diff --git a/packages/stack-server/src/app/api/v1/api-keys/route.tsx b/packages/stack-server/src/app/api/v1/api-keys/route.tsx index 5d3b492fa..4da54df0e 100644 --- a/packages/stack-server/src/app/api/v1/api-keys/route.tsx +++ b/packages/stack-server/src/app/api/v1/api-keys/route.tsx @@ -65,7 +65,7 @@ export const POST = smartRouteHandler(async (req: NextRequest) => { } = await parseRequest(req, postSchema); if (!await checkApiKeySet(projectId, { superSecretAdminKey }) && !await isProjectAdmin(projectId, adminAccessToken)) { - throw new StatusError(StatusError.Forbidden); + throw new StatusError(StatusError.Forbidden, "Invalid API key"); } const created = await createApiKeySet( diff --git a/packages/stack-shared/src/interface/clientInterface.ts b/packages/stack-shared/src/interface/clientInterface.ts index 084a07f63..259cdae59 100644 --- a/packages/stack-shared/src/interface/clientInterface.ts +++ b/packages/stack-shared/src/interface/clientInterface.ts @@ -21,7 +21,7 @@ import { parseJson } from '../utils/json'; import { AsyncCache, AsyncValueCache } from '../utils/caches'; import { typedAssign } from '../utils/objects'; import { AsyncStore } from '../utils/stores'; -import { runAsynchronously } from '../utils/promises'; +import { neverResolve, runAsynchronously } from '../utils/promises'; export type UserCustomizableJson = { readonly projectId: string, @@ -252,13 +252,25 @@ export class StackClientInterface { refreshToken: null, }); - return await Result.orThrowAsync( - Result.retry( - () => this.sendClientRequestInner(path, requestOptions, tokenStore!), - 5, - { exponentialDelayBase: 1000 }, - ) - ); + + try { + return await Result.orThrowAsync( + Result.retry( + () => this.sendClientRequestInner(path, requestOptions, tokenStore!), + 5, + { exponentialDelayBase: 1000 }, + ) + ); + } catch (error: any) { + // TODO this is a hack. Occurs when the admin access token is invalid, or expired. Has plenty of weird side effects so we should replace this + if ("internalAdminAccessToken" in this.options && error?.message?.includes?.("Invalid API key") && typeof window !== "undefined") { + alert("Your session has expired. The page will now reload." + (process.env.NODE_ENV == "development" ? "\n\nThis is a hack and we should probably fix this at some point." : "")); + window.location.reload(); + await neverResolve(); + } + + throw error; + } } protected async sendClientRequestAndCatchKnownError(