safe auth

Author: ptiurin

package-lock.json

@@ -24,6 +24,7 @@
   "devDependencies": {
     "@types/jest": "^29.5.12",
     "@types/node-fetch": "^2.5.12",
+    "@types/rwlock": "^5.0.6",
     "@typescript-eslint/eslint-plugin": "^5.4.0",
     "@typescript-eslint/parser": "^5.4.0",
     "allure-commandline": "^2.29.0",
@@ -46,6 +47,7 @@
     "abort-controller": "^3.0.0",
     "agentkeepalive": "^4.5.0",
     "json-bigint": "^1.0.0",
-    "node-fetch": "^2.6.6"
+    "node-fetch": "^2.6.6",
+    "rwlock": "^5.0.0"
   }
 }

package.json

@@ -7,6 +7,7 @@ import {
   UsernamePasswordAuth
 } from "../types";
 import { TokenKey, inMemoryCache, noneCache } from "../common/tokenCache";
+import ReadWriteLock from "rwlock";
 
 type Login = {
   access_token: string;
@@ -22,11 +23,16 @@ export class Authenticator {
   options: ConnectionOptions;
 
   accessToken?: string;
+  private rwlock = new ReadWriteLock();
 
   constructor(context: Context, options: ConnectionOptions) {
-    context.httpClient.authenticator = this;
     this.context = context;
     this.options = options;
+    if (context.httpClient.authenticator) {
+      return context.httpClient.authenticator;
+    } else {
+      context.httpClient.authenticator = this;
+    }
   }
 
   private getCacheKey(): TokenKey | undefined {
@@ -157,21 +163,66 @@ export class Authenticator {
     );
   }
 
-  async authenticate() {
-    const options = this.options.auth || this.options;
-    const cachedToken = this.getCachedToken();
+  async authenticate(): Promise<void> {
+    // Try to get token from cache using read lock
+    const cachedToken = await this.tryGetCachedToken();
     if (cachedToken) {
       this.accessToken = cachedToken;
       return;
     }
 
+    // No cached token, acquire write lock and authenticate
+    await this.acquireWriteLockAndAuthenticate();
+  }
+
+  private async tryGetCachedToken(): Promise<string | undefined> {
+    return new Promise((resolve, reject) => {
+      this.rwlock.readLock(releaseReadLock => {
+        try {
+          const cachedToken = this.getCachedToken();
+          releaseReadLock();
+          resolve(cachedToken);
+        } catch (error) {
+          releaseReadLock();
+          reject(error);
+        }
+      });
+    });
+  }
+
+  private async acquireWriteLockAndAuthenticate(): Promise<void> {
+    return new Promise((resolve, reject) => {
+      this.rwlock.writeLock(async releaseWriteLock => {
+        try {
+          // Double-check cache in case another thread authenticated while waiting
+          const cachedToken = this.getCachedToken();
+          if (cachedToken) {
+            this.accessToken = cachedToken;
+            releaseWriteLock();
+            return resolve();
+          }
+
+          await this.performAuthentication();
+
+          releaseWriteLock();
+          resolve();
+        } catch (error) {
+          releaseWriteLock();
+          reject(error);
+        }
+      });
+    });
+  }
+
+  private async performAuthentication(): Promise<void> {
+    const options = this.options.auth || this.options;
+
     if (this.isUsernamePassword()) {
-      await this.authenticateUsernamePassword(options as UsernamePasswordAuth);
-      return;
+      return this.authenticateUsernamePassword(options as UsernamePasswordAuth);
     }
+
     if (this.isServiceAccount()) {
-      await this.authenticateServiceAccount(options as ServiceAccountAuth);
-      return;
+      return this.authenticateServiceAccount(options as ServiceAccountAuth);
     }
 
     throw new Error("Please provide valid auth credentials");