feat (packages/nhost-js): add decoded token to session storage

[dbarrosop]

PR Type

Enhancement

---

Description

• Add decoded JWT token to session storage

• Convert timestamps to Date objects automatically

• Parse PostgreSQL arrays in Hasura claims

• Update documentation with new session interface

---

Changes walkthrough 📝

	Relevant files
Tests	1 files nhost.test.ts Add comprehensive test for decoded token functionality      +45/-0
Enhancement	6 files nhost.ts Update import to use session module types                                +1/-1      index.ts Export Session type from session module                                    +1/-0      refreshSession.ts Update imports to use session module types                              +2/-5      session.ts Add JWT decoding with timestamp and claims processing        +81/-0    storage.ts Integrate token decoding into session storage operations  +16/-4    storageBackend.ts Update type imports to use session module                                +1/-1
Documentation	3 files auth.mdx Add reference to extended Session interface                            +4/-0      main.mdx Update return type references to session module                    +2/-2      session.mdx Add comprehensive documentation for new Session interface +108/-21

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Error Handling The decodeUserSession function throws an error for invalid token format but returns null in the function signature. This inconsistency could lead to unexpected behavior when the function is called. export const decodeUserSession = (accessToken: string): DecodedToken | null => { const s = accessToken.split("."); if (s.length !== 3 || !s[1]) { throw new Error("Invalid access token format"); } Array Parsing The parsePostgresArray function uses a simple split by comma which may not handle escaped commas or complex nested structures correctly. This could lead to incorrect parsing of PostgreSQL array values. const parsePostgresArray = (value: string): string[] => { if (!value || value === "{}") return []; // Remove curly braces and split by comma, handling quoted values return value .slice(1, -1) .split(",") .map((item) => item.trim().replace(/^"(.*)"$/, "$1")); }; Duplicate Processing The set method calls decodeUserSession and creates the session object twice - once for storage.set and once for notifySubscribers. This is inefficient and could be optimized by storing the result in a variable. set(value: AuthSession): void { const decodedToken = decodeUserSession(value.accessToken); if (!decodedToken) { throw new Error("Invalid access token format"); } this.storage.set({ ...value, decodedToken: decodedToken, }); this.notifySubscribers({ ...value, decodedToken: decodedToken, }); }

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Remove unreachable null check The decodeUserSession function can throw exceptions but never returns null based on its implementation. The null check is unreachable code and should be removed. packages/nhost-js/src/session/storage.ts [49-53] set(value: AuthSession): void { const decodedToken = decodeUserSession(value.accessToken); - if (!decodedToken) { - throw new Error("Invalid access token format"); - } Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that decodeUserSession throws errors instead of returning null, making the null check unreachable. This improves code clarity by removing dead code.	Low

[Copilot]

Pull Request Overview

This pull request enhances session storage by adding JWT token decoding with automatic conversion of timestamps and PostgreSQL array parsing. Key changes include updating type imports across modules, implementing a new session interface with decoded tokens, and updating tests and documentation accordingly.

Reviewed Changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
packages/nhost-js/src/session/storageBackend.ts	Updated import for Session type to align with the new session module
packages/nhost-js/src/session/storage.ts	Invokes decoding of JWT token and stores the decoded token in session storage
packages/nhost-js/src/session/session.ts	Introduces new Session interface along with JWT token decoding logic
packages/nhost-js/src/session/refreshSession.ts	Refactors session refresh logic by leveraging the decoded token’s expiration time
Packages/nhost-js/src/nhost.ts and others	Adjusted imports to reference the updated Session type, with corresponding documentation updates

[Copilot]

The use of atob may cause issues in non-browser environments (e.g. Node.js environments such as Next.js SSR). Consider adding a fallback using Buffer.from(..., 'base64').toString('utf8') when atob is not available.

Suggested change

	const decodedToken = JSON.parse(atob(s[1])) as Record<string, unknown>;
	const decodedToken = JSON.parse(decodeBase64(s[1])) as Record<string, unknown>;