Fix auth token refresh

[turlockmike]

Fixes token refresh on expired sessions

Summary by CodeRabbit

Release Notes

• Refactor
  • Enhanced authentication flow to automatically refresh tokens during the authentication process
  • Removed unused authentication validation logic to streamline the codebase

[turlockmike]

Looks good but needs error handling for the refresh call.

[coderabbitai]

Walkthrough

The changes modify the authentication module in src/auth.ts. The auth() function's implementation now includes a call to refreshToken() before returning true, changing from its previous behavior of immediately returning true. Additionally, the validate() function has been removed from the file entirely, which previously returned true without any additional behavior.

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/auth.ts`:
- Line 1: The auth() function unconditionally returns true after calling
refreshToken(), which can incorrectly grant authentication; update auth() to
call refreshToken() and return a boolean based on its result (or rethrow/return
false on error). Specifically, check the return value of refreshToken() (await
it if it is async), catch any exceptions thrown by refreshToken(), and only
return true when refreshToken() indicates success (otherwise return false or
propagate the failure). Ensure you update the auth() signature/flow to reflect
sync vs async behavior of refreshToken() and reference the auth() and
refreshToken() symbols when making the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9bf32db1-847d-41f8-a4c3-eb65737bbcb4

📥 Commits

Reviewing files that changed from the base of the PR and between 843f802 and 42cd84d.

📒 Files selected for processing (1)

• src/auth.ts

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Do not unconditionally return authenticated state after refresh.

On Line 1, auth() always returns true after calling refreshToken(). This can grant authenticated state even when refresh fails (or signals failure), which is a security/correctness bug.

🔧 Proposed fix

-function auth() { refreshToken(); return true; }
+async function auth(): Promise<boolean> {
+  try {
+    return (await refreshToken()) === true;
+  } catch {
+    return false;
+  }
+}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/auth.ts` at line 1, The auth() function unconditionally returns true
after calling refreshToken(), which can incorrectly grant authentication; update
auth() to call refreshToken() and return a boolean based on its result (or
rethrow/return false on error). Specifically, check the return value of
refreshToken() (await it if it is async), catch any exceptions thrown by
refreshToken(), and only return true when refreshToken() indicates success
(otherwise return false or propagate the failure). Ensure you update the auth()
signature/flow to reflect sync vs async behavior of refreshToken() and reference
the auth() and refreshToken() symbols when making the change.