Locking (in progress)

Author: Eric Koleda

src/Service.gs

@@ -44,6 +44,20 @@ var Service_ = function(serviceName) {
  */
 Service_.EXPIRATION_BUFFER_SECONDS_ = 60;
 
+/**
+ * The number of seconds that a token should remain in the cache.
+ * @type {number}
+ * @private
+ */
+Service_.CACHE_EXPIRATION_SECONDS_ = 6 * 60 * 60;
+
+/**
+ * The number of seconds that a token should remain in the cache.
+ * @type {number}
+ * @private
+ */
+Service_.LOCK_EXPIRATION_MILLISECONDS_ = 30 * 1000;
+
 /**
  * Sets the service's authorization base URL (required). For Google services this URL should be
  * https://accounts.google.com/o/oauth2/auth.
@@ -173,6 +187,18 @@ Service_.prototype.setCache = function(cache) {
  return this;
 };
 
+/**
+ * Sets the lock to use when checking and refreshing credentials (optional). Using a lock will
+ * ensure that only one execution will be able to access the stored credentials at a time. This can
+ * prevent race conditions that arise when two executions attempt to refresh an expired token.
+ * @param {LockService.Lock} cache The lock to use when accessing credentials.
+ * @return {Service_} This service, for chaining.
+ */
+Service_.prototype.setLock = function(lock) {
+ this.lock_ = lock;
+ return this;
+};
+
 /**
  * Sets the scope or scopes to request during the authorization flow (optional). If the scope value
  * is an array it will be joined using the separator before being sent to the server, which is
@@ -329,27 +355,32 @@ Service_.prototype.handleCallback = function(callbackRequest) {
  * @return {boolean} true if the user has access to the service, false otherwise.
  */
 Service_.prototype.hasAccess = function() {
+ if (this.lock_) {
+ this.lock_.waitLock(Service_.LOCK_EXPIRATION_MILLISECONDS_);
+ }
+ var result = true;
  var token = this.getToken();
  if (!token || this.isExpired_(token)) {
  if (token && token.refresh_token) {
  try {
  this.refresh();
  } catch (e) {
  this.lastError_ = e;
- return false;
+ result = false;
  }
  } else if (this.privateKey_) {
  try {
  this.exchangeJwt_();
  } catch (e) {
  this.lastError_ = e;
- return false;
+ result = false;
  }
- } else {
- return false;
  }
  }
- return true;
+ if (this.lock_) {
+ this.lock_.releaseLock();
+ }
+ return result;
 };
 
 /**
@@ -458,6 +489,9 @@ Service_.prototype.parseToken_ = function(content) {
  * requested when the token was authorized.
  */
 Service_.prototype.refresh = function() {
+ if (this.lock_) {
+ this.lock_.waitLock(Service_.LOCK_EXPIRATION_MILLISECONDS_);
+ }
  validate_({
  'Client ID': this.clientId_,
  'Client Secret': this.clientSecret_,
@@ -494,6 +528,9 @@ Service_.prototype.refresh = function() {
  newToken.refresh_token = token.refresh_token;
  }
  this.saveToken_(newToken);
+ if (this.lock_) {
+ this.lock_.releaseLock();
+ }
 };
 
 /**
@@ -509,7 +546,7 @@ Service_.prototype.saveToken_ = function(token) {
  var value = JSON.stringify(token);
  this.propertyStore_.setProperty(key, value);
  if (this.cache_) {
- this.cache_.put(key, value, 21600);
+ this.cache_.put(key, value, Service_.CACHE_EXPIRATION_SECONDS_);
  }
  this.token_ = token;
 };
@@ -541,7 +578,7 @@ Service_.prototype.getToken = function() {
  // Check PropertiesService store.
  if ((token = this.propertyStore_.getProperty(key))) {
  if (this.cache_) {
- this.cache_.put(key, token, 21600);
+ this.cache_.put(key, token, Service_.CACHE_EXPIRATION_SECONDS_);
  }
  token = JSON.parse(token);
  this.token_ = token;

test/mocks/lock.js

@@ -0,0 +1,31 @@
+var locked = false;
+
+var MockLock = function() {
+ this.hasLock = false;
+};
+
+MockCache.prototype.waitLock = function(timeoutInMillis) {
+ var start = new Date();
+ do {
+ if (!locked) {
+ locked = true;
+ this.hasLock = true;
+ return;
+ }
+ } while (timeDiffInMillis(new Date(), start) > timeoutInMillis);
+ throw new Error('Unable to get lock');
+};
+
+MockCache.prototype.releaseLock = function() {
+ if (!this.hasLock) {
+ throw new Error('Not your lock');
+ }
+ locked = false;
+ this.hasLock = false;
+};
+
+function timeDiffInMillis(a, b) {
+ return a.getTime() - b.getTime();
+}
+
+module.exports = MockCache;

test/mocks/urlfetchapp.js

@@ -0,0 +1,22 @@
+var MockUrlFetchApp = function() {
+ this.delay = 0;
+ this.result = '';
+};
+
+MockUrlFetchApp.prototype.fetch = function(url, opt_options) {
+ var result = this.result;
+ var delay = this.delay;
+ if (delay) {
+ await timeout(delay);
+ }
+ return {
+ getContentText: () => result,
+ getResponseCode: () => 200
+ };
+};
+
+function timeout(ms) {
+ return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+module.exports = MockUrlFetchApp;

test/test.js

@@ -1,6 +1,7 @@
 var assert = require('chai').assert;
 var _ = require('underscore');
 var gas = require('gas-local');
+var MockUrlFetchApp = require('./mocks/urlfetchapp');
 var MockProperties = require('./mocks/properties');
 var MockCache = require('./mocks/cache');
 
@@ -14,7 +15,8 @@ var mocks = {
  getScriptId: function() {
  return '12345';
  }
- }
+ },
+ UrlFetchApp: new MockUrlFetchApp()
 };
 var options = {
  filter: function(f) {
@@ -115,4 +117,31 @@ describe('Service', function() {
  assert.notExists(properties.getProperty(key));
  });
  });
+
+ describe('#hasAccess()', function() {
+ it('should use the lock to prevent concurrend access', function() {
+ var token = {
+ granted_time: 0,
+ expires_in: 0,
+ refresh_token: 'bar'
+ };
+ var properties = new MockProperties({
+ 'oauth2.test': JSON.stringify(token)
+ });
+
+ mocks.UrlFetchApp.delay = 1000;
+ mocks.UrlFetchApp.result = JSON.stringify({
+ access_token: 'foo'
+ });
+
+ var executions = _.range(2).map(function() {
+ var service = OAuth2.createService('test')
+ .setPropertyStore(properties)
+ .setLock(new MockLock());
+ return new Promise((resolve) => resolve(service.hasAccess()));
+ });
+
+ Promise.all(executions);
+ });
+ });
 });