Locking (in progress)

Author: Eric Koleda

src/Service.gs

@@ -44,6 +44,20 @@ var Service_ = function(serviceName) {
  */
 Service_.EXPIRATION_BUFFER_SECONDS_ = 60;
 
+/**
+ * The number of seconds that a token should remain in the cache.
+ * @type {number}
+ * @private
+ */
+Service_.CACHE_EXPIRATION_SECONDS_ = 6 * 60 * 60;
+
+/**
+ * The number of seconds that a token should remain in the cache.
+ * @type {number}
+ * @private
+ */
+Service_.LOCK_EXPIRATION_MILLISECONDS_ = 30 * 1000;
+
 /**
  * Sets the service's authorization base URL (required). For Google services this URL should be
  * https://accounts.google.com/o/oauth2/auth.
@@ -173,6 +187,18 @@ Service_.prototype.setCache = function(cache) {
   return this;
 };
 
+/**
+ * Sets the lock to use when checking and refreshing credentials (optional). Using a lock will
+ * ensure that only one execution will be able to access the stored credentials at a time. This can
+ * prevent race conditions that arise when two executions attempt to refresh an expired token.
+ * @param {LockService.Lock} cache The lock to use when accessing credentials.
+ * @return {Service_} This service, for chaining.
+ */
+Service_.prototype.setLock = function(lock) {
+  this.lock_ = lock;
+  return this;
+};
+
 /**
  * Sets the scope or scopes to request during the authorization flow (optional). If the scope value
  * is an array it will be joined using the separator before being sent to the server, which is
@@ -329,27 +355,32 @@ Service_.prototype.handleCallback = function(callbackRequest) {
  * @return {boolean} true if the user has access to the service, false otherwise.
  */
 Service_.prototype.hasAccess = function() {
+  if (this.lock_) {
+    this.lock_.waitLock(Service_.LOCK_EXPIRATION_MILLISECONDS_);
+  }
+  var result = true;
   var token = this.getToken();
   if (!token || this.isExpired_(token)) {
     if (token && token.refresh_token) {
       try {
         this.refresh();
       } catch (e) {
         this.lastError_ = e;
-        return false;
+        result = false;
       }
     } else if (this.privateKey_) {
       try {
         this.exchangeJwt_();
       } catch (e) {
         this.lastError_ = e;
-        return false;
+        result = false;
       }
-    } else {
-      return false;
     }
   }
-  return true;
+  if (this.lock_) {
+    this.lock_.releaseLock();
+  }
+  return result;
 };
 
 /**
@@ -458,6 +489,9 @@ Service_.prototype.parseToken_ = function(content) {
  * requested when the token was authorized.
  */
 Service_.prototype.refresh = function() {
+  if (this.lock_) {
+    this.lock_.waitLock(Service_.LOCK_EXPIRATION_MILLISECONDS_);
+  }
   validate_({
     'Client ID': this.clientId_,
     'Client Secret': this.clientSecret_,
@@ -494,6 +528,9 @@ Service_.prototype.refresh = function() {
     newToken.refresh_token = token.refresh_token;
   }
   this.saveToken_(newToken);
+  if (this.lock_) {
+    this.lock_.releaseLock();
+  }
 };
 
 /**
@@ -509,7 +546,7 @@ Service_.prototype.saveToken_ = function(token) {
   var value = JSON.stringify(token);
   this.propertyStore_.setProperty(key, value);
   if (this.cache_) {
-    this.cache_.put(key, value, 21600);
+    this.cache_.put(key, value, Service_.CACHE_EXPIRATION_SECONDS_);
   }
   this.token_ = token;
 };
@@ -541,7 +578,7 @@ Service_.prototype.getToken = function() {
   // Check PropertiesService store.
   if ((token = this.propertyStore_.getProperty(key))) {
     if (this.cache_) {
-      this.cache_.put(key, token, 21600);
+      this.cache_.put(key, token, Service_.CACHE_EXPIRATION_SECONDS_);
     }
     token = JSON.parse(token);
     this.token_ = token;

test/mocks/lock.js

@@ -0,0 +1,31 @@
+var locked = false;
+
+var MockLock = function() {
+  this.hasLock = false;
+};
+
+MockCache.prototype.waitLock = function(timeoutInMillis) {
+  var start = new Date();
+  do {
+    if (!locked) {
+      locked = true;
+      this.hasLock = true;
+      return;
+    }
+  } while (timeDiffInMillis(new Date(), start) > timeoutInMillis);
+  throw new Error('Unable to get lock');
+};
+
+MockCache.prototype.releaseLock = function() {
+  if (!this.hasLock) {
+    throw new Error('Not your lock');
+  }
+  locked = false;
+  this.hasLock = false;
+};
+
+function timeDiffInMillis(a, b) {
+  return a.getTime() - b.getTime();
+}
+
+module.exports = MockCache;

test/mocks/urlfetchapp.js

@@ -0,0 +1,22 @@
+var MockUrlFetchApp = function() {
+  this.delay = 0;
+  this.result = '';
+};
+
+MockUrlFetchApp.prototype.fetch = function(url, opt_options) {
+  var result = this.result;
+  var delay = this.delay;
+  if (delay) {
+    await timeout(delay);
+  }
+  return {
+    getContentText: () => result,
+    getResponseCode: () => 200
+  };
+};
+
+function timeout(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+module.exports = MockUrlFetchApp;

test/test.js

@@ -1,6 +1,7 @@
 var assert = require('chai').assert;
 var _ = require('underscore');
 var gas = require('gas-local');
+var MockUrlFetchApp = require('./mocks/urlfetchapp');
 var MockProperties = require('./mocks/properties');
 var MockCache = require('./mocks/cache');
 
@@ -14,7 +15,8 @@ var mocks = {
     getScriptId: function() {
       return '12345';
     }
-  }
+  },
+  UrlFetchApp: new MockUrlFetchApp()
 };
 var options = {
   filter: function(f) {
@@ -115,4 +117,31 @@ describe('Service', function() {
       assert.notExists(properties.getProperty(key));
     });
   });
+
+  describe('#hasAccess()', function() {
+    it('should use the lock to prevent concurrend access', function() {
+      var token = {
+        granted_time: 0,
+        expires_in: 0,
+        refresh_token: 'bar'
+      };
+      var properties = new MockProperties({
+        'oauth2.test': JSON.stringify(token)
+      });
+
+      mocks.UrlFetchApp.delay = 1000;
+      mocks.UrlFetchApp.result = JSON.stringify({
+        access_token: 'foo'
+      });
+
+      var executions = _.range(2).map(function() {
+        var service = OAuth2.createService('test')
+          .setPropertyStore(properties)
+          .setLock(new MockLock());
+        return new Promise((resolve) => resolve(service.hasAccess()));
+      });
+
+      Promise.all(executions);
+    });
+  });
 });