fix auth login / logout / refresh token

backend/src/auth/auth.py

@@ -219,7 +219,15 @@ def refresh_token(refresh_token: Annotated[str | None, Cookie()] = None):
         httponly=True,
         secure=True if settings.debug == False else True,
         samesite='lax',
-        max_age=4
+        max_age=30 * 24 * settings.max_age
+    )
+    response.set_cookie(
+        key='id_token',
+        value=token_data['id_token'],
+        httponly=True,
+        secure=not settings.debug,
+        samesite='lax',
+        max_age=settings.max_age
     )
     return response
 

frontend/src/services/api.ts

@@ -29,7 +29,7 @@ export async function refreshToken() {
     return await fetch(`${Config.backend_uri}/auth/refresh`, {method: "POST", credentials: "include"});
 }
 
-export async function fetchWithAuth(input: RequestInfo, options?: RequestInit) {
+export async function fetchWithAuth(input: RequestInfo, options?: RequestInit, redirect: boolean = true) {
     const res = await fetch(input, {
         credentials: "include",
         ...options,
@@ -38,6 +38,7 @@ export async function fetchWithAuth(input: RequestInfo, options?: RequestInit) {
     if (res.status === 401) {
         const refresh = await refreshToken();
         if (refresh.status == 400 || refresh.status == 401) {
+            if (redirect)
                 window.location.href = `/?sessionExpired=True`;
             
             const error = new Error("Unauthorized");
@@ -836,9 +837,9 @@ export function useCurrentUser() {
     return useQuery<UserLogged>({
         queryKey: ["currentUser"],
         queryFn: () => {
-            return fetch(`${Config.backend_uri}/auth/user/me`, {
+            return fetchWithAuth(`${Config.backend_uri}/auth/user/me`, {
                 credentials: "include",
-            }).then((res) => res.json());
+            }, false).then((res) => res.json());
         },
         retry: false,
     });