From 79e72b075384fae7576f506fb87dd02c5a50b292 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Tue, 16 Dec 2025 08:38:41 +0100
Subject: [PATCH] Gateway token frefresh

---
 src/gateway/opcodes/Identify.ts | 6 ++++++
 src/util/interfaces/Event.ts    | 1 +
 src/util/util/Token.ts          | 6 +++---
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/gateway/opcodes/Identify.ts b/src/gateway/opcodes/Identify.ts
index 56dd88df5..fa9973972 100644
--- a/src/gateway/opcodes/Identify.ts
+++ b/src/gateway/opcodes/Identify.ts
@@ -52,6 +52,8 @@ import {
 	VoiceState,
 	UserSettingsProtos,
 	IpDataClient,
+	generateToken,
+	CurrentTokenFormatVersion,
 } from "@spacebar/util";
 import { check } from "./instanceOf";
 import { In } from "typeorm";
@@ -586,6 +588,10 @@ export async function onIdentify(this: WebSocket, data: Payload) {
 		},
 		game_relationships: [],
 	};
+
+	if(this.capabilities.has(Capabilities.FLAGS.AUTH_TOKEN_REFRESH) && tokenData.tokenVersion != CurrentTokenFormatVersion) {
+		d.auth_token = await generateToken(this.user_id);
+	}
 	const buildReadyEventDataTime = taskSw.getElapsedAndReset();
 	const _trace = [
 		gatewayShardName,
diff --git a/src/util/interfaces/Event.ts b/src/util/interfaces/Event.ts
index d0a604937..e390605bb 100644
--- a/src/util/interfaces/Event.ts
+++ b/src/util/interfaces/Event.ts
@@ -132,6 +132,7 @@ export interface ReadyEventData {
 		flags: number;
 	};
 	game_relationships: never[]; // what is this?
+	auth_token?: string; // if enabled in capabilities
 	_trace?: string[]; // trace of the request, used for debugging
 }
 
diff --git a/src/util/util/Token.ts b/src/util/util/Token.ts
index 2ea133c5f..887c58cc0 100644
--- a/src/util/util/Token.ts
+++ b/src/util/util/Token.ts
@@ -33,7 +33,7 @@ import { TimeSpan } from "./Timespan";
 /// 1 - Initial version with HS256
 /// 2 - Switched to ES512
 /// 3 - Add version, device id to token payload
-export const CurrentKeyFormatVersion: number = 3;
+export const CurrentTokenFormatVersion: number = 3;
 
 export type UserTokenData = {
 	user: User;
@@ -159,7 +159,7 @@ export const checkToken = (
 	});
 };
 
-export async function generateToken(id: string, isAdminSession: boolean = false) {
+export async function generateToken(id: string, isAdminSession: boolean = false): Promise<string | undefined> {
 	const iat = Math.floor(Date.now() / 1000);
 	const keyPair = await loadOrGenerateKeypair();
 
@@ -183,7 +183,7 @@ export async function generateToken(id: string, isAdminSession: boolean = false)
 	await newSession.save();
 
 	return new Promise((res, rej) => {
-		const payload = { id, iat, kid: keyPair.fingerprint, ver: CurrentKeyFormatVersion, did: newSession.session_id } as UserTokenData["decoded"];
+		const payload = { id, iat, kid: keyPair.fingerprint, ver: CurrentTokenFormatVersion, did: newSession.session_id } as UserTokenData["decoded"];
 		jwt.sign(
 			payload,
 			keyPair.privateKey,