthProvider: OAuthProvider,
tx: DBTransaction,
metadata?: SessionMetadata,
): Promise<OAuthCallbackResult> {
const existingUser = await UsersService.findByProviderAccountId(userInfo.id, { tx });
const { firstName, lastName } = resolveOAuthNameFields(userInfo, existingUser);
Expand Down Expand Up @@ -172,7 +174,7 @@ async function executeOAuthCallbackTransaction(
providerAccountId: user.providerAccountId,
expiresAt: sessionExpiresAt,
lastAccessedAt: new Date(),
metadata: {},
metadata: metadata ?? {},
},
{ tx },
);
Expand All @@ -195,6 +197,7 @@ export namespace OAuthService {
tx?: DBTransaction;
/** Provider-specific callback payload (e.g. Apple form_post body fields) */
callbackData?: { user?: string; idToken?: string };
metadata?: SessionMetadata;
},
): Promise<OAuthCallbackResult> {
const oauthProvider = oauthProviderFactory.getProvider(provider);
Expand Down Expand Up @@ -252,6 +255,7 @@ export namespace OAuthService {
userInfo,
oauthProvider,
tx,
options?.metadata,
);
};

Expand Down
9 changes: 8 additions & 1 deletion apps/api/src/modules/auth/services/token.service.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { SessionService, type DBTransaction, SessionStatus } from "@repo/db";
import { SessionService, type DBTransaction, SessionStatus, type SessionMetadata } from "@repo/db";
import { encrypt, decrypt, logger } from "@repo/shared";
import { oauthProviderFactory } from "../providers";
import { env } from "@/env";
Expand Down Expand Up @@ -46,6 +46,7 @@ export namespace TokenService {
sessionId: string,
options?: {
tx?: DBTransaction;
metadata?: SessionMetadata;
},
): Promise<TokenRefreshResult> {
const session = await SessionService.findById(sessionId, options);
Expand Down Expand Up @@ -111,6 +112,12 @@ export namespace TokenService {
lastAccessedAt: new Date(),
// Update scope if provided
...(tokenResponse.scope && { providerScope: tokenResponse.scope }),
...(options?.metadata && {
metadata: {
...(session.metadata ?? {}),
...options.metadata,
},
}),
};

// Update refresh token if provider returned a new one
Expand Down
Loading