AccessToken last life of running bonob process rather than expiring

src/access_tokens.ts

@@ -1,8 +1,10 @@
-import dayjs, { Dayjs } from 'dayjs';
-import { v4 as uuid } from 'uuid';
+import dayjs, { Dayjs } from "dayjs";
+import { v4 as uuid } from "uuid";
+import { Encryption } from "./encryption";
+import logger from "./logger";
 
 export interface Clock {
-  now(): Dayjs
+  now(): Dayjs;
 }
 
 type AccessToken = {
@@ -19,9 +21,9 @@ export interface AccessTokens {
 export class ExpiringAccessTokens implements AccessTokens {
   tokens = new Map<string, AccessToken>();
   clock: Clock;
-  
-  constructor(clock : Clock = { now: () => dayjs() }) {
-    this.clock = clock
+
+  constructor(clock: Clock = { now: () => dayjs() }) {
+    this.clock = clock;
   }
 
   mint(authToken: string): string {
@@ -29,7 +31,7 @@ export class ExpiringAccessTokens implements AccessTokens {
     const accessToken = {
       value: uuid(),
       authToken,
-      expiry: this.clock.now().add(12, 'hours')
+      expiry: this.clock.now().add(12, "hours"),
     };
     this.tokens.set(accessToken.value, accessToken);
     return accessToken.value;
@@ -41,10 +43,36 @@ export class ExpiringAccessTokens implements AccessTokens {
   }
 
   clearOutExpired() {
-    Array.from(this.tokens.values()).filter(it => it.expiry.isBefore(this.clock.now())).forEach(expired => {
-      this.tokens.delete(expired.value);
-    })
+    Array.from(this.tokens.values())
+      .filter((it) => it.expiry.isBefore(this.clock.now()))
+      .forEach((expired) => {
+        this.tokens.delete(expired.value);
+      });
   }
 
   count = () => this.tokens.size;
 }
+
+export class EncryptedAccessTokens implements AccessTokens {
+  encryption: Encryption;
+
+  constructor(encryption: Encryption) {
+    this.encryption = encryption;
+  }
+
+  mint = (authToken: string): string =>
+    Buffer.from(JSON.stringify(this.encryption.encrypt(authToken))).toString(
+      "base64"
+    );
+
+  authTokenFor(value: string): string | undefined {
+    try {
+      return this.encryption.decrypt(
+        JSON.parse(Buffer.from(value, "base64").toString("ascii"))
+      );
+    } catch {
+      logger.warn("Failed to decrypt access token...");
+      return undefined;
+    }
+  }
+}

src/server.ts

@@ -13,7 +13,9 @@ import {
 import { LinkCodes, InMemoryLinkCodes } from "./link_codes";
 import { MusicService, isSuccess } from "./music_service";
 import bindSmapiSoapServiceToExpress from "./smapi";
-import { AccessTokens, ExpiringAccessTokens } from "./access_tokens";
+import { AccessTokens, EncryptedAccessTokens } from "./access_tokens";
+import encryption from "./encryption";
+import randomString from "./random_string";
 
 export const BONOB_ACCESS_TOKEN_HEADER = "bonob-access-token";
 
@@ -23,7 +25,9 @@ function server(
   webAddress: string | "http://localhost:4534",
   musicService: MusicService,
   linkCodes: LinkCodes = new InMemoryLinkCodes(),
-  accessTokens: AccessTokens = new ExpiringAccessTokens()
+  accessTokens: AccessTokens = new EncryptedAccessTokens(
+    encryption(randomString())
+  )
 ): Express {
   const app = express();
 
@@ -158,20 +162,14 @@ function server(
     const size = Number.parseInt(req.params["size"]!);
     if (!authToken) {
       return res.status(401).send();
-    } else if(type != "artist" && type != "album") {
+    } else if (type != "artist" && type != "album") {
       return res.status(400).send();
     } else {
       return musicService
         .login(authToken)
-        .then((it) =>
-          it.coverArt(
-            id,
-            type,
-            size
-          )
-        )
+        .then((it) => it.coverArt(id, type, size))
         .then((coverArt) => {
-          if(coverArt) {
+          if (coverArt) {
             res.status(200);
             res.setHeader("content-type", coverArt.contentType);
             res.send(coverArt.data);