Fixes source token expiration by token refresh

CHANGELOG.md

@@ -3,3 +3,4 @@
 - Changes `superstatic` dependency to `v8`, addressing Hosting emulator issues on Windows.
 - Fixes internal library that was not being correctly published.
 - Adds `--disable-triggers` flag to RTDB write commands.
+- Fixes source token expiration issue by refreshing source token.

src/deploy/functions/release/fabricator.ts

@@ -210,9 +210,11 @@ export class Fabricator {
     if (apiFunction.httpsTrigger) {
       apiFunction.httpsTrigger.securityLevel = "SECURE_ALWAYS";
     }
-    apiFunction.sourceToken = await scraper.tokenPromise();
+    // apiFunction.sourceToken = await scraper.tokenPromise();
     const resultFunction = await this.functionExecutor
       .run(async () => {
+        // try to get the source token right before deploying
+        apiFunction.sourceToken = await scraper.getToken();
         const op: { name: string } = await gcf.createFunction(apiFunction);
         return poller.pollOperation<gcf.CloudFunction>({
           ...gcfV1PollerOptions,
@@ -374,9 +376,10 @@ export class Fabricator {
       throw new Error("Precondition failed");
     }
     const apiFunction = gcf.functionFromEndpoint(endpoint, sourceUrl);
-    apiFunction.sourceToken = await scraper.tokenPromise();
+
     const resultFunction = await this.functionExecutor
       .run(async () => {
+        apiFunction.sourceToken = await scraper.getToken();
         const op: { name: string } = await gcf.updateFunction(apiFunction);
         return await poller.pollOperation<gcf.CloudFunction>({
           ...gcfV1PollerOptions,

src/deploy/functions/release/sourceTokenScraper.ts

@@ -1,28 +1,55 @@
 import { logger } from "../../../logger";
 
+enum TokenState {
+  "NONE",
+  "VALID",
+  "INVALID",
+}
+
 /**
  * GCF v1 deploys support reusing a build between function deploys.
  * This class will return a resolved promise for its first call to tokenPromise()
  * and then will always return a promise that is resolved by the poller function.
  */
 export class SourceTokenScraper {
-  private firstCall = true;
-  private resolve!: (token: string) => void;
+  private tokenValidDurationMs; // in ms
+  private resolve!: (token?: string) => void;
   private promise: Promise<string | undefined>;
+  private expiration: bigint | undefined;
+  private tokenState: TokenState;
 
-  constructor() {
+  constructor(validDurationMs = 1500000) {
+    this.tokenValidDurationMs = validDurationMs;
     this.promise = new Promise((resolve) => (this.resolve = resolve));
+    this.tokenState = TokenState.NONE;
+  }
+
+  async getToken(): Promise<string | undefined> {
+    if (this.tokenState === TokenState.NONE) {
+      this.tokenState = TokenState.INVALID;
+      return undefined;
+    } else if (this.tokenState === TokenState.INVALID) {
+      return this.promise; // wait until we get a source token
+    } else if (this.tokenState === TokenState.VALID) {
+      if (this.checkTokenExpired()) {
+        this.tokenState = TokenState.INVALID;
+        this.promise = new Promise((resolve) => (this.resolve = resolve));
+        return undefined;
+      }
+      return this.promise;
+    }
   }
 
-  // Token Promise will return undefined for the first caller
-  // (because we presume it's this function's source token we'll scrape)
-  // and then returns the promise generated from the first function's onCall
-  tokenPromise(): Promise<string | undefined> {
-    if (this.firstCall) {
-      this.firstCall = false;
-      return Promise.resolve(undefined);
+  checkTokenExpired(): boolean {
+    if (this.expiration === undefined) {
+      throw new Error();
     }
-    return this.promise;
+    return process.hrtime.bigint() >= this.expiration;
+  }
+
+  calculateTokenExpiry(): bigint {
+    const now = process.hrtime.bigint();
+    return now + BigInt(this.tokenValidDurationMs) * BigInt(1e6);
   }
 
   get poller() {
@@ -32,6 +59,8 @@ export class SourceTokenScraper {
           op.metadata?.target?.split("/") || [];
         logger.debug(`Got source token ${op.metadata?.sourceToken} for region ${region as string}`);
         this.resolve(op.metadata?.sourceToken);
+        this.tokenState = TokenState.VALID;
+        this.expiration = this.calculateTokenExpiry(); // calculate expiration
       }
     };
   }

src/deploy/functions/release/timer.ts

@@ -1,14 +1,30 @@
 /** Measures the time taken from construction to the call to stop() */
 export class Timer {
-  private readonly start: bigint;
+  private readonly start: bigint; // nanoseconds
+  private readonly expiry?: bigint; // nanoseconds
 
-  constructor() {
+  /**
+   * Constructor for Timer object.
+   * @param expirationSeconds timer expiration in minutes
+   */
+  constructor(expirationMs?: number) {
     this.start = process.hrtime.bigint();
+    if (expirationMs !== undefined) {
+      this.expiry = BigInt(expirationMs) * BigInt(1e6);
+    }
   }
 
-  stop(): number {
+  expired(): boolean {
+    const elapsedNanos = this.elapsedNanos();
+    return this.expiry !== undefined && elapsedNanos >= this.expiry;
+  }
+
+  elapsedNanos(): bigint {
     const stop = process.hrtime.bigint();
-    const elapsedNanos = stop - this.start;
-    return Number(elapsedNanos / BigInt(1e6));
+    return stop - this.start;
+  }
+
+  stop(): number {
+    return Number(this.elapsedNanos() / BigInt(1e6));
   }
 }

src/test/deploy/functions/release/sourceTokenScraper.spec.ts

@@ -2,23 +2,27 @@ import { expect } from "chai";
 
 import { SourceTokenScraper } from "../../../../deploy/functions/release/sourceTokenScraper";
 
-describe("SourcTokenScraper", () => {
-  it("immediately provides the first result", async () => {
+describe("SourceTokenScraper", () => {
+  const timeout = (duration: number): Promise<void> => {
+    return new Promise<void>((resolve) => setTimeout(resolve, duration));
+  };
+
+  it.only("immediately provides the first result", async () => {
     const scraper = new SourceTokenScraper();
-    await expect(scraper.tokenPromise()).to.eventually.be.undefined;
+    await expect(scraper.getToken()).to.eventually.be.undefined;
   });
 
-  it("provides results after the firt operation completes", async () => {
+  it("provides results after the first operation completes", async () => {
     const scraper = new SourceTokenScraper();
     // First result comes right away;
-    await expect(scraper.tokenPromise()).to.eventually.be.undefined;
+    await expect(scraper.getToken()).to.eventually.be.undefined;
 
     let gotResult = false;
     const timeout = new Promise((resolve, reject) => {
       setTimeout(() => reject(new Error("Timeout")), 10);
     });
     const getResult = (async () => {
-      await scraper.tokenPromise();
+      await scraper.getToken();
       gotResult = true;
     })();
     await expect(Promise.race([getResult, timeout])).to.be.rejectedWith("Timeout");
@@ -28,17 +32,63 @@ describe("SourcTokenScraper", () => {
     await expect(getResult).to.eventually.be.undefined;
   });
 
-  it("provides tokens from an operation", async () => {
+  it.only("provides tokens from an operation", async () => {
     const scraper = new SourceTokenScraper();
     // First result comes right away
-    await expect(scraper.tokenPromise()).to.eventually.be.undefined;
+    await expect(scraper.getToken()).to.eventually.be.undefined;
 
     scraper.poller({
       metadata: {
         sourceToken: "magic token",
         target: "projects/p/locations/l/functions/f",
       },
     });
-    await expect(scraper.tokenPromise()).to.eventually.equal("magic token");
+    await expect(scraper.getToken()).to.eventually.equal("magic token");
+  });
+
+  it.only("refreshes token after timer expires", async () => {
+    const scraper = new SourceTokenScraper(10);
+    await expect(scraper.getToken()).to.eventually.be.undefined;
+    scraper.poller({
+      metadata: {
+        sourceToken: "magic token",
+        target: "projects/p/locations/l/functions/f",
+      },
+    });
+    await expect(scraper.getToken()).to.eventually.equal("magic token");
+    await timeout(50);
+    await expect(scraper.getToken()).to.eventually.be.undefined;
+    scraper.poller({
+      metadata: {
+        sourceToken: "magic token #2",
+        target: "projects/p/locations/l/functions/f",
+      },
+    });
+    await expect(scraper.getToken()).to.eventually.equal("magic token #2");
+  });
+
+  it.only("concurrent requests for source token", async () => {
+    const scraper = new SourceTokenScraper();
+
+    const promises = [];
+    for (let i = 0; i < 3; i++) {
+      promises.push(scraper.getToken());
+    }
+    scraper.poller({
+      metadata: {
+        sourceToken: "magic token",
+        target: "projects/p/locations/l/functions/f",
+      },
+    });
+
+    let successes = 0;
+    const tokens = await Promise.all(promises);
+    for (const tok of tokens) {
+      if (tok === "magic token") {
+        successes++;
+      }
+    }
+    expect(tokens.includes(undefined)).to.be.true;
+    expect(successes).to.equal(2);
   });
 });