feat: fix interceptor

apps/backend/src/api/routes/users.controller.ts

@@ -26,6 +26,7 @@ import { pricing } from '@gitroom/nestjs-libraries/database/prisma/subscriptions
 import { ApiTags } from '@nestjs/swagger';
 import { UsersService } from '@gitroom/nestjs-libraries/database/prisma/users/users.service';
 import { UserDetailDto } from '@gitroom/nestjs-libraries/dtos/users/user.details.dto';
+import { HttpForbiddenException } from '@gitroom/nestjs-libraries/services/exception.filter';
 
 @ApiTags('User')
 @Controller('/user')
@@ -41,10 +42,10 @@ export class UsersController {
   async getSelf(
     @GetUserFromRequest() user: User,
     @GetOrgFromRequest() organization: Organization,
-    @Req() req: Request
+    @Req() req: Request,
   ) {
     if (!organization) {
-      throw new HttpException('Organization not found', 401);
+      throw new HttpForbiddenException();
     }
 
     return {
@@ -74,7 +75,7 @@ export class UsersController {
     @Query('name') name: string
   ) {
     if (!user.isSuperAdmin) {
-      throw new HttpException('Unauthorized', 401);
+      throw new HttpException('Unauthorized', 400);
     }
 
     return this._userService.getImpersonateUser(name);
@@ -87,7 +88,7 @@ export class UsersController {
     @Res({ passthrough: true }) response: Response
   ) {
     if (!user.isSuperAdmin) {
-      throw new HttpException('Unauthorized', 401);
+      throw new HttpException('Unauthorized', 400);
     }
 
     response.cookie('impersonate', id, {

apps/backend/src/main.ts

@@ -7,6 +7,7 @@ import {Logger, ValidationPipe} from '@nestjs/common';
 import { NestFactory } from '@nestjs/core';
 import { AppModule } from './app.module';
 import {SubscriptionExceptionFilter} from "@gitroom/backend/services/auth/permissions/subscription.exception";
+import { HttpExceptionFilter } from '@gitroom/nestjs-libraries/services/exception.filter';
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule, {
@@ -24,6 +25,7 @@ async function bootstrap() {
 
   app.use(cookieParser());
   app.useGlobalFilters(new SubscriptionExceptionFilter());
+  app.useGlobalFilters(new HttpExceptionFilter());
 
   loadSwagger(app);
 

apps/backend/src/services/auth/auth.middleware.ts

@@ -5,16 +5,21 @@ import { User } from '@prisma/client';
 import { OrganizationService } from '@gitroom/nestjs-libraries/database/prisma/organizations/organization.service';
 import { UsersService } from '@gitroom/nestjs-libraries/database/prisma/users/users.service';
 import { removeSubdomain } from '@gitroom/helpers/subdomain/subdomain.management';
+import { HttpForbiddenException } from '@gitroom/nestjs-libraries/services/exception.filter';
 
-const removeAuth = (res: Response) =>
+export const removeAuth = (res: Response) => {
   res.cookie('auth', '', {
     domain: '.' + new URL(removeSubdomain(process.env.FRONTEND_URL!)).hostname,
     secure: true,
     httpOnly: true,
     sameSite: 'none',
-    expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365),
+    expires: new Date(0),
+    maxAge: -1,
   });
 
+  res.header('logout', 'true');
+};
+
 @Injectable()
 export class AuthMiddleware implements NestMiddleware {
   constructor(
@@ -24,8 +29,7 @@ export class AuthMiddleware implements NestMiddleware {
   async use(req: Request, res: Response, next: NextFunction) {
     const auth = req.headers.auth || req.cookies.auth;
     if (!auth) {
-      removeAuth(res);
-      res.status(401).send('Unauthorized');
+      throw new HttpForbiddenException();
     }
     try {
       let user = AuthService.verifyJWT(auth) as User | null;
@@ -71,9 +75,7 @@ export class AuthMiddleware implements NestMiddleware {
         organization.find((org) => org.id === orgHeader) || organization[0];
 
       if (!organization) {
-        removeAuth(res);
-        res.status(401).send('Unauthorized');
-        return ;
+        throw new HttpForbiddenException();
       }
 
       // eslint-disable-next-line @typescript-eslint/ban-ts-comment
@@ -84,8 +86,7 @@ export class AuthMiddleware implements NestMiddleware {
       // @ts-expect-error
       req.org = setOrg;
     } catch (err) {
-      removeAuth(res);
-      res.status(401).send('Unauthorized');
+      throw new HttpForbiddenException();
     }
     next();
   }

apps/frontend/src/components/layout/layout.context.tsx

@@ -17,13 +17,19 @@ function LayoutContextInner(params: { children: ReactNode }) {
   const afterRequest = useCallback(
     async (url: string, options: RequestInit, response: Response) => {
       if (response?.headers?.get('onboarding')) {
-        window.location.href = isGeneral() ? '/launches?onboarding=true' : '/analytics?onboarding=true';
+        window.location.href = isGeneral()
+          ? '/launches?onboarding=true'
+          : '/analytics?onboarding=true';
       }
 
       if (response?.headers?.get('reload')) {
         window.location.reload();
       }
 
+      if (response.status === 401) {
+        window.location.href = '/';
+      }
+
       if (response.status === 402) {
         if (
           await deleteDialog(

libraries/nestjs-libraries/src/services/exception.filter.ts

@@ -0,0 +1,20 @@
+import { ExceptionFilter, Catch, ArgumentsHost, HttpException } from '@nestjs/common';
+import { Response } from 'express';
+import { removeAuth } from '@gitroom/backend/services/auth/auth.middleware';
+
+export class HttpForbiddenException extends HttpException {
+  constructor() {
+    super('Forbidden', 403);
+  }
+}
+
+@Catch(HttpForbiddenException)
+export class HttpExceptionFilter implements ExceptionFilter {
+  catch(exception: HttpForbiddenException, host: ArgumentsHost) {
+    const ctx = host.switchToHttp();
+    const response = ctx.getResponse<Response>();
+    removeAuth(response);
+
+    return response.status(401).send();
+  }
+}