Gleipnir/nidus-sync
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use max refresh token expiration time in production

Browse source 
Keep the value low for dev so that I can test that we recover well.
This commit is contained in:
Eli Ribble 2025-11-13 15:15:35 +00:00
parent 942fc42d5f
commit ae4be91d52
No known key found for this signature in database
3 changed files with 28 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
arcgis.go
View file

@ -56,7 +56,7 @@ type OAuthTokenResponse struct {
} }
// Build the ArcGIS authorization URL with PKCE // Build the ArcGIS authorization URL with PKCE
func buildArcGISAuthURL(clientID string, expiration int) string { func buildArcGISAuthURL(clientID string) string {
baseURL := "https://www.arcgis.com/sharing/rest/oauth2/authorize/" baseURL := "https://www.arcgis.com/sharing/rest/oauth2/authorize/"
params := url.Values{} params := url.Values{}
@ -65,6 +65,16 @@ func buildArcGISAuthURL(clientID string, expiration int) string {
params.Add("response_type", "code") params.Add("response_type", "code")
//params.Add("code_challenge", generateCodeChallenge(codeVerifier)) //params.Add("code_challenge", generateCodeChallenge(codeVerifier))
//params.Add("code_challenge_method", "S256") //params.Add("code_challenge_method", "S256")
// See https://developers.arcgis.com/rest/users-groups-and-items/token/
// expiration is defined in minutes
var expiration int
if IsProductionEnvironment() {
// 2 weeks is the maximum allowed
expiration = 20160
} else {
expiration = 20
}
params.Add("expiration", strconv.Itoa(expiration)) params.Add("expiration", strconv.Itoa(expiration))
return baseURL + "?" + params.Encode() return baseURL + "?" + params.Encode()
@ -456,8 +466,8 @@ func maintainOAuth(ctx context.Context, oauth *models.OauthToken) error {
if err != nil { if err != nil {
return fmt.Errorf("Failed to update oauth token from database: %v", err) return fmt.Errorf("Failed to update oauth token from database: %v", err)
} }
accessTokenDelay := time.Until(oauth.AccessTokenExpires) - (10 * time.Second) accessTokenDelay := time.Until(oauth.AccessTokenExpires) - (3 * time.Second)
refreshTokenDelay := time.Until(oauth.RefreshTokenExpires) - (10 * time.Second) refreshTokenDelay := time.Until(oauth.RefreshTokenExpires) - (3 * time.Second)
if oauth.AccessTokenExpires.Before(time.Now()) { if oauth.AccessTokenExpires.Before(time.Now()) {
accessTokenDelay = 0 accessTokenDelay = 0
} }

3
endpoint.go
View file

@ -12,8 +12,7 @@ import (
) )
func getArcgisOauthBegin(w http.ResponseWriter, r *http.Request) { func getArcgisOauthBegin(w http.ResponseWriter, r *http.Request) {
expiration := 60 authURL := buildArcGISAuthURL(ClientID)
authURL := buildArcGISAuthURL(ClientID, expiration)
http.Redirect(w, r, authURL, http.StatusFound) http.Redirect(w, r, authURL, http.StatusFound)
} }

15
main.go
View file

@ -18,7 +18,7 @@ import (
var sessionManager *scs.SessionManager var sessionManager *scs.SessionManager
var BaseURL, ClientID, ClientSecret string var BaseURL, ClientID, ClientSecret, Environment string
func main() { func main() {
ClientID = os.Getenv("ARCGIS_CLIENT_ID") ClientID = os.Getenv("ARCGIS_CLIENT_ID")
@ -40,6 +40,15 @@ func main() {
if bind == "" { if bind == "" {
bind = ":9001" bind = ":9001"
} }
Environment = os.Getenv("ENVIRONMENT")
if Environment == "" {
slog.Error("You must specify a non-empty ENVIRONMENT")
os.Exit(1)
}
if !(Environment == "PRODUCTION" || Environment == "DEVELOPMENT") {
slog.Error("ENVIRONMENT should be either DEVELOPMENT or PRODUCTION", slog.String("ENVIRONMENT", Environment))
os.Exit(2)
}
pg_dsn := os.Getenv("POSTGRES_DSN") pg_dsn := os.Getenv("POSTGRES_DSN")
if pg_dsn == "" { if pg_dsn == "" {
slog.Error("You must specify a non-empty POSTGRES_DSN") slog.Error("You must specify a non-empty POSTGRES_DSN")
@ -132,3 +141,7 @@ func main() {
slog.Info("Shutdown complete") slog.Info("Shutdown complete")
} }
func IsProductionEnvironment() bool {
return Environment == "PRODUCTION"
}