Merge pull request #44 from lemoncloud-io/feature/louis-check-identity-token

refactor: improve token refresh logic and caching

Author: louis-lemon

src/core/aws-web.core.ts

@@ -276,51 +276,12 @@ export class AWSWebCore implements WebCoreService {
             {},
             { ...body }
         );
-        const refreshToken = {
-            identityToken: response.data.identityToken || cached.identityToken,
-            identityPoolId: cached.identityPoolId,
-            ...(response.data.Token ? response.data.Token : response.data),
-        };
-        this.logger.info('success to refresh token');
-        return await this.buildCredentialsByToken(refreshToken);
-    }
-
-    /**
-     * Refreshes the cached token new version
-     * @param {string} [domain=''] - The domain for the refresh request.
-     * @param {string} [url=''] - The request url for refresh token
-     * @returns {Promise<AWS.Credentials | null>} - The AWS credentials or null if refresh fails.
-     */
-    async refreshCachedTokenV2(domain: string = '', url: string = '') {
-        const cached = await this.tokenStorage.getCachedOAuthToken();
-        if (!cached.authId) {
-            throw new Error('authId is required for token refresh');
-        }
 
-        const payload = {
-            authId: cached.authId,
-            accountId: cached.accountId,
-            identityId: cached.identityId,
-            identityToken: cached.identityToken,
-        };
-        const current = new Date().toISOString();
-        const signature = calcSignature(payload, current);
-
-        let body: RefreshTokenBody = { current, signature };
-        if (domain && domain.length > 0) {
-            body = { ...body, domain };
-        }
-
-        const response: HttpResponse<any> = await this.signedRequest(
-            'POST',
-            url ? url : `${this.config.oAuthEndpoint}/oauth/${cached.authId}/refresh`,
-            {},
-            { ...body }
-        );
+        const tokenData = response.data.Token || response.data;
         const refreshToken = {
-            ...(response.data.Token ? response.data.Token : response.data),
-            identityToken: response.data.identityToken || cached.identityToken,
+            identityToken: tokenData.identityToken || cached.identityToken,
             identityPoolId: cached.identityPoolId,
+            ...tokenData,
         };
         this.logger.info('success to refresh token');
         return await this.buildCredentialsByToken(refreshToken);

src/token-storage/aws-storage.service.ts

@@ -48,29 +48,29 @@ export class AWSStorageService extends TokenStorageService {
         const issuedTime = +(await this.storage.getItem(`${this.prefix}.issued_time`));
         const now = new Date().getTime();
 
-        if (!expiredTime) {
-            return true;
-        }
-        if (now >= expiredTime) {
-            return true;
+        if (!expiredTime || expiredTime <= 0) {
+            return false;
         }
 
-        // 전략 1: 고정 버퍼 (5분 전에 refresh)
-        const bufferTime = 5 * 60 * 1000;
-        if (now >= expiredTime - bufferTime) {
+        if (now >= expiredTime) {
             return true;
         }
 
-        // 전략 2: 토큰 수명의 75% 지점에서 refresh
-        if (issuedTime) {
+        if (issuedTime && issuedTime > 0) {
             const tokenLifetime = expiredTime - issuedTime;
-            const refreshThreshold = issuedTime + tokenLifetime * 0.75;
-            if (now >= refreshThreshold) {
+            if (tokenLifetime <= 0) {
                 return true;
             }
+
+            const lifetimeThreshold = issuedTime + tokenLifetime * 0.75; // 75%
+            const bufferThreshold = expiredTime - 5 * 60 * 1000;
+
+            const refreshThreshold = Math.min(lifetimeThreshold, bufferThreshold);
+            return now >= refreshThreshold;
         }
 
-        return false;
+        const bufferTime = 5 * 60 * 1000;
+        return now >= expiredTime - bufferTime;
     }
 
     async getCachedCredentials(): Promise<LemonCredentials> {

src/token-storage/azure-storage.service.ts

@@ -62,29 +62,29 @@ export class AzureStorageService extends TokenStorageService {
         const issuedTime = +(await this.storage.getItem(`${this.prefix}.issued_time`));
         const now = new Date().getTime();
 
-        if (!expiredTime) {
-            return true;
-        }
-        if (now >= expiredTime) {
-            return true;
+        if (!expiredTime || expiredTime <= 0) {
+            return false;
         }
 
-        // 전략 1: 고정 버퍼 (5분 전에 refresh)
-        const bufferTime = 5 * 60 * 1000;
-        if (now >= expiredTime - bufferTime) {
+        if (now >= expiredTime) {
             return true;
         }
 
-        // 전략 2: 토큰 수명의 75% 지점에서 refresh
-        if (issuedTime) {
+        if (issuedTime && issuedTime > 0) {
             const tokenLifetime = expiredTime - issuedTime;
-            const refreshThreshold = issuedTime + tokenLifetime * 0.75;
-            if (now >= refreshThreshold) {
+            if (tokenLifetime <= 0) {
                 return true;
             }
+
+            const lifetimeThreshold = issuedTime + tokenLifetime * 0.75; // 75%
+            const bufferThreshold = expiredTime - 5 * 60 * 1000;
+
+            const refreshThreshold = Math.min(lifetimeThreshold, bufferThreshold);
+            return now >= refreshThreshold;
         }
 
-        return false;
+        const bufferTime = 5 * 60 * 1000;
+        return now >= expiredTime - bufferTime;
     }
 
     /**