Add direct Wonderwall OBO token refresh

navikt · Oct 7, 2024 · 5f3d7ff · 5f3d7ff
1 parent 0a4224a
commit 5f3d7ff
Show file tree

Hide file tree

Showing 9 changed files with 66 additions and 110 deletions.
diff --git a/frontend/src/components/smart-editor/tabbed-editors/editor.tsx b/frontend/src/components/smart-editor/tabbed-editors/editor.tsx
@@ -14,10 +14,10 @@ import { useCanEditDocument } from '@app/components/smart-editor/hooks/use-can-e
 import { Content } from '@app/components/smart-editor/tabbed-editors/content';
 import { PositionedRight } from '@app/components/smart-editor/tabbed-editors/positioned-right';
 import { StickyRight } from '@app/components/smart-editor/tabbed-editors/sticky-right';
-import { useRefreshOboToken } from '@app/components/smart-editor/tabbed-editors/use-refresh-obo-token';
 import { VersionStatus } from '@app/components/smart-editor/tabbed-editors/version-status';
 import { DocumentErrorComponent } from '@app/error-boundary/document-error';
 import { ErrorBoundary } from '@app/error-boundary/error-boundary';
+import { hasOwn, isObject } from '@app/functions/object';
 import { useOppgave } from '@app/hooks/oppgavebehandling/use-oppgave';
 import { useSmartEditorSpellCheckLanguage } from '@app/hooks/use-smart-editor-language';
 import { PlateEditor } from '@app/plate/plate-editor';
@@ -109,8 +109,6 @@ const PlateContext = ({ smartDocument, oppgave }: PlateContextProps) => {
   const editor = useMyPlateEditorRef(id);
   const [isConnected, setIsConnected] = useState(editor.yjs.provider.isConnected);
 
-  const oboTokenIsValid = useRefreshOboToken();
-
   // const editor = useMyPlateEditorRef(id);
 
   // useEffect(() => {
@@ -150,11 +148,29 @@ const PlateContext = ({ smartDocument, oppgave }: PlateContextProps) => {
 
   useEffect(() => {
     // Close happens after connect is broken. Safe to reconnect.
-    const onClose = () => {
+    const onClose = async () => {
       setIsConnected(false);
 
-      if (oboTokenIsValid) {
-        editor.yjs.provider.connect();
+      try {
+        const res = await fetch('/oauth2/session', { credentials: 'include' });
+
+        if (!res.ok) {
+          throw new Error(`API responded with error code ${res.status} for /oauth2/session`);
+        }
+
+        const data: unknown = await res.json();
+
+        if (
+          isObject(data) &&
+          hasOwn(data, 'session') &&
+          isObject(data.session) &&
+          hasOwn(data.session, 'active') &&
+          data.session.active === true
+        ) {
+          editor.yjs.provider.connect();
+        }
+      } catch (err) {
+        console.error(err);
       }
     };
 
@@ -163,7 +179,7 @@ const PlateContext = ({ smartDocument, oppgave }: PlateContextProps) => {
     return () => {
       editor.yjs.provider.off('close', onClose);
     };
-  }, [editor.yjs.provider, oboTokenIsValid]);
+  }, [editor.yjs.provider]);
 
   useEffect(() => {
     // Disconnect happens before close. Too early to reconnect.

diff --git a/frontend/src/components/smart-editor/tabbed-editors/use-refresh-obo-token.ts b/frontend/src/components/smart-editor/tabbed-editors/use-refresh-obo-token.ts
diff --git a/frontend/src/functions/object.ts b/frontend/src/functions/object.ts
@@ -0,0 +1,6 @@
+/** Checks if the given object has the given property. */
+export const hasOwn = <T extends object, K extends PropertyKey>(obj: T, key: K): obj is T & Record<K, unknown> =>
+  Object.hasOwn(obj, key);
+
+export const isObject = (value: unknown): value is Record<string, unknown> =>
+  value !== null && typeof value === 'object';
diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
@@ -23,6 +23,7 @@ export default defineConfig({
       '/nytt-dokument': PROXY,
       '/vedleggsoversikt': PROXY,
       '/version': PROXY,
+      '/oauth': PROXY,
     },
   },
 });
diff --git a/server/src/auth/cache/cache.ts b/server/src/auth/cache/cache.ts
@@ -78,7 +78,7 @@ class OboSimpleCache {
 
   public getCached = this.get;
 
-  public set(key: string, token: string, expiresAt: number): void {
+  public async set(key: string, token: string, expiresAt: number): Promise<void> {
     this.#oboMemoryCache.set(key, token, expiresAt);
   }
 

diff --git a/server/src/auth/on-behalf-of.ts b/server/src/auth/on-behalf-of.ts
@@ -79,7 +79,7 @@ export const refreshOnBehalfOfAccessToken = async (
     }
 
     if (typeof expires_at === 'number') {
-      oboCache.set(cacheKey, obo_access_token, expires_at);
+      await oboCache.set(cacheKey, obo_access_token, expires_at);
     }
 
     return obo_access_token;

diff --git a/server/src/plugins/crdt/collaboration-server.ts b/server/src/plugins/crdt/collaboration-server.ts
@@ -61,10 +61,39 @@ export const collaborationServer = Server.configure({
     }
 
     const { navIdent } = context;
-    const oboAccessToken = await oboCache.get(getCacheKey(navIdent, ApiClientEnum.KABAL_API));
+    let oboAccessToken = await oboCache.get(getCacheKey(navIdent, ApiClientEnum.KABAL_API));
+
+    if (oboAccessToken === null && context.cookie !== undefined) {
+      logContext('Trying to refresh OBO token', context, 'debug');
+
+      try {
+        // Refresh OBO token directly through Wonderwall.
+        const res = await fetch('http://localhost:7564/collaboration/refresh-obo-access-token', {
+          method: 'GET',
+          headers: {
+            Cookie: context.cookie,
+          },
+        });
+
+        if (res.ok) {
+          oboAccessToken = await oboCache.get(getCacheKey(navIdent, ApiClientEnum.KABAL_API));
+          logContext('OBO token refreshed', context, 'debug');
+        } else {
+          throw new Error(`Wonderwall responded with status code ${res.status}`);
+        }
+      } catch (err) {
+        logContext(`Failed to refresh OBO token. ${err instanceof Error ? err : 'Unknown error.'}`, context, 'warn');
+        throw getCloseEvent('MISSING_OBO_TOKEN', 4403);
+      }
+    }
 
     if (oboAccessToken === null) {
-      logContext('No OBO token', context, 'warn');
+      if (context.cookie === undefined) {
+        logContext('Missing session cookie', context, 'warn');
+        throw getCloseEvent('MISSING_COOKIE', 4403);
+      }
+
+      logContext('Missing OBO token', context, 'warn');
       throw getCloseEvent('MISSING_OBO_TOKEN', 4403);
     }
 

diff --git a/server/src/plugins/crdt/context.ts b/server/src/plugins/crdt/context.ts
@@ -8,6 +8,7 @@ export interface ConnectionContext {
   readonly tab_id?: string;
   readonly client_version?: string;
   readonly navIdent: string;
+  readonly cookie: string | undefined;
 }
 
 export const isConnectionContext = (data: unknown): data is ConnectionContext =>

diff --git a/server/src/plugins/crdt/crdt.ts b/server/src/plugins/crdt/crdt.ts
@@ -182,7 +182,7 @@ export const crdtPlugin = fastifyPlugin(
 
           logReq('Handing over connection to HocusPocus', req, { behandlingId, dokumentId });
 
-          const { navIdent, trace_id, span_id, tab_id, client_version } = req;
+          const { navIdent, trace_id, span_id, tab_id, client_version, headers } = req;
 
           const context: ConnectionContext = {
             behandlingId,
@@ -192,6 +192,7 @@ export const crdtPlugin = fastifyPlugin(
             tab_id,
             client_version,
             navIdent,
+            cookie: headers.cookie,
           };
 
           collaborationServer.handleConnection(webSocket, req.raw, context);