fix(sync): allow last expired jwt wip

services/api/src/api/v1/operations/auth/login/token.patch.js

@@ -72,7 +72,26 @@ module.exports = async function ({ services: { sortRolesByLevel, signJwt } }) {
           `
       })
     } else {
+      if (!deviceId && deviceUuid) {
+        // First check if a device with this UUID already exists for this user
+        const existingDevice = await sql`
+          SELECT
+            id
+          FROM
+            "device"
+          WHERE
+            "user_id" = ${userId}
+            AND "uuid" = ${deviceUuid}
+          LIMIT 1
+          `
+
+        if (existingDevice.length > 0) {
+          deviceId = existingDevice[0].id
+        }
+      }
+
       if (!deviceId) {
+        // Only create new device if UUID doesn't exist
         ;[{ id: deviceId }] = await sql`
            INSERT INTO "device" ("user_id", "phone_model", "uuid")
              VALUES (${userId}, ${phoneModel}, ${deviceUuid})
@@ -81,6 +100,16 @@ module.exports = async function ({ services: { sortRolesByLevel, signJwt } }) {
            `
       }
 
+      // Update the auth_token to reference this device
+      await sql`
+        UPDATE
+          "auth_token"
+        SET
+          "device_id" = ${deviceId}
+        WHERE
+          "auth_token" = ${authToken}
+        `
+
       roles = (
         await sql`
           SELECT

services/api/src/api/v1/operations/geoloc/sync.post.js

@@ -34,12 +34,12 @@ module.exports = function () {
       const deviceExpKey = `device:${deviceId}:last_exp`
       const storedLastExp = await redis.get(deviceExpKey)
 
-      if (storedLastExp && session.exp <= parseInt(storedLastExp, 10)) {
+      if (storedLastExp && session.exp < parseInt(storedLastExp, 10)) {
         throw httpError(401, "not the latest jwt")
       }
 
       // Store the new expiration date
-      await redis.set(deviceExpKey, session.exp, "EX", 30 * 24 * 60 * 60) // 30 days TTL
+      await redis.set(deviceExpKey, session.exp)
     }
 
     const { userId } = session