Token and Session Management #106
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| package com.cornellappdev.uplift.data.auth | ||
|
|
||
| import kotlinx.coroutines.CoroutineScope | ||
| import kotlinx.coroutines.flow.SharingStarted | ||
| import kotlinx.coroutines.flow.StateFlow | ||
| import kotlinx.coroutines.flow.map | ||
| import kotlinx.coroutines.flow.stateIn | ||
| import javax.inject.Inject | ||
| import javax.inject.Singleton | ||
| import com.cornellappdev.uplift.di.AppModule.ApplicationScope | ||
|
|
||
| @Singleton | ||
| class SessionManager @Inject constructor( | ||
| private val tokenManager: TokenManager, | ||
| @ApplicationScope private val upliftScope: CoroutineScope | ||
| ) { | ||
| // A reactive flow that the UI can collect | ||
| val isLoggedIn: StateFlow<Boolean> = tokenManager.tokenFlow | ||
| .map { token -> token != null } | ||
| .stateIn( | ||
| scope = upliftScope, | ||
| started = SharingStarted.Eagerly, | ||
| initialValue = tokenManager.getAccessToken() != null | ||
| ) | ||
|
|
||
| // Call this after LoginUser or CreateUser mutations succeed | ||
| fun startSession(userId: Int, name: String, email: String, access: String, refresh: String) { | ||
| tokenManager.saveTokens(access, refresh) | ||
| tokenManager.saveUserSession(userId, name, email) | ||
| } | ||
|
|
||
| // Call this for manual logout or when refresh fails | ||
| fun logout() { | ||
| tokenManager.clearTokensAndUserInfo() | ||
| } | ||
|
|
||
| val userId: Int? get() = tokenManager.getUserId() | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| package com.cornellappdev.uplift.data.auth | ||
|
|
||
| import android.util.Log | ||
| import com.apollographql.apollo.ApolloClient | ||
| import com.cornellappdev.uplift.RefreshAccessTokenMutation | ||
| import kotlinx.coroutines.runBlocking | ||
| import kotlinx.coroutines.withTimeout | ||
| import okhttp3.Authenticator | ||
| import okhttp3.Request | ||
| import okhttp3.Response | ||
| import okhttp3.Route | ||
| import javax.inject.Inject | ||
| import javax.inject.Named | ||
| import javax.inject.Singleton | ||
|
|
||
| @Singleton | ||
| class TokenAuthenticator @Inject constructor( | ||
|
isiahpwilliams marked this conversation as resolved.
|
||
| private val tokenManager: TokenManager, | ||
| private val sessionManager: SessionManager, | ||
| @Named("refresh") private val apolloClient: ApolloClient | ||
| ) : Authenticator { | ||
|
isiahpwilliams marked this conversation as resolved.
|
||
|
|
||
| override fun authenticate(route: Route?, response: Response): Request? { | ||
| if (responseCount(response) >= 2) { | ||
| return null | ||
| } | ||
|
|
||
| val refreshToken = tokenManager.getRefreshToken() ?: return null | ||
|
Member
There was a problem hiding this comment. This is probably out of scope of this PR, but for refresh tokens, if we know when refresh tokens expire from the backend and if backend has some endpoint that allows us to get a new refresh token aside from forcing the user to log in, it would probably be better UX to get the new refresh token before it expires and keep the user logged in for longer and then fall back to logging the user out for cases where maybe the user hasn't opened the app in a long time. |
||
|
|
||
| synchronized(this) { | ||
| // Check if the token was already refreshed by another thread | ||
| // while this request was waiting for the lock. | ||
| val currentToken = tokenManager.getAccessToken() | ||
| val requestToken = response.request.header("Authorization")?.substringAfter("Bearer ") | ||
|
|
||
| if (currentToken != null && currentToken != requestToken ) { | ||
| return response.request.newBuilder() | ||
| .header("Authorization", "Bearer $currentToken") | ||
| .build() | ||
| } | ||
|
|
||
| // 3. Since OkHttp's Authenticator is synchronous but Apollo is suspend-based, | ||
| // we use runBlocking to wait for the refresh mutation result. | ||
| return runBlocking { | ||
| try { | ||
| val mutationResponse = withTimeout(10000L) { | ||
| apolloClient.mutation(RefreshAccessTokenMutation()) | ||
| // We manually add the Refresh Token to this specific call | ||
| // because the "refresh" ApolloClient has no interceptor. | ||
| .addHttpHeader("Authorization", "Bearer $refreshToken") | ||
| .execute() | ||
| } | ||
|
|
||
| val newAccessToken = mutationResponse.data?.refreshAccessToken?.newAccessToken | ||
|
|
||
| if (newAccessToken != null && newAccessToken != requestToken) { | ||
| tokenManager.saveTokens(newAccessToken, refreshToken) | ||
|
|
||
| // Retry the original request with the new Access Token | ||
| response.request.newBuilder() | ||
| .header("Authorization", "Bearer $newAccessToken") | ||
| .build() | ||
| } else { | ||
| // Refresh failed (e.g., refresh token expired on backend) | ||
| sessionManager.logout() | ||
| null | ||
| } | ||
| } catch (e: Exception) { | ||
| // Network error or server down during refresh | ||
| Log.e("TokenAuthenticator", "Refresh timed out or failed", e) | ||
| sessionManager.logout() | ||
| null | ||
| } | ||
|
coderabbitai[bot] marked this conversation as resolved.
|
||
| } | ||
| } | ||
| } | ||
|
|
||
| private fun responseCount(response: Response?): Int { | ||
| var result = 1 | ||
| var current = response | ||
| // Traverse the chain of prior responses | ||
| while (current?.priorResponse != null) { | ||
| result++ | ||
| current = current.priorResponse | ||
| } | ||
| return result | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.