retry hook for JWT expiry

Author: yujin-wu

dash/dash-renderer/src/AppContainer.react.js

@@ -13,7 +13,8 @@ class UnconnectedAppContainer extends React.Component {
         super(props);
         if (
             props.hooks.request_pre !== null ||
-            props.hooks.request_post !== null
+            props.hooks.request_post !== null ||
+            props.hooks.request_refresh_jwt !== null
         ) {
             props.dispatch(setHooks(props.hooks));
         }

dash/dash-renderer/src/AppProvider.react.tsx

@@ -18,14 +18,16 @@ const AppProvider = ({hooks}: any) => {
 AppProvider.propTypes = {
     hooks: PropTypes.shape({
         request_pre: PropTypes.func,
-        request_post: PropTypes.func
+        request_post: PropTypes.func,
+        request_refresh_jwt: PropTypes.func
     })
 };
 
 AppProvider.defaultProps = {
     hooks: {
         request_pre: null,
-        request_post: null
+        request_post: null,
+        request_refresh_jwt: null
     }
 };
 

dash/dash-renderer/src/actions/api.js

@@ -1,6 +1,8 @@
 import {mergeDeepRight, once} from 'ramda';
-import {handleAsyncError, getCSRFHeader} from '../actions';
+import {getCSRFHeader, handleAsyncError, setConfigNoRefresh} from '../actions';
 import {urlBase} from './utils';
+import {MAX_AUTH_RETRIES} from './constants';
+import {JWT_EXPIRED_MESSAGE, STATUS} from '../constants/constants';
 
 /* eslint-disable-next-line no-console */
 const logWarningOnce = once(console.warn);
@@ -29,8 +31,10 @@ function POST(path, fetchConfig, body = {}) {
 const request = {GET, POST};
 
 export default function apiThunk(endpoint, method, store, id, body) {
-    return (dispatch, getState) => {
-        const {config} = getState();
+    return async (dispatch, getState) => {
+        let {config, hooks} = getState();
+        let configChanged = false;
+
         const url = `${urlBase(config)}${endpoint}`;
 
         function setConnectionStatus(connected) {
@@ -46,48 +50,81 @@ export default function apiThunk(endpoint, method, store, id, body) {
             type: store,
             payload: {id, status: 'loading'}
         });
-        return request[method](url, config.fetch, body)
-            .then(
-                res => {
-                    setConnectionStatus(true);
-                    const contentType = res.headers.get('content-type');
-                    if (
-                        contentType &&
-                        contentType.indexOf('application/json') !== -1
-                    ) {
-                        return res.json().then(json => {
-                            dispatch({
-                                type: store,
-                                payload: {
-                                    status: res.status,
-                                    content: json,
-                                    id
-                                }
-                            });
-                            return json;
-                        });
+
+        try {
+            let res;
+            for (let retry = 0; retry <= MAX_AUTH_RETRIES; retry++) {
+                try {
+                    res = await request[method](url, config.fetch, body);
+                } catch (e) {
+                    // fetch rejection - this means the request didn't return,
+                    // we don't get here from 400/500 errors, only network
+                    // errors or unresponsive servers.
+                    console.log('fetch error', res);
+                    setConnectionStatus(false);
+                    throw e;
+                }
+
+                if (res.status === STATUS.FORBIDDEN) {
+                    console.log(getState());
+                    if (hooks.request_refresh_jwt) {
+                        const body = await res.text();
+                        if (body.includes(JWT_EXPIRED_MESSAGE)) {
+                            const newJwt = await hooks.request_refresh_jwt(
+                                config.fetch.headers.Authorization.substr(
+                                    'Bearer '.length
+                                )
+                            );
+                            if (newJwt) {
+                                config = mergeDeepRight(config, {
+                                    fetch: {
+                                        headers: {
+                                            Authorization: `Bearer ${newJwt}`
+                                        }
+                                    }
+                                });
+                                configChanged = true;
+
+                                continue;
+                            }
+                        }
                     }
-                    logWarningOnce(
-                        'Response is missing header: content-type: application/json'
-                    );
-                    return dispatch({
+                }
+                break;
+            }
+
+            const contentType = res.headers.get('content-type');
+
+            if (configChanged) {
+                dispatch(setConfigNoRefresh(config));
+            }
+            setConnectionStatus(true);
+            if (contentType && contentType.indexOf('application/json') !== -1) {
+                return res.json().then(json => {
+                    dispatch({
                         type: store,
                         payload: {
-                            id,
-                            status: res.status
+                            status: res.status,
+                            content: json,
+                            id
                         }
                     });
-                },
-                () => {
-                    // fetch rejection - this means the request didn't return,
-                    // we don't get here from 400/500 errors, only network
-                    // errors or unresponsive servers.
-                    setConnectionStatus(false);
+                    return json;
+                });
+            }
+            logWarningOnce(
+                'Response is missing header: content-type: application/json'
+            );
+            return dispatch({
+                type: store,
+                payload: {
+                    id,
+                    status: res.status
                 }
-            )
-            .catch(err => {
-                const message = 'Error from API call: ' + endpoint;
-                handleAsyncError(err, message, dispatch);
             });
+        } catch (err) {
+            const message = 'Error from API call: ' + endpoint;
+            handleAsyncError(err, message, dispatch);
+        }
     };
 }

dash/dash-renderer/src/actions/callbacks.ts

@@ -10,7 +10,8 @@ import {
     zip
 } from 'ramda';
 
-import {STATUS} from '../constants/constants';
+import {STATUS, JWT_EXPIRED_MESSAGE} from '../constants/constants';
+import {MAX_AUTH_RETRIES} from './constants';
 import {
     CallbackActionType,
     CallbackAggregateActionType
@@ -29,6 +30,7 @@ import {isMultiValued, stringifyId, isMultiOutputProp} from './dependencies';
 import {urlBase} from './utils';
 import {getCSRFHeader} from '.';
 import {createAction, Action} from 'redux-actions';
+import {setConfigNoRefresh} from '../actions';
 
 export const addBlockedCallbacks = createAction<IBlockedCallback[]>(
     CallbackActionType.AddBlocked
@@ -488,7 +490,7 @@ export function executeCallback(
             };
         }
 
-        const __promise = new Promise<CallbackResult>(resolve => {
+        const __execute = async (): Promise<CallbackResult> => {
             try {
                 const payload: ICallbackPayload = {
                     output,
@@ -502,32 +504,85 @@ export function executeCallback(
 
                 if (clientside_function) {
                     try {
-                        resolve({
+                        return {
                             data: handleClientside(
                                 dispatch,
                                 clientside_function,
                                 config,
                                 payload
                             ),
                             payload
-                        });
+                        };
                     } catch (error) {
-                        resolve({error, payload});
+                        return {error, payload};
                     }
-                    return null;
                 }
 
-                handleServerside(dispatch, hooks, config, payload)
-                    .then(data => resolve({data, payload}))
-                    .catch(error => resolve({error, payload}));
+                let newConfig = config;
+                let configChanged = false;
+                let retry = 0;
+
+                while (true) {
+                    try {
+                        const data = await handleServerside(
+                            dispatch,
+                            hooks,
+                            newConfig,
+                            payload
+                        );
+
+                        if (configChanged) {
+                            dispatch(setConfigNoRefresh(newConfig));
+                        }
+
+                        return {data, payload};
+                    } catch (res) {
+                        retry++;
+
+                        if (
+                            retry <= MAX_AUTH_RETRIES &&
+                            res.status === STATUS.FORBIDDEN
+                        ) {
+                            const body = await res.text();
+
+                            if (body.includes(JWT_EXPIRED_MESSAGE)) {
+                                // From dash embedded
+                                if (hooks.request_refresh_jwt !== null) {
+                                    const newJwt =
+                                        await hooks.request_refresh_jwt(
+                                            config.fetch.headers.Authorization.substr(
+                                                'Bearer '.length
+                                            )
+                                        );
+                                    if (newJwt) {
+                                        newConfig = mergeDeepRight(config, {
+                                            fetch: {
+                                                headers: {
+                                                    Authorization: `Bearer ${newJwt}`
+                                                }
+                                            }
+                                        });
+
+                                        configChanged = true;
+
+                                        continue;
+                                    }
+                                }
+                            }
+                        }
+
+                        // here, it is an error we're not supposed to retry.
+                        throw res;
+                    }
+                }
             } catch (error) {
-                resolve({error, payload: null});
+                return {error, payload: null};
             }
-        });
+        };
 
         const newCb = {
             ...cb,
-            executionPromise: __promise
+            executionPromise: __execute()
         };
 
         return newCb;

dash/dash-renderer/src/actions/constants.js

@@ -6,6 +6,7 @@ const actionList = {
     SET_LAYOUT: 1,
     SET_APP_LIFECYCLE: 1,
     SET_CONFIG: 1,
+    SET_CONFIG_NO_REFRESH: 2,
     ON_ERROR: 1,
     SET_HOOKS: 1
 };
@@ -16,3 +17,5 @@ export const getAction = action => {
     }
     throw new Error(`${action} is not defined.`);
 };
+
+export const MAX_AUTH_RETRIES = 1;

dash/dash-renderer/src/actions/index.js

@@ -11,6 +11,9 @@ import {getPath} from './paths';
 export const onError = createAction(getAction('ON_ERROR'));
 export const setAppLifecycle = createAction(getAction('SET_APP_LIFECYCLE'));
 export const setConfig = createAction(getAction('SET_CONFIG'));
+export const setConfigNoRefresh = createAction(
+    getAction('SET_CONFIG_NO_REFRESH')
+);
 export const setGraphs = createAction(getAction('SET_GRAPHS'));
 export const setHooks = createAction(getAction('SET_HOOKS'));
 export const setLayout = createAction(getAction('SET_LAYOUT'));

dash/dash-renderer/src/constants/constants.js

@@ -1,9 +1,11 @@
 export const REDIRECT_URI_PATHNAME = '/_oauth2/callback';
 export const OAUTH_COOKIE_NAME = 'plotly_oauth_token';
+export const JWT_EXPIRED_MESSAGE = 'JWT Expired';
 
 export const STATUS = {
     OK: 200,
     PREVENT_UPDATE: 204,
+    FORBIDDEN: 401,
     CLIENTSIDE_ERROR: 'CLIENTSIDE_ERROR',
     NO_RESPONSE: 'NO_RESPONSE'
 };

dash/dash-renderer/src/reducers/config.js

@@ -3,6 +3,8 @@ import {getAction} from '../actions/constants';
 export default function config(state = null, action) {
     if (action.type === getAction('SET_CONFIG')) {
         return action.payload;
+    } else if (action.type === getAction('SET_CONFIG_NO_REFRESH')) {
+        return action.payload;
     }
     return state;
 }

dash/dash-renderer/src/reducers/hooks.js

@@ -1,5 +1,10 @@
 const customHooks = (
-    state = {request_pre: null, request_post: null, bear: false},
+    state = {
+        request_pre: null,
+        request_post: null,
+        request_refresh_jwt: null,
+        bear: false
+    },
     action
 ) => {
     switch (action.type) {