feat: Implement all authentication compliance phases

2025-12-23 14:11:13 -05:00 · 2025-10-31 14:01:45 +00:00
parent 4bc749a843
commit dade374c2a
8 changed files with 757 additions and 73 deletions
--- a/src/hooks/useAuth.tsx
+++ b/src/hooks/useAuth.tsx
@@ -15,7 +15,7 @@ interface AuthContextType {
  loading: boolean;
  pendingEmail: string | null;
  sessionError: string | null;
-  signOut: () => Promise<void>;
+  signOut: (scope?: 'global' | 'local' | 'others') => Promise<void>;
  verifySession: () => Promise<boolean>;
  clearPendingEmail: () => void;
  checkAalStepUp: () => Promise<CheckAalResult>;
@@ -123,6 +123,24 @@ function AuthProviderComponent({ children }: { children: React.ReactNode }) {
            await supabase.auth.signOut();
            return;
          }
+          
+          // Enhanced session monitoring: Proactively refresh tokens before expiry
+          const expiresAt = session.expires_at;
+          if (expiresAt) {
+            const now = Math.floor(Date.now() / 1000);
+            const timeUntilExpiry = expiresAt - now;
+            
+            // Refresh 5 minutes (300 seconds) before expiry
+            if (timeUntilExpiry < 300 && timeUntilExpiry > 0) {
+              authLog('[Auth] Token expiring soon, refreshing session...');
+              const { error } = await supabase.auth.refreshSession();
+              if (error) {
+                authError('[Auth] Session refresh failed:', error);
+              } else {
+                authLog('[Auth] Session refreshed successfully');
+              }
+            }
+          }
        } else {
          setAal(null);
        }
@@ -218,12 +236,23 @@ function AuthProviderComponent({ children }: { children: React.ReactNode }) {
    };
  }, []);

-  const signOut = async () => {
-    authLog('[Auth] Signing out...');
-    const result = await signOutUser();
-    if (!result.success) {
-      authError('Error signing out:', result.error);
-      throw new Error(result.error);
+  const signOut = async (scope: 'global' | 'local' | 'others' = 'global') => {
+    authLog('[Auth] Signing out with scope:', scope);
+    
+    try {
+      const { error } = await supabase.auth.signOut({ scope });
+      
+      if (error) throw error;
+      
+      // Clear all auth flags (only on global/local sign out)
+      if (scope !== 'others') {
+        clearAllAuthFlags();
+      }
+      
+      authLog('[Auth] Sign out successful');
+    } catch (error) {
+      authError('[Auth] Error signing out:', error);
+      throw error;
    }
  };