From f8b4f8ee599a4830c337e44d7151667fc711df7d Mon Sep 17 00:00:00 2001
From: Marshall Polaris <marshall@pol.rs>
Date: Tue, 19 Jul 2022 20:06:30 -0700
Subject: [PATCH] Properly handle expired ID token cookie, be robust to errors

---
 web/lib/firebase/server-auth.ts | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/web/lib/firebase/server-auth.ts b/web/lib/firebase/server-auth.ts
index 5f828683..47eadb45 100644
--- a/web/lib/firebase/server-auth.ts
+++ b/web/lib/firebase/server-auth.ts
@@ -52,12 +52,19 @@ export const getServerAuthenticatedUid = async (ctx: RequestContext) => {
   if (idToken != null) {
     try {
       return (await auth.verifyIdToken(idToken))?.uid
+    } catch {
+      // plausibly expired; try the refresh token, if it's present
+    }
+  }
+  if (refreshToken != null) {
+    try {
+      const resp = await requestFirebaseIdToken(refreshToken)
+      setAuthCookies(resp.id_token, resp.refresh_token, ctx.res)
+      return (await auth.verifyIdToken(resp.id_token))?.uid
     } catch (e) {
-      if (refreshToken != null) {
-        const resp = await requestFirebaseIdToken(refreshToken)
-        setAuthCookies(resp.id_token, resp.refresh_token, ctx.res)
-        return (await auth.verifyIdToken(resp.id_token))?.uid
-      }
+      // this is a big unexpected problem -- either their cookies are corrupt
+      // or the refresh token API is down. functionally, they are not logged in
+      console.error(e)
     }
   }
   return undefined