89 lines
2.5 KiB
TypeScript
89 lines
2.5 KiB
TypeScript
import { metrics } from "@opentelemetry/api"
|
|
import { revalidateTag, unstable_cache } from "next/cache"
|
|
|
|
import { env } from "@/env/server"
|
|
|
|
import { generateServiceTokenTag } from "@/utils/generateTag"
|
|
|
|
import { ServiceTokenScopeEnum } from "@/types/enums/serviceToken"
|
|
import { ServiceTokenResponse } from "@/types/tokens"
|
|
|
|
// OpenTelemetry metrics: Service token
|
|
const meter = metrics.getMeter("trpc.context.serviceToken")
|
|
const getServiceTokenCounter = meter.createCounter(
|
|
"trpc.context.serviceToken.get-new-token"
|
|
)
|
|
const getTempServiceTokenCounter = meter.createCounter(
|
|
"trpc.context.serviceToken.get-temporary"
|
|
)
|
|
const getServiceTokenFailCounter = meter.createCounter(
|
|
"trpc.context.serviceToken.get-fail"
|
|
)
|
|
|
|
async function getServiceToken() {
|
|
getServiceTokenCounter.add(1)
|
|
const scopes = Object.keys(ServiceTokenScopeEnum)
|
|
const response = await fetch(`${env.CURITY_ISSUER_USER}/oauth/v2/token`, {
|
|
method: "POST",
|
|
headers: {
|
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
Accept: "application/json",
|
|
},
|
|
body: new URLSearchParams({
|
|
grant_type: "client_credentials",
|
|
client_id: env.CURITY_CLIENT_ID_SERVICE,
|
|
client_secret: env.CURITY_CLIENT_SECRET_SERVICE,
|
|
scope: scopes.join(" "),
|
|
}),
|
|
})
|
|
|
|
if (!response.ok) {
|
|
getServiceTokenFailCounter.add(1, {
|
|
error_type: "http_error",
|
|
error: JSON.stringify({
|
|
status: response.status,
|
|
statusText: response.statusText,
|
|
}),
|
|
})
|
|
throw new Error("Failed to obtain service token")
|
|
}
|
|
|
|
return response.json()
|
|
}
|
|
|
|
export async function fetchServiceToken(): Promise<ServiceTokenResponse> {
|
|
try {
|
|
const tag = generateServiceTokenTag()
|
|
const getCachedJwt = unstable_cache(
|
|
async () => {
|
|
const jwt = await getServiceToken()
|
|
|
|
const expiresAt = Date.now() + jwt.expires_in * 1000
|
|
return { expiresAt, jwt }
|
|
},
|
|
[],
|
|
{ tags: [tag] }
|
|
)
|
|
|
|
const cachedJwt = await getCachedJwt()
|
|
if (cachedJwt.expiresAt < Date.now()) {
|
|
console.log(
|
|
"trpc.context.serviceToken: Service token expired, revalidating tag"
|
|
)
|
|
revalidateTag(tag)
|
|
|
|
console.log(
|
|
"trpc.context.serviceToken: Fetching new temporary service token."
|
|
)
|
|
getTempServiceTokenCounter.add(1)
|
|
const newToken = await getServiceToken()
|
|
return newToken
|
|
}
|
|
|
|
return cachedJwt.jwt
|
|
} catch (error) {
|
|
console.error("Error fetching service token:", error)
|
|
throw error
|
|
}
|
|
}
|