improve JWT caching · zio.sh/atfile@530b858

··· 1 1 #!/usr/bin/env bash 2 2 3 - # TODO: Refresh session on old token 4 - 5 3 # shellcheck disable=SC2120 6 4 function atfile.auth() { 7 5 override_username="$1" ··· 76 74 session="$(com.atproto.server.getSession)" 77 75 error="$(atfile.util.get_xrpc_error $? "$session")" 78 76 77 + # TODO: Handle accessJwt expiry 79 78 if [[ -n "$error" ]]; then 79 + #if [[ $error == "[InvalidToken] Token could not be verified" ]]; then 80 + # session="$(com.atproto.server.refreshSession)" 81 + # error="$(atfile.util.get_xrpc_error $? "$session")" 82 + # 83 + # if [[ -n $error ]]; then 84 + # atfile.cache.del "token" 85 + # atfile.die.xrpc_error "Unable to refresh token" "$error" 86 + # fi 87 + #else 88 + # atfile.die.xrpc_error "Unable to authenticate" "$error" 89 + #fi 80 90 atfile.die.xrpc_error "Unable to authenticate" "$error" 81 91 else 82 92 _username="$(echo "$session" | jq -r ".did")"

src/lexi/com_atproto.sh

··· 75 75 atfile.xrpc.pds.get "com.atproto.sync.listBlobs" "$query" 76 76 } 77 77 78 + function com.atproto.server.refreshSession() { 79 + refresh_token="$(atfile.util.get_token_cache "refresh")" 80 + atfile.xrpc.pds.get "com.atproto.server.refreshSession" "" "" "Bearer $refresh_token" 81 + } 82 + 78 83 function com.atproto.sync.uploadBlob() { 79 84 file="$1" 80 85 atfile.xrpc.pds.blob "$1" | jq -r ".blob"

+25

src/shared/util.sh

··· 1017 1017 fi 1018 1018 } 1019 1019 1020 + function atfile.util.set_token_cache() { 1021 + did="$1" 1022 + access="$2" 1023 + refresh="$3" 1024 + 1025 + atfile.cache.set "token" "$did|$access|$refresh" 1026 + } 1027 + 1028 + function atfile.util.get_token_cache() { 1029 + part="$1" 1030 + unset index 1031 + 1032 + token_cache="$(atfile.cache.get "token")" 1033 + 1034 + if [[ -n "$token_cache" ]]; then 1035 + case "$part" in 1036 + "did"|"username") index="1" ;; 1037 + "access") index="2" ;; 1038 + "refresh") index="3" ;; 1039 + esac 1040 + 1041 + echo "$token_cache" | cut -d "|" -f $index 1042 + fi 1043 + } 1044 + 1020 1045 function atfile.util.source_hook() { 1021 1046 file="$1" 1022 1047

+24 -6

src/shared/xrpc.sh

··· 31 31 "$type" | jq 32 32 } 33 33 34 + # shellcheck disable=SC2120 34 35 function atfile.xrpc.pds.jwt() { 35 - token="$(atfile.cache.get "token")" 36 + token="$1" 37 + 38 + [[ -z "$token" ]] && token="$(atfile.util.get_token_cache "access")" 36 39 37 40 if [[ -z "$token" ]]; then 38 41 atfile.say.debug "Generating JWT for '$_username'..." 39 - new_token="$(atfile.http.post \ 42 + new_session="$(atfile.http.post \ 40 43 "$_server/xrpc/com.atproto.server.createSession" \ 41 - '{"identifier": "'"$_username"'", "password": "'"$_password"'"}' | jq -r ".accessJwt")" 44 + '{"identifier": "'"$_username"'", "password": "'"$_password"'"}')" 45 + 46 + token_access="$(echo "$new_session" | jq -r ".accessJwt")" 47 + token_refresh="$(echo "$new_session" | jq -r ".refreshJwt")" 48 + 49 + atfile.say.debug "Generated JWT\n↳ DID: $_username\n↳ Access: $token_access\n↳ Refresh: $token_refresh" 42 50 43 - token="$(atfile.cache.set "token" "$new_token")" 51 + atfile.util.set_token_cache "$_username" "$token_access" "$token_refresh" > /dev/null 52 + 53 + token="$token_access" 44 54 else 45 - atfile.say.debug "Reusing cached JWT for '$_username'..." 55 + if [[ $_username == "$(atfile.util.get_token_cache "did")" ]]; then 56 + atfile.say.debug "Reusing cached JWT for '$_username'..." 57 + else 58 + atfile.say.debug "Deleting JWT cache (DID does not match)..." 59 + atfile.cache.del "token" 60 + atfile.xrpc.pds.jwt 61 + fi 46 62 fi 47 63 48 64 echo "$token" ··· 52 68 lexi="$1" 53 69 data="$2" 54 70 type="$3" 71 + auth="$4" 55 72 56 73 [[ -z $type ]] && type="application/json" 74 + [[ -z $auth ]] && auth="Bearer $(atfile.xrpc.pds.jwt)" 57 75 58 76 curl -s -X POST "$_server/xrpc/$lexi" \ 59 - -H "Authorization: Bearer $(atfile.xrpc.pds.jwt)" \ 77 + -H "Authorization: $auth" \ 60 78 -H "Content-Type: $type" \ 61 79 -H "User-Agent: $(atfile.util.get_uas)" \ 62 80 -d "$data" | jq