fix: Override payload refresh operation & fix session expiration (#12)

- Add refresh hook
- Fix session expiration date inside me hook
- Set payload auth strategy name (_strategy)

Author: CrawlerCode

packages/dev/src/auth.config.ts

@@ -83,10 +83,12 @@ export const authConfig: NextAuthConfig = {
   ],
   session: {
     strategy: "jwt",
+    //maxAge: 60 * 2 + 30, // 2.5 minutes
+    //updateAge: 60, // 1 minute
   },
   callbacks: {
     jwt: ({ token, user, account, trigger }) => {
-      //console.log("callbacks.jwt", token, user, account);
+      //console.log("callbacks.jwt", trigger, token, user, account);
 
       /**
        * For jwt session strategy, we need to forward additional fields to the token

packages/payload-authjs/src/payload/AuthjsAuthStrategy.ts

@@ -17,7 +17,7 @@ export function AuthjsAuthStrategy(
   const virtualFields = getAllVirtualFields(collection.fields);
 
   return {
-    name: "authjs",
+    name: "Auth.js",
     authenticate: async ({ payload }) => {
       // Get session from authjs
       const { auth } = NextAuth(
@@ -62,6 +62,7 @@ export function AuthjsAuthStrategy(
       // Return user to payload cms
       return {
         user: {
+          _strategy: "Auth.js",
           collection: collection.slug,
           ...payloadUser,
           ...virtualSessionFields,

packages/payload-authjs/src/payload/collection/hooks/me.ts

@@ -44,7 +44,7 @@ export const meHook: (
 
     // Return user to payload cms
     return {
-      exp: new Date(session.expires).getTime(),
+      exp: Math.floor(new Date(session.expires).getTime() / 1000),
       user: {
         ...user,
         ...virtualSessionFields,

packages/payload-authjs/src/payload/collection/hooks/refresh.ts

@@ -0,0 +1,52 @@
+import NextAuth from "next-auth";
+import { CollectionConfig, Forbidden, type CollectionRefreshHook } from "payload";
+import { withPayload } from "../../../authjs/withPayload";
+import type { AuthjsPluginConfig } from "../../plugin";
+import { getAllVirtualFields } from "../../utils/getAllVirtualFields";
+import { getUserAttributes } from "../../utils/getUserAttributes";
+
+/**
+ * Add refresh hook to override the refresh endpoint to refresh the session with authjs
+ *
+ * @see https://payloadcms.com/docs/hooks/collections#refresh
+ * @see https://github.com/payloadcms/payload/blob/main/packages/payload/src/auth/operations/refresh.ts
+ */
+export const refreshHook: (
+  collection: CollectionConfig,
+  pluginOptions: AuthjsPluginConfig,
+) => CollectionRefreshHook | undefined = (collection, pluginOptions) => {
+  // Get all virtual fields
+  const virtualFields = getAllVirtualFields(collection.fields);
+
+  // Return the refresh hook
+  return async ({ args: { req }, user }) => {
+    // Get session from authjs
+    const { auth } = NextAuth(
+      withPayload(pluginOptions.authjsConfig, {
+        payload: req.payload,
+        userCollectionSlug: pluginOptions.userCollectionSlug,
+      }),
+    );
+    let session = await auth();
+
+    // If no session user, throw forbidden
+    if (!session?.user) {
+      throw new Forbidden(req.t);
+    }
+
+    // Get user virtual fields
+    const virtualSessionFields = getUserAttributes(session.user, virtualFields);
+
+    // Return user to payload cms
+    return {
+      exp: Math.floor(new Date(session.expires).getTime() / 1000),
+      setCookie: undefined,
+      refreshedToken: undefined as unknown as string,
+      strategy: user._strategy,
+      user: {
+        ...user,
+        ...virtualSessionFields,
+      },
+    };
+  };
+};

packages/payload-authjs/src/payload/collection/index.ts

@@ -10,6 +10,7 @@ import { generalFields } from "./fields/general";
 import { sessionsField } from "./fields/session";
 import { verificationTokensField } from "./fields/verificationTokens";
 import { meHook } from "./hooks/me";
+import { refreshHook } from "./hooks/refresh";
 
 export const generateUsersCollection = (
   collections: CollectionConfig[],
@@ -93,9 +94,11 @@ export const generateUsersCollection = (
 
   // Add hooks to users collection
   const _meHook = meHook(collection, pluginOptions);
+  const _refreshHook = refreshHook(collection, pluginOptions);
   collection.hooks = {
     ...collection.hooks,
     me: [...(collection.hooks?.me || []), ...(_meHook ? [_meHook] : [])],
+    refresh: [...(collection.hooks?.refresh || []), ...(_refreshHook ? [_refreshHook] : [])],
   };
 
   // Add custom endpoints to users collection