I am trying to build RxSwift Auth token refresh service using following tutorial: https://www.donnywals.com/building-a-concurrency-proof-token-refresh-flow-in-combine/. However, I faced with issue, when user don't have an auth token and first refresh failed, but second refresh succeed, additional request is send, and after this (3-rd request) is completed, only then called main endpoint
So, what I see in network inspector:
request to refresh token (failed)
request to refresh token (succeed)
request to refresh token (succeed)
request to main endpoint (succeed)
But it should be:
request to refresh token (failed)
request to refresh token (succeed)
request to main endpoint (succeed)
I have following code for Authenticator
protocol AuthenticatorType {
func authenticate() -> Observable<Void>
func checkForValidAuthTokenOrRefresh(forceRefresh: Bool) -> Observable<Void>
}
extension AuthenticatorType {
func checkForValidAuthTokenOrRefresh(forceRefresh: Bool = false) -> Observable<Void> {
return checkForValidAuthTokenOrRefresh(forceRefresh: forceRefresh)
}
}
final class Authenticator<Provider: RxMoyaProviderType> where Provider.Target == AuthAPI {
private let provider: Provider
private let cookiesStorageProvider: CookiesStorageProviderType
private let queue = DispatchQueue(label: "Autenticator.\(UUID().uuidString)")
private var refreshInProgressObservable: Observable<Void>?
init(
provider: Provider,
cookiesStorageProvider: CookiesStorageProviderType
) {
self.provider = provider
self.cookiesStorageProvider = cookiesStorageProvider
}
func checkForValidAuthTokenOrRefresh(forceRefresh: Bool = false) -> Observable<Void> {
return queue.sync { [weak self] in
self?.getCurrentTokenOrRefreshIfNeeded(forceRefresh: forceRefresh) ?? .just(())
}
}
func authenticate() -> Observable<Void> {
provider.request(.authenticate(credentials: .defaultDebugAccount))
.map(LoginResponse.self)
.map { loginResponse in
guard loginResponse.login else {
throw AuthenticationError.loginRequired
}
}
.asObservable()
}
}
// MARK: - Helper methods
private extension Authenticator {
func getCurrentTokenOrRefreshIfNeeded(forceRefresh: Bool = false) -> Observable<Void> {
if let refreshInProgress = refreshInProgressObservable {
return refreshInProgress
}
if cookiesStorageProvider.isHaveValidAuthToken && !forceRefresh {
return .just(())
}
guard cookiesStorageProvider.isHaveValidRefreshToken else {
return .error(AuthenticationError.loginRequired)
}
let refreshInProgress = provider.request(.refreshToken)
.share()
.map { response in
guard response.statusCode != 401 else {
throw AuthenticationError.loginRequired
}
return response
}
.map(RefreshReponse.self)
.map { refreshResponse in
guard refreshResponse.refresh else {
throw AuthenticationError.loginRequired
}
}
.asObservable()
.do(
onNext: { [weak self] _ in self?.resetProgress() },
onError: { [weak self] _ in self?.resetProgress() }
)
refreshInProgressObservable = refreshInProgress
return refreshInProgress
}
func resetProgress() {
queue.sync { [weak self] in
self?.refreshInProgressObservable = nil
}
}
}
And thats how I refresh doing request (with logics to refresh token)
func request(_ token: Target, callbackQueue: DispatchQueue?) -> Observable<Response> {
authenticator.checkForValidAuthTokenOrRefresh()
.flatMapLatest { [weak self] res -> Observable<Response> in
self?.provider.request(token).asObservable() ?? .empty()
}
.map { response in
guard response.statusCode != 401 else {
throw AuthenticationError.loginRequired
}
return response
}
.retry { [weak self] error in
error.flatMap { error -> Observable<Void> in
guard let authError = error as? AuthenticationError, authError == .loginRequired else {
return .error(error)
}
return self?.authenticator.checkForValidAuthTokenOrRefresh(forceRefresh: true) ?? .never()
}
}
}
At first, I thought it was concurrency problem, I changed queue to NSLock, but it all was the same. Also I tried to use subscribe(on:) and observe(on:), thats also don't give any effect.
Maybe issue with do block, where I set refreshInProgressObservable to nil, because when I change onError, to afterError, I don't see third request to refresh token, but I also don't see any request to main endpoint.
I even tried to remove share(), but as you guess it don't help either.
Ah, and also I remember that 3-rd request fires instantly after second is completed, even if I add sleep in beginning of getCurrentTokenOrRefreshIfNeeded method. So that kinda strange
Edit
I tried another way to refresh token, using deferred block in Observable (inspired by Daniel tutorial).
Here is my code
final class NewProvider {
let authProvider: MoyaProvider<AuthAPI>
let apiProvider: MoyaProvider<AppAPI>
let refreshToken: Observable<Void>
init(authProvider: MoyaProvider<AuthAPI>, apiProvider: MoyaProvider<AppAPI>) {
self.authProvider = authProvider
self.apiProvider = apiProvider
refreshToken = authProvider.rx.request(.refreshToken)
.asObservable()
.share()
.map { _ in }
.catchAndReturn(())
}
func request(_ token: AppAPI) -> Observable<Response> {
Observable<Void>
.deferred {
if CookiesStorageProvider.isHaveValidAuthToken {
return .just(())
} else {
throw AuthenticationError.loginRequired
}
}
.flatMapLatest { [weak self] _ in
self?.apiProvider.rx.request(token).asObservable() ?? .never()
}
.retry { [weak self] error in
return error.flatMapLatest { [weak self] _ in
self?.refreshToken ?? .never()
}
}
}
}
It works perfectly for one request (like, "it sends request to refresh token only when auth token is missing and try to refresh token again if token refresh failed")
However, there is problem with multiple requests. If there is no auth token and multiple request are fired, it works well, requests are waiting for token to refresh. BUT, if token refresh failed, there is no attempt to try refresh token again. I don't know what can lead to this behaviour.
EDIT 2
I found out that if I place
.observe(on: SerialDispatchQueueScheduler(queue: queue, internalSerialQueueName: "test1"))
after
.share()
refreshToken = authProvider.rx.request(.refreshToken)
.asObservable()
.share()
.observe(on: SerialDispatchQueueScheduler(queue: queue, internalSerialQueueName: "test1"))
.map { _ in }
.catchAndReturn(())
All will be work as expected, but now I can't understand why its working this way
Okay, I pulled down your code and spent a good chunk of the day looking it over. A couple of review points:
This is way more complex than it needs to be for what it's doing.
Any time you have a var Observable, you are doing something wrong. Observables and Subjects should always be let.
There is no reason or need to use a DispatchQueue the way you did for Observables. This code doesn't need one at all, but even if it did, you should be passing in a Scheduler instead of using queues directly.
I could see no way for your code to actually use the new token in the retry once it has been received. Even if these tests did pass, the code still wouldn't work.
As far as this specific question is concerned. The fundamental problem is that you are calling getCurrentTokenOrRefreshIfNeeded(forceRefresh:) four times in the offending test and creating three refreshInProgress Observables. You are making three of them, because the second one has emitted a result and been disposed before the last call to the function is made. Each one emits a value so you end up with three next events in authAPIProviderMock.recordedEvents.
What is the fix? I could not find a fix without making major changes to the basic structure/architecture of the code. All I can do at this point is suggest that you check out my article on this subject RxSwift and Handling Invalid Tokens which contains working code for this use case and includes unit tests. Or revisit Donny's article which I presume works, but since there are no unit tests for his code, I can't be sure.
Edit
In answer to your question in the comments, here is how you would solve the problem using my service class:
First create a tokenAcquisitionService object. Since you don't actually need to pass a token value around, just use Void for the token type.
let service = TokenAcquisitionService(initialToken: (), getToken: { _ in URLSession.shared.rx.response(request: refreshTokenRequest) }, extractToken: { _ in })
(Use whatever you want in place of URLSession.shared.rx.response(request: refreshTokenRequest). The only requirement is that it returns an Observable<(response: HTTPURLResponse, data: Data)> and in this case the data can simply be Data() or anything else, since it is ignored. It can even present a view controller that asks the user to login.)
Now at the end of every request, include the following.
.do(onNext: { response in
guard response.response.statusCode != 401 else { throw TokenAcquisitionError.unauthorized }
})
.retry(when: { $0.renewToken(with: tokenAcquisitionService) })
Wrap the above however you want so you don't have to copy pasted it onto every request.
QED
Related
I'm trying to build network layer using Apollo, and got one problem. I'm using tutorial from Apollo docs to refresh tokens. And they said that I should provide interceptor to handle token expired date. I did it. But I should create network request to refresh token, and this request catch by interceptor too. How I can resolve it?
class NetworkInterceptorProvider: DefaultInterceptorProvider {
override func interceptors<Operation: GraphQLOperation>(for operation: Operation) -> [ApolloInterceptor] {
var interceptors = super.interceptors(for: operation)
interceptors.insert(UserManagementInterceptor(), at: 0)
return interceptors
}
My UserManagementInterceptor:
func interceptAsync<Operation: GraphQLOperation>(
chain: RequestChain,
request: HTTPRequest<Operation>,
response: HTTPResponse<Operation>?,
completion: #escaping (Result<GraphQLResult<Operation.Data>, Error>) -> Void
) {
guard let token = AuthenticationService.shared.getAccessToken() else {
chain.handleErrorAsync(
UserError.noUserLoggedIn,
request: request,
response: response,
completion: completion
)
AuthenticationService.shared.status = .unauthenticated
print("No access token")
return
}
if AuthenticationService.shared.checkTokenExpired() {
print("Token expired")
guard let refreshToken = AuthenticationService.shared.getRefreshToken() else {
AuthenticationService.shared.status = .unauthenticated
print("No refresh token")
return
}
NetworkManager.shared.apollo.perform(mutation: Network.RefreshTokenMutation(token: refreshToken)) { [weak self] tokenRenewResult in
guard let self else { return }
switch tokenRenewResult {
case .failure:
AuthenticationService.shared.status = .unauthenticated
print("Filed request")
break
case let .success(token):
As result I've got recursion with "Token expired", because my network request RefreshTokenMutation passed through this interceptor too... How I can create exception for token refresh network method?
Below there are three functions. The first one is the function that I need to refactor. Basically what I'm hoping for is something similar what can be achieved using Promise Kit but in this case using Swifts combine framework.
The second function loginWithFacebook() returns a AuthCredential.
This AuthCredential needs to be passed on to the last functions which returns a type Future<UserProfileCompact, Error> which is a similar return type to the main function (1st function).
My question is is there a way to achieve this in a Swifty way, similar to Promise Kit doing this operation: return loginWithFacebook().then {loginWithFirebase(:_)}
// Call site is a View Model
// Main Function that needs to be refactored
func loginwithFacebook() -> Future<UserProfileCompact, Error> {
//This returs a Future Firebase Credential
loginWithFacebook()
//The above credential needs to be passed to this method and this returns a type Future<UserProfileCompact, Error>
loginWithFirebase(<#T##credentials: AuthCredential##AuthCredential#>)
}
private func loginWithFacebook() -> Future<AuthCredential,Error> {
return Future { [weak self] promise in
self?.loginManager.logIn(permissions: ["public_profile","email"], from: UIViewController()) { (loginResult, error) in
if let error = error {
promise(.failure(error))
} else if loginResult?.isCancelled ?? false {
//fatalError()
}
else if let authToken = loginResult?.token?.tokenString {
let credentials = FacebookAuthProvider.credential(withAccessToken: authToken)
promise(.success(credentials))
}
else{
fatalError()
}
}
}
}
private func loginWithFirebase(_ credentials: AuthCredential) -> Future<UserProfileCompact, Error> {
return Future { promise in
Auth.auth().signIn(with: credentials) { (result, error) in
if let error = error {
//Crashlytics.crashlytics().record(error: error)
promise(.failure(error))
}
else if let user = result?.user {
//Crashlytics.crashlytics().setUserID(user.uid)
let profile = UserProfileCompactMapper.map(firebaseUser: user)
promise(.success(profile))
}
else {
fatalError()
}
}
}
}
You can use a .flatMap operator, which takes a value from upstream and produces a publisher. This would look something like below.
Note, that it's also better to return a type-erased AnyPublisher at the function boundary, instead of the specific publisher used inside the function
func loginwithFacebook() -> AnyPublisher<UserProfileCompact, Error> {
loginWithFacebook().flatMap { authCredential in
loginWithFirebase(authCredential)
}
.eraseToAnyPublisher()
}
I try to use Siesta decorators to enable a flow where my authToken gets refreshed automatically when a logged in user gets a 401. For authentication I use Firebase.
In the Siesta documentation there is a straight forward example on how to chain Siesta requests, but I couldn't find a way how to get the asynchronous Firebase getIDTokenForcingRefresh:completion: working here. The problem is that Siesta always expects a Request or a RequestChainAction to be returned, which is not possible with the Firebase auth token refresh api.
I understand that the request chaining is primarily done for Siesta-only use cases. But is there a way to use asynchronous third party APIs like FirebaseAuth which don't perfectly fit in the picture?
Here is the code:
init() {
configure("**") {
$0.headers["jwt"] = self.authToken
$0.decorateRequests {
self.refreshTokenOnAuthFailure(request: $1)
}
}
func refreshTokenOnAuthFailure(request: Request) -> Request {
return request.chained {
guard case .failure(let error) = $0.response, // Did request fail…
error.httpStatusCode == 401 else { // …because of expired token?
return .useThisResponse // If not, use the response we got.
}
return .passTo(
self.createAuthToken().chained { // If so, first request a new token, then:
if case .failure = $0.response { // If token request failed…
return .useThisResponse // …report that error.
} else {
return .passTo(request.repeated()) // We have a new token! Repeat the original request.
}
}
)
}
}
//What to do here? This should actually return a Siesta request
func createAuthToken() -> Void {
let currentUser = Auth.auth().currentUser
currentUser?.getIDTokenForcingRefresh(true) { idToken, error in
if let error = error {
// Error
return;
}
self.authToken = idToken
self.invalidateConfiguration()
}
}
Edit:
Based on the suggested answer of Adrian I've tried the solution below. It still does not work as expected:
I use request() .post to send a request
With the solution I get a failure "Request Cancelled" in the callback
After the callback of createUser was called, the original request is sent with the updated jwt token
This new request with the correct jwt token is lost as the callback of createUser is not called for the response -> So onSuccess is never reached in that case.
How do I make sure that the callback of createUser is only called after the original request was sent with the updated jwt token?
Here is my not working solution - happy for any suggestions:
// This ends up with a requestError "Request Cancelled" before the original request is triggered a second time with the refreshed jwt token.
func createUser(user: UserModel, completion: #escaping CompletionHandler) {
do {
let userAsDict = try user.asDictionary()
Api.sharedInstance.users.request(.post, json: userAsDict)
.onSuccess {
data in
if let user: UserModel = data.content as? UserModel {
completion(user, nil)
} else {
completion(nil, "Deserialization Error")
}
}.onFailure {
requestError in
completion(nil, requestError)
}
} catch let error {
completion(nil, nil, "Serialization Error")
}
}
The Api class:
class Api: Service {
static let sharedInstance = Api()
var jsonDecoder = JSONDecoder()
var authToken: String? {
didSet {
// Rerun existing configuration closure using new value
invalidateConfiguration()
// Wipe any cached state if auth token changes
wipeResources()
}
}
init() {
configureJSONDecoder(decoder: jsonDecoder)
super.init(baseURL: Urls.baseUrl.rawValue, standardTransformers:[.text, .image])
SiestaLog.Category.enabled = SiestaLog.Category.all
configure("**") {
$0.expirationTime = 1
$0.headers["bearer-token"] = self.authToken
$0.decorateRequests {
self.refreshTokenOnAuthFailure(request: $1)
}
}
self.configureTransformer("/users") {
try self.jsonDecoder.decode(UserModel.self, from: $0.content)
}
}
var users: Resource { return resource("/users") }
func refreshTokenOnAuthFailure(request: Request) -> Request {
return request.chained {
guard case .failure(let error) = $0.response, // Did request fail…
error.httpStatusCode == 401 else { // …because of expired token?
return .useThisResponse // If not, use the response we got.
}
return .passTo(
self.refreshAuthToken(request: request).chained { // If so, first request a new token, then:
if case .failure = $0.response {
return .useThisResponse // …report that error.
} else {
return .passTo(request.repeated()) // We have a new token! Repeat the original request.
}
}
)
}
}
func refreshAuthToken(request: Request) -> Request {
return Resource.prepareRequest(using: RefreshJwtRequest())
.onSuccess {
self.authToken = $0.text // …make future requests use it
}
}
}
The RequestDelegate:
class RefreshJwtRequest: RequestDelegate {
func startUnderlyingOperation(passingResponseTo completionHandler: RequestCompletionHandler) {
if let currentUser = Auth.auth().currentUser {
currentUser.getIDTokenForcingRefresh(true) { idToken, error in
if let error = error {
let reqError = RequestError(response: nil, content: nil, cause: error, userMessage: nil)
completionHandler.broadcastResponse(ResponseInfo(response: .failure(reqError)))
return;
}
let entity = Entity<Any>(content: idToken ?? "no token", contentType: "text/plain")
completionHandler.broadcastResponse(ResponseInfo(response: .success(entity))) }
} else {
let authError = RequestError(response: nil, content: nil, cause: AuthError.NOT_LOGGED_IN_ERROR, userMessage: "You are not logged in. Please login and try again.".localized())
completionHandler.broadcastResponse(ResponseInfo(response: .failure(authError)))
}
}
func cancelUnderlyingOperation() {}
func repeated() -> RequestDelegate { RefreshJwtRequest() }
private(set) var requestDescription: String = "CustomSiestaRequest"
}
First off, you should rephrase the main thrust of your question so it's not Firebase-specific, along the lines of "How do I do request chaining with some arbitrary asynchronous code instead of a request?". It will be much more useful to the community that way. Then you can mention that Firebase auth is your specific use case. I'm going to answer your question accordingly.
(Edit: Having answered this question, I now see that Paul had already answered it here: How to decorate Siesta request with an asynchronous task)
Siesta's RequestDelegate does what you're looking for. To quote the docs: "This is useful for taking things that are not standard network requests, and wrapping them so they look to Siesta as if they are. To create a custom request, pass your delegate to Resource.prepareRequest(using:)."
You might use something like this as a rough starting point - it runs a closure (the auth call in your case) that either succeeds with no output or returns an error. Depending on use, you might adapt it to populate the entity with actual content.
// todo better name
class SiestaPseudoRequest: RequestDelegate {
private let op: (#escaping (Error?) -> Void) -> Void
init(op: #escaping (#escaping (Error?) -> Void) -> Void) {
self.op = op
}
func startUnderlyingOperation(passingResponseTo completionHandler: RequestCompletionHandler) {
op {
if let error = $0 {
// todo better
let reqError = RequestError(response: nil, content: nil, cause: error, userMessage: nil)
completionHandler.broadcastResponse(ResponseInfo(response: .failure(reqError)))
}
else {
// todo you might well produce output at this point
let ent = Entity<Any>(content: "", contentType: "text/plain")
completionHandler.broadcastResponse(ResponseInfo(response: .success(ent)))
}
}
}
func cancelUnderlyingOperation() {}
func repeated() -> RequestDelegate { SiestaPseudoRequest(op: op) }
// todo better
private(set) var requestDescription: String = "SiestaPseudoRequest"
}
One catch I found with this is that response transformers aren't run for such "requests" - the transformer pipeline is specific to Siesta's NetworkRequest. (This took me by surprise and I'm not sure that I like it, but Siesta seems to be generally full of good decisions, so I'm mostly taking it on faith that there's a good reason for it.)
It might be worth watching out for other non request-like behaviour.
I currently have a network client that looks like the below:
class Client<R: ResourceType> {
let engine: ClientEngineType
var session: URLSession
init(engine: ClientEngineType = ClientEngine()) {
self.engine = engine
self.session = URLSession.shared
}
func request<T: Codable>(_ resource: R) -> Single<T> {
let request = URLRequest(resource: resource)
return Single<T>.create { [weak self] single in
guard let self = self else { return Disposables.create() }
let response = self.session.rx.response(request: request)
return response.subscribe(
onNext: { response, data in
if let error = self.error(from: response) {
single(.error(error))
return
}
do {
let decoder = JSONDecoder()
let value = try decoder.decode(T.self, from: data)
single(.success(value))
} catch let error {
single(.error(error))
}
},
onError: { error in
single(.error(error))
})
}
}
struct StatusCodeError: LocalizedError {
let code: Int
var errorDescription: String? {
return "An error occurred communicating with the server. Please try again."
}
}
private func error(from response: URLResponse?) -> Error? {
guard let response = response as? HTTPURLResponse else { return nil }
let statusCode = response.statusCode
if 200..<300 ~= statusCode {
return nil
} else {
return StatusCodeError(code: statusCode)
}
}
}
Which I can then invoke something like
let client = Client<MyRoutes>()
client.request(.companyProps(params: ["collections": "settings"]))
.map { props -> CompanyModel in return props }
.subscribe(onSuccess: { props in
// do something with props
}) { error in
print(error.localizedDescription)
}.disposed(by: disposeBag)
I'd like to start handling 401 responses and refreshing my token and retrying the request.
I'm struggling to find a nice way to do this.
I found this excellent gist that outlines a way to achieve this, however I am struggling to implement this in my current client.
Any tips or pointers would be very much appreciated.
That's my gist! (Thanks for calling it excellent.) Did you see the article that went with it? https://medium.com/#danielt1263/retrying-a-network-request-despite-having-an-invalid-token-b8b89340d29
There are two key elements in handling 401 retries. First is that you need a way to insert tokens into your requests and start your request pipeline with Observable.deferred { tokenAcquisitionService.token.take(1) }. In your case, that means you need a URLRequest.init that will accept a Resource and a token, not just a resource.
The second is to throw a TokenAcquisitionError.unauthorized error when you get a 401 and end your request pipeline with .retryWhen { $0.renewToken(with: tokenAcquisitionService) }
So, given what you have above, in order to handle token retries all you need to do is bring my TokenAcquisitionService into your project and use this:
func getToken(_ oldToken: Token) -> Observable<(response: HTTPURLResponse, data: Data)> {
fatalError("this function needs to be able to request a new token from the server. It has access to the old token if it needs that to request the new one.")
}
func extractToken(_ data: Data) -> Token {
fatalError("This function needs to be able to extract the new token using the data returned from the previous function.")
}
let tokenAcquisitionService = TokenAcquisitionService<Token>(initialToken: Token(), getToken: getToken, extractToken: extractToken)
final class Client<R> where R: ResourceType {
let session: URLSession
init(session: URLSession = URLSession.shared) {
self.session = session
}
func request<T>(_ resource: R) -> Single<T> where T: Decodable {
return Observable.deferred { tokenAcquisitionService.token.take(1) }
.map { token in URLRequest(resource: resource, token: token) }
.flatMapLatest { [session] request in session.rx.response(request: request) }
.do(onNext: { response, _ in
if response.statusCode == 401 {
throw TokenAcquisitionError.unauthorized
}
})
.map { (_, data) -> T in
return try JSONDecoder().decode(T.self, from: data)
}
.retryWhen { $0.renewToken(with: tokenAcquisitionService) }
.asSingle()
}
}
Note, it could be the case that the getToken function has to, for example, present a view controller that asks for the user's credentials. That means you need to present your login view controller (or a UIAlertController) to gather the data. Or maybe you get both an authorization token and a refresh token from your server when you login. In that case the TokenAcquisitionService should hold on to both of them (i.e., its T should be a (token: String, refresh: String). Either is fine.
The only problem with the service is that if acquiring the new token fails, the entire service shuts down. I haven't fixed that yet.
I have a middleware which fetches a token if there is no one to be found in Redis.
struct TokenMiddleware: Middleware, TokenAccessor {
func respond(to request: Request, chainingTo next: Responder) throws -> Future<Response> {
guard let _ = request.http.headers.firstValue(name: HTTPHeaderName("Client-ID")) else {
throw Abort(.badRequest, reason: "missing 'Client-ID' in header")
}
guard request.clientID.isEmpty == false else {
throw Abort(.badRequest, reason: "'Client-ID' in header is empty")
}
guard let _ = request.http.headers.firstValue(name: HTTPHeaderName("Client-Secret")) else {
throw Abort(.badRequest, reason: "missing 'Client-Secret' in header")
}
/// getToken fetches a new Token and stores it in Redis for the controller to use
return try self.getToken(request: request).flatMap(to: Response.self) { token in
return try next.respond(to: request)
}
}
}
extension TokenMiddleware: Service {}
But this causes multiple processes fetching new tokens on their own and therefore a race condition.
How can I handle this in vapor?
I solved the problem now, thanks to Soroush from http://khanlou.com/2017/09/dispatch-on-the-server/ who hinted me into the right direction. More infos on the DispatchQueues can be found in an excellent article from https://www.raywenderlich.com/5370-grand-central-dispatch-tutorial-for-swift-4-part-1-2
So:
In both iOS and Vapor on the Server we can create a DispatchQueue. In my case I am using a concurrent one that, in the critical part where token reading, fetching (if needed) and token writing happens, I use a barrier.
The barrier lets only one in and thus in this part everything is executed like a serial queue.
Hope this helps anybody that might come across the same issue
import Vapor
protocol TokenAccessor: RedisAccessor {
}
extension TokenAccessor {
/// Main convenience function that handles expiry, refetching etc
///
/// - Check if token was saved before
/// - We store the token in redis
/// - We use redis TTL feature to handle token expiry
///
func getToken(request: Request) throws -> Future<Token> {
print(":getToken(request:)")
let promise = request.eventLoop.newPromise(Token.self)
return request.withNewConnection(to: .redis) { redis in
let concurrentQueue = DispatchQueue(label: "com.queuename.gettoken",
attributes: .concurrent)
/// Making the concurrent queue serial because only one is allowed to fetch a new token at a time
concurrentQueue.async(flags: .barrier) {
let _ = redis.get(request.clientIdLastDigits, as: String.self).map(to: Void.self) { tokenOpt in
guard let accessToken = tokenOpt else {
try self.fetchNewToken(forRequest: request).do { newToken in
print("fetched a new token")
promise.succeed(result: newToken)
}.catch { error in
print("failed fetching a new token")
promise.fail(error: error)
}
return
}
print("got a valid token from redis")
let token = Token(client: request.clientIdLastDigits, token: accessToken, expiresIn: Date())
// return request.future(token)
promise.succeed(result: token)
}
}
return promise.futureResult
}
}
...
This is triggered in front of my methods via a middleware (so I don't need to think about it)
import Vapor
struct TokenMiddleware: Middleware, TokenAccessor {
func respond(to request: Request, chainingTo next: Responder) throws -> Future<Response> {
guard let _ = request.http.headers.firstValue(name: HTTPHeaderName("Client-ID")) else {
throw Abort(.badRequest, reason: "missing 'Client-ID' in header")
}
guard request.clientID.isEmpty == false else {
throw Abort(.badRequest, reason: "'Client-ID' in header is empty")
}
guard let _ = request.http.headers.firstValue(name: HTTPHeaderName("Client-Secret")) else {
throw Abort(.badRequest, reason: "missing 'Client-Secret' in header")
}
return try self.getToken(request: request).flatMap(to: Response.self) { token in
return try next.respond(to: request)
}
}
}
extension TokenMiddleware: Service {}