Add error handling

Author: EhabY

src/api/coderApi.ts

@@ -3,6 +3,7 @@ import {
 	type AxiosInstance,
 	type AxiosHeaders,
 	type AxiosResponseTransformer,
+	isAxiosError,
 } from "axios";
 import { Api } from "coder/site/src/api/api";
 import {
@@ -30,6 +31,12 @@ import {
 	HttpClientLogLevel,
 } from "../logging/types";
 import { sizeOf } from "../logging/utils";
+import {
+	parseOAuthError,
+	requiresReAuthentication,
+	isNetworkError,
+} from "../oauth/errors";
+import { type OAuthSessionManager } from "../oauth/sessionManager";
 import { type UnidirectionalStream } from "../websocket/eventStreamConnection";
 import {
 	OneWayWebSocket,
@@ -58,14 +65,15 @@ export class CoderApi extends Api {
 		baseUrl: string,
 		token: string | undefined,
 		output: Logger,
+		oauthSessionManager?: OAuthSessionManager,
 	): CoderApi {
 		const client = new CoderApi(output);
 		client.setHost(baseUrl);
 		if (token) {
 			client.setSessionToken(token);
 		}
 
-		setupInterceptors(client, baseUrl, output);
+		setupInterceptors(client, baseUrl, output, oauthSessionManager);
 		return client;
 	}
 
@@ -302,6 +310,7 @@ function setupInterceptors(
 	client: CoderApi,
 	baseUrl: string,
 	output: Logger,
+	oauthSessionManager?: OAuthSessionManager,
 ): void {
 	addLoggingInterceptors(client.getAxiosInstance(), output);
 
@@ -334,6 +343,11 @@ function setupInterceptors(
 			throw await CertificateError.maybeWrap(err, baseUrl, output);
 		},
 	);
+
+	// OAuth token refresh interceptors
+	if (oauthSessionManager) {
+		addOAuthInterceptors(client, output, oauthSessionManager);
+	}
 }
 
 function addLoggingInterceptors(client: AxiosInstance, logger: Logger) {
@@ -363,7 +377,7 @@ function addLoggingInterceptors(client: AxiosInstance, logger: Logger) {
 		},
 		(error: unknown) => {
 			logError(logger, error, getLogLevel());
-			return Promise.reject(error);
+			throw error;
 		},
 	);
 
@@ -374,7 +388,80 @@ function addLoggingInterceptors(client: AxiosInstance, logger: Logger) {
 		},
 		(error: unknown) => {
 			logError(logger, error, getLogLevel());
-			return Promise.reject(error);
+			throw error;
+		},
+	);
+}
+
+/**
+ * Add OAuth token refresh interceptors.
+ * Success interceptor: proactively refreshes token when approaching expiry.
+ * Error interceptor: reactively refreshes token on 401/403 responses.
+ */
+function addOAuthInterceptors(
+	client: CoderApi,
+	logger: Logger,
+	oauthSessionManager: OAuthSessionManager,
+) {
+	client.getAxiosInstance().interceptors.response.use(
+		// Success response interceptor: proactive token refresh
+		(response) => {
+			if (oauthSessionManager.shouldRefreshToken()) {
+				logger.debug(
+					"Token approaching expiry, triggering proactive refresh in background",
+				);
+
+				// Fire-and-forget: don't await, don't block response
+				oauthSessionManager.refreshToken().catch((error) => {
+					logger.warn("Background token refresh failed:", error);
+				});
+			}
+
+			return response;
+		},
+		// Error response interceptor: reactive token refresh on 401/403
+		async (error: unknown) => {
+			if (!isAxiosError(error)) {
+				throw error;
+			}
+
+			const status = error.response?.status;
+			if (status !== 401 && status !== 403) {
+				throw error;
+			}
+
+			if (!oauthSessionManager.isLoggedInWithOAuth()) {
+				throw error;
+			}
+
+			logger.info(`Received ${status} response, attempting token refresh`);
+
+			try {
+				const newTokens = await oauthSessionManager.refreshToken();
+				client.setSessionToken(newTokens.access_token);
+
+				logger.info("Token refresh successful, updated session token");
+			} catch (refreshError) {
+				logger.error("Token refresh failed:", refreshError);
+
+				const oauthError = parseOAuthError(refreshError);
+				if (oauthError && requiresReAuthentication(oauthError)) {
+					logger.error(
+						`OAuth error requires re-authentication: ${oauthError.errorCode}`,
+					);
+
+					oauthSessionManager
+						.showReAuthenticationModal(oauthError)
+						.catch((err) => {
+							logger.error("Failed to show re-auth modal:", err);
+						});
+				} else if (isNetworkError(refreshError)) {
+					logger.warn(
+						"Token refresh failed due to network error, will retry later",
+					);
+				}
+			}
+			throw error;
 		},
 	);
 }

src/commands.ts

@@ -482,20 +482,10 @@ export class Commands {
 		}
 		this.logger.info("Logging out");
 
-		// Check if using OAuth
-		const isOAuthLoggedIn =
-			await this.oauthSessionManager.isLoggedInWithOAuth();
-		if (isOAuthLoggedIn) {
-			this.logger.info("Logging out via OAuth");
-			try {
-				await this.oauthSessionManager.logout();
-			} catch (error) {
-				this.logger.warn(
-					"OAuth logout failed, continuing with cleanup:",
-					error,
-				);
-			}
-		}
+		// Fire and forget
+		this.oauthSessionManager.logout().catch((error) => {
+			this.logger.warn("OAuth logout failed, continuing with cleanup:", error);
+		});
 
 		// Clear from the REST client.  An empty url will indicate to other parts of
 		// the code that we are logged out.
@@ -667,19 +657,6 @@ export class Commands {
 				},
 			);
 		}
-		// Check if app has a URL to open
-		if (app.url) {
-			return vscode.window.withProgress(
-				{
-					location: vscode.ProgressLocation.Notification,
-					title: `Opening ${app.name || "application"} in browser...`,
-					cancellable: false,
-				},
-				async () => {
-					await vscode.env.openExternal(vscode.Uri.parse(app.url!));
-				},
-			);
-		}
 
 		// If no URL or command, show information about the app status
 		vscode.window.showInformationMessage(`${app.name}`, {

src/extension.ts

@@ -70,14 +70,24 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
 	// Try to clear this flag ASAP
 	const isFirstConnect = await mementoManager.getAndClearFirstConnect();
 
+	const url = mementoManager.getUrl();
+
+	// Create OAuth session manager before the main client
+	const oauthSessionManager = await OAuthSessionManager.create(
+		url || "",
+		serviceContainer,
+		ctx,
+	);
+	ctx.subscriptions.push(oauthSessionManager);
+
 	// This client tracks the current login and will be used through the life of
 	// the plugin to poll workspaces for the current login, as well as being used
 	// in commands that operate on the current login.
-	const url = mementoManager.getUrl();
 	const client = CoderApi.create(
 		url || "",
 		await secretsManager.getSessionToken(),
 		output,
+		oauthSessionManager,
 	);
 
 	const myWorkspacesProvider = new WorkspaceProvider(
@@ -123,14 +133,6 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
 		ctx.subscriptions,
 	);
 
-	const oauthSessionManager = await OAuthSessionManager.create(
-		url || "",
-		secretsManager,
-		output,
-		ctx,
-	);
-	ctx.subscriptions.push(oauthSessionManager);
-
 	// Listen for session token changes and sync state across all components
 	ctx.subscriptions.push(
 		secretsManager.onDidChangeSessionToken(async (token) => {
@@ -409,6 +411,7 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
 				isFirstConnect,
 			);
 			if (details) {
+				// TODO if the URL is different then we need to update the OAuth session!!! (Centralize this logic)
 				ctx.subscriptions.push(details);
 				// Authenticate the plugin client which is used in the sidebar to display
 				// workspaces belonging to this deployment.