From 381569fb4096d5ed365f5977f9b198ae95286063 Mon Sep 17 00:00:00 2001
From: Andrew Henry <ajhenry@github.com>
Date: Thu, 14 Dec 2023 11:22:27 -0500
Subject: [PATCH] fix: remove verify session and global octokit from auth

---
 src/bot/octokit.ts                  | 11 +----------
 src/pages/api/auth/[...nextauth].ts | 12 ++++++------
 2 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/src/bot/octokit.ts b/src/bot/octokit.ts
index 68aafcc..e3bbd21 100644
--- a/src/bot/octokit.ts
+++ b/src/bot/octokit.ts
@@ -1,9 +1,6 @@
 import { createAppAuth } from "@octokit/auth-app";
 import { Octokit } from "@octokit/rest";
 
-// Global octokit instance for the user app
-let personalOctokitInstance: Octokit | null = null;
-
 // This is a bug with the way the private key is stored in the docker env
 // See https://github.com/moby/moby/issues/46773
 let privateKey = process.env.PRIVATE_KEY?.includes("\\n")
@@ -82,13 +79,7 @@ export const installationOctokit = (installationId: string) => {
  * @returns Octokit authorized with the personal access token
  */
 export const personalOctokit = (token: string) => {
-  if (personalOctokitInstance) {
-    return personalOctokitInstance;
-  }
-
-  personalOctokitInstance = new Octokit({
+  return new Octokit({
     auth: token,
   });
-
-  return personalOctokitInstance;
 };
diff --git a/src/pages/api/auth/[...nextauth].ts b/src/pages/api/auth/[...nextauth].ts
index d84be20..bd404d3 100644
--- a/src/pages/api/auth/[...nextauth].ts
+++ b/src/pages/api/auth/[...nextauth].ts
@@ -10,7 +10,7 @@ const authLogger = logger.getSubLogger({ name: "auth" });
  * @param token Token of the session
  * @returns boolean — Whether the session is valid
  */
-const verifySession = async (token: string | undefined) => {
+export const verifySession = async (token: string | undefined) => {
   if (!token) return false;
 
   const octokit = personalOctokit(token);
@@ -37,13 +37,13 @@ export const nextAuthOptions: AuthOptions = {
     session: async ({ session, token }) => {
       authLogger.debug("Session callback");
 
-      // Check if the user has a valid accessToken
       // TODO: Need to figure out how to do this more efficiently
-      const validSession = await verifySession(token?.accessToken as string);
+      // Check if the user has a valid accessToken
+      // const validSession = await verifySession(token?.accessToken as string);
 
-      if (!validSession) {
-        return undefined as any;
-      }
+      // if (!validSession) {
+      //   return undefined as any;
+      // }
 
       // This is fine when the session is invalid
       if (!token) {