fix access token session do not extend and make domains lower case

server/auth/resource.ts

@@ -88,19 +88,20 @@ export async function validateResourceSessionToken(
             .where(eq(resourceSessions.sessionId, resourceSessions.sessionId));
         return { resourceSession: null };
     } else if (
-        !resourceSession.doNotExtend &&
         Date.now() >=
             resourceSession.expiresAt - resourceSession.sessionLength / 2
     ) {
-        resourceSession.expiresAt = new Date(
-            Date.now() + resourceSession.sessionLength
-        ).getTime();
-        await db
+        if (!resourceSession.doNotExtend) {
+            resourceSession.expiresAt = new Date(
+                Date.now() + resourceSession.sessionLength
+            ).getTime();
+            await db
             .update(resourceSessions)
             .set({
                 expiresAt: resourceSession.expiresAt
             })
             .where(eq(resourceSessions.sessionId, resourceSession.sessionId));
+        }
     }
 
     return { resourceSession };

server/config.ts

@@ -14,7 +14,7 @@ const portSchema = z.number().positive().gt(0).lte(65535);
 
 const environmentSchema = z.object({
     app: z.object({
-        base_url: z.string().url(),
+        base_url: z.string().url().transform((url) => url.toLowerCase()),
         log_level: z.enum(["debug", "info", "warn", "error"]),
         save_logs: z.boolean()
     }),
@@ -22,9 +22,8 @@ const environmentSchema = z.object({
         external_port: portSchema,
         internal_port: portSchema,
         next_port: portSchema,
-        internal_hostname: z.string(),
+        internal_hostname: z.string().transform((url) => url.toLowerCase()),
         secure_cookies: z.boolean(),
-        signup_secret: z.string().optional(),
         session_cookie_name: z.string(),
         resource_session_cookie_name: z.string()
     }),
@@ -36,7 +35,7 @@ const environmentSchema = z.object({
     }),
     gerbil: z.object({
         start_port: portSchema,
-        base_endpoint: z.string(),
+        base_endpoint: z.string().transform((url) => url.toLowerCase()),
         use_subdomain: z.boolean(),
         subnet_group: z.string(),
         block_size: z.number().positive().gt(0)

server/routers/resource/authWithAccessToken.ts

@@ -105,7 +105,7 @@ export async function authWithAccessToken(
             );
         }
 
-        const validCode = await verifyPassword(tokenItem.tokenHash, accessToken);
+        const validCode = await verifyPassword(accessToken, tokenItem.tokenHash);
 
         if (!validCode) {
             return next(
@@ -132,7 +132,7 @@ export async function authWithAccessToken(
             accessTokenId: tokenItem.accessTokenId,
             sessionLength: tokenItem.sessionLength,
             expiresAt: tokenItem.expiresAt,
-            doNotExtend: tokenItem.expiresAt ? false : true
+            doNotExtend: tokenItem.expiresAt ? true : false
         });
         const cookieName = `${config.server.resource_session_cookie_name}_${resource.resourceId}`;
         const cookie = serializeResourceSessionCookie(cookieName, token);

server/routers/resource/createResource.ts

@@ -51,7 +51,9 @@ export async function createResource(
             );
         }
 
-        const { name, subdomain } = parsedBody.data;
+        let { name, subdomain } = parsedBody.data;
+
+        subdomain = subdomain.toLowerCase(); // always to lower case
 
         // Validate request params
         const parsedParams = createResourceParamsSchema.safeParse(req.params);