🐛 Bug Report: Seems like I got logged out after 15 minutes.

stonith404 / pingvin-share

A self-hosted file sharing platform that combines lightness and beauty, perfect for seamless and efficient file sharing.

https://stonith404.github.io/pingvin-share/

BSD 2-Clause "Simplified" License

3.45k stars 238 forks source link

🐛 Bug Report: Seems like I got logged out after 15 minutes. #543

Closed IvanLi-CN closed 4 months ago

IvanLi-CN commented 4 months ago

👟 Reproduction steps

Log in
Close the page
Play the game for 15 minutes
Open the page.

👍 Expected behavior

Remember me.

👎 Actual Behavior

Completely forgot about me.

🌐 Browser

Chrome

IvanLi-CN commented 4 months ago

As I delved deeper into reviewing and debugging the code, it appears the problem is somewhat different from what I initially thought. The issue seems to stem from Next.js middleware redirecting to the signIn page when it determines the user is not logged in. At this point, due to an expired access_token, it's unable to retrieve the current user's information.

I only realized this after making some code modifications, so the changes might not align perfectly with the project's original approach. For reference, I've created a PR which you're free to use or disregard as you see fit. It's been a while since I last worked with Next.js, so there might be some less-than-ideal practices in my implementation.

If needed, I'm willing to further refine this PR. Please let me know if you'd like me to make any additional improvements or adjustments.

@stonith404

stonith404 commented 4 months ago

@IvanLi-CN Thanks for your report and PR. It seems like the issue is caused by the commit https://github.com/stonith404/pingvin-share/commit/2dac38560b6c54b6e7676dcd4682bfa57973292f which changed the expiration of the access token cookie to 15 minutes.

This causes the refreshAccessToken method not to refresh the access token anymore. This function needs an old access token to check if it is expired. If we wouldn't do this check, the refresh token endpoint would be called every 30 seconds if an anonymous user uses the website.

I have reverted the commit in 14c2185e6f1a81d63e25fbeec3e30a54cf6a44c5 and published these changes in the development image. Would you mind to check if you don't get logged out anymore after this change?

IvanLi-CN commented 4 months ago

@stonith404 Yes, I'm currently testing by tweaking it, and I think it would be useful to undo this commit.

IvanLi-CN commented 4 months ago

By the way, the next-cookies in frontend/package.json don't seem to be used, you can see if you want to remove them. @stonith404

stonith404 commented 4 months ago

@IvanLi-CN You're right, thanks.