Merge pull request #14 from cap-js/SDMEXT-401

Sdmext 401: Implementing token exchange flow
cap-js · May 29, 2024 · 90713ac · 90713ac
2 parents 0796789 + 50147e4
commit 90713ac
Show file tree

Hide file tree

Showing 4 changed files with 272 additions and 98 deletions.
diff --git a/lib/sdm.js b/lib/sdm.js
@@ -27,9 +27,9 @@ module.exports = class SDMAttachmentsService extends (
     return this.creds;
   }
 
-  async get(attachments, keys) {
+  async get(attachments, keys, req) {
     const response = await getURLFromAttachments(keys, attachments);
-    const token = await fetchAccessToken(this.creds);
+    const token = await fetchAccessToken(this.creds, req.user.tokenInfo.getTokenValue());
     try {
       const Key = response?.url;
       const content = await readAttachment(Key, token, this.creds);
@@ -50,7 +50,7 @@ module.exports = class SDMAttachmentsService extends (
       if (duplicateDraftFilesErrMsg != "") {
         req.reject(409, duplicateDraftFileErr(duplicateDraftFilesErrMsg));
       }
-      const token = await fetchAccessToken(this.creds);
+      const token = await fetchAccessToken(this.creds, req.user.tokenInfo.getTokenValue());
       console.log("Token: ", token);
       const folderIds = await getFolderIdForEntity(attachments, req);
       let parentId = "";
@@ -146,7 +146,7 @@ module.exports = class SDMAttachmentsService extends (
       cds.model.definitions[req.query.target.name + ".attachments"];
 
     if (req?.attachmentsToDelete?.length > 0) {
-      const token = await fetchAccessToken(this.creds);
+      const token = await fetchAccessToken(this.creds, req.user.tokenInfo.getTokenValue());
       if (req?.parentId) {
         await deleteFolderWithAttachments(this.creds, token, req.parentId);
       } else {
@@ -264,4 +264,4 @@ module.exports = class SDMAttachmentsService extends (
     );
     return;
   }
-};
+};
diff --git a/lib/util/index.js b/lib/util/index.js
@@ -3,31 +3,52 @@ const cds = require("@sap/cds");
 const requests = xssec.requests;
 const NodeCache = require("node-cache");
 const cache = new NodeCache();
-
-function fetchAccessToken(credentials) {
-  const access_token = cache.get("SDM_ACCESS_TOKEN"); // to check if token exists
+async function fetchAccessToken(credentials, jwt) {
+  let decoded_token_jwt = decodeAccessToken(jwt);
+  let access_token = cache.get(decoded_token_jwt.email); // to check if token exists
   if (access_token === undefined) {
-    return new Promise(function (resolve, reject) {
-      requests.requestClientCredentialsToken(
-        null,
-        credentials.uaa,
-        null,
-        (error, response) => {
-          if (error) {
-            console.error(
-              `Response error while fetching access token ${response.statusCode}`
-            );
-            reject(err);
-          } else {
-            cache.set("SDM_ACCESS_TOKEN", response, 11); //expires after 11 hours
-            resolve(response);
-          }
-        }
-      );
-    });
+    access_token = await generateSDMBearerToken(credentials, jwt);
+    let user = decodeAccessToken(access_token).email;
+    cache.set(user, access_token, 11 * 3600); //expires after 11 hours
   } else {
-    return access_token;
+    let decoded_token = decodeAccessToken(access_token);
+    if (isTokenExpired(decoded_token.exp)) {
+      access_token = generateSDMBearerToken(credentials, jwt);
+      cache.del(decoded_token.email);
+      cache.set(decoded_token.email, access_token, 11 * 3600); //expires after 11 hours
+    }
+
   }
+  return access_token;
+}
+async function generateSDMBearerToken(credentials, jwt) {
+  return new Promise(function (resolve, reject) {
+    requests.requestUserToken(
+      jwt,
+      credentials.uaa,
+      null, null, null, null, (error, response) => {
+        if (error) {
+          console.error(
+            `Response error while fetching access token ${response.statusCode}`
+          );
+          reject(err);
+        } else {
+          resolve(response);
+          return response;
+        }
+      }
+    );
+  });
+}
+function isTokenExpired(exp) {
+  var expiry = new Date(exp * 1000);
+  var now = new Date();
+  return now > expiry;
+}
+function decodeAccessToken(jwtEncoded) {
+  const jwtBase64Encoded = jwtEncoded.split('.')[1];
+  const jwtDecodedAsString = Buffer.from(jwtBase64Encoded, 'base64').toString('ascii');
+  return JSON.parse(jwtDecodedAsString);
 }
 
 function getConfigurations() {