refactor(effect): migrate core auth decode boundaries

4 files changed, 11 insertions, 35 deletions

diff --git a/src/graphql/user/resolvers.ts b/src/graphql/user/resolvers.ts
index 986b9684..dfbaa927 100644
--- a/src/graphql/user/resolvers.ts
+++ b/src/graphql/user/resolvers.ts
@@ -24,6 +24,7 @@ import {
 	type UserPreferences,
 } from "$lib/Database/SB/User/preferences";
 import privilegedUser from "$lib/Utility/privilegedUser";
+import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
 
 type Context = RequestEvent<Partial<Record<string, string>>, string | null>;
 type UserResolvers = Pick<
@@ -51,14 +52,9 @@ const auth = async (context: Context) => {
 
 	if (!userCookie) return Error("Unauthorised");
 
-	const user = JSON.parse(userCookie);
+	const user = decodeAuthCookieOrThrow(userCookie);
 
-	return await userIdentity({
-		tokenType: user["token_type"],
-		expiresIn: user["expires_in"],
-		accessToken: user["access_token"],
-		refreshToken: user["refresh_token"],
-	});
+	return await userIdentity(user);
 };
 
 const authenticatedBadgesOperation = async (
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index b0c42184..9f28b4e9 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -1,4 +1,5 @@
 import root from "$lib/Utility/root";
+import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
 import type { Handle, RequestEvent } from "@sveltejs/kit";
 
 const redirectWithParameters = (
@@ -21,16 +22,7 @@ export const handle: Handle = async ({ event, resolve }) => {
 	const { cookies } = event;
 	const user = cookies.get("user");
 
-	if (user) {
-		const parsedUser = JSON.parse(user);
-
-		event.locals.user = {
-			tokenType: parsedUser["token_type"],
-			expiresIn: parsedUser["expires_in"],
-			accessToken: parsedUser["access_token"],
-			refreshToken: parsedUser["refresh_token"],
-		};
-	}
+	if (user) event.locals.user = decodeAuthCookieOrThrow(user);
 
 	switch (event.url.pathname) {
 		case "/birthdays":
diff --git a/src/routes/api/notifications/subscribe/+server.ts b/src/routes/api/notifications/subscribe/+server.ts
index 5a1cacc4..499e2cf0 100644
--- a/src/routes/api/notifications/subscribe/+server.ts
+++ b/src/routes/api/notifications/subscribe/+server.ts
@@ -1,5 +1,6 @@
 import { userIdentity } from "$lib/Data/AniList/identity";
 import { setUserSubscription } from "$lib/Database/SB/User/notifications";
+import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
 
 const unauthorised = new Response("Unauthorised", { status: 401 });
 
@@ -9,15 +10,8 @@ export const POST = async ({ cookies, request, url }) => {
 
 	if (!userCookie || !fingerprint) return unauthorised;
 
-	const user = JSON.parse(userCookie);
-	const userId = (
-		await userIdentity({
-			tokenType: user["token_type"],
-			expiresIn: user["expires_in"],
-			accessToken: user["access_token"],
-			refreshToken: user["refresh_token"],
-		})
-	).id;
+	const user = decodeAuthCookieOrThrow(userCookie);
+	const userId = (await userIdentity(user)).id;
 
 	if (!userId) return unauthorised;
 
diff --git a/src/routes/api/notifications/unsubscribe/+server.ts b/src/routes/api/notifications/unsubscribe/+server.ts
index 2db8b5c3..87f8b498 100644
--- a/src/routes/api/notifications/unsubscribe/+server.ts
+++ b/src/routes/api/notifications/unsubscribe/+server.ts
@@ -1,5 +1,6 @@
 import { userIdentity } from "$lib/Data/AniList/identity";
 import { deleteUserSubscription } from "$lib/Database/SB/User/notifications";
+import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
 
 const unauthorised = new Response("Unauthorised", { status: 401 });
 
@@ -9,15 +10,8 @@ export const POST = async ({ cookies, url }) => {
 
 	if (!userCookie || !fingerprint) return unauthorised;
 
-	const user = JSON.parse(userCookie);
-	const userId = (
-		await userIdentity({
-			tokenType: user["token_type"],
-			expiresIn: user["expires_in"],
-			accessToken: user["access_token"],
-			refreshToken: user["refresh_token"],
-		})
-	).id;
+	const user = decodeAuthCookieOrThrow(userCookie);
+	const userId = (await userIdentity(user)).id;
 
 	if (!userId) return unauthorised;