Merge pull request #35 from michiganhackers/pr-13

Update Access Tokens before Expiration

Author: foleyash

src/app/api/sessionDB/create/route.ts

@@ -10,10 +10,14 @@ export async function POST(req: Request) {
     const data = await req.json();
     const accessToken : string = data.accessToken;
     const refreshToken : string = data.refreshToken;
+    const expires_in : number = data.expires_in;
+
+    const now : any = Date.now();
+    const expiration = new Date(now + (expires_in * 1000)).toISOString(); // Time of expiration, expressed in "YYYY-MM-DDT00:00:00Z" (ISO format)
 
     let sid;
     try {
-        sid = await CreateSession(accessToken, refreshToken);
+        sid = await CreateSession(accessToken, refreshToken, expiration);
     }
     catch (error) {
         return NextResponse.json(

src/app/api/spotify/getToken/route.ts

@@ -26,6 +26,7 @@ export async function GET(req: Request) {
     // const state = reqUrl.searchParams.get('state');
 
     var accessToken, refreshToken : string;
+    var expires_in : Number;
     const tokenResponse = await fetch(TOKEN_ENDPOINT, {
         method: 'POST',
         headers: {
@@ -45,12 +46,14 @@ export async function GET(req: Request) {
     const data = await tokenResponse.json();
     accessToken = data.access_token;
     refreshToken = data.refresh_token;
+    expires_in = data.expires_in;
 
     const createResponse = await fetch(process.env.APP_SERVER + '/api/sessionDB/create', { 
         method: 'POST',
         body: JSON.stringify({
             accessToken: accessToken,
-            refreshToken: refreshToken
+            refreshToken: refreshToken,
+            expires_in
         }) 
     })
 

src/database/db.ts

@@ -1,6 +1,6 @@
 import postgres from 'postgres'
 import 'dotenv/config'
-
+import { cloneElement } from 'react'
 
 // const sql = postgres(process.env.PG_URI!)
 const sql = postgres({
@@ -78,7 +78,8 @@ export async function VerifyGuestCode(guestCode : string) : Promise<any> {
 
 export async function CreateSession(
     accessToken : string,
-    refreshToken : string) : Promise<any> {
+    refreshToken : string,
+    expiration : string) : Promise<any> {
 
     // Get all currently used session codes
     const codes : any[] = await sql`
@@ -107,8 +108,8 @@ export async function CreateSession(
     } while (!is_unique)
 
     await sql`
-    INSERT INTO sessions (session_id, access_token, refresh_token)
-    VALUES (${code}, ${accessToken}, ${refreshToken})
+    INSERT INTO sessions (session_id, access_token, refresh_token, expiration)
+    VALUES (${code}, ${accessToken}, ${refreshToken}, ${expiration})
     `
     return code;
 }
@@ -247,3 +248,79 @@ export async function DeleteSession(sid : string) : Promise<void> {
         throw new Error("sid does not exist")
     }
 }
+
+    
+export async function GetRefreshToken(sid : string) : Promise<any> {
+
+    const token = await sql`
+        SELECT refresh_token FROM sessions
+        WHERE session_id = ${sid}
+    `
+
+    if(token.length < 1) {
+        throw Error("Undefined session id")
+    }
+
+    console.log("refreshtoken: ", token[0].refresh_token)
+
+    return token[0].refresh_token;
+}
+
+export async function UpdateTokens(
+    accessToken : string,
+    refreshToken : string,
+    expiration : string,
+    sid : string) : Promise<any> {
+
+    if(!IsValidSid(sid)) {
+        throw new Error(`Invalid sid: ${sid}`);
+    }
+
+    const token = await sql`
+        SELECT access_token FROM sessions
+        WHERE session_id = ${sid}
+    `
+
+    console.log("old token: ", token[0].access_token)
+
+    await sql`
+        UPDATE sessions 
+        SET access_token = ${accessToken}, refresh_token = ${refreshToken}, expiration = ${expiration}
+        WHERE session_id = ${sid}
+    `;
+
+    return sid;
+}
+
+
+export async function GetExpiration(sid: string) : Promise<string> {
+    if(!IsValidSid(sid)) {
+        throw new Error(`Invalid sid: ${sid}`);
+    }
+    
+    const expiration = await sql`
+        SELECT expiration
+        FROM sessions
+        WHERE session_id = ${sid}
+    `
+
+    console.log("Expiration: " + expiration[0].expiration)
+
+    return expiration[0].expiration
+}
+
+
+/****   HELPER DB FUNCTIONS BELOW    ****/
+
+export async function IsValidSid(sid: string) : Promise<boolean> {
+    // Get all currently used session codes
+    const codes : any[] = await sql`
+        SELECT session_id FROM sessions
+    `
+
+    if(!codes.find(code => code.session_id === sid)) {
+        return false;
+    }
+    
+    return true;
+}

src/database/schema.sql

@@ -4,6 +4,7 @@ CREATE TABLE sessions (
     host_id INT,
     access_token varchar(255),
     refresh_token varchar(255),
+    expiration varchar(255),
     PRIMARY KEY (session_id)
 );
 

src/socket/WebSocketController.ts

@@ -1,4 +1,7 @@
-import { DeleteSession, GetAccessToken, GetQueue, ReplaceQueue } from "../database/db"
+import { setMaxIdleHTTPParsers } from "http";
+import { DeleteSession, GetAccessToken, GetExpiration, GetQueue, IsValidSid, ReplaceQueue } from "../database/db"
+import { updateTokens } from "./refreshTokens";
+import { sleep } from "../../src/utils"
 
 // Goals for this class:
 //      - Create an instance of WebSocketController at top level of server.ts
@@ -27,7 +30,7 @@ export class WebSocketController {
 
 
     // Adds new {sid, intervalID} to checkQueueUpdatesIntervals
-    public addSessionInterval(sid : string) : void {
+    public async addSessionInterval(sid : string) : Promise<void> {
         // Check if session already exists, if it does, simply increment user cound
         if(this.checkQueueUpdatesIntervals.has(sid)) {
             this.incrementUserCount(sid);
@@ -36,6 +39,9 @@ export class WebSocketController {
 
         this.currentSongProgress.set(sid, { progress: 0, lastUpdated: 0, isPlaying: false, duration: 0 });
 
+        // Set an interval to trigger before the expiration to create a new access token
+        this.createRefreshTokenTimeout(sid);
+
         // Calls checkQueueUpdates every 5 seconds
         let intervalID = setInterval(async () => {
             const existing = this.currentSongProgress.get(sid);
@@ -87,7 +93,7 @@ export class WebSocketController {
                     console.log("Terminating session interval and database information");
                     this.destroySession(sid);
                 }
-            }, 60000)
+            }, 600000) // 10 minutes
         }
     }
 
@@ -214,5 +220,42 @@ export class WebSocketController {
         } catch (error) {
           console.error(`Failed to sync song progress for session ${sid}:`, error);
         }
-      }
+    }
+
+    // To be called every expires_in seconds, which is returned from original
+    // access_token request
+    private async updateAccessToken(sid : string) : Promise<void> {
+        let failCount = 0;
+        // Attempt to update token up to 3 times
+        while(failCount < 3 && !(await updateTokens(sid))) {
+            failCount++;
+            sleep(1)
+        }
+        if (failCount == 3) // If updateTokens fails 3 times, assume new token cannot be acquired
+            return;
+
+        await this.createRefreshTokenTimeout(sid); // Repeat cycle
+    }
+
+
+    private async createRefreshTokenTimeout(sid: string) : Promise<void> {
+        const now : any = new Date();
+        let expiration_str : string;
+        
+        if(await IsValidSid(sid)) {
+            expiration_str = await GetExpiration(sid);
+        }
+        else {
+            console.error("@@@ Failed to validate session: ", sid);
+            return; // Session has ended
+        }
+
+        const expiration : any = new Date(expiration_str)
+        const expires_in : number = (expiration - now) - 10000; // Difference in milliseconds (minus 10 seconds)
+        if(expires_in >= 0) {
+            setTimeout(async () => {
+                this.updateAccessToken(sid);
+            }, expires_in)
+        }
+    }
 };

src/socket/refreshTokens.ts

@@ -0,0 +1,78 @@
+import { NextResponse } from 'next/server'
+import 'dotenv/config'
+import { GetRefreshToken, UpdateTokens } from '../database/db';
+
+const client_id = process.env.SPOTIFY_CLIENT_ID;
+const client_secret = process.env.SPOTIFY_CLIENT_SECRET;
+const basic = btoa(`${client_id}:${client_secret}`);
+
+// RETURNS:
+//      true  -- successful update of access token
+//      false -- failed update of access token
+export async function updateTokens(sid : string) : Promise<boolean> {
+    
+    const url = "https://accounts.spotify.com/api/token";
+    let refreshToken;
+    try {
+        refreshToken = await GetRefreshToken(sid);
+    }
+    catch (err) {
+        console.error("@@@ Failed to obtain refreshToken:\n", err);
+        return false;
+    }
+
+    const payload = {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+          'Authorization': 'Basic ' + basic
+        },
+        body: new URLSearchParams({
+          grant_type: 'refresh_token',
+          refresh_token: refreshToken,
+        }),
+    }
+
+    try {
+        // Fetch the response from Spotify API
+        const response = await fetch(url, payload);
+        
+        // Check for a successful response
+        if (!response.ok) {
+            console.error(`@@@ Failed to refresh token with Spotify API: ${response.status}`);
+            return false;
+        }
+
+        // Parse the response JSON
+        const data = await response.json();
+
+        // Extract new tokens from the response
+        const newAccessToken = data.access_token;
+        const expires_in : number = data.expires_in;
+        let newRefreshToken : string;
+        if('refresh_token' in data) {
+            newRefreshToken = data.refresh_token;
+        }
+        else {
+            newRefreshToken = refreshToken;
+        }
+
+        const now : any = Date.now();
+        const expiration = new Date(now + (expires_in * 1000)).toISOString(); // Time of expiration, expressed in "YYYY-MM-DDT00:00:00Z" (ISO format)
+
+        // Update the tokens in the database
+        let confirm;
+        try {
+            confirm = await UpdateTokens(newAccessToken, newRefreshToken, expiration, sid);
+        }
+        catch (err) {
+            console.error("@@@ Failed to update tokens in DB:\n", err);
+            return false;
+        }
+
+        return true; // No need to return anything unless you want to send a response
+    } catch (error) {
+        console.error('@@@ Error during token update process:\n', error);
+        return false;
+    }
+}

src/socket/server.ts

@@ -13,7 +13,7 @@ const controller = new WebSocketController(io);
 
 // let checkQueueUpdatesIntervals = new Map<string, any>();
 // var checkQueueUpdatesInterval : any;
-io.on("connection", (socket) => {
+io.on("connection", async (socket) => {
 
     // Add user to the room (session) in which they want to connect
     const sid : string = socket.handshake.auth.token;  
@@ -23,7 +23,7 @@ io.on("connection", (socket) => {
     socket.join(sid);
 
     if(isHost === "true")
-        controller.addSessionInterval(sid);
+        await controller.addSessionInterval(sid);
     else
         controller.incrementUserCount(sid);
 

src/utils.ts

@@ -21,4 +21,11 @@ export function handleSpotifyAuth(client_id : string | undefined, redirect_uri :
 //songID vs song_id => when fetching straight from spotify its the former, from database its the latter
 export function getValue(data: any, key: string) {
     return data[key] ?? data[key.replace(/([A-Z])/g, '_$1').toLowerCase()];
-  }
+  }
+
+
+// General purpose sleep function
+export function sleep(seconds : number) {
+    const ms : number = seconds * 1000;
+    return new Promise(resolve => setTimeout(resolve, ms));
+}