Registry: use issued_at field in the token response message (#65)

* Registry: use issued_at field in the token response message * Configure JSONDecoder instead of the Decodable itself
2022-05-12 22:33:02 +03:00 · 2022-05-12 22:33:02 +03:00 · 8554e56e4b
parent 3fdcc5c33c
commit 8554e56e4b
2 changed files with 65 additions and 7 deletions
--- a/Sources/tart/OCI/Registry.swift
+++ b/Sources/tart/OCI/Registry.swift
@ -8,11 +8,31 @@ enum RegistryError: Error {
 }

 struct TokenResponse: Decodable {
-  let creationTime = Date()
-  
+  let defaultIssuedAt = Date()
+  let defaultExpiresIn = 60
+
  var token: String
-  var expires_in: Int?
-  
+  var expiresIn: Int?
+  var issuedAt: Date?
+
+  static func parse(fromData: Data) throws -> Self {
+    let decoder = JSONDecoder()
+
+    decoder.keyDecodingStrategy = .convertFromSnakeCase
+
+    // RFC3339 date formatter from Apple's documentation[1]
+    //
+    // [1]: https://developer.apple.com/documentation/foundation/dateformatter
+    let dateFormatter = DateFormatter()
+    dateFormatter.locale = Locale(identifier: "en_US_POSIX")
+    dateFormatter.dateFormat = "yyyy-MM-dd'T'HH:mm:ssZZZZZ"
+    dateFormatter.timeZone = TimeZone(secondsFromGMT: 0)
+
+    decoder.dateDecodingStrategy = .formatted(dateFormatter)
+
+    return try decoder.decode(TokenResponse.self, from: fromData)
+  }
+
  var tokenExpiresAt: Date {
    get {
      // Tokens can expire and expire_in field is used to determine when:
@ -22,8 +42,8 @@ struct TokenResponse: Decodable {
      // >a token should never be returned with less than 60 seconds to live.
      //
      // [1]: https://docs.docker.com/registry/spec/auth/token/#requesting-a-token
-      
-      creationTime + TimeInterval(expires_in ?? 60)
+
+      (issuedAt ?? defaultIssuedAt) + TimeInterval(expiresIn ?? defaultExpiresIn)
    }
  }
  
@ -233,7 +253,7 @@ class Registry {
        + "while retrieving an authentication token", details: String(decoding: tokenResponseRaw, as: UTF8.self))
    }

-    currentAuthToken = try JSONDecoder().decode(TokenResponse.self, from: tokenResponseRaw)
+    currentAuthToken = try TokenResponse.parse(fromData: tokenResponseRaw)
  }

  private func authAwareRequest(request: URLRequest) async throws -> (Data, HTTPURLResponse) {
--- a/Tests/TartTests/TokenResponseTests.swift
+++ b/Tests/TartTests/TokenResponseTests.swift
@ -0,0 +1,38 @@
+import XCTest
+@testable import tart
+
+final class TokenResponseTests: XCTestCase {
+  func testBasic() throws {
+    let tokenResponseRaw = Data("{\"token\":\"some token\"}".utf8)
+    let tokenResponse = try TokenResponse.parse(fromData: tokenResponseRaw)
+
+    XCTAssertEqual(tokenResponse.token, "some token")
+
+    let expectedTokenExpiresAtRange = Date()...Date().addingTimeInterval(60)
+    XCTAssertTrue(expectedTokenExpiresAtRange.contains(tokenResponse.tokenExpiresAt))
+
+    XCTAssertTrue(tokenResponse.isValid)
+  }
+
+  func testExpirationBasic() throws {
+    let tokenResponseRaw = Data("{\"token\":\"some token\",\"expires_in\":2}".utf8)
+    let tokenResponse = try TokenResponse.parse(fromData: tokenResponseRaw)
+
+    XCTAssertEqual(tokenResponse.expiresIn, 2)
+
+    let expectedTokenExpiresAtRange = Date()...Date().addingTimeInterval(2)
+    XCTAssertTrue(expectedTokenExpiresAtRange.contains(tokenResponse.tokenExpiresAt))
+
+    XCTAssertTrue(tokenResponse.isValid)
+    _ = XCTWaiter.wait(for: [expectation(description: "Wait 3 seconds for the token to become invalid")], timeout: 2)
+    XCTAssertFalse(tokenResponse.isValid)
+  }
+
+  func testExpirationWithIssuedAt() throws {
+    let tokenResponseRaw = Data("{\"token\":\"some token\",\"expires_in\":3600,\"issued_at\":\"1970-01-01T00:00:00Z\"}".utf8)
+    let tokenResponse = try TokenResponse.parse(fromData: tokenResponseRaw)
+
+    XCTAssertEqual(Date(timeIntervalSince1970: 3600), tokenResponse.tokenExpiresAt)
+    XCTAssertFalse(tokenResponse.isValid)
+  }
+}