more Oauth error catching, privacy notice update

J2-Tech · J2-Tech · commit b5529cf6e6e7 · 2023-12-20T11:37:40.000-05:00
diff --git a/PRIVACY.md b/PRIVACY.md
@@ -2,11 +2,11 @@
 
 This application does not store any data, or generate any logs locally. 
 Any data retrieved from Atlassian's APIs is immediately processed and returned to the user.
-The only exception is the OAuth 2.0 tokens and refresh tokens, which are stored in the user's session on the server, then deleted when it expires.
+The only exception is the OAuth 2.0 tokens and refresh tokens, which are stored in the user's session on the server, then deleted when it expires. As of now, those sessions are only stored in RAM.
 The session cookie is stored and managed by the user's browser, so it is their responsability to ensure their browser is secure.
 
 The program uses HTTPS requests between itself and Atlassian's APIs, unless disabled by the user, and uses HTTP by default between the user and itself.
-It is *not* intended to be exposed publicly, but rather installed in a secure environment and accessed locally. (For example, on a secure server, on a secure network, accessed locally by secure clients.)
+It is *not* intended to be exposed publicly, but rather installed in a secure environment and accessed locally. (For example, on a secure server, on a secure network, accessed locally by secure clients.). HTTPS Support will be coming eventually, it will be the user's responsability to set up appropriate SSL certificates then.
 
 
 This program is not designed to collect any data, not now, not ever.
diff --git a/controllers/jiraAPIController.js b/controllers/jiraAPIController.js
@@ -70,17 +70,19 @@ async function withRetry(fetchFn, req, ...args) {
 async function refreshToken(req) {
     if (req.user) {
         const refreshToken = req.user.refreshToken;
-        console.log(req.user.refreshToken);
         try {
+            console.log('Refreshing token');
             const response = await fetch('https://auth.atlassian.com/oauth/token', {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/x-www-form-urlencoded'
                 },
+                agent:httpsAgent,
                 body: `grant_type=refresh_token&refresh_token=${refreshToken}&client_id=${process.env.JIRA_OAUTH_CLIENT_ID}&client_secret=${process.env.JIRA_OAUTH_CLIENT_SECRET}`
             });
     
             const data = await response.json();
+            
     
             if (data.error) {
                 throw new Error(data.error);
