fix: check user's existence on token refresh

src/server/routers/auth/auth.router.ts

@@ -9,7 +9,7 @@ export const authRouter = router({
   login: publicProcedure.input(z.object({ username: z.string(), password: z.string() })).mutation(async ({ input }) => AuthService.login({ ...input })),
   logout: protectedProcedure.mutation(async ({ ctx }) => AuthServiceClass.logout(ctx.session.id)),
   register: publicProcedure.input(z.object({ username: z.string(), password: z.string() })).mutation(async ({ input }) => AuthService.register({ ...input })),
-  refreshToken: protectedProcedure.mutation(async ({ ctx }) => AuthServiceClass.refreshToken(ctx.session.id)),
+  refreshToken: protectedProcedure.mutation(async ({ ctx }) => AuthService.refreshToken(ctx.session.id)),
   me: publicProcedure.query(async ({ ctx }) => AuthService.me(ctx.session?.userId)),
   isConfigured: publicProcedure.query(async () => AuthService.isConfigured()),
   // Password

src/server/services/auth/auth.service.ts

@@ -282,12 +282,20 @@ export class AuthServiceClass {
    * @param {string} [session] - The current session token
    * @returns {Promise<{token: string} | null>} - An object containing the new session token, or null if the session is invalid
    */
-  public static refreshToken = async (session?: string): Promise<TokenResponse | null> => {
+  public refreshToken = async (session?: string): Promise<TokenResponse | null> => {
     if (!session) return null;
 
     const userId = await TipiCache.get(session);
+
     if (!userId) return null;
 
+    const user = await this.queries.getUserById(Number(userId));
+
+    if (!user) {
+      await TipiCache.delByValue(userId.toString(), 'auth');
+      return null;
+    }
+
     // Expire token in 6 seconds
     await TipiCache.set(session, userId, 6);