From 38acece9dcf3d7e1309b3dc72451b675aaf76ebb Mon Sep 17 00:00:00 2001 From: bgvozdev <20631664+bgvozdev@users.noreply.github.com> Date: Fri, 15 Dec 2023 09:47:58 +1100 Subject: [PATCH] NONE: decrease TTL of the token (#2611) --- src/github/client/app-token-holder.ts | 4 +-- src/github/client/auth-token.ts | 2 +- .../client/installation-token-cache.test.ts | 32 +++++++++---------- src/github/client/token-cache.test.ts | 4 +-- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/github/client/app-token-holder.ts b/src/github/client/app-token-holder.ts index 77f2c95cad..a242120092 100644 --- a/src/github/client/app-token-holder.ts +++ b/src/github/client/app-token-holder.ts @@ -1,5 +1,5 @@ import { AsymmetricAlgorithm, encodeAsymmetric } from "atlassian-jwt"; -import { AuthToken, ONE_MINUTE, TEN_MINUTES } from "./auth-token"; +import { AuthToken, ONE_MINUTE, NINE_MINUTES_MSEC } from "./auth-token"; import LRUCache from "lru-cache"; import { InstallationId } from "./installation-id"; import { keyLocator } from "~/src/github/client/key-locator"; @@ -33,7 +33,7 @@ export class AppTokenHolder { */ public static createAppJwt(key: string, appId: string): AuthToken { - const expirationDate = new Date(Date.now() + TEN_MINUTES); + const expirationDate = new Date(Date.now() + NINE_MINUTES_MSEC); const jwtPayload = { // "issued at" date, 60 seconds into the past to allow for some time drift diff --git a/src/github/client/auth-token.ts b/src/github/client/auth-token.ts index 446b01c322..8b5c55b61d 100644 --- a/src/github/client/auth-token.ts +++ b/src/github/client/auth-token.ts @@ -1,4 +1,4 @@ -export const TEN_MINUTES = 10 * 60 * 1000; +export const NINE_MINUTES_MSEC = 9 * 60 * 1000; export const ONE_MINUTE = 60 * 1000; export class AuthToken { diff --git a/src/github/client/installation-token-cache.test.ts b/src/github/client/installation-token-cache.test.ts index 88a2ceed99..3564d9059c 100644 --- a/src/github/client/installation-token-cache.test.ts +++ b/src/github/client/installation-token-cache.test.ts @@ -1,5 +1,5 @@ import { InstallationTokenCache } from "./installation-token-cache"; -import { AuthToken, ONE_MINUTE, TEN_MINUTES } from "./auth-token"; +import { AuthToken, ONE_MINUTE, NINE_MINUTES_MSEC } from "./auth-token"; jest.unmock("lru-cache"); @@ -7,8 +7,8 @@ describe("InstallationTokenCache", () => { const now = new Date(2021, 10, 25, 10, 0); const in5Minutes = new Date(now.getTime() + 5 * ONE_MINUTE); - const in10Minutes = new Date(now.getTime() + TEN_MINUTES); - const in20Minutes = new Date(now.getTime() + 2 * TEN_MINUTES); + const in9Minutes = new Date(now.getTime() + NINE_MINUTES_MSEC); + const in18Minutes = new Date(now.getTime() + 2 * NINE_MINUTES_MSEC); beforeAll(() => { jest.useFakeTimers("modern"); @@ -22,8 +22,8 @@ describe("InstallationTokenCache", () => { const GITHUB_INSTALLATION_ID = 1; jest.setSystemTime(now); - const token1 = new AuthToken("token1", in10Minutes); - const token2 = new AuthToken("token2", in10Minutes); + const token1 = new AuthToken("token1", in9Minutes); + const token2 = new AuthToken("token2", in9Minutes); const cache1 = InstallationTokenCache.getInstance(); const cache2 = InstallationTokenCache.getInstance(); @@ -40,8 +40,8 @@ describe("InstallationTokenCache", () => { const GITHUB_INSTALLATION_ID = 1; const GITHUB_APP_ID = 1; jest.setSystemTime(now); - const token1 = new AuthToken("token1", in10Minutes); - const token2 = new AuthToken("token2", in10Minutes); + const token1 = new AuthToken("token1", in9Minutes); + const token2 = new AuthToken("token2", in9Minutes); const cache1 = InstallationTokenCache.getInstance(); const cache2 = InstallationTokenCache.getInstance(); @@ -58,8 +58,8 @@ describe("InstallationTokenCache", () => { const GITHUB_INSTALLATION_ID_1 = 21; const GITHUB_INSTALLATION_ID_2 = 22; jest.setSystemTime(now); - const token1 = new AuthToken("token1", in10Minutes); - const token2 = new AuthToken("token2", in10Minutes); + const token1 = new AuthToken("token1", in9Minutes); + const token2 = new AuthToken("token2", in9Minutes); const cache1 = InstallationTokenCache.getInstance(); const cache2 = InstallationTokenCache.getInstance(); @@ -77,8 +77,8 @@ describe("InstallationTokenCache", () => { const GITHUB_APP_ID_1 = 31; const GITHUB_APP_ID_2 = 32; jest.setSystemTime(now); - const token1 = new AuthToken("token1", in10Minutes); - const token2 = new AuthToken("token2", in10Minutes); + const token1 = new AuthToken("token1", in9Minutes); + const token2 = new AuthToken("token2", in9Minutes); const cache1 = InstallationTokenCache.getInstance(); const cache2 = InstallationTokenCache.getInstance(); @@ -95,8 +95,8 @@ describe("InstallationTokenCache", () => { const CONFLICTIN_GITHUB_INSTALLATION_ID = 41; const GITHUB_APP_ID = 41; jest.setSystemTime(now); - const token1 = new AuthToken("token1", in10Minutes); - const token2 = new AuthToken("token2", in10Minutes); + const token1 = new AuthToken("token1", in9Minutes); + const token2 = new AuthToken("token2", in9Minutes); const cache1 = InstallationTokenCache.getInstance(); const cache2 = InstallationTokenCache.getInstance(); @@ -109,10 +109,10 @@ describe("InstallationTokenCache", () => { }); it("Re-generates expired tokens", async () => { - const initialInstallationToken = new AuthToken("initial installation token", in10Minutes); + const initialInstallationToken = new AuthToken("initial installation token", in9Minutes); const generateInitialInstallationToken = jest.fn().mockImplementation(() => Promise.resolve(initialInstallationToken)); - const freshInstallationToken = new AuthToken("fresh installation token", in20Minutes); + const freshInstallationToken = new AuthToken("fresh installation token", in18Minutes); const generateFreshInstallationToken = jest.fn().mockImplementation(() => Promise.resolve(freshInstallationToken)); const githubInstallationId = 123456; @@ -132,7 +132,7 @@ describe("InstallationTokenCache", () => { expect(generateFreshInstallationToken).toHaveBeenCalledTimes(0); // after 10 minutes we expect a new token because the old one has expired - jest.setSystemTime(in10Minutes); + jest.setSystemTime(in9Minutes); const token3 = await installationTokenCache.getInstallationToken(githubInstallationId, undefined, generateFreshInstallationToken); expect(token3).toEqual(freshInstallationToken); expect(generateInitialInstallationToken).toHaveBeenCalledTimes(1); diff --git a/src/github/client/token-cache.test.ts b/src/github/client/token-cache.test.ts index 69284d1c7d..481725af22 100644 --- a/src/github/client/token-cache.test.ts +++ b/src/github/client/token-cache.test.ts @@ -1,5 +1,5 @@ import { InstallationTokenCache } from "./installation-token-cache"; -import { AuthToken, TEN_MINUTES } from "./auth-token"; +import { AuthToken, NINE_MINUTES_MSEC } from "./auth-token"; import { AppTokenHolder } from "./app-token-holder"; import { getInstallationId } from "./installation-id"; import { keyLocator } from "./key-locator"; @@ -15,7 +15,7 @@ jest.mock("~/src/config/feature-flags"); describe("InstallationTokenCache & AppTokenHolder", () => { const githubInstallationId = 123456; const date = new Date(2021, 10, 25, 10, 0); - const in10Minutes = new Date(date.getTime() + TEN_MINUTES); + const in10Minutes = new Date(date.getTime() + NINE_MINUTES_MSEC); beforeEach(() => { jest.useFakeTimers("modern");