Merge pull request #40 from alces-flight/develop

Check and display an expired token error

Gemfile

@@ -38,6 +38,8 @@ gem 'simple_jsonapi_client'
 gem 'tty-editor'
 gem 'tty-table'
 gem 'tty-prompt'
+gem 'jwt'
+gem 'paint'
 gem 'xdg'
 
 group :development do

Gemfile.lock

@@ -1,12 +1,12 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.0.2.2)
+    activesupport (6.0.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
+      zeitwerk (~> 2.2, >= 2.2.2)
     byebug (11.1.3)
     coderay (1.1.2)
     commander-openflighthpc (2.1.2)
@@ -22,10 +22,11 @@ GEM
     filesize (0.2.0)
     hashie (4.1.0)
     highline (2.0.3)
-    i18n (1.8.2)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
+    jwt (2.2.1)
     method_source (1.0.0)
-    minitest (5.14.0)
+    minitest (5.14.1)
     multipart-post (2.1.1)
     necromancer (0.5.1)
     paint (2.1.1)
@@ -75,7 +76,7 @@ GEM
     unicode_utils (1.4.0)
     wisper (2.0.1)
     xdg (4.1.0)
-    zeitwerk (2.3.0)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby
@@ -85,6 +86,8 @@ DEPENDENCIES
   commander-openflighthpc (> 2)
   filesize
   hashie
+  jwt
+  paint
   pry
   pry-byebug
   simple_jsonapi_client

lib/flight_asset/credentials_config.rb

@@ -26,7 +26,46 @@
 # https://github.com/alces-flight/alces-flight/flight-asset-cli
 #==============================================================================
 
+require 'jwt'
+require 'paint'
+
 module FlightAsset
+  class JWTCheckMiddleware
+    attr_reader :jwt
+
+    def initialize(app, jwt:)
+      @app = app
+      @jwt = jwt
+    end
+
+    def call(env)
+      env.request_headers['Authorization'] = "Bearer #{jwt}"
+      @app.call(env).tap do |res|
+        # Checks if the 404 was "likely" caused by an invalid JWT
+        check_token if res.status == 404
+      end
+    end
+
+    def check_token
+      expiry = begin
+        JWT.decode(jwt, nil, false).first['exp']
+      rescue
+        raise CredentialsError, <<~ERROR.chomp
+          Your access token appears to be malformed and needs to be regenerated.
+          Please take care when copying the token into the configure command:
+          #{Paint["#{Config::CACHE.app_name} configure", :yellow]}
+        ERROR
+      end
+
+      if expiry && expiry < Time.now.to_i
+        raise CredentialsError, <<~ERROR.chomp
+          Your access token has expired! Please regenerate it and run:
+          #{Paint["#{Config::CACHE.app_name} configure", :yellow]}
+        ERROR
+      end
+    end
+  end
+
   class CredentialsConfig < ConfigBase
     config :component_id
     config :jwt
@@ -53,8 +92,7 @@ def valid?
     def headers
       {
         'Accept' => 'application/vnd.api+json',
-        'Content-Type' => 'application/json',
-        'Authorization' => "Bearer #{jwt!}"
+        'Content-Type' => 'application/json'
       }
     end
 
@@ -64,6 +102,7 @@ def url
 
     def connection
       @connection ||= Faraday.new(url: url, headers: headers) do |c|
+        c.use JWTCheckMiddleware, jwt: jwt!
         c.use Faraday::Response::Logger, Config::CACHE.logger, { bodies: true } do |l|
           l.filter(/(Authorization:)(.*)/, '\1 [REDACTED]')
         end

lib/flight_asset/version.rb

@@ -26,5 +26,5 @@
 #==============================================================================
 
 module FlightAsset
-  VERSION = '1.1.2'
+  VERSION = '1.1.3'
 end