Skip to content

Commit

Permalink
Split the token storage type from the JSON representation
Browse files Browse the repository at this point in the history
We will want to add locks and more to the in-memory type;
sharing that with JSON gets awkward, and an explicit separation
between the externally-imposed structure and internal records
is cleaner anyway.

For now, just introduces a separate type with the same structure,
should not change behavior.

Signed-off-by: Miloslav Trmač <[email protected]>
  • Loading branch information
mtrmac committed Jul 9, 2024
1 parent c132a17 commit 57d7e83
Showing 1 changed file with 27 additions and 14 deletions.
41 changes: 27 additions & 14 deletions docker/docker_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,10 @@ type extensionSignatureList struct {
}

type bearerToken struct {
Token string `json:"token"`
AccessToken string `json:"access_token"`
ExpiresIn int `json:"expires_in"`
IssuedAt time.Time `json:"issued_at"`
Token string
AccessToken string
ExpiresIn int
IssuedAt time.Time
expirationTime time.Time
}

Expand Down Expand Up @@ -155,7 +155,13 @@ func newBearerTokenFromHTTPResponseBody(res *http.Response) (*bearerToken, error
return nil, err
}

token := new(bearerToken)
var token struct {
Token string `json:"token"`
AccessToken string `json:"access_token"`
ExpiresIn int `json:"expires_in"`
IssuedAt time.Time `json:"issued_at"`
expirationTime time.Time
}
if err := json.Unmarshal(blob, &token); err != nil {
const bodySampleLength = 50
bodySample := blob
Expand All @@ -164,18 +170,25 @@ func newBearerTokenFromHTTPResponseBody(res *http.Response) (*bearerToken, error
}
return nil, fmt.Errorf("decoding bearer token (last URL %q, body start %q): %w", res.Request.URL.Redacted(), string(bodySample), err)
}
if token.Token == "" {
token.Token = token.AccessToken

bt := &bearerToken{
Token: token.Token,
AccessToken: token.AccessToken,
ExpiresIn: token.ExpiresIn,
IssuedAt: token.IssuedAt,
}
if bt.Token == "" {
bt.Token = bt.AccessToken
}
if token.ExpiresIn < minimumTokenLifetimeSeconds {
token.ExpiresIn = minimumTokenLifetimeSeconds
logrus.Debugf("Increasing token expiration to: %d seconds", token.ExpiresIn)
if bt.ExpiresIn < minimumTokenLifetimeSeconds {
bt.ExpiresIn = minimumTokenLifetimeSeconds
logrus.Debugf("Increasing token expiration to: %d seconds", bt.ExpiresIn)
}
if token.IssuedAt.IsZero() {
token.IssuedAt = time.Now().UTC()
if bt.IssuedAt.IsZero() {
bt.IssuedAt = time.Now().UTC()
}
token.expirationTime = token.IssuedAt.Add(time.Duration(token.ExpiresIn) * time.Second)
return token, nil
bt.expirationTime = bt.IssuedAt.Add(time.Duration(bt.ExpiresIn) * time.Second)
return bt, nil
}

// dockerCertDir returns a path to a directory to be consumed by tlsclientconfig.SetupCertificates() depending on ctx and hostPort.
Expand Down

0 comments on commit 57d7e83

Please sign in to comment.