diff --git a/src/core/client/admin/constants.ts b/src/core/client/admin/constants.ts index 6d9ed0b23..13aa45435 100644 --- a/src/core/client/admin/constants.ts +++ b/src/core/client/admin/constants.ts @@ -1,4 +1,5 @@ -export const REDIRECT_PATH_KEY = "adminRedirectPath"; +export const REDIRECT_PATH_KEY = "coral:adminRedirectPath"; +export const ACCESS_TOKEN_KEY = "coral:accessToken"; export const HOTKEYS = { NEXT: "j", PREV: "k", diff --git a/src/core/client/admin/local/initLocalState.ts b/src/core/client/admin/local/initLocalState.ts index 82a7dd234..59f6e175c 100644 --- a/src/core/client/admin/local/initLocalState.ts +++ b/src/core/client/admin/local/initLocalState.ts @@ -1,8 +1,9 @@ import { commitLocalUpdate, Environment } from "relay-runtime"; -import { REDIRECT_PATH_KEY } from "coral-admin/constants"; +import { ACCESS_TOKEN_KEY, REDIRECT_PATH_KEY } from "coral-admin/constants"; import { clearHash, getParamsFromHash } from "coral-framework/helpers"; import { CoralContext } from "coral-framework/lib/bootstrap"; +import { parseJWT } from "coral-framework/lib/jwt"; import { initLocalBaseState, LOCAL_ID } from "coral-framework/lib/relay"; /** @@ -12,20 +13,53 @@ export default async function initLocalState( environment: Environment, context: CoralContext ) { - const { error = null, accessToken } = getParamsFromHash(); + // Get the access token from the session storage. + let accessToken = await context.sessionStorage.getItem(ACCESS_TOKEN_KEY); + + // Initialize the redirect path in case we don't need to redirect somewhere. let redirectPath: string | null = null; - if (error || accessToken) { - // As there's an access token in the hash, let's clear it. + let error: string | null = null; + + // Get all the parameters from the hash. + const params = getParamsFromHash(); + if (params) { + // If there were params in the hash, then clear them! clearHash(); - // Keep redirect path as we are in the middle of an auth flow. + // If there was an error, add it. + if (params.error) { + error = params.error; + } + + // If there was an access token, store it and replace the one that was in + // the session storage before. + if (params.accessToken) { + accessToken = params.accessToken; + await context.sessionStorage.setItem(ACCESS_TOKEN_KEY, accessToken); + } + + // As we are in the middle of an auth flow (given that there was something + // in the hash) we should now grab the redirect path. redirectPath = (await context.localStorage.getItem(REDIRECT_PATH_KEY)) || null; } else { - // Remove redirect path from local storage as we start a new auth flow. + // There was no auth flow in progress (given that we're now loading without + // a hash), so clear the redirect path just in case. await context.localStorage.setItem(REDIRECT_PATH_KEY, ""); } + if (accessToken) { + // As there's a token on the request, decode it, and check to see if it's + // expired already. If it is, this will send them back to the error page. + const { payload } = parseJWT(accessToken); + if (payload && payload.exp) { + if (payload.exp - Date.now() / 1000 <= 0) { + accessToken = null; + await context.sessionStorage.removeItem(ACCESS_TOKEN_KEY); + } + } + } + await initLocalBaseState(environment, context, accessToken); commitLocalUpdate(environment, s => { diff --git a/src/core/client/framework/helpers/getParamsFromHash.ts b/src/core/client/framework/helpers/getParamsFromHash.ts index 58da86523..5d88da48b 100644 --- a/src/core/client/framework/helpers/getParamsFromHash.ts +++ b/src/core/client/framework/helpers/getParamsFromHash.ts @@ -2,13 +2,11 @@ import { parseQuery } from "coral-common/utils"; export default function getParamsFromHash() { try { - const params = window.location.hash + return window.location.hash ? parseQuery(window.location.hash.substr(1)) - : {}; - - return params; + : null; } catch (err) { window.console.error(err); - return {}; + return null; } } diff --git a/src/core/client/framework/helpers/getParamsFromHashAndClearIt.ts b/src/core/client/framework/helpers/getParamsFromHashAndClearIt.ts index 90b027cc0..e60ac9a3e 100644 --- a/src/core/client/framework/helpers/getParamsFromHashAndClearIt.ts +++ b/src/core/client/framework/helpers/getParamsFromHashAndClearIt.ts @@ -3,7 +3,7 @@ import getParamsFromHash from "./getParamsFromHash"; export default function getParamsFromHashAndClearIt() { try { - const params = getParamsFromHash(); + const params = getParamsFromHash() || {}; // Clear the hash contents. clearHash();