jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: use private helcimApiToken for all server-side Helcim API calls

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 13:37:34 +01:00
parent ccd1d0783a
commit d31b5b4dac
53 changed files with 1755 additions and 572 deletions
Download patch file Download diff file Expand all files Collapse all files

14
server/api/auth/refresh.post.js
View file

@ -40,9 +40,16 @@ export default defineEventHandler(async (event) => {
})
}
// Issue a fresh token
if (decoded.tv !== member.tokenVersion) {
throw createError({
statusCode: 401,
statusMessage: 'Session has been revoked'
})
}
// Issue a fresh token with current tokenVersion
const newToken = jwt.sign(
{ memberId: member._id, email: member.email },
{ memberId: member._id, email: member.email, tv: member.tokenVersion },
useRuntimeConfig().jwtSecret,
{ expiresIn: '7d' }
)
@ -51,7 +58,8 @@ export default defineEventHandler(async (event) => {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: 60 * 60 * 24 * 7 // 7 days
path: '/',
maxAge: 60 * 60 * 24 * 7, // 7 days
})
return { success: true }