Implement refresh tokens handling

Author: Parker7123

app/src/main/java/com/example/moontech/application/AppContainer.kt

@@ -18,6 +18,7 @@ import com.example.moontech.data.store.UserDataStore
 import com.example.moontech.services.web.CameraApiService
 import com.example.moontech.services.web.CameraApiServiceImpl
 import com.example.moontech.services.web.HttpClientFactory
+import com.example.moontech.services.web.PersistentCookieStorage
 import com.example.moontech.services.web.RoomApiService
 import com.example.moontech.services.web.RoomApiServiceImpl
 import com.example.moontech.services.web.TokenManager
@@ -39,6 +40,7 @@ interface AppContainer {
     val cameraApiService: CameraApiService
     val videoServerApiService: VideoServerApiService
     val tokenManager: TokenManager
+    val persistentCookieStorage: PersistentCookieStorage
 }
 
 private val Context.dataStore: DataStore<Preferences> by preferencesDataStore(
@@ -61,9 +63,12 @@ class DefaultAppContainer(context: Context) : AppContainer {
     override val roomCameraDataStore: RoomCameraDataStore by lazy {
         PreferencesRoomCameraDataStore(context.dataStore)
     }
+    override val tokenManager: TokenManager by lazy {
+        TokenManager(userDataStore)
+    }
     override val httpClient: HttpClient by lazy {
         val baseUrl = context.getString(R.string.base_url)
-        HttpClientFactory.create(baseUrl, tokenManager)
+        HttpClientFactory.create(baseUrl, tokenManager, persistentCookieStorage)
     }
     override val userApiService: UserApiService by lazy {
         UserApiServiceImpl(httpClient)
@@ -74,8 +79,8 @@ class DefaultAppContainer(context: Context) : AppContainer {
     override val cameraApiService: CameraApiService by lazy {
         CameraApiServiceImpl(httpClient)
     }
-    override val tokenManager: TokenManager by lazy {
-        TokenManager(userDataStore)
+    override val persistentCookieStorage: PersistentCookieStorage by lazy {
+        PersistentCookieStorage(context.dataStore)
     }
     override val videoServerApiService: VideoServerApiService by lazy {
         VideoServerApiServiceImpl(httpClient, context)

app/src/main/java/com/example/moontech/data/store/PreferencesDataStoreUtils.kt

@@ -1,8 +1,9 @@
-
 import android.util.Log
 import androidx.datastore.preferences.core.emptyPreferences
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.catch
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.Json
 import java.io.IOException
 
 private const val TAG = "PreferencesDataStore"
@@ -15,4 +16,17 @@ fun <T> Flow<T>.catching(): Flow<T> {
         }
         throw it
     }
+}
+
+inline fun <reified T> Set<String>.editDecodedValues(block: MutableSet<T>.() -> Unit): Set<String> {
+    return decode<T>()
+        .toMutableSet().apply { block() }.encodeToString()
+}
+
+inline fun <reified T> Set<String>.decode(): Set<T> {
+    return map { Json.decodeFromString<T>(it) }.toSet()
+}
+
+inline fun <reified T> Set<T>.encodeToString(): Set<String> {
+    return map { Json.encodeToString(it) }.toSet()
 }

app/src/main/java/com/example/moontech/data/store/PreferencesUserDataStore.kt

@@ -9,6 +9,8 @@ import catching
 import com.example.moontech.data.dataclasses.UserData
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.map
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.Json
 
 class PreferencesUserDataStore(private val dataStore: DataStore<Preferences>) : UserDataStore {
     companion object {
@@ -20,12 +22,12 @@ class PreferencesUserDataStore(private val dataStore: DataStore<Preferences>) :
         .catching()
         .map { preferences ->
             Log.i(TAG, "fetching ${preferences[USER_DATA_KEY]}")
-            preferences[USER_DATA_KEY]?.let { UserData(it) }
+            preferences[USER_DATA_KEY]?.let { Json.decodeFromString<UserData>(it) }
         }
 
     override suspend fun save(userData: UserData) {
         dataStore.edit { preferences ->
-            preferences[USER_DATA_KEY] = userData.accessToken
+            preferences[USER_DATA_KEY] = Json.encodeToString(userData)
         }
     }
 

app/src/main/java/com/example/moontech/services/web/HttpClientFactory.kt

@@ -5,15 +5,22 @@ import io.ktor.client.engine.okhttp.OkHttp
 import io.ktor.client.plugins.auth.Auth
 import io.ktor.client.plugins.auth.providers.bearer
 import io.ktor.client.plugins.contentnegotiation.ContentNegotiation
+import io.ktor.client.plugins.cookies.CookiesStorage
+import io.ktor.client.plugins.cookies.HttpCookies
 import io.ktor.client.plugins.defaultRequest
 import io.ktor.http.ContentType
 import io.ktor.http.contentType
+import io.ktor.http.encodedPath
 import io.ktor.serialization.kotlinx.json.json
 import okhttp3.logging.HttpLoggingInterceptor
 import java.time.Duration
 
 object HttpClientFactory {
-    fun create(baseUrl: String, tokenManager: TokenManager): HttpClient {
+    fun create(
+        baseUrl: String,
+        tokenManager: TokenManager,
+        cookieStorage: CookiesStorage
+    ): HttpClient {
         return HttpClient(OkHttp) {
             expectSuccess = true
             engine {
@@ -34,14 +41,21 @@ object HttpClientFactory {
                 json()
             }
 
+            install(HttpCookies) {
+                storage = cookieStorage
+            }
+
             install(Auth) {
                 bearer {
-                    sendWithoutRequest { !it.url.pathSegments.contains("watch") }
+                    sendWithoutRequest {
+                        !it.url.pathSegments.contains("watch") &&
+                                !it.url.encodedPath.startsWith("/room/refreshToken")
+                    }
                     loadTokens {
                         tokenManager.loadTokens()
                     }
                     refreshTokens {
-                        tokenManager.refreshTokens(oldTokens)
+                        tokenManager.refreshTokens(this)
                     }
                 }
             }

app/src/main/java/com/example/moontech/services/web/PersistentCookieStorage.kt

@@ -0,0 +1,147 @@
+package com.example.moontech.services.web
+
+import androidx.datastore.core.DataStore
+import androidx.datastore.preferences.core.Preferences
+import androidx.datastore.preferences.core.edit
+import androidx.datastore.preferences.core.stringSetPreferencesKey
+import decode
+import editDecodedValues
+import io.ktor.client.plugins.cookies.CookiesStorage
+import io.ktor.http.Cookie
+import io.ktor.http.Url
+import io.ktor.http.hostIsIp
+import io.ktor.http.isSecure
+import io.ktor.util.toLowerCasePreservingASCIIRules
+import kotlinx.coroutines.flow.first
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.Json
+
+class PersistentCookieStorage(private val dataStore: DataStore<Preferences>) : CookiesStorage {
+    private val key = stringSetPreferencesKey("PersistentCookieStorage")
+
+    override suspend fun addCookie(requestUrl: Url, cookie: Cookie) {
+        val wrappedCookie = cookie.wrap().fillDefaults(requestUrl)
+        dataStore.edit { preferences ->
+            val newCookies = preferences[key]?.editDecodedValues<CookieWrapper> {
+                removeIf { persistedCookie ->
+                    persistedCookie.name == cookie.name && persistedCookie.matches(wrappedCookie)
+                }
+                add(wrappedCookie)
+            } ?: setOf(Json.encodeToString(wrappedCookie))
+            preferences[key] = newCookies
+        }
+    }
+
+    override fun close() {
+    }
+
+    override suspend fun get(requestUrl: Url): List<Cookie> {
+        dataStore.data.first().let { preferences ->
+            val wrappedCookies = preferences[key]?.decode<CookieWrapper>()
+                ?.filter { cookie -> cookie.matches(requestUrl) }?.toList()
+                ?: listOf()
+            return wrappedCookies.map(CookieWrapper::unwrap)
+        }
+    }
+
+    @Serializable
+    data class CookieWrapper(
+        val domain: String?,
+        val name: String,
+        val path: String?,
+        val secure: Boolean = true,
+        val value: String
+    )
+}
+
+internal fun Cookie.wrap(): PersistentCookieStorage.CookieWrapper {
+    return PersistentCookieStorage.CookieWrapper(
+        domain = domain,
+        name = name,
+        path = path,
+        secure = secure,
+        value = value
+    )
+}
+
+internal fun PersistentCookieStorage.CookieWrapper.fillDefaults(requestUrl: Url): PersistentCookieStorage.CookieWrapper {
+    var result = this
+
+    if (result.path?.startsWith("/") != true) {
+        result = result.copy(path = requestUrl.encodedPath)
+    }
+
+    if (result.domain.isNullOrBlank()) {
+        result = result.copy(domain = requestUrl.host)
+    }
+
+    return result
+}
+
+internal fun PersistentCookieStorage.CookieWrapper.unwrap(): Cookie {
+    return Cookie(
+        name = name,
+        domain = domain,
+        path = path,
+        secure = secure,
+        value = value
+    )
+}
+
+internal fun PersistentCookieStorage.CookieWrapper.matches(requestUrl: Url): Boolean {
+    val domain = domain?.toLowerCasePreservingASCIIRules()?.trimStart('.')
+        ?: error("Domain field should have the default value")
+
+    val path = with(path) {
+        val current = path ?: error("Path field should have the default value")
+        if (current.endsWith('/')) current else "$path/"
+    }
+
+    val host = requestUrl.host.toLowerCasePreservingASCIIRules()
+    val requestPath = let {
+        val pathInRequest = requestUrl.encodedPath
+        if (pathInRequest.endsWith('/')) pathInRequest else "$pathInRequest/"
+    }
+
+    if (host != domain && (hostIsIp(host) || !host.endsWith(".$domain"))) {
+        return false
+    }
+
+    if (path != "/" &&
+        requestPath != path &&
+        !requestPath.startsWith(path)
+    ) {
+        return false
+    }
+
+    return !(secure && !requestUrl.protocol.isSecure())
+}
+
+internal fun PersistentCookieStorage.CookieWrapper.matches(cookie: PersistentCookieStorage.CookieWrapper): Boolean {
+    val domain = domain?.toLowerCasePreservingASCIIRules()?.trimStart('.')
+        ?: error("Domain field should have the default value")
+
+    val path = with(path) {
+        val current = path ?: error("Path field should have the default value")
+        if (current.endsWith('/')) current else "$path/"
+    }
+
+    val host = cookie.domain?.toLowerCasePreservingASCIIRules()?.trimStart('.')
+        ?: error("Domain field should have the default value")
+    val requestPath = with(cookie.path) {
+        val current = this ?: error("Path field should have the default value")
+        if (current.endsWith('/')) current else "$this/"
+    }
+    if (host != domain && (hostIsIp(host) || !host.endsWith(".$domain"))) {
+        return false
+    }
+
+    if (path != "/" &&
+        requestPath != path &&
+        !requestPath.startsWith(path)
+    ) {
+        return false
+    }
+    return true
+}

app/src/main/java/com/example/moontech/services/web/RoomApiServiceImpl.kt

@@ -30,12 +30,21 @@ class RoomApiServiceImpl(private val httpClient: HttpClient): RoomApiService {
     }
 
     override suspend fun watchRoom(request: WatchRequest, accessToken: String?): Result<WatchedRoom> {
-        return httpClient.postResult("$endpoint/watch") {
-            setBody(request)
-            accessToken?.let {
-                this.headers.append("Authorization", "Bearer $accessToken")
+        if (accessToken == null) {
+            return httpClient.getResult("$endpoint/watch") {
+                setBody(request)
+            }
+        }
+        val tokenResponse = httpClient.postResult<RoomTokenResponse>("$endpoint/refreshToken/${request.roomName}") {
+            this.headers.append("Authorization", "Bearer $accessToken")
+        }
+        tokenResponse.onSuccess {
+            return httpClient.postResult("$endpoint/watch") {
+                setBody(request)
+                this.headers.append("Authorization", "Bearer ${it.accessToken}")
             }
         }
+        return Result.failure(Exception("Access denied: unauthorized"))
     }
 
     override suspend fun getRoomToken(request: RoomTokenRequest): Result<RoomTokenResponse> {

app/src/main/java/com/example/moontech/services/web/TokenManager.kt

@@ -1,7 +1,11 @@
 package com.example.moontech.services.web
 
+import com.example.moontech.data.dataclasses.UserData
 import com.example.moontech.data.store.UserDataStore
 import io.ktor.client.plugins.auth.providers.BearerTokens
+import io.ktor.client.plugins.auth.providers.RefreshTokensParams
+import io.ktor.client.request.header
+import io.ktor.client.statement.request
 import kotlinx.coroutines.flow.first
 
 class TokenManager(private val userDataStore: UserDataStore) {
@@ -10,13 +14,22 @@ class TokenManager(private val userDataStore: UserDataStore) {
         return userData?.accessToken?.let { BearerTokens(it, it) }
     }
 
-    suspend fun refreshTokens(oldTokens: BearerTokens?): BearerTokens? {
-        val userData = userDataStore.userData.first()
-        // here we treat access token as refresh token
-        if (userData == null || oldTokens?.refreshToken == userData.accessToken) {
-            userDataStore.clear()
-            return null
+    suspend fun refreshTokens(params: RefreshTokensParams): BearerTokens? {
+        val userData = userDataStore.userData.first() ?: return null
+        val response = params.client.postResult<UserData>("/user/refreshToken") {
+            header("Authorization", "Bearer ${params.oldTokens?.accessToken ?: userData.accessToken}")
         }
-        return BearerTokens(userData.accessToken, userData.accessToken)
+        response.fold(
+            onSuccess = {
+                userDataStore.save(it)
+                return BearerTokens(it.accessToken, it.accessToken)
+            },
+            onFailure = {
+                if (!params.response.request.url.encodedPath.startsWith("/room/watch")) {
+                    userDataStore.clear()
+                }
+                return null
+            }
+        )
     }
 }