mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-08 17:48:26 +00:00
refactor(auth): share oauth result builders and token expiry checks
This commit is contained in:
Peter Steinberger
@@ -104,3 +104,53 @@ describe("resolveApiKeyForProfile config compatibility", () => {
|
|||||||
expect(result).toBeNull();
|
expect(result).toBeNull();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe("resolveApiKeyForProfile token expiry handling", () => {
|
||||||
|
it("returns null for expired token credentials", async () => {
|
||||||
|
const profileId = "anthropic:token-expired";
|
||||||
|
const store: AuthProfileStore = {
|
||||||
|
version: 1,
|
||||||
|
profiles: {
|
||||||
|
[profileId]: {
|
||||||
|
type: "token",
|
||||||
|
provider: "anthropic",
|
||||||
|
token: "tok-expired",
|
||||||
|
expires: Date.now() - 1_000,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
const result = await resolveApiKeyForProfile({
|
||||||
|
cfg: cfgFor(profileId, "anthropic", "token"),
|
||||||
|
store,
|
||||||
|
profileId,
|
||||||
|
});
|
||||||
|
expect(result).toBeNull();
|
||||||
|
});
|
||||||
|
|
||||||
|
it("accepts token credentials when expires is 0", async () => {
|
||||||
|
const profileId = "anthropic:token-no-expiry";
|
||||||
|
const store: AuthProfileStore = {
|
||||||
|
version: 1,
|
||||||
|
profiles: {
|
||||||
|
[profileId]: {
|
||||||
|
type: "token",
|
||||||
|
provider: "anthropic",
|
||||||
|
token: "tok-123",
|
||||||
|
expires: 0,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
const result = await resolveApiKeyForProfile({
|
||||||
|
cfg: cfgFor(profileId, "anthropic", "token"),
|
||||||
|
store,
|
||||||
|
profileId,
|
||||||
|
});
|
||||||
|
expect(result).toEqual({
|
||||||
|
apiKey: "tok-123",
|
||||||
|
provider: "anthropic",
|
||||||
|
email: undefined,
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|||||||
@@ -66,6 +66,24 @@ function buildApiKeyProfileResult(params: { apiKey: string; provider: string; em
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function buildOAuthProfileResult(params: {
|
||||||
|
provider: string;
|
||||||
|
credentials: OAuthCredentials;
|
||||||
|
email?: string;
|
||||||
|
}) {
|
||||||
|
return buildApiKeyProfileResult({
|
||||||
|
apiKey: buildOAuthApiKey(params.provider, params.credentials),
|
||||||
|
provider: params.provider,
|
||||||
|
email: params.email,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function isExpiredCredential(expires: number | undefined): boolean {
|
||||||
|
return (
|
||||||
|
typeof expires === "number" && Number.isFinite(expires) && expires > 0 && Date.now() >= expires
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
async function refreshOAuthTokenWithLock(params: {
|
async function refreshOAuthTokenWithLock(params: {
|
||||||
profileId: string;
|
profileId: string;
|
||||||
agentDir?: string;
|
agentDir?: string;
|
||||||
@@ -148,9 +166,9 @@ async function tryResolveOAuthProfile(params: {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (Date.now() < cred.expires) {
|
if (Date.now() < cred.expires) {
|
||||||
return buildApiKeyProfileResult({
|
return buildOAuthProfileResult({
|
||||||
apiKey: buildOAuthApiKey(cred.provider, cred),
|
|
||||||
provider: cred.provider,
|
provider: cred.provider,
|
||||||
|
credentials: cred,
|
||||||
email: cred.email,
|
email: cred.email,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -205,20 +223,15 @@ export async function resolveApiKeyForProfile(params: {
|
|||||||
if (!token) {
|
if (!token) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (
|
if (isExpiredCredential(cred.expires)) {
|
||||||
typeof cred.expires === "number" &&
|
|
||||||
Number.isFinite(cred.expires) &&
|
|
||||||
cred.expires > 0 &&
|
|
||||||
Date.now() >= cred.expires
|
|
||||||
) {
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
return buildApiKeyProfileResult({ apiKey: token, provider: cred.provider, email: cred.email });
|
return buildApiKeyProfileResult({ apiKey: token, provider: cred.provider, email: cred.email });
|
||||||
}
|
}
|
||||||
if (Date.now() < cred.expires) {
|
if (Date.now() < cred.expires) {
|
||||||
return buildApiKeyProfileResult({
|
return buildOAuthProfileResult({
|
||||||
apiKey: buildOAuthApiKey(cred.provider, cred),
|
|
||||||
provider: cred.provider,
|
provider: cred.provider,
|
||||||
|
credentials: cred,
|
||||||
email: cred.email,
|
email: cred.email,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -240,9 +253,9 @@ export async function resolveApiKeyForProfile(params: {
|
|||||||
const refreshedStore = ensureAuthProfileStore(params.agentDir);
|
const refreshedStore = ensureAuthProfileStore(params.agentDir);
|
||||||
const refreshed = refreshedStore.profiles[profileId];
|
const refreshed = refreshedStore.profiles[profileId];
|
||||||
if (refreshed?.type === "oauth" && Date.now() < refreshed.expires) {
|
if (refreshed?.type === "oauth" && Date.now() < refreshed.expires) {
|
||||||
return buildApiKeyProfileResult({
|
return buildOAuthProfileResult({
|
||||||
apiKey: buildOAuthApiKey(refreshed.provider, refreshed),
|
|
||||||
provider: refreshed.provider,
|
provider: refreshed.provider,
|
||||||
|
credentials: refreshed,
|
||||||
email: refreshed.email ?? cred.email,
|
email: refreshed.email ?? cred.email,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -282,9 +295,9 @@ export async function resolveApiKeyForProfile(params: {
|
|||||||
agentDir: params.agentDir,
|
agentDir: params.agentDir,
|
||||||
expires: new Date(mainCred.expires).toISOString(),
|
expires: new Date(mainCred.expires).toISOString(),
|
||||||
});
|
});
|
||||||
return buildApiKeyProfileResult({
|
return buildOAuthProfileResult({
|
||||||
apiKey: buildOAuthApiKey(mainCred.provider, mainCred),
|
|
||||||
provider: mainCred.provider,
|
provider: mainCred.provider,
|
||||||
|
credentials: mainCred,
|
||||||
email: mainCred.email,
|
email: mainCred.email,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user