mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/monzo_ynab/tokens.go

228 lines
6.8 KiB
Go
Raw Normal View History

Create server for managing Monzo credentials I created a server to manage my access and refresh tokens. This server exposes a larger API than it needs to at the moment, but that should change. The goal is to expose a GET at /token to retrieve a valid access token. The server should take care of refreshing tokens before they expire and getting entirely new tokens, should they become so stale that I need to re-authorize my application. A lot of my development of this project has been clumsy. I'm new to Go; I didn't understand OAuth2.0; I'm learning concurrent programming (outside of the context of comfortable Elixir/Erlang). My habits for writing programs in compiled languages feels amateurish. I find myself dropping log.Println's all over the source code when I should be using proper debugging tools like Delve and properly logging with things like httputil.Dump{Request,Response}. The application right now is in a transitional state. There is still plenty of code in main.go that belongs in tokens.go. For instance, the client authorization code belongs in the tokens server. Another question I haven't answered is where is the monzo client that I can use to make function calls like `monzo.Transactions` or `monzo.Accounts`? The benefit of having a tokens server is that it allows me to maintain state of the tokens while I'm developing. This way, I can stop and start main.go without disturbing the state of the access tokens. Of course this isn't the primary benefit, which is to abstract over the OAuth details and expose an API that gives me an access token whenever I request one. The first benefit that I listed could and perhaps should be solved by introducing some simple persistence. I'd like to write the access tokens to disk when I shutdown the tokens server and read them from disk when I start the tokens server. This will come. I could have done this before introducing the tokens server, and it would have saved me a few hours I think. Where has my time gone? Mostly I've been re-authorizing my client unnecessarily. This process is expensive because it opens a web browser, asks me to enter my email address, sends me an email, I then click the link in that email. Overall this takes maybe 1-3 minutes in total. Before my tokens server existed, however, I was doing this about 10-20 times per hour. It's a little disappointing that I didn't rectify this earlier. I'd like to remain vigilant and avoid making similar workflow mistakes as I move ahead.
2020-02-09 02:07:36 +01:00
// Creating a Tokens server to manage my access and refresh tokens. Keeping this
// as a separate server allows me to develop and use the access tokens without
// going through client authorization.
package main
////////////////////////////////////////////////////////////////////////////////
// Dependencies
////////////////////////////////////////////////////////////////////////////////
import (
"bytes"
"encoding/json"
"fmt"
"log"
"net/http"
"net/url"
"os"
"time"
Read tokens from store when server starts Attempting to read the persisted tokens from the key-value store when the server begins. The server currently fails when those values are empty. TODO - Consider adding logic for knowing if the cached tokens are expired and prompt the user to reauthorize the client using a web browser.
2020-02-09 14:51:45 +01:00
"kv"
Gracefully shutdown server Listen for SIGINT and SIGTERM signals and write the current state to the key-value store before shutting down.
2020-02-09 14:53:06 +01:00
"os/signal"
"syscall"
Create server for managing Monzo credentials I created a server to manage my access and refresh tokens. This server exposes a larger API than it needs to at the moment, but that should change. The goal is to expose a GET at /token to retrieve a valid access token. The server should take care of refreshing tokens before they expire and getting entirely new tokens, should they become so stale that I need to re-authorize my application. A lot of my development of this project has been clumsy. I'm new to Go; I didn't understand OAuth2.0; I'm learning concurrent programming (outside of the context of comfortable Elixir/Erlang). My habits for writing programs in compiled languages feels amateurish. I find myself dropping log.Println's all over the source code when I should be using proper debugging tools like Delve and properly logging with things like httputil.Dump{Request,Response}. The application right now is in a transitional state. There is still plenty of code in main.go that belongs in tokens.go. For instance, the client authorization code belongs in the tokens server. Another question I haven't answered is where is the monzo client that I can use to make function calls like `monzo.Transactions` or `monzo.Accounts`? The benefit of having a tokens server is that it allows me to maintain state of the tokens while I'm developing. This way, I can stop and start main.go without disturbing the state of the access tokens. Of course this isn't the primary benefit, which is to abstract over the OAuth details and expose an API that gives me an access token whenever I request one. The first benefit that I listed could and perhaps should be solved by introducing some simple persistence. I'd like to write the access tokens to disk when I shutdown the tokens server and read them from disk when I start the tokens server. This will come. I could have done this before introducing the tokens server, and it would have saved me a few hours I think. Where has my time gone? Mostly I've been re-authorizing my client unnecessarily. This process is expensive because it opens a web browser, asks me to enter my email address, sends me an email, I then click the link in that email. Overall this takes maybe 1-3 minutes in total. Before my tokens server existed, however, I was doing this about 10-20 times per hour. It's a little disappointing that I didn't rectify this earlier. I'd like to remain vigilant and avoid making similar workflow mistakes as I move ahead.
2020-02-09 02:07:36 +01:00
)
////////////////////////////////////////////////////////////////////////////////
// Types
////////////////////////////////////////////////////////////////////////////////
// This is the response from Monzo's API after we request an access token
// refresh.
type refreshTokenResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
ClientId string `json:"client_id"`
ExpiresIn int `json:"expires_in"`
}
// This is the shape of the request from clients wishing to set state of the
// server.
type setTokensRequest struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
ExpiresIn int `json:"expires_in"`
}
// This is our application state.
type state struct {
accessToken string `json:"access_token"`
refreshToken string `json:"refresh_token"`
}
type readMsg struct {
sender chan state
}
type writeMsg struct {
state state
}
type channels struct {
reads chan readMsg
writes chan writeMsg
}
////////////////////////////////////////////////////////////////////////////////
// Top-level Definitions
////////////////////////////////////////////////////////////////////////////////
var chans = &channels{
reads: make(chan readMsg),
writes: make(chan writeMsg),
}
var (
monzoClientId = os.Getenv("monzo_client_id")
monzoClientSecret = os.Getenv("monzo_client_secret")
)
////////////////////////////////////////////////////////////////////////////////
// Utils
////////////////////////////////////////////////////////////////////////////////
// Schedule a token refresh for `expiresIn` seconds using the provided
// `refreshToken`. This will update the application state with the access token
// and schedule an additional token refresh for the newly acquired tokens.
func scheduleTokenRefresh(expiresIn int, refreshToken string) {
duration := time.Second * time.Duration(expiresIn)
timestamp := time.Now().Local().Add(duration)
log.Printf("Scheduling token refresh for %v\n", timestamp)
time.Sleep(duration)
log.Println("Refreshing tokens now...")
access, refresh := refreshTokens(refreshToken)
log.Println("Successfully refreshed tokens.")
chans.writes <- writeMsg{state{access, refresh}}
}
// Exchange existing credentials for a new access token and `refreshToken`. Also
// schedule the next refresh. This function returns the newly acquired access
// token and refresh token.
func refreshTokens(refreshToken string) (string, string) {
// TODO(wpcarro): Support retries with exponential backoff.
res, err := http.PostForm("https://api.monzo.com/oauth2/token", url.Values{
"grant_type": {"refresh_token"},
"client_id": {monzoClientId},
"client_secret": {monzoClientSecret},
"refresh_token": {refreshToken},
})
if err != nil {
log.Println(res)
log.Fatal("The request to Monzo to refresh our access token failed.", err)
}
defer res.Body.Close()
payload := &refreshTokenResponse{}
err = json.NewDecoder(res.Body).Decode(payload)
if err != nil {
log.Println(res)
log.Fatal("Could not decode the JSON response from Monzo.", err)
}
go scheduleTokenRefresh(payload.ExpiresIn, payload.RefreshToken)
return payload.AccessToken, payload.RefreshToken
}
Gracefully shutdown server Listen for SIGINT and SIGTERM signals and write the current state to the key-value store before shutting down.
2020-02-09 14:53:06 +01:00
// Listen for SIGINT and SIGTERM signals. When received, persist the access and
// refresh tokens and shutdown the server.
func handleInterrupts() {
// Gracefully handle interruptions.
sigs := make(chan os.Signal)
done := make(chan bool)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
go func() {
sig := <-sigs
log.Printf("Received signal to shutdown. %v\n", sig)
// Persist existing tokens
log.Println("Persisting existing credentials...")
msg := readMsg{make(chan state)}
chans.reads <- msg
state := <-msg.sender
kv.Set("monzoAccessToken", state.accessToken)
kv.Set("monzoRefreshToken", state.refreshToken)
log.Println("Credentials persisted.")
done <- true
}()
<-done
log.Println("Received signal to shutdown. Exiting...")
os.Exit(0)
}
Create server for managing Monzo credentials I created a server to manage my access and refresh tokens. This server exposes a larger API than it needs to at the moment, but that should change. The goal is to expose a GET at /token to retrieve a valid access token. The server should take care of refreshing tokens before they expire and getting entirely new tokens, should they become so stale that I need to re-authorize my application. A lot of my development of this project has been clumsy. I'm new to Go; I didn't understand OAuth2.0; I'm learning concurrent programming (outside of the context of comfortable Elixir/Erlang). My habits for writing programs in compiled languages feels amateurish. I find myself dropping log.Println's all over the source code when I should be using proper debugging tools like Delve and properly logging with things like httputil.Dump{Request,Response}. The application right now is in a transitional state. There is still plenty of code in main.go that belongs in tokens.go. For instance, the client authorization code belongs in the tokens server. Another question I haven't answered is where is the monzo client that I can use to make function calls like `monzo.Transactions` or `monzo.Accounts`? The benefit of having a tokens server is that it allows me to maintain state of the tokens while I'm developing. This way, I can stop and start main.go without disturbing the state of the access tokens. Of course this isn't the primary benefit, which is to abstract over the OAuth details and expose an API that gives me an access token whenever I request one. The first benefit that I listed could and perhaps should be solved by introducing some simple persistence. I'd like to write the access tokens to disk when I shutdown the tokens server and read them from disk when I start the tokens server. This will come. I could have done this before introducing the tokens server, and it would have saved me a few hours I think. Where has my time gone? Mostly I've been re-authorizing my client unnecessarily. This process is expensive because it opens a web browser, asks me to enter my email address, sends me an email, I then click the link in that email. Overall this takes maybe 1-3 minutes in total. Before my tokens server existed, however, I was doing this about 10-20 times per hour. It's a little disappointing that I didn't rectify this earlier. I'd like to remain vigilant and avoid making similar workflow mistakes as I move ahead.
2020-02-09 02:07:36 +01:00
////////////////////////////////////////////////////////////////////////////////
// Main
////////////////////////////////////////////////////////////////////////////////
func main() {
Read tokens from store when server starts Attempting to read the persisted tokens from the key-value store when the server begins. The server currently fails when those values are empty. TODO - Consider adding logic for knowing if the cached tokens are expired and prompt the user to reauthorize the client using a web browser.
2020-02-09 14:51:45 +01:00
// Retrieve cached tokens from store.
accessToken := fmt.Sprintf("%v", kv.Get("monzoAccessToken"))
refreshToken := fmt.Sprintf("%v", kv.Get("monzoRefreshToken"))
log.Println("Attempting to retrieve cached credentials...")
log.Printf("Access token: %s\n", accessToken)
log.Printf("Refresh token: %s\n", refreshToken)
if accessToken == "" || refreshToken == "" {
log.Fatal("Cannot start server without access or refresh tokens.")
}
Gracefully shutdown server Listen for SIGINT and SIGTERM signals and write the current state to the key-value store before shutting down.
2020-02-09 14:53:06 +01:00
// Gracefully shutdown.
go handleInterrupts()
Create server for managing Monzo credentials I created a server to manage my access and refresh tokens. This server exposes a larger API than it needs to at the moment, but that should change. The goal is to expose a GET at /token to retrieve a valid access token. The server should take care of refreshing tokens before they expire and getting entirely new tokens, should they become so stale that I need to re-authorize my application. A lot of my development of this project has been clumsy. I'm new to Go; I didn't understand OAuth2.0; I'm learning concurrent programming (outside of the context of comfortable Elixir/Erlang). My habits for writing programs in compiled languages feels amateurish. I find myself dropping log.Println's all over the source code when I should be using proper debugging tools like Delve and properly logging with things like httputil.Dump{Request,Response}. The application right now is in a transitional state. There is still plenty of code in main.go that belongs in tokens.go. For instance, the client authorization code belongs in the tokens server. Another question I haven't answered is where is the monzo client that I can use to make function calls like `monzo.Transactions` or `monzo.Accounts`? The benefit of having a tokens server is that it allows me to maintain state of the tokens while I'm developing. This way, I can stop and start main.go without disturbing the state of the access tokens. Of course this isn't the primary benefit, which is to abstract over the OAuth details and expose an API that gives me an access token whenever I request one. The first benefit that I listed could and perhaps should be solved by introducing some simple persistence. I'd like to write the access tokens to disk when I shutdown the tokens server and read them from disk when I start the tokens server. This will come. I could have done this before introducing the tokens server, and it would have saved me a few hours I think. Where has my time gone? Mostly I've been re-authorizing my client unnecessarily. This process is expensive because it opens a web browser, asks me to enter my email address, sends me an email, I then click the link in that email. Overall this takes maybe 1-3 minutes in total. Before my tokens server existed, however, I was doing this about 10-20 times per hour. It's a little disappointing that I didn't rectify this earlier. I'd like to remain vigilant and avoid making similar workflow mistakes as I move ahead.
2020-02-09 02:07:36 +01:00
// Manage application state.
go func() {
Read tokens from store when server starts Attempting to read the persisted tokens from the key-value store when the server begins. The server currently fails when those values are empty. TODO - Consider adding logic for knowing if the cached tokens are expired and prompt the user to reauthorize the client using a web browser.
2020-02-09 14:51:45 +01:00
state := &state{accessToken, refreshToken}
Create server for managing Monzo credentials I created a server to manage my access and refresh tokens. This server exposes a larger API than it needs to at the moment, but that should change. The goal is to expose a GET at /token to retrieve a valid access token. The server should take care of refreshing tokens before they expire and getting entirely new tokens, should they become so stale that I need to re-authorize my application. A lot of my development of this project has been clumsy. I'm new to Go; I didn't understand OAuth2.0; I'm learning concurrent programming (outside of the context of comfortable Elixir/Erlang). My habits for writing programs in compiled languages feels amateurish. I find myself dropping log.Println's all over the source code when I should be using proper debugging tools like Delve and properly logging with things like httputil.Dump{Request,Response}. The application right now is in a transitional state. There is still plenty of code in main.go that belongs in tokens.go. For instance, the client authorization code belongs in the tokens server. Another question I haven't answered is where is the monzo client that I can use to make function calls like `monzo.Transactions` or `monzo.Accounts`? The benefit of having a tokens server is that it allows me to maintain state of the tokens while I'm developing. This way, I can stop and start main.go without disturbing the state of the access tokens. Of course this isn't the primary benefit, which is to abstract over the OAuth details and expose an API that gives me an access token whenever I request one. The first benefit that I listed could and perhaps should be solved by introducing some simple persistence. I'd like to write the access tokens to disk when I shutdown the tokens server and read them from disk when I start the tokens server. This will come. I could have done this before introducing the tokens server, and it would have saved me a few hours I think. Where has my time gone? Mostly I've been re-authorizing my client unnecessarily. This process is expensive because it opens a web browser, asks me to enter my email address, sends me an email, I then click the link in that email. Overall this takes maybe 1-3 minutes in total. Before my tokens server existed, however, I was doing this about 10-20 times per hour. It's a little disappointing that I didn't rectify this earlier. I'd like to remain vigilant and avoid making similar workflow mistakes as I move ahead.
2020-02-09 02:07:36 +01:00
for {
select {
case msg := <-chans.reads:
log.Printf("Reading from state.")
log.Printf("Access Token: %s\n", state.accessToken)
log.Printf("Refresh Token: %s\n", state.refreshToken)
msg.sender <- *state
case msg := <-chans.writes:
fmt.Printf("Writing new state: %v\n", msg.state)
*state = msg.state
}
}
}()
// Listen to inbound requests.
fmt.Println("Listening on http://localhost:4242 ...")
log.Fatal(http.ListenAndServe(":4242", http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if req.URL.Path == "/refresh-tokens" && req.Method == "POST" {
msg := readMsg{make(chan state)}
chans.reads <- msg
state := <-msg.sender
go scheduleTokenRefresh(0, state.refreshToken)
fmt.Fprintf(w, "Done.")
} else if req.URL.Path == "/set-tokens" && req.Method == "POST" {
// Parse
payload := &setTokensRequest{}
err := json.NewDecoder(req.Body).Decode(payload)
if err != nil {
log.Fatal("Could not decode the user's JSON request.", err)
}
// Update application state
msg := writeMsg{state{payload.AccessToken, payload.RefreshToken}}
chans.writes <- msg
// Refresh tokens
go scheduleTokenRefresh(payload.ExpiresIn, payload.RefreshToken)
// Ack
fmt.Fprintf(w, "Done.")
} else if req.URL.Path == "/state" && req.Method == "GET" {
// TODO(wpcarro): Ensure that this returns serialized state.
w.Header().Set("Content-type", "application/json")
msg := readMsg{make(chan state)}
chans.reads <- msg
state := <-msg.sender
payload, _ := json.Marshal(state)
fmt.Fprintf(w, "Application state: %s\n", bytes.NewBuffer(payload))
} else {
log.Printf("Unhandled request: %v\n", *req)
}
})))
}
Reference in a new issue Copy permalink