Add Posthog instrument when failed to refresh access token (#10625)

* Add posthog instrument when refresh token failed * Add user-id to instrument * fix: clear tokens iff oauth2/token returns 400 and invalid_grant
2023-12-03 23:10:22 +08:00 · 2023-12-03 23:10:22 +08:00 · 5761f206be
parent ecde2c3bfc
commit 5761f206be
1 changed files with 30 additions and 10 deletions
--- a/src/main/frontend/handler/user.cljs
+++ b/src/main/frontend/handler/user.cljs
@ -134,14 +134,33 @@
          (and (<= 400 (:status resp))
               (> 500 (:status resp)))
          ;; invalid refresh-token
-          (clear-tokens)
+          (do
+            (prn :debug :refresh-token-failed
+                 :status (:status resp)
+                 :user-id (user-uuid)
+                 :refresh-token refresh-token
+                 :resp resp)
+            (state/pub-event! [:instrument {:type :refresh-token-failed
+                                            :payload {:status (:status resp)
+                                                      :user-id (user-uuid)
+                                                      :refresh-token refresh-token
+                                                      :resp resp}}])
+            (when (and (= 400 (:status resp))
+                       (= (:error (:body resp)) "invalid_grant"))
+              (clear-tokens)))

          ;; e.g. api return 500, server internal error
          ;; we shouldn't clear tokens if they aren't expired yet
          ;; the `refresh-tokens-loop` will retry soon
          (and (not (http/unexceptional-status? (:status resp)))
               (not (-> (state/get-auth-id-token) parse-jwt expired?)))
-          nil                           ; do nothing
+          (do
+            (prn :debug :refresh-token-failed
+                 :status (:status resp)
+                 :body (:body resp)
+                 :error-code (:error-code resp)
+                 :error-text (:error-text resp))
+            nil)                           ; do nothing

          (not (http/unexceptional-status? (:status resp)))
          (notification/show! "exceptional status when refresh-token" :warning true)
@ -217,14 +236,15 @@

 (defn <ensure-id&access-token
  []
-  (go
-    (when (or (nil? (state/get-auth-id-token))
-              (-> (state/get-auth-id-token) parse-jwt almost-expired-or-expired?))
-      (debug/pprint (str "refresh tokens... " (tc/to-string (t/now))))
-      (<! (<refresh-id-token&access-token))
-      (when (or (nil? (state/get-auth-id-token))
-                (-> (state/get-auth-id-token) parse-jwt expired?))
-        (ex-info "empty or expired token and refresh failed" {:anom :expired-token})))))
+  (let [id-token (state/get-auth-id-token)]
+    (go
+      (when (or (nil? id-token)
+                (-> id-token parse-jwt almost-expired-or-expired?))
+        (debug/pprint (str "refresh tokens... " (tc/to-string (t/now))))
+        (<! (<refresh-id-token&access-token))
+        (when (or (nil? (state/get-auth-id-token))
+                  (-> (state/get-auth-id-token) parse-jwt expired?))
+          (ex-info "empty or expired token and refresh failed" {:anom :expired-token}))))))

 (defn <user-uuid
  []