({
accountId,
providerId,
refreshToken,
requestId,
userId,
}: CoalescedRefreshOptions)
| 334 | } |
| 335 | |
| 336 | async function performCoalescedRefresh({ |
| 337 | accountId, |
| 338 | providerId, |
| 339 | refreshToken, |
| 340 | requestId, |
| 341 | userId, |
| 342 | }: CoalescedRefreshOptions): Promise<string | null> { |
| 343 | const logContext = { |
| 344 | ...(requestId ? { requestId } : {}), |
| 345 | ...(userId ? { userId } : {}), |
| 346 | providerId, |
| 347 | accountId, |
| 348 | } |
| 349 | |
| 350 | const deadCode = await getRecentTerminalError(accountId) |
| 351 | if (deadCode) { |
| 352 | logger.warn('Skipping refresh: credential recently failed', { |
| 353 | ...logContext, |
| 354 | errorCode: deadCode, |
| 355 | }) |
| 356 | return null |
| 357 | } |
| 358 | |
| 359 | const lockKey = `oauth:refresh:${accountId}` |
| 360 | |
| 361 | const refreshPromise = coalesceLocally(lockKey, () => |
| 362 | withLeaderLock<string>({ |
| 363 | key: lockKey, |
| 364 | onLeader: async () => { |
| 365 | try { |
| 366 | const result = await refreshOAuthToken(providerId, refreshToken) |
| 367 | |
| 368 | if (!result.ok) { |
| 369 | logger.error('Failed to refresh token', { |
| 370 | ...logContext, |
| 371 | errorCode: result.errorCode, |
| 372 | }) |
| 373 | if (result.errorCode && isTerminalRefreshError(result.errorCode)) { |
| 374 | await markCredentialDead(accountId, result.errorCode) |
| 375 | } |
| 376 | return null |
| 377 | } |
| 378 | |
| 379 | const updateData: Record<string, unknown> = { |
| 380 | accessToken: result.accessToken, |
| 381 | accessTokenExpiresAt: new Date(Date.now() + result.expiresIn * 1000), |
| 382 | updatedAt: new Date(), |
| 383 | } |
| 384 | if (result.refreshToken && result.refreshToken !== refreshToken) { |
| 385 | updateData.refreshToken = result.refreshToken |
| 386 | } |
| 387 | if (isMicrosoftProvider(providerId)) { |
| 388 | updateData.refreshTokenExpiresAt = getMicrosoftRefreshTokenExpiry() |
| 389 | } |
| 390 | |
| 391 | await db.update(account).set(updateData).where(eq(account.id, accountId)) |
| 392 | |
| 393 | logger.info('Successfully refreshed access token', logContext) |
no test coverage detected