fix: remove user and entitlements from auth session cookie

checkmarble · Jan 28, 2025 · e364021 · e364021
1 parent 5565cfd
commit e364021
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 42 deletions.
diff --git a/packages/app-builder/src/models/marble-session.ts b/packages/app-builder/src/models/marble-session.ts
@@ -3,13 +3,9 @@ import { type Token } from 'marble-api';
 
 import { type CreatedApiKey } from './api-keys';
 import { type AuthErrors } from './auth-errors';
-import { type LicenseEntitlements } from './license';
-import { type CurrentUser } from './user';
 
 export type AuthData = {
   authToken: Token;
-  user: CurrentUser;
-  entitlements: LicenseEntitlements;
 };
 export type AuthFlashData = {
   authError: { message: AuthErrors };

diff --git a/packages/app-builder/src/services/auth/auth.server.ts b/packages/app-builder/src/services/auth/auth.server.ts
@@ -229,21 +229,7 @@ export function makeAuthenticationServerService({
         { baseUrl: getServerEnv('MARBLE_API_DOMAIN_SERVER') },
       );
 
-      const marbleCoreApiClient = getMarbleCoreAPIClientWithAuth(
-        getTokenService(marbleToken.access_token),
-      );
-      const licenseApiClient = getLicenseAPIClientWithAuth(
-        getTokenService(marbleToken.access_token),
-      );
-      const user =
-        await getUserRepository(marbleCoreApiClient).getCurrentUser();
-      const entitlements = await getLicenseRepository(
-        licenseApiClient,
-      ).getEntitlements(user.organizationId);
-
       authSession.set('authToken', marbleToken);
-      authSession.set('user', user);
-      authSession.set('entitlements', entitlements);
       redirectUrl = options.successRedirect;
     } catch (error) {
       authSession.flash('authError', { message: adaptAuthErrors(error) });
@@ -286,21 +272,7 @@ export function makeAuthenticationServerService({
         { baseUrl: getServerEnv('MARBLE_API_DOMAIN_SERVER') },
       );
 
-      const marbleCoreApiClient = getMarbleCoreAPIClientWithAuth(
-        getTokenService(marbleToken.access_token),
-      );
-      const licenseApiClient = getLicenseAPIClientWithAuth(
-        getTokenService(marbleToken.access_token),
-      );
-      const user =
-        await getUserRepository(marbleCoreApiClient).getCurrentUser();
-      const entitlements = await getLicenseRepository(
-        licenseApiClient,
-      ).getEntitlements(user.organizationId);
-
       authSession.set('authToken', marbleToken);
-      authSession.set('user', user);
-      authSession.set('entitlements', entitlements);
 
       if (options?.successRedirect) {
         throw redirect(options.successRedirect, {
@@ -352,26 +324,34 @@ export function makeAuthenticationServerService({
     const authSession = await authSessionService.getSession(request);
 
     const marbleToken = authSession.get('authToken');
-    const user = authSession.get('user');
-    const entitlements = authSession.get('entitlements');
 
-    if (
-      !marbleToken ||
-      marbleToken.expires_at < new Date().toISOString() ||
-      !user ||
-      !entitlements
-    ) {
+    if (!marbleToken || marbleToken.expires_at < new Date().toISOString()) {
       if (options.failureRedirect) throw redirect(options.failureRedirect);
       else return null;
     }
 
-    if (options.successRedirect) throw redirect(options.successRedirect);
-
     const tokenService = getTokenService(marbleToken.access_token);
     const marbleCoreApiClient = getMarbleCoreAPIClientWithAuth(tokenService);
+    const licenseApiClient = getLicenseAPIClientWithAuth(
+      getTokenService(marbleToken.access_token),
+    );
     const transfercheckAPIClient =
       getTransfercheckAPIClientWithAuth(tokenService);
 
+    let user: CurrentUser;
+    let entitlements: LicenseEntitlements;
+    try {
+      user = await getUserRepository(marbleCoreApiClient).getCurrentUser();
+      entitlements = await getLicenseRepository(
+        licenseApiClient,
+      ).getEntitlements(user.organizationId);
+    } catch (err) {
+      if (options.failureRedirect) throw redirect(options.failureRedirect);
+      else return null;
+    }
+
+    if (options.successRedirect) throw redirect(options.successRedirect);
+
     return {
       apiClient: marbleCoreApiClient,
       editor: getEditorRepository(marbleCoreApiClient),