packages/core/api/token-manager.js

/*
This file is part of the Notesnook project (https://notesnook.com/)

Copyright (C) 2022 Streetwriters (Private) Limited

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

import http from "../utils/http";
import constants from "../utils/constants";
import { EV, EVENTS } from "../common";
import { withTimeout, Mutex } from "async-mutex";
import { logger } from "../logger";

const ENDPOINTS = {
  token: "/connect/token",
  revoke: "/connect/revocation",
  temporaryToken: "/account/token",
  logout: "/account/logout"
};

class TokenManager {
  /**
   *
   * @param {import("../database/storage").default} storage
   */
  constructor(storage) {
    this._storage = storage;
    this._refreshTokenMutex = withTimeout(new Mutex(), 10 * 1000);
    this.logger = logger.scope("TokenManager");
  }

  async getToken(renew = true, forceRenew = false) {
    let token = await this._storage.read("token");
    if (!token) return;

    this.logger.info("Access token requested", {
      accessToken: token.access_token.slice(0, 10)
    });

    if (forceRenew || (renew && this._isTokenExpired(token))) {
      await this._refreshToken(forceRenew);
      return await this.getToken();
    }

    return token;
  }

  _isTokenExpired(token) {
    const { t, expires_in } = token;
    const expiryMs = t + expires_in * 1000;
    return Date.now() >= expiryMs;
  }

  async getAccessToken(forceRenew = false) {
    return await getSafeToken(async () => {
      const token = await this.getToken(true, forceRenew);
      if (!token) return;
      return token.access_token;
    }, "Error getting access token:");
  }

  async _refreshToken(forceRenew = false) {
    await this._refreshTokenMutex.runExclusive(async () => {
      this.logger.info("Refreshing access token");

      const token = await this.getToken(false, false);
      if (!forceRenew && !this._isTokenExpired(token)) {
        return;
      }

      const { refresh_token, scope } = token;
      if (!refresh_token || !scope) return;

      const refreshTokenResponse = await await http.post(
        `${constants.AUTH_HOST}${ENDPOINTS.token}`,
        {
          refresh_token,
          grant_type: "refresh_token",
          scope: scope,
          client_id: "notesnook"
        }
      );
      await this.saveToken(refreshTokenResponse);
      EV.publish(EVENTS.tokenRefreshed);
    });
  }

  async revokeToken() {
    const token = await this.getToken();
    if (!token) return;
    const { access_token } = token;

    await http.post(
      `${constants.AUTH_HOST}${ENDPOINTS.logout}`,
      null,
      access_token
    );
  }

  saveToken(tokenResponse) {
    let token = { ...tokenResponse, t: Date.now() };
    return this._storage.write("token", token);
  }

  async getAccessTokenFromAuthorizationCode(userId, authCode) {
    return await this.saveToken(
      await http.post(`${constants.AUTH_HOST}${ENDPOINTS.temporaryToken}`, {
        authorization_code: authCode,
        user_id: userId,
        client_id: "notesnook"
      })
    );
  }
}
export default TokenManager;

async function getSafeToken(action, errorMessage) {
  try {
    return await action();
  } catch (e) {
    console.error(errorMessage, e);
    if (e.message === "invalid_grant" || e.message === "invalid_client") {
      EV.publish(EVENTS.userSessionExpired);
    }
    throw e;
  }
}
refactor: migrate to theme-ui from rebass 2022-08-31 06:33:37 +05:00			`/*`
			`This file is part of the Notesnook project (https://notesnook.com/)`

			`Copyright (C) 2022 Streetwriters (Private) Limited`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`
docs: add license header 2022-08-30 16:13:11 +05:00
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`import http from "../utils/http";`
			`import constants from "../utils/constants";`
fix: invalid_grant when refreshing tokens concurrently 2021-08-08 12:20:07 +05:00			`import { EV, EVENTS } from "../common";`
fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`import { withTimeout, Mutex } from "async-mutex";`
feat: add log messages all over the place 2022-07-19 11:16:46 +05:00			`import { logger } from "../logger";`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00
			`const ENDPOINTS = {`
			`token: "/connect/token",`
			`revoke: "/connect/revocation",`
feat: add logic to exchange auth code with temp token 2020-12-22 09:47:01 +05:00			`temporaryToken: "/account/token",`
refactor: migrate to theme-ui from rebass 2022-08-31 06:33:37 +05:00			`logout: "/account/logout"`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`};`

			`class TokenManager {`
			`/**`
			`*`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`* @param {import("../database/storage").default} storage`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`*/`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`constructor(storage) {`
			`this._storage = storage;`
fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`this._refreshTokenMutex = withTimeout(new Mutex(), 10 * 1000);`
feat: add log messages all over the place 2022-07-19 11:16:46 +05:00			`this.logger = logger.scope("TokenManager");`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`async getToken(renew = true, forceRenew = false) {`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`let token = await this._storage.read("token");`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`if (!token) return;`
feat: add log messages all over the place 2022-07-19 11:16:46 +05:00
			`this.logger.info("Access token requested", {`
refactor: migrate to theme-ui from rebass 2022-08-31 06:33:37 +05:00			`accessToken: token.access_token.slice(0, 10)`
feat: add log messages all over the place 2022-07-19 11:16:46 +05:00			`});`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`if (forceRenew \|\| (renew && this._isTokenExpired(token))) {`
fix: generate new token on email confirmed 2021-11-01 11:53:28 +05:00			`await this._refreshToken(forceRenew);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return await this.getToken();`
			`}`
feat: add log messages all over the place 2022-07-19 11:16:46 +05:00
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return token;`
			`}`

			`_isTokenExpired(token) {`
			`const { t, expires_in } = token;`
fix: invalid_grant when refreshing tokens concurrently 2021-08-08 12:20:07 +05:00			`const expiryMs = t + expires_in * 1000;`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`return Date.now() >= expiryMs;`
			`}`

fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`async getAccessToken(forceRenew = false) {`
feat: refresh token on 401 unauthorized error 2021-12-31 09:04:13 +05:00			`return await getSafeToken(async () => {`
fix: properly handle session expiry 2021-05-25 16:19:58 +05:00			`const token = await this.getToken(true, forceRenew);`
			`if (!token) return;`
			`return token.access_token;`
feat: refresh token on 401 unauthorized error 2021-12-31 09:04:13 +05:00			`}, "Error getting access token:");`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

fix: generate new token on email confirmed 2021-11-01 11:53:28 +05:00			`async _refreshToken(forceRenew = false) {`
fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`await this._refreshTokenMutex.runExclusive(async () => {`
feat: add log messages all over the place 2022-07-19 11:16:46 +05:00			`this.logger.info("Refreshing access token");`

fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`const token = await this.getToken(false, false);`
fix: generate new token on email confirmed 2021-11-01 11:53:28 +05:00			`if (!forceRenew && !this._isTokenExpired(token)) {`
fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`return;`
			`}`
fix: invalid_grant when refreshing tokens concurrently 2021-08-08 12:20:07 +05:00
fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`const { refresh_token, scope } = token;`
			`if (!refresh_token \|\| !scope) return;`
feat: refresh token on 401 unauthorized error 2021-12-31 09:04:13 +05:00
fix: try to refresh token before logging out on 401 unauthorized 2022-01-07 13:58:06 +05:00			`const refreshTokenResponse = await await http.post(`
			`${constants.AUTH_HOST}${ENDPOINTS.token}`,
			`{`
			`refresh_token,`
			`grant_type: "refresh_token",`
			`scope: scope,`
refactor: migrate to theme-ui from rebass 2022-08-31 06:33:37 +05:00			`client_id: "notesnook"`
fix: try to refresh token before logging out on 401 unauthorized 2022-01-07 13:58:06 +05:00			`}`
			`);`
			`await this.saveToken(refreshTokenResponse);`
			`EV.publish(EVENTS.tokenRefreshed);`
fix: migrate token refreshing to use mutex 2021-10-27 11:19:37 +05:00			`});`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`async revokeToken() {`
			`const token = await this.getToken();`
			`if (!token) return;`
fix: logout using custom logout endpoint 2021-01-04 11:22:24 +05:00			`const { access_token } = token;`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00
fix: logout using custom logout endpoint 2021-01-04 11:22:24 +05:00			`await http.post(`
			`${constants.AUTH_HOST}${ENDPOINTS.logout}`,
			`null,`
			`access_token`
			`);`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`

			`saveToken(tokenResponse) {`
feat: do not cache token locally 2021-05-28 23:10:10 +05:00			`let token = { ...tokenResponse, t: Date.now() };`
feat: refactors and add support for upload/download progress 2021-09-26 11:47:13 +05:00			`return this._storage.write("token", token);`
fix: clear cached token on logout 2021-04-05 11:32:40 +05:00			`}`

feat: add logic to exchange auth code with temp token 2020-12-22 09:47:01 +05:00			`async getAccessTokenFromAuthorizationCode(userId, authCode) {`
			`return await this.saveToken(`
			await http.post(`${constants.AUTH_HOST}${ENDPOINTS.temporaryToken}`, {
			`authorization_code: authCode,`
			`user_id: userId,`
refactor: migrate to theme-ui from rebass 2022-08-31 06:33:37 +05:00			`client_id: "notesnook"`
feat: add logic to exchange auth code with temp token 2020-12-22 09:47:01 +05:00			`})`
			`);`
			`}`
feat: migrate to use the new backend 2020-12-16 12:06:25 +05:00			`}`
			`export default TokenManager;`
feat: refresh token on 401 unauthorized error 2021-12-31 09:04:13 +05:00
			`async function getSafeToken(action, errorMessage) {`
			`try {`
			`return await action();`
			`} catch (e) {`
			`console.error(errorMessage, e);`
			`if (e.message === "invalid_grant" \|\| e.message === "invalid_client") {`
			`EV.publish(EVENTS.userSessionExpired);`
			`}`
			`throw e;`
			`}`
			`}`