All files / helpers refresh-auth-token.ts

94.23% Statements 49/52
100% Branches 11/11
100% Functions 8/8
93.62% Lines 44/47
Press n or j to go to the next uncovered block, b, p or k for the previous block.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3x
 
 
 
 
 
 
 
 
 
3x
3x
3x
3x
 
 
 
 
 
 
 
3x
 
55x
 
 
 
2x
 
 
53x
 
 
27x
 
 
5x
5x
 
 
 
3x
 
 
18x
18x
18x
 
 
 
 
47x
46x
27x
47x
 
 
 
 
 
 
 
 
 
 
 
 
5x
5x
 
34x
 
17x
 
 
5x
 
 
 
5x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
22x
 
 
 
 
 
 
22x
 
 
 
 
 
 
 
22x
 
 
 
 
 
 
 
 
 
18x
15x
 
 
 
30x
15x
 
1x
 
 
4x
 
1x
 
 
 
2x
 
3x
 
 
 
 
 
 
77x
 
 
 
 
 
 
53x
 
 
 
 
 
 
38x
38x
 
 
 
 
 
 
 
 
 
 
 
 
 
18x
 
 
 
 
 
 
22x
 
 
 
 
  /**
 * @license
 * Copyright 2019 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
import { generateAuthToken } from '../api/generate-auth-token';
import { AppConfig } from '../interfaces/app-config';
import {
  AuthToken,
  CompletedAuthToken,
  InProgressAuthToken,
  InstallationEntry,
  RegisteredInstallationEntry,
  RequestStatus
} from '../interfaces/installation-entry';
import { PENDING_TIMEOUT_MS, TOKEN_EXPIRATION_BUFFER } from '../util/constants';
import { ERROR_FACTORY, ErrorCode, isServerError } from '../util/errors';
import { sleep } from '../util/sleep';
import { remove, set, update } from './idb-manager';
 
/**
 * Returns a valid authentication token for the installation. Generates a new
 * token if one doesn't exist, is expired or about to expire.
 *
 * Should only be called if the Firebase Installation is registered.
 */
export async function refreshAuthToken(appConfig: AppConfig): Promise<string> {
  let tokenPromise: Promise<CompletedAuthToken> | undefined;
  const entry = await update(
    appConfig,
    (oldEntry?: InstallationEntry): RegisteredInstallationEntry => {
      if (!isEntryRegistered(oldEntry)) {
        throw ERROR_FACTORY.create(ErrorCode.NOT_REGISTERED);
      }
 
      const oldAuthToken = oldEntry.authToken;
      if (isAuthTokenValid(oldAuthToken)) {
        // There is a valid token in the DB.
        return oldEntry;
      } else if (oldAuthToken.requestStatus === RequestStatus.IN_PROGRESS) {
        // There already is a token request in progress.
        tokenPromise = waitUntilAuthTokenRequest(appConfig);
        return oldEntry;
      } else {
        // No token or token expired.
        if (!navigator.onLine) {
          throw ERROR_FACTORY.create(ErrorCode.APP_OFFLINE);
        }
 
        const inProgressEntry = makeAuthTokenRequestInProgressEntry(oldEntry);
        tokenPromise = fetchAuthTokenFromServer(appConfig, inProgressEntry);
        return inProgressEntry;
      }
    }
  );
 
  const authToken: CompletedAuthToken = tokenPromise
    ? await tokenPromise
    : (entry.authToken as CompletedAuthToken);
  return authToken.token;
}
 
/**
 * Call only if FID is registered and Auth Token request is in progress.
 */
async function waitUntilAuthTokenRequest(
  appConfig: AppConfig
): Promise<CompletedAuthToken> {
  // Unfortunately, there is no way of reliably observing when a value in
  // IndexedDB changes (yet, see https://github.com/WICG/indexed-db-observers),
  // so we need to poll.
 
  let entry = await updateAuthTokenRequest(appConfig);
  while (entry.authToken.requestStatus === RequestStatus.IN_PROGRESS) {
    // generateAuthToken still in progress.
    await sleep(100);
 
    entry = await updateAuthTokenRequest(appConfig);
  }
 
  const authToken = entry.authToken;
  if (authToken.requestStatus === RequestStatus.NOT_STARTED) {
    throw ERROR_FACTORY.create(ErrorCode.GENERATE_TOKEN_FAILED);
  } else {
    return authToken;
  }
}
 
/**
 * Called only if there is a GenerateAuthToken request in progress.
 *
 * Updates the InstallationEntry in the DB based on the status of the
 * GenerateAuthToken request.
 *
 * Returns the updated InstallationEntry.
 */
function updateAuthTokenRequest(
  appConfig: AppConfig
): Promise<RegisteredInstallationEntry> {
  return update(
    appConfig,
    (oldEntry?: InstallationEntry): RegisteredInstallationEntry => {
      if (!isEntryRegistered(oldEntry)) {
        throw ERROR_FACTORY.create(ErrorCode.NOT_REGISTERED);
      }
 
      const oldAuthToken = oldEntry.authToken;
      if (hasAuthTokenRequestTimedOut(oldAuthToken)) {
        return {
          ...oldEntry,
          authToken: { requestStatus: RequestStatus.NOT_STARTED }
        };
      }
 
      return oldEntry;
    }
  );
}
 
async function fetchAuthTokenFromServer(
  appConfig: AppConfig,
  installationEntry: RegisteredInstallationEntry
): Promise<CompletedAuthToken> {
  try {
    const authToken = await generateAuthToken(appConfig, installationEntry);
    const updatedInstallationEntry: RegisteredInstallationEntry = {
      ...installationEntry,
      authToken
    };
    await set(appConfig, updatedInstallationEntry);
    return authToken;
  } catch (e) {
    if (isServerError(e) && (e.serverCode === 401 || e.serverCode === 404)) {
      // Server returned a "FID not found" or a "Invalid authentication" error.
      // Generate a new ID next time.
      await remove(appConfig);
    } else {
      const updatedInstallationEntry: RegisteredInstallationEntry = {
        ...installationEntry,
        authToken: { requestStatus: RequestStatus.NOT_STARTED }
      };
      await set(appConfig, updatedInstallationEntry);
    }
    throw e;
  }
}
 
function isEntryRegistered(
  installationEntry: InstallationEntry | undefined
): installationEntry is RegisteredInstallationEntry {
  return (
    installationEntry !== undefined &&
    installationEntry.registrationStatus === RequestStatus.COMPLETED
  );
}
 
function isAuthTokenValid(authToken: AuthToken): boolean {
  return (
    authToken.requestStatus === RequestStatus.COMPLETED &&
    !isAuthTokenExpired(authToken)
  );
}
 
function isAuthTokenExpired(authToken: CompletedAuthToken): boolean {
  const now = Date.now();
  return (
    now < authToken.creationTime ||
    authToken.creationTime + authToken.expiresIn < now + TOKEN_EXPIRATION_BUFFER
  );
}
 
/** Returns an updated InstallationEntry with an InProgressAuthToken. */
function makeAuthTokenRequestInProgressEntry(
  oldEntry: RegisteredInstallationEntry
): RegisteredInstallationEntry {
  const inProgressAuthToken: InProgressAuthToken = {
    requestStatus: RequestStatus.IN_PROGRESS,
    requestTime: Date.now()
  };
  return {
    ...oldEntry,
    authToken: inProgressAuthToken
  };
}
 
function hasAuthTokenRequestTimedOut(authToken: AuthToken): boolean {
  return (
    authToken.requestStatus === RequestStatus.IN_PROGRESS &&
    authToken.requestTime + PENDING_TIMEOUT_MS < Date.now()
  );
}