chore(refactor): reduce parsing query params unnecessarily (#993)

## What kind of change does this PR introduce? * Refactor `_getSessionFromURL`, `_isPKCEFlow` and `_isImplicitGrantFlow` - previously we were parsing the url parameters multiple times which was unnecessary. Now, we parse it once and pass it in as an argument in other functions that need it. * Makes the code more readable since `getSessionFromURL` should only be called in a browser context and if `detectSessionInURL` is set.
supabase · Dec 12, 2024 · 089c687 · 089c687
1 parent 9f32d30
commit 089c687
Showing 1 changed file with 21 additions and 19 deletions.
diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
@@ -307,11 +307,8 @@ export default class GoTrueClient {
    */
   private async _initialize(): Promise<InitializeResult> {
     try {
-      const isPKCEFlow = isBrowser() ? await this._isPKCEFlow() : false
-      this._debug('#_initialize()', 'begin', 'is PKCE flow', isPKCEFlow)
-
-      if (isPKCEFlow || (this.detectSessionInUrl && this._isImplicitGrantFlow())) {
-        const { data, error } = await this._getSessionFromURL(isPKCEFlow)
+      if (isBrowser() && this.detectSessionInUrl) {
+        const { data, error } = await this._getSessionFromURL()
         if (error) {
           this._debug('#_initialize()', 'error detecting session from URL', error)
 
@@ -1414,7 +1411,7 @@ export default class GoTrueClient {
   /**
    * Gets the session data from a URL string
    */
-  private async _getSessionFromURL(isPKCEFlow: boolean): Promise<
+  private async _getSessionFromURL(): Promise<
     | {
         data: { session: Session; redirectType: string | null }
         error: null
@@ -1439,14 +1436,23 @@ export default class GoTrueClient {
         )
       }
 
+      const isRedirectFromImplicitGrantFlow = this._isImplicitGrantFlow(params)
+      const isRedirectFromPKCEFlow = await this._isPKCEFlow(params)
+
       // Checks for mismatches between the flowType initialised in the client and the URL parameters
-      if (this.flowType === 'implicit' && !this._isImplicitGrantFlow()) {
-        throw new AuthImplicitGrantRedirectError('Not a valid implicit grant flow url.')
-      } else if (this.flowType == 'pkce' && !isPKCEFlow) {
-        throw new AuthPKCEGrantCodeExchangeError('Not a valid PKCE flow url.')
+      if (!isRedirectFromImplicitGrantFlow && !isRedirectFromPKCEFlow) {
+        if (this.flowType === 'implicit') {
+          throw new AuthImplicitGrantRedirectError('Not a valid implicit grant flow url.')
+        } else if (this.flowType === 'pkce') {
+          throw new AuthPKCEGrantCodeExchangeError('Not a valid PKCE flow url.')
+        } else {
+          throw new AuthError('Invalid flow type.')
+        }
       }
 
-      if (isPKCEFlow) {
+      // Since this is a redirect for PKCE, we attempt to retrieve the code from the URL for the code exchange
+      if (isRedirectFromPKCEFlow) {
+        this._debug('#_initialize()', 'begin', 'is PKCE flow', isRedirectFromPKCEFlow)
         if (!params.code) throw new AuthPKCEGrantCodeExchangeError('No code detected.')
         const { data, error } = await this._exchangeCodeForSession(params.code)
         if (error) throw error
@@ -1536,24 +1542,20 @@ export default class GoTrueClient {
   /**
    * Checks if the current URL contains parameters given by an implicit oauth grant flow (https://www.rfc-editor.org/rfc/rfc6749.html#section-4.2)
    */
-  private _isImplicitGrantFlow(): boolean {
-    const params = parseParametersFromURL(window.location.href)
-
-    return !!(isBrowser() && (params.access_token || params.error_description))
+  private _isImplicitGrantFlow(params: { [parameter: string]: string }): boolean {
+    return !!((params.access_token || params.error_description) && this.flowType === 'implicit')
   }
 
   /**
    * Checks if the current URL and backing storage contain parameters given by a PKCE flow
    */
-  private async _isPKCEFlow(): Promise<boolean> {
-    const params = parseParametersFromURL(window.location.href)
-
+  private async _isPKCEFlow(params: { [parameter: string]: string }): Promise<boolean> {
     const currentStorageContent = await getItemAsync(
       this.storage,
       `${this.storageKey}-code-verifier`
     )
 
-    return !!(params.code && currentStorageContent)
+    return !!(params.code && currentStorageContent && this.flowType === 'pkce')
   }
 
   /**