From 5761f206bec8a116627ba4ace2310b585ba0755d Mon Sep 17 00:00:00 2001
From: Tienson Qin <tiensonqin@gmail.com>
Date: Sun, 3 Dec 2023 23:10:22 +0800
Subject: [PATCH] Add Posthog instrument when failed to refresh access token
 (#10625)

* Add posthog instrument when refresh token failed

* Add user-id to instrument

* fix: clear tokens iff oauth2/token returns 400 and invalid_grant
---
 src/main/frontend/handler/user.cljs | 40 +++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/src/main/frontend/handler/user.cljs b/src/main/frontend/handler/user.cljs
index f2648a3ef..97ed30fc1 100644
--- a/src/main/frontend/handler/user.cljs
+++ b/src/main/frontend/handler/user.cljs
@@ -134,14 +134,33 @@
           (and (<= 400 (:status resp))
                (> 500 (:status resp)))
           ;; invalid refresh-token
-          (clear-tokens)
+          (do
+            (prn :debug :refresh-token-failed
+                 :status (:status resp)
+                 :user-id (user-uuid)
+                 :refresh-token refresh-token
+                 :resp resp)
+            (state/pub-event! [:instrument {:type :refresh-token-failed
+                                            :payload {:status (:status resp)
+                                                      :user-id (user-uuid)
+                                                      :refresh-token refresh-token
+                                                      :resp resp}}])
+            (when (and (= 400 (:status resp))
+                       (= (:error (:body resp)) "invalid_grant"))
+              (clear-tokens)))
 
           ;; e.g. api return 500, server internal error
           ;; we shouldn't clear tokens if they aren't expired yet
           ;; the `refresh-tokens-loop` will retry soon
           (and (not (http/unexceptional-status? (:status resp)))
                (not (-> (state/get-auth-id-token) parse-jwt expired?)))
-          nil                           ; do nothing
+          (do
+            (prn :debug :refresh-token-failed
+                 :status (:status resp)
+                 :body (:body resp)
+                 :error-code (:error-code resp)
+                 :error-text (:error-text resp))
+            nil)                           ; do nothing
 
           (not (http/unexceptional-status? (:status resp)))
           (notification/show! "exceptional status when refresh-token" :warning true)
@@ -217,14 +236,15 @@
 
 (defn <ensure-id&access-token
   []
-  (go
-    (when (or (nil? (state/get-auth-id-token))
-              (-> (state/get-auth-id-token) parse-jwt almost-expired-or-expired?))
-      (debug/pprint (str "refresh tokens... " (tc/to-string (t/now))))
-      (<! (<refresh-id-token&access-token))
-      (when (or (nil? (state/get-auth-id-token))
-                (-> (state/get-auth-id-token) parse-jwt expired?))
-        (ex-info "empty or expired token and refresh failed" {:anom :expired-token})))))
+  (let [id-token (state/get-auth-id-token)]
+    (go
+      (when (or (nil? id-token)
+                (-> id-token parse-jwt almost-expired-or-expired?))
+        (debug/pprint (str "refresh tokens... " (tc/to-string (t/now))))
+        (<! (<refresh-id-token&access-token))
+        (when (or (nil? (state/get-auth-id-token))
+                  (-> (state/get-auth-id-token) parse-jwt expired?))
+          (ex-info "empty or expired token and refresh failed" {:anom :expired-token}))))))
 
 (defn <user-uuid
   []