From c036839233d31afd14e71d870bef2093fbfdce48 Mon Sep 17 00:00:00 2001
From: devthejo <devthejo@protonmail.com>
Date: Mon, 30 Jun 2025 00:01:26 +0200
Subject: [PATCH] fix(sync): allow last expired jwt wip

---
 .../v1/operations/auth/login/token.patch.js   | 29 +++++++++++++++++++
 .../src/api/v1/operations/geoloc/sync.post.js |  4 +--
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/services/api/src/api/v1/operations/auth/login/token.patch.js b/services/api/src/api/v1/operations/auth/login/token.patch.js
index 19e458c..3190dad 100644
--- a/services/api/src/api/v1/operations/auth/login/token.patch.js
+++ b/services/api/src/api/v1/operations/auth/login/token.patch.js
@@ -72,7 +72,26 @@ module.exports = async function ({ services: { sortRolesByLevel, signJwt } }) {
           `
       })
     } else {
+      if (!deviceId && deviceUuid) {
+        // First check if a device with this UUID already exists for this user
+        const existingDevice = await sql`
+          SELECT
+            id
+          FROM
+            "device"
+          WHERE
+            "user_id" = ${userId}
+            AND "uuid" = ${deviceUuid}
+          LIMIT 1
+          `
+
+        if (existingDevice.length > 0) {
+          deviceId = existingDevice[0].id
+        }
+      }
+
       if (!deviceId) {
+        // Only create new device if UUID doesn't exist
         ;[{ id: deviceId }] = await sql`
            INSERT INTO "device" ("user_id", "phone_model", "uuid")
              VALUES (${userId}, ${phoneModel}, ${deviceUuid})
@@ -81,6 +100,16 @@ module.exports = async function ({ services: { sortRolesByLevel, signJwt } }) {
            `
       }
 
+      // Update the auth_token to reference this device
+      await sql`
+        UPDATE
+          "auth_token"
+        SET
+          "device_id" = ${deviceId}
+        WHERE
+          "auth_token" = ${authToken}
+        `
+
       roles = (
         await sql`
           SELECT
diff --git a/services/api/src/api/v1/operations/geoloc/sync.post.js b/services/api/src/api/v1/operations/geoloc/sync.post.js
index 49e02d4..071a38f 100644
--- a/services/api/src/api/v1/operations/geoloc/sync.post.js
+++ b/services/api/src/api/v1/operations/geoloc/sync.post.js
@@ -34,12 +34,12 @@ module.exports = function () {
       const deviceExpKey = `device:${deviceId}:last_exp`
       const storedLastExp = await redis.get(deviceExpKey)
 
-      if (storedLastExp && session.exp <= parseInt(storedLastExp, 10)) {
+      if (storedLastExp && session.exp < parseInt(storedLastExp, 10)) {
         throw httpError(401, "not the latest jwt")
       }
 
       // Store the new expiration date
-      await redis.set(deviceExpKey, session.exp, "EX", 30 * 24 * 60 * 60) // 30 days TTL
+      await redis.set(deviceExpKey, session.exp)
     }
 
     const { userId } = session