(READ ONLY) Margin is an open annotation layer for the internet. Powered by the AT Protocol.
margin.at
extension
web
atproto
comments
fix refresh session token hard coded to look for a browser cookie
+7
-4
+1
backend/internal/api/apikey.go
+1
backend/internal/api/apikey.go
+6
-4
backend/internal/api/token_refresh.go
+6
-4
backend/internal/api/token_refresh.go
···
52
52
}
53
53
54
54
type SessionData struct {
55
+
ID string
55
56
DID string
56
57
Handle string
57
58
AccessToken string
···
94
95
}
95
96
96
97
return &SessionData{
98
+
ID: sessionID,
97
99
DID: did,
98
100
Handle: handle,
99
101
AccessToken: accessToken,
···
104
106
}
105
107
106
108
func (tr *TokenRefresher) RefreshSessionToken(r *http.Request, session *SessionData) (*SessionData, error) {
107
-
cookie, err := r.Cookie("margin_session")
108
-
if err != nil {
109
-
return nil, fmt.Errorf("not authenticated")
109
+
if session.ID == "" {
110
+
return nil, fmt.Errorf("invalid session ID")
110
111
}
111
112
112
113
oauthClient := tr.getOAuthClient(r)
···
138
139
139
140
expiresAt := time.Now().Add(7 * 24 * time.Hour)
140
141
if err := tr.db.SaveSession(
141
-
cookie.Value,
142
+
session.ID,
142
143
session.DID,
143
144
session.Handle,
144
145
tokenResp.AccessToken,
···
152
153
log.Printf("Successfully refreshed token for user %s", session.Handle)
153
154
154
155
return &SessionData{
156
+
ID: session.ID,
155
157
DID: session.DID,
156
158
Handle: session.Handle,
157
159
AccessToken: tokenResp.AccessToken,