chore: Use node-fetch request as a custom request

kmruiz · kmruiz · commit 5e81707398c6 · 2025-07-30T11:52:22.000+02:00
node-fetch requires an internal symbol to identify if a
request is an object or a string. Because openapi-fetch
does not provide this symbol, node-fetch misunderstands
the request.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -85,6 +85,7 @@
     "mongodb-log-writer": "^2.4.1",
     "mongodb-redact": "^1.1.8",
     "mongodb-schema": "^12.6.2",
+    "node-fetch": "^3.3.2",
     "node-machine-id": "1.1.12",
     "oauth4webapi": "^3.6.0",
     "openapi-fetch": "^0.14.0",
diff --git a/src/common/atlas/apiClient.ts b/src/common/atlas/apiClient.ts
@@ -7,6 +7,7 @@ import { packageInfo } from "../packageInfo.js";
 import logger, { LogId } from "../logger.js";
 import { createFetch } from "@mongodb-js/devtools-proxy-support";
 import * as oauth from "oauth4webapi";
+import { Request } from "node-fetch";
 
 const ATLAS_API_VERSION = "2025-03-12";
 
@@ -36,7 +37,7 @@ export class ApiClient {
         };
     };
 
-    private static customFetch = createFetch({
+    private static customFetch: typeof fetch = createFetch({
         useEnvironmentVariableProxies: true,
     }) as unknown as typeof fetch;
 
@@ -53,7 +54,8 @@ export class ApiClient {
     private isAccessTokenValid(): boolean {
         return !!(
             this.accessToken &&
-            (this.accessToken.expires_at == undefined || this.accessToken.expires_at > Date.now() / 1000)
+            this.accessToken.expires_at != undefined &&
+            this.accessToken.expires_at > Date.now()
         );
     }
 
@@ -102,6 +104,7 @@ export class ApiClient {
                 Accept: `application/vnd.atlas.${ATLAS_API_VERSION}+json`,
             },
             fetch: ApiClient.customFetch,
+            Request: Request,
         });
 
         if (this.options.credentials?.clientId && this.options.credentials?.clientSecret) {
@@ -128,7 +131,7 @@ export class ApiClient {
             const clientId = this.options.credentials.clientId;
 
             // We are using our own ClientAuth because ClientSecretBasic URL encodes wrongly
-            // the username and password (for example, encodes `_` which is wrong).
+            // the username and password (for example, encodes `_` to %5F, which is wrong).
             return {
                 client: { client_id: clientId },
                 clientAuth: (_as, client, _body, headers) => {
@@ -165,7 +168,7 @@ export class ApiClient {
                 const result = await oauth.processClientCredentialsResponse(this.oauth2Issuer, client, response);
                 this.accessToken = {
                     access_token: result.access_token,
-                    expires_at: Date.now() / 1000 + (result.expires_in ?? 0),
+                    expires_at: Date.now() + (result.expires_in ?? 0) * 1000,
                 };
             } catch (error: unknown) {
                 const err = error instanceof Error ? error : new Error(String(error));
@@ -465,10 +468,18 @@ export class ApiClient {
     }
 
     async listOrganizations(options?: FetchOptions<operations["listOrganizations"]>) {
-        const { data, error, response } = await this.client.GET("/api/atlas/v2/orgs", options);
+        console.log(">> listOrg1 ");
+        try {
+            const { data, error, response } = await this.client.GET("/api/atlas/v2/orgs", options);
+        } catch (ex) {
+            console.error(ex);
+        }
+        console.log(">> listOrg2 ");
         if (error) {
+            console.log(">> listOrg3 ");
             throw ApiClientError.fromError(response, error);
         }
+        console.log(">> listOrg4 ");
         return data;
     }
 
diff --git a/tests/integration/common/apiClient.test.ts b/tests/integration/common/apiClient.test.ts
@@ -4,7 +4,7 @@ import { ApiClient } from "../../../src/common/atlas/apiClient.js";
 import { HTTPServerProxyTestSetup } from "../fixtures/httpsServerProxyTest.js";
 
 describe("ApiClient integration test", () => {
-    describe("oauth authentication proxy", () => {
+    describe(`atlas API proxy integration`, () => {
         let apiClient: ApiClient;
         let proxyTestSetup: HTTPServerProxyTestSetup;
 
@@ -26,48 +26,63 @@ describe("ApiClient integration test", () => {
 
         function withToken(accessToken: string, expired: boolean) {
             const apiClientMut = apiClient as unknown as { accessToken: AccessToken };
-            const expireAt = expired ? Date.now() - 100000 : Date.now() + 10000;
+            const diff = 10_000;
+            const now = Date.now();
 
             apiClientMut.accessToken = {
                 access_token: accessToken,
-                expires_at: expireAt,
+                expires_at: expired ? now - diff : now + diff,
             };
         }
 
+        async function ignoringResult(fn: () => Promise<unknown>): Promise<void> {
+            try {
+                await fn();
+            } catch (error: unknown) {
+                // we are ignoring the error because we know that
+                // the type safe client will fail. It will fail
+                // because we are returning an empty 200, and it expects
+                // a specific format not relevant for these tests.
+            }
+        }
+
         afterEach(async () => {
             delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
             delete process.env.HTTP_PROXY;
 
-            await apiClient.close();
+            await ignoringResult(() => apiClient.close());
             await proxyTestSetup.teardown();
         });
 
         it("should send the oauth request through a proxy if configured", async () => {
-            await apiClient.validateAccessToken();
+            await ignoringResult(() => apiClient.validateAccessToken());
             expect(proxyTestSetup.getRequestedUrls()).toEqual([
                 `http://localhost:${proxyTestSetup.httpsServerPort}/api/oauth/token`,
             ]);
         });
 
         it("should send the oauth revoke request through a proxy if configured", async () => {
             withToken("my non expired token", false);
-            await apiClient.close();
+            await ignoringResult(() => apiClient.close());
             expect(proxyTestSetup.getRequestedUrls()).toEqual([
                 `http://localhost:${proxyTestSetup.httpsServerPort}/api/oauth/revoke`,
             ]);
         });
 
         it("should make an atlas call when the token is not expired", async () => {
-            withToken("my not expired", false);
-            await apiClient.listOrganizations();
+            withToken("my non expired token", false);
+            await ignoringResult(() => apiClient.listOrganizations());
             expect(proxyTestSetup.getRequestedUrls()).toEqual([
                 `http://localhost:${proxyTestSetup.httpsServerPort}/api/atlas/v2/orgs`,
             ]);
         });
 
-        it("should request a new token and an atlas call when the token is expired", async () => {
-            withToken("my expired", true);
-            await apiClient.listOrganizations();
+        it("should request a new token and make an atlas call when the token is expired", async () => {
+            withToken("my expired token", true);
+            await ignoringResult(() => apiClient.validateAccessToken());
+            withToken("my non expired token", false);
+            await ignoringResult(() => apiClient.listOrganizations());
+
             expect(proxyTestSetup.getRequestedUrls()).toEqual([
                 `http://localhost:${proxyTestSetup.httpsServerPort}/api/oauth/token`,
                 `http://localhost:${proxyTestSetup.httpsServerPort}/api/atlas/v2/orgs`,
