diff --git a/app/api/socketio/route.js b/app/api/socketio/route.js index 8298d82..9628aa7 100644 --- a/app/api/socketio/route.js +++ b/app/api/socketio/route.js @@ -63,13 +63,16 @@ async function evaluateQueue(eventId, io) { const next = ev.queue.shift() if (!next) break - // sign token - const expiresAt = new Date(Date.now() + TOKEN_TTL_SECONDS * 1000) + // Get database time for consistency + const [timeRows] = await connection.execute('SELECT NOW() as db_time') + const dbTime = new Date(timeRows[0].db_time) + const expiresAt = new Date(dbTime.getTime() + TOKEN_TTL_SECONDS * 1000) + const token = jwt.sign({ sid: next, eventId }, process.env.JWT_SECRET || "dev-secret", { expiresIn: TOKEN_TTL_SECONDS, }) - console.log(`Creating token for ${next.substring(0, 8)}: expires at ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`) + console.log(`Creating queued token for ${next.substring(0, 8)}: DB time ${dbTime.toISOString()}, expires at ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`) ev.active.add(next) @@ -275,8 +278,13 @@ export async function GET(req) { // If queue is NOT active and user doesn't have access, grant it immediately if (!ev.queueOn && !ev.active.has(socket.id)) { console.log(`Granting immediate access to ${socket.id.substring(0, 8)} (under threshold)`) - const expiresAt = new Date(Date.now() + TOKEN_TTL_SECONDS * 1000) - console.log(`Creating immediate token: expires at ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`) + + // Get server time from database to ensure consistency + const [timeRows] = await connection.execute('SELECT NOW() as db_time') + const dbTime = new Date(timeRows[0].db_time) + const expiresAt = new Date(dbTime.getTime() + TOKEN_TTL_SECONDS * 1000) + + console.log(`DB time: ${dbTime.toISOString()}, Token expires: ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`) const token = jwt.sign({ sid: socket.id, eventId }, process.env.JWT_SECRET || "dev-secret", { expiresIn: TOKEN_TTL_SECONDS,