summaryrefslogtreecommitdiffhomepage
path: root/ios/MullvadREST/ApiHandlers/RESTAccessTokenManager.swift
blob: 75edf37afac34209699875229ab3e0eca670758d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

//
//  RESTAccessTokenManager.swift
//  MullvadREST
//
//  Created by pronebird on 16/04/2022.
//  Copyright © 2025 Mullvad VPN AB. All rights reserved.
//

import Foundation
import MullvadLogging
import MullvadTypes
import Operations

public protocol RESTAccessTokenManagement: Sendable {
    func getAccessToken(
        accountNumber: String,
        completionHandler: @escaping @Sendable ProxyCompletionHandler<REST.AccessTokenData>
    ) -> Cancellable

    func invalidateAllTokens()
}

extension REST {
    public final class AccessTokenManager: RESTAccessTokenManagement, @unchecked Sendable {
        private let logger = Logger(label: "REST.AccessTokenManager")
        private let operationQueue = AsyncOperationQueue.makeSerial()
        private let dispatchQueue = DispatchQueue(label: "REST.AccessTokenManager.dispatchQueue")
        private let proxy: AuthenticationProxy
        private var tokens = [String: AccessTokenData]()

        public init(authenticationProxy: AuthenticationProxy) {
            proxy = authenticationProxy
        }

        public func getAccessToken(
            accountNumber: String,
            completionHandler: @escaping @Sendable ProxyCompletionHandler<REST.AccessTokenData>
        ) -> Cancellable {
            let operation =
                ResultBlockOperation<REST.AccessTokenData>(dispatchQueue: dispatchQueue) { finish -> Cancellable in
                    if let tokenData = self.tokens[accountNumber], tokenData.expiry > Date() {
                        finish(.success(tokenData))
                        return AnyCancellable()
                    }

                    return self.proxy.getAccessToken(accountNumber: accountNumber, retryStrategy: .noRetry) { result in
                        self.dispatchQueue.async {
                            switch result {
                            case let .success(tokenData):
                                self.tokens[accountNumber] = tokenData

                            case let .failure(error) where !error.isOperationCancellationError:
                                self.logger.error(
                                    error: error,
                                    message: "Failed to fetch access token."
                                )

                            default:
                                break
                            }

                            finish(result)
                        }
                    }
                }

            operation.completionQueue = .main
            operation.completionHandler = completionHandler

            operationQueue.addOperation(operation)

            return operation
        }

        public func invalidateAllTokens() {
            operationQueue.addOperation(
                AsyncBlockOperation(dispatchQueue: dispatchQueue) { [weak self] in
                    guard let self else {
                        return
                    }
                    self.tokens.removeAll()
                })
        }
    }
}
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.