add consent expiry checking

2026-02-06 10:47:04 +00:00 · 2025-04-21 15:32:49 +01:00 · 2025-04-21 15:32:49 +01:00 · 6b2ef5f214
commit 6b2ef5f214
parent 139310574c
3 changed files with 49 additions and 13 deletions
--- a/server/controllers/OpeyIIController.ts
+++ b/server/controllers/OpeyIIController.ts
@ -310,7 +310,7 @@ export class OpeyController {
              // If we have a consent id, we can get the consent from OBP
              const consent = await this.obpConsentsService.getConsentByConsentId(session, consentId)

-              return response.status(200).json({consent_id: consent.consent_id});
+              return response.status(200).json({consent_id: consent.consent_id, jwt: consent.jwt});
          } else {
              console.log("No existing consent ID found")
          }
@ -322,7 +322,7 @@ export class OpeyController {

          const authConfig = session['opeyConfig']['authConfig']

-          return response.status(200).json({consent_id: authConfig?.obpConsent.consent_id});
+          return response.status(200).json({consent_id: authConfig?.obpConsent.consent_id, jwt: authConfig?.obpConsent.jwt});

        } catch (error) {
          console.error("Error in consent endpoint: ", error);
--- a/server/services/OBPConsentsService.ts
+++ b/server/services/OBPConsentsService.ts
@ -165,6 +165,15 @@ export default class OBPConsentsService {
        }
    }

+    async checkConsentExpired(consent: any): Promise<boolean> { //DEBUG
+        // Check if the consent is expired
+        // Decode the JWT and check the exp field
+        
+        const exp = consent.jwt_payload.exp
+        const now = Math.floor(Date.now() / 1000)
+        return exp < now
+    }
+
    async getExistingOpeyConsentId(session: Session): Promise<any> {
        // Get Consents for the current user, check if any of them are for Opey
        // If so, return the consent
@ -186,8 +195,10 @@ export default class OBPConsentsService {
            throw new Error('User is not logged in')
        }

-
-        const consentInfosPath = '/obp/v5.1.0/my/consent-infos'
+        // We need to change this back to consent infos once OBP shows 'EXPIRED' in the status
+        // Right now we have to check the JWT ourselves
+        const consentInfosPath = '/obp/v5.1.0/my/consents'
+        //const consentInfosPath = '/obp/v5.1.0/my/consent-infos'

        let opeyConsentId: string | null = null
        try {
@ -199,11 +210,15 @@ export default class OBPConsentsService {
                throw new Error('Opey Consumer ID is missing, please set VITE_OPEY_CONSUMER_ID')
            }

-            console.log('consents data: \n', response.data) //DEBUG
-
            for (const consent of consents) {
                console.log(`consent_consumer_id: ${consent.consumer_id}, opey_consumer_id: ${opeyConsumerID}\n consent_status: ${consent.status}`) //DEBUG
                if (consent.consumer_id === opeyConsumerID && consent.status === 'ACCEPTED') {
+                    // Check if the consent is expired
+                    const isExpired = await this.checkConsentExpired(consent)
+                    if (isExpired) {
+                        console.log('getExistingConsent: Consent is expired')
+                        continue
+                    }
                    opeyConsentId = consent.consent_id
                    break
                }
--- a/src/stores/chat.ts
+++ b/src/stores/chat.ts
@ -152,14 +152,34 @@ export const useChat = defineStore('chat', {

            if (consentResponse) {
                const consentId = consentResponse.consent_id
-                if (consentId) {
-                    this.userIsAuthenticated = true
-                } else {
-                    throw new Error('Failed to grant consent. Please try again.')
-                }
+                
            } else {
                throw new Error('Failed to grant consent. Please try again.')
            }
+
+            const consentJwt = consentResponse.jwt
+
+            const opeyBaseUri = import.meta.env.VITE_CHATBOT_URL
+            // Get a session from opey
+            try {
+                const sessionResponse = await fetch(`${opeyBaseUri}/create-session`, {
+                    method: 'POST',
+                    credentials: 'include',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Consent-JWT': consentJwt
+                    },
+                })
+
+                if (!sessionResponse.ok) {
+                    throw new Error(`Failed to create session: ${sessionResponse.statusText}`);
+                } else if (sessionResponse.status === 200) {
+                    this.userIsAuthenticated = true
+                }
+
+            } catch (error) {
+                console.error('Error creating session:', error);
+            }
        },

        async stream(input: ChatStreamInput): Promise<void> {
@ -181,11 +201,12 @@ export const useChat = defineStore('chat', {
            this.addMessage(this.currentAssistantMessage)

            // Set the status to 'loading' before we fetch the stream
-
+            const opeyBaseUri = import.meta.env.VITE_CHATBOT_URL
            // Handle stream
            try {
-                const response = await fetch('/api/opey/stream', {
+                const response = await fetch(`${opeyBaseUri}/stream`, {
                    method: 'POST',
+                    credentials: 'include',
                    headers: {
                        'Content-Type': 'application/json'
                    },