optovia/webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): org-scoped team tokens and header search order

Browse Source
This commit is contained in:
Ruslan Bakiev
2026-04-21 14:09:51 +07:00
parent e1e6993f35
commit 39712613ae
8 changed files with 157 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/api/auth/refresh.post.ts
View File

@@ -1,4 +1,4 @@
import { defineEventHandler, createError } from 'h3'
import { defineEventHandler, createError, readBody } from 'h3'
import type LogtoClient from '@logto/node'
const RESOURCES = {
@@ -20,6 +20,10 @@ export interface RefreshResponse {
tokens: Partial<Record<ResourceKey, TokenInfo>>
}
interface RefreshBody {
organizationId?: string
}
function decodeTokenExpiry(token: string): number {
try {
const payload = token.split('.')[1]
@@ -44,13 +48,20 @@ function decodeTokenExpiry(token: string): number {
export default defineEventHandler(async (event): Promise<RefreshResponse> => {
const client = event.context.logtoClient as LogtoClient | undefined
const logtoUser = event.context.logtoUser as { organizations?: string[] } | undefined
let body: RefreshBody = {}
try {
body = (await readBody<RefreshBody>(event)) || {}
}
catch {
body = {}
}
if (!client) {
throw createError({ statusCode: 401, message: 'Not authenticated' })
}
// Get first organization from Logto user
const organizationId = logtoUser?.organizations?.[0]
// Prefer explicit organizationId from client when switching active team.
const organizationId = body.organizationId || logtoUser?.organizations?.[0]
const tokens: Partial<Record<ResourceKey, TokenInfo>> = {}