solana/storage-bigtable/src/access_token.rs

pub use goauth::scopes::Scope;
/// A module for managing a Google API access token
use {
    crate::CredentialType,
    goauth::{
        auth::{JwtClaims, Token},
        credentials::Credentials,
    },
    log::*,
    smpl_jwt::Jwt,
    std::{
        str::FromStr,
        sync::{
            atomic::{AtomicBool, Ordering},
            {Arc, RwLock},
        },
        time::Instant,
    },
};

fn load_credentials(filepath: Option<String>) -> Result<Credentials, String> {
    let path = match filepath {
        Some(f) => f,
        None => std::env::var("GOOGLE_APPLICATION_CREDENTIALS").map_err(|_| {
            "GOOGLE_APPLICATION_CREDENTIALS environment variable not found".to_string()
        })?,
    };
    Credentials::from_file(&path)
        .map_err(|err| format!("Failed to read GCP credentials from {}: {}", path, err))
}

fn load_stringified_credentials(credential: String) -> Result<Credentials, String> {
    Credentials::from_str(&credential).map_err(|err| format!("{}", err))
}

#[derive(Clone)]
pub struct AccessToken {
    credentials: Credentials,
    scope: Scope,
    refresh_active: Arc<AtomicBool>,
    token: Arc<RwLock<(Token, Instant)>>,
}

impl AccessToken {
    pub async fn new(scope: Scope, credential_type: CredentialType) -> Result<Self, String> {
        let credentials = match credential_type {
            CredentialType::Filepath(fp) => load_credentials(fp)?,
            CredentialType::Stringified(s) => load_stringified_credentials(s)?,
        };

        if let Err(err) = credentials.rsa_key() {
            Err(format!("Invalid rsa key: {}", err))
        } else {
            let token = Arc::new(RwLock::new(Self::get_token(&credentials, &scope).await?));
            let access_token = Self {
                credentials,
                scope,
                token,
                refresh_active: Arc::new(AtomicBool::new(false)),
            };
            Ok(access_token)
        }
    }

    /// The project that this token grants access to
    pub fn project(&self) -> String {
        self.credentials.project()
    }

    async fn get_token(
        credentials: &Credentials,
        scope: &Scope,
    ) -> Result<(Token, Instant), String> {
        info!("Requesting token for {:?} scope", scope);
        let claims = JwtClaims::new(
            credentials.iss(),
            scope,
            credentials.token_uri(),
            None,
            None,
        );
        let jwt = Jwt::new(claims, credentials.rsa_key().unwrap(), None);

        let token = goauth::get_token(&jwt, credentials)
            .await
            .map_err(|err| format!("Failed to refresh access token: {}", err))?;

        info!("Token expires in {} seconds", token.expires_in());
        Ok((token, Instant::now()))
    }

    /// Call this function regularly to ensure the access token does not expire
    pub async fn refresh(&self) {
        // Check if it's time to try a token refresh
        {
            let token_r = self.token.read().unwrap();
            if token_r.1.elapsed().as_secs() < token_r.0.expires_in() as u64 / 2 {
                return;
            }

            #[allow(deprecated)]
            if self
                .refresh_active
                .compare_and_swap(false, true, Ordering::Relaxed)
            {
                // Refresh already pending
                return;
            }
        }

        info!("Refreshing token");
        let new_token = Self::get_token(&self.credentials, &self.scope).await;
        {
            let mut token_w = self.token.write().unwrap();
            match new_token {
                Ok(new_token) => *token_w = new_token,
                Err(err) => warn!("{}", err),
            }
            self.refresh_active.store(false, Ordering::Relaxed);
        }
    }

    /// Return an access token suitable for use in an HTTP authorization header
    pub fn get(&self) -> String {
        let token_r = self.token.read().unwrap();
        format!("{} {}", token_r.0.token_type(), token_r.0.access_token())
    }
}
Reformat imports to a consistent style for imports rustfmt.toml configuration: imports_granularity = "One" group_imports = "One" 2021-12-03 09:00:31 -08:00			`pub use goauth::scopes::Scope;`
Add access_token module 2020-07-17 13:31:10 -07:00			`/// A module for managing a Google API access token`
Add storage-proto build.rs and readme (#18353) * Use build.rs for storage-proto generation * Add readme * Single use statements 2021-07-09 13:06:06 -07:00			`use {`
Add a stringified credential option for LedgerStorage (#24314) * add a stringified credential option for LedgerStorage * fix clippy::useless-format warning * change CredentialOption to enum CredentialType * rename credential_option to credential_type * restore LedgerStorage new fn signature * fmt Co-authored-by: Tyera Eulberg <tyera@solana.com> 2022-04-13 13:35:06 -07:00			`crate::CredentialType,`
Add storage-proto build.rs and readme (#18353) * Use build.rs for storage-proto generation * Add readme * Single use statements 2021-07-09 13:06:06 -07:00			`goauth::{`
			`auth::{JwtClaims, Token},`
			`credentials::Credentials,`
			`},`
			`log::*,`
			`smpl_jwt::Jwt,`
			`std::{`
Add a stringified credential option for LedgerStorage (#24314) * add a stringified credential option for LedgerStorage * fix clippy::useless-format warning * change CredentialOption to enum CredentialType * rename credential_option to credential_type * restore LedgerStorage new fn signature * fmt Co-authored-by: Tyera Eulberg <tyera@solana.com> 2022-04-13 13:35:06 -07:00			`str::FromStr,`
Add storage-proto build.rs and readme (#18353) * Use build.rs for storage-proto generation * Add readme * Single use statements 2021-07-09 13:06:06 -07:00			`sync::{`
			`atomic::{AtomicBool, Ordering},`
			`{Arc, RwLock},`
			`},`
			`time::Instant,`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`},`
			`};`
Add access_token module 2020-07-17 13:31:10 -07:00
[ledger-tool]compare_blocks (#22229) * 1.made load_credentials accept credential path as a parameter. 2.partial implement bigtable comparasion function * finding missing blocks in bigtables in a specified range * refactor compare-blocks,add unit test for missing_blocks and fmt * compare-block fix last block bug * refactor compare-block and improve wording * Update ledger-tool/src/bigtable.rs Co-authored-by: Tyera Eulberg <teulberg@gmail.com> * update compare-block command-line description * style:improve wording/naming/code style Co-authored-by: Tyera Eulberg <teulberg@gmail.com> 2022-01-05 22:36:03 -08:00			`fn load_credentials(filepath: Option<String>) -> Result<Credentials, String> {`
			`let path = match filepath {`
			`Some(f) => f,`
			`None => std::env::var("GOOGLE_APPLICATION_CREDENTIALS").map_err(\|_\| {`
			`"GOOGLE_APPLICATION_CREDENTIALS environment variable not found".to_string()`
			`})?,`
			`};`
			`Credentials::from_file(&path)`
			`.map_err(\|err\| format!("Failed to read GCP credentials from {}: {}", path, err))`
Add access_token module 2020-07-17 13:31:10 -07:00			`}`

Add a stringified credential option for LedgerStorage (#24314) * add a stringified credential option for LedgerStorage * fix clippy::useless-format warning * change CredentialOption to enum CredentialType * rename credential_option to credential_type * restore LedgerStorage new fn signature * fmt Co-authored-by: Tyera Eulberg <tyera@solana.com> 2022-04-13 13:35:06 -07:00			`fn load_stringified_credentials(credential: String) -> Result<Credentials, String> {`
			`Credentials::from_str(&credential).map_err(\|err\| format!("{}", err))`
			`}`

Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`#[derive(Clone)]`
Add access_token module 2020-07-17 13:31:10 -07:00			`pub struct AccessToken {`
			`credentials: Credentials,`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`scope: Scope,`
			`refresh_active: Arc<AtomicBool>,`
			`token: Arc<RwLock<(Token, Instant)>>,`
Add access_token module 2020-07-17 13:31:10 -07:00			`}`

			`impl AccessToken {`
Add a stringified credential option for LedgerStorage (#24314) * add a stringified credential option for LedgerStorage * fix clippy::useless-format warning * change CredentialOption to enum CredentialType * rename credential_option to credential_type * restore LedgerStorage new fn signature * fmt Co-authored-by: Tyera Eulberg <tyera@solana.com> 2022-04-13 13:35:06 -07:00			`pub async fn new(scope: Scope, credential_type: CredentialType) -> Result<Self, String> {`
			`let credentials = match credential_type {`
			`CredentialType::Filepath(fp) => load_credentials(fp)?,`
			`CredentialType::Stringified(s) => load_stringified_credentials(s)?,`
			`};`

Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`if let Err(err) = credentials.rsa_key() {`
			`Err(format!("Invalid rsa key: {}", err))`
			`} else {`
			`let token = Arc::new(RwLock::new(Self::get_token(&credentials, &scope).await?));`
			`let access_token = Self {`
			`credentials,`
			`scope,`
			`token,`
			`refresh_active: Arc::new(AtomicBool::new(false)),`
			`};`
			`Ok(access_token)`
			`}`
			`}`
Add access_token module 2020-07-17 13:31:10 -07:00
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`/// The project that this token grants access to`
			`pub fn project(&self) -> String {`
			`self.credentials.project()`
			`}`

			`async fn get_token(`
			`credentials: &Credentials,`
			`scope: &Scope,`
			`) -> Result<(Token, Instant), String> {`
			`info!("Requesting token for {:?} scope", scope);`
Add access_token module 2020-07-17 13:31:10 -07:00			`let claims = JwtClaims::new(`
			`credentials.iss(),`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`scope,`
Add access_token module 2020-07-17 13:31:10 -07:00			`credentials.token_uri(),`
			`None,`
			`None,`
			`);`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`let jwt = Jwt::new(claims, credentials.rsa_key().unwrap(), None);`
Add access_token module 2020-07-17 13:31:10 -07:00
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`let token = goauth::get_token(&jwt, credentials)`
			`.await`
			`.map_err(\|err\| format!("Failed to refresh access token: {}", err))?;`
Add access_token module 2020-07-17 13:31:10 -07:00
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`info!("Token expires in {} seconds", token.expires_in());`
			`Ok((token, Instant::now()))`
Add access_token module 2020-07-17 13:31:10 -07:00			`}`

Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`/// Call this function regularly to ensure the access token does not expire`
			`pub async fn refresh(&self) {`
			`// Check if it's time to try a token refresh`
			`{`
			`let token_r = self.token.read().unwrap();`
			`if token_r.1.elapsed().as_secs() < token_r.0.expires_in() as u64 / 2 {`
			`return;`
			`}`

Upgrade to Rust v1.49.0 2021-01-23 11:55:15 -08:00			`#[allow(deprecated)]`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`if self`
			`.refresh_active`
			`.compare_and_swap(false, true, Ordering::Relaxed)`
			`{`
			`// Refresh already pending`
Add access_token module 2020-07-17 13:31:10 -07:00			`return;`
			`}`
			`}`

			`info!("Refreshing token");`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`let new_token = Self::get_token(&self.credentials, &self.scope).await;`
			`{`
			`let mut token_w = self.token.write().unwrap();`
			`match new_token {`
			`Ok(new_token) => *token_w = new_token,`
			`Err(err) => warn!("{}", err),`
Add access_token module 2020-07-17 13:31:10 -07:00			`}`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`self.refresh_active.store(false, Ordering::Relaxed);`
Add access_token module 2020-07-17 13:31:10 -07:00			`}`
			`}`

			`/// Return an access token suitable for use in an HTTP authorization header`
Simplify access token refreshing 2020-07-24 13:53:02 -07:00			`pub fn get(&self) -> String {`
			`let token_r = self.token.read().unwrap();`
			`format!("{} {}", token_r.0.token_type(), token_r.0.access_token())`
Add access_token module 2020-07-17 13:31:10 -07:00			`}`
			`}`