feat: automate token fetching in the backend

Author: chriskari

backend/companion/TokenManager.js

@@ -0,0 +1,49 @@
+import { getKcpToken } from './getKcpToken';
+
+export class TokenManager {
+  constructor() {
+    this.currentToken = null;
+    this.tokenExpirationTime = null;
+    // Add buffer time (e.g., 5 minutes) before actual expiration to prevent edge cases
+    this.expirationBuffer = 5 * 60 * 1000;
+  }
+
+  async getToken() {
+    // Check if token exists and is not near expiration
+    if (
+      this.currentToken &&
+      this.tokenExpirationTime &&
+      Date.now() < this.tokenExpirationTime - this.expirationBuffer
+    ) {
+      return this.currentToken;
+    }
+
+    // If token doesn't exist or is expired/near expiration, fetch new token
+    try {
+      const newToken = await getKcpToken();
+      this.currentToken = newToken;
+      // Set expiration time based on JWT expiry
+      // You'll need to decode the JWT to get the actual expiration
+      this.tokenExpirationTime = this.getExpirationFromJWT(newToken);
+      return newToken;
+    } catch (error) {
+      console.error('Failed to refresh token:', error);
+      throw error;
+    }
+  }
+
+  getExpirationFromJWT(token) {
+    try {
+      // Split the token and get the payload
+      const payload = JSON.parse(
+        Buffer.from(token.split('.')[1], 'base64').toString(),
+      );
+      // exp is in seconds, convert to milliseconds
+      return payload.exp * 1000;
+    } catch (error) {
+      console.error('Error parsing JWT:', error);
+      // If we can't parse the expiration, set a default (e.g., 1 hour from now)
+      return Date.now() + 60 * 60 * 1000;
+    }
+  }
+}

backend/routes/companion.js backend/companion/companionRouter.jsbackend/routes/companion.js renamed to backend/companion/companionRouter.js

@@ -1,4 +1,8 @@
 import express from 'express';
+import { TokenManager } from './TokenManager';
+
+const tokenManager = new TokenManager();
+
 const router = express.Router();
 
 router.use(express.json());
@@ -24,7 +28,7 @@ async function handleAIChatRequest(req, res) {
       namespace: namespace,
     };
 
-    const AUTH_TOKEN = '<AUTH_TOKEN>';
+    const AUTH_TOKEN = await tokenManager.getToken();
 
     const response = await fetch(url, {
       method: 'POST',

backend/companion/getKcpToken.js

@@ -0,0 +1,42 @@
+export async function getKcpToken() {
+  const tokenUrl = 'https://kymatest.accounts400.ondemand.com/oauth2/token';
+  const grantType = 'client_credentials';
+  const clientId = process.env.COMPANION_KCP_AUTH_CLIENT_ID;
+  const clientSecret = process.env.COMPANION_KCP_AUTH_CLIENT_SECRET;
+
+  if (!clientId) {
+    throw new Error('COMPANION_KCP_AUTH_CLIENT_ID is not set');
+  }
+  if (!clientSecret) {
+    throw new Error('COMPANION_KCP_AUTH_CLIENT_SECRET is not set');
+  }
+
+  // Prepare request data
+  const requestBody = new URLSearchParams();
+  requestBody.append('grant_type', grantType);
+
+  // Prepare authorization header
+  const authHeader = Buffer.from(`${clientId}:${clientSecret}`).toString(
+    'base64',
+  );
+
+  try {
+    const response = await fetch(tokenUrl, {
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${authHeader}`,
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: requestBody.toString(),
+    });
+
+    if (!response.ok) {
+      throw new Error(`HTTP error! status: ${response.status}`);
+    }
+
+    const data = await response.json();
+    return data.access_token;
+  } catch (error) {
+    throw new Error(`Failed to fetch token: ${error.message}`);
+  }
+}

backend/index.js

@@ -1,7 +1,7 @@
 import { makeHandleRequest, serveStaticApp, serveMonaco } from './common';
 import { handleTracking } from './tracking.js';
 import jsyaml from 'js-yaml';
-import companionRouter from './routes/companion';
+import companionRouter from './companion/companionRouter';
 //import { requestLogger } from './utils/other'; //uncomment this to log the outgoing traffic
 
 const express = require('express');