feat: cache access token on repeat requests

Author: Peter Wielander

README.md

@@ -24,6 +24,9 @@ getManagementToken(privateKey, {appInstallationId, spaceId})
     })
 ```
 
+Management tokens are cached internally until until they expire.
+Pass `reuseToken: false` in the options for `getManagementToken` to disable this feature.
+
 ## API Docs
 
 API documentation is available [here](https://contentful.github.io/node-apps-toolkit/)

docs/globals.html

@@ -84,7 +84,7 @@ <h3><span class="tsd-flag ts-flagConst">Const</span> get<wbr>Management<wbr>Toke
 						<li class="tsd-description">
 							<aside class="tsd-sources">
 								<ul>
-									<li>Defined in <a href="https://github.com/contentful/node-apps-toolkit/blob/master/src/keys/get-management-token.ts#L105">get-management-token.ts:105</a></li>
+									<li>Defined in <a href="https://github.com/contentful/node-apps-toolkit/blob/master/src/keys/get-management-token.ts#L128">get-management-token.ts:128</a></li>
 								</ul>
 							</aside>
 							<div class="tsd-comment tsd-typography">

docs/index.html

@@ -78,6 +78,8 @@ <h2>Getting started</h2>
       <span class="hljs-built_in">console</span>.log(<span class="hljs-string">&#x27;Here is your app token&#x27;</span>)
       <span class="hljs-built_in">console</span>.log(token)
     })</code></pre>
+				<p>Management tokens are cached internally until until they expire.
+				Pass <code>reuseToken: false</code> in the options for <code>getManagementToken</code> to disable this feature.</p>
 				<a href="#api-docs" id="api-docs" style="color: inherit; text-decoration: none;">
 					<h2>API Docs</h2>
 				</a>

package-lock.json

@@ -22,7 +22,8 @@
   "dependencies": {
     "debug": "^4.2.0",
     "got": "^11.7.0",
-    "jsonwebtoken": "^8.5.1"
+    "jsonwebtoken": "^8.5.1",
+    "node-cache": "^5.1.2"
   },
   "devDependencies": {
     "@commitlint/cli": "^11.0.0",

package.json

@@ -4,18 +4,24 @@ import * as path from 'path'
 
 import * as sinon from 'sinon'
 
-import { createGetManagementToken, getManagementToken } from './get-management-token'
+import {
+  createGetManagementToken,
+  getManagementToken,
+  GetManagementTokenOptions,
+} from './get-management-token'
 import { HttpClient, HttpError, Response } from '../utils'
 import { Logger } from '../utils'
+import { sign } from 'jsonwebtoken'
 
 const PRIVATE_KEY = fs.readFileSync(path.join(__dirname, '..', '..', 'keys', 'key.pem'), 'utf-8')
 const APP_ID = 'app_id'
 const SPACE_ID = 'space_id'
 const ENVIRONMENT_ID = 'env_id'
-const DEFAULT_OPTIONS = {
+const DEFAULT_OPTIONS: GetManagementTokenOptions = {
   appInstallationId: APP_ID,
   spaceId: SPACE_ID,
   environmentId: ENVIRONMENT_ID,
+  reuseToken: false,
 }
 const noop = () => {}
 
@@ -39,6 +45,26 @@ describe('getManagementToken', () => {
     )
   })
 
+  it('caches token while valid', async () => {
+    const logger = (noop as unknown) as Logger
+    const post = sinon.stub()
+    const mockToken = sign({ a: 'b' }, 'a-secret-key', {
+      expiresIn: '10 minutes',
+    })
+
+    post.resolves({ statusCode: 201, body: JSON.stringify({ token: mockToken }) })
+    const httpClient = ({ post } as unknown) as HttpClient
+    const getManagementToken = createGetManagementToken(logger, httpClient)
+
+    const optionsWithCaching = {...DEFAULT_OPTIONS, reuseToken: true} 
+    const result = await getManagementToken(PRIVATE_KEY, optionsWithCaching)
+    assert.strictEqual(result, mockToken)
+    const secondResult = await getManagementToken(PRIVATE_KEY, optionsWithCaching)
+    assert.strictEqual(secondResult, mockToken)
+
+    assert(post.calledOnce)
+  })
+
   describe('when using a keyId', () => {
     it('fetches a token', async () => {
       const mockToken = 'token'

src/keys/get-management-token.spec.ts

@@ -1,5 +1,5 @@
-import { sign, SignOptions } from 'jsonwebtoken'
-
+import { decode, sign, SignOptions } from 'jsonwebtoken'
+import * as NodeCache from 'node-cache'
 import {
   createLogger,
   Logger,
@@ -8,13 +8,16 @@ import {
   HttpClient,
 } from '../utils'
 
-interface GetManagementTokenOptions {
+export interface GetManagementTokenOptions {
   appInstallationId: string
   spaceId: string
   environmentId: string
   keyId?: string
+  reuseToken?: boolean
 }
 
+const cache = new NodeCache()
+
 /**
  * Synchronously sign the given privateKey into a JSON Web Token string
  * @internal
@@ -67,25 +70,45 @@ const getTokenFromOneTimeToken = async (
     `Successfully retrieved CMA Token for app ${appInstallationId} in space ${spaceId} and environment ${environmentId}`
   )
 
-  return JSON.parse(response.body).token
+  return JSON.parse(response.body).token as Promise<string>
 }
 
 /**
  * Factory method for GetManagementToken
  * @internal
  */
 export const createGetManagementToken = (log: Logger, http: HttpClient) => {
-  return (privateKey: unknown, opts: GetManagementTokenOptions): Promise<string> => {
+  return async (privateKey: unknown, opts: GetManagementTokenOptions): Promise<string> => {
     if (!(typeof privateKey === 'string')) {
       throw new ReferenceError('Invalid privateKey: expected a string representing a private key')
     }
 
+    const cacheKey = opts.appInstallationId + opts.environmentId + privateKey
+    if (opts.reuseToken !== false) {
+      const existing = cache.get(cacheKey) as string
+      if (existing !== undefined) {
+        return existing
+      }
+    }
+
     const appToken = generateOneTimeToken(
       privateKey,
       { appId: opts.appInstallationId, keyId: opts.keyId },
       { log }
     )
-    return getTokenFromOneTimeToken(appToken, opts, { log, http })
+    const ott = await getTokenFromOneTimeToken(appToken, opts, { log, http })
+
+    if (opts.reuseToken !== false) {
+      const decoded = decode(ott)
+      if (decoded && typeof decoded === 'object') {
+        // Internally expire cached tokens a bit earlier to make sure token isn't expired on arrival
+        const safetyMargin = 10
+        const ttlSeconds = decoded.exp - Math.floor(Date.now() / 1000) - safetyMargin
+        cache.set(cacheKey, ott, ttlSeconds)
+      }
+    }
+
+    return ott
   }
 }