Merge branch 'main' into sb/pipessb/pipes

author: Stefan Boberg <[email protected]> 2026-03-18 22:41:38 +0100
committer: GitHub Enterprise <[email protected]> 2026-03-18 22:41:38 +0100
commit: d48a83be4e75d5726cbd37274705b1c5ce7e625d (patch)
tree: 208811d25ecabff8a8695544bc93ffd1d0a12fbf /src/zenhttp/clients/httpwsclient.cpp
parent: Remove IgnoreChildSignals() from zenserver main (diff)
parent: improve auth token refresh (#863) (diff)
download: zen-sb/pipes.tar.xz
zen-sb/pipes.zip
1 files changed, 43 insertions, 6 deletions
diff --git a/src/zenhttp/clients/httpwsclient.cpp b/src/zenhttp/clients/httpwsclient.cpp
index 770213738..4337fcb79 100644
--- a/src/zenhttp/clients/httpwsclient.cpp
+++ b/src/zenhttp/clients/httpwsclient.cpp
@@ -243,13 +243,9 @@ struct HttpWsClient::Impl
 				<< "Sec-WebSocket-Version: 13\r\n";
 
 		// Add Authorization header if access token provider is set
-		if (m_Settings.AccessTokenProvider)
+		if (std::optional<std::string> AccessToken = GetAccessToken(); AccessToken.has_value())
 		{
-			HttpClientAccessToken Token = (*m_Settings.AccessTokenProvider)();
-			if (Token.IsValid())
-			{
-				Request << "Authorization: Bearer " << Token.Value << "\r\n";
-			}
+			Request << "Authorization: Bearer " << AccessToken.value() << "\r\n";
 		}
 
 		Request << "\r\n";
@@ -557,10 +553,51 @@ struct HttpWsClient::Impl
 		}
 	}
 
+	std::optional<std::string> GetAccessToken()
+	{
+		if (!m_Settings.AccessTokenProvider.has_value())
+		{
+			return {};
+		}
+		{
+			RwLock::SharedLockScope _(m_AccessTokenLock);
+			if (!m_CachedAccessToken.NeedsRefresh())
+			{
+				return m_CachedAccessToken.GetValue();
+			}
+		}
+		RwLock::ExclusiveLockScope _(m_AccessTokenLock);
+		if (!m_CachedAccessToken.NeedsRefresh())
+		{
+			return m_CachedAccessToken.GetValue();
+		}
+		HttpClientAccessToken NewAccessToken = m_Settings.AccessTokenProvider.value()();
+		if (NewAccessToken.IsValid())
+		{
+			m_CachedAccessToken = NewAccessToken;
+		}
+		else
+		{
+			if (m_CachedAccessToken.HasExpired())
+			{
+				ZEN_WARN("HttpWsClient refreshed access token is not valid, clearing the cached token as it has expired");
+				m_CachedAccessToken = {};
+			}
+			else
+			{
+				ZEN_WARN("HttpWsClient refreshed access token is not valid, keeping existing token, it will expire soon");
+			}
+		}
+		return m_CachedAccessToken.GetValue();
+	}
+
 	IWsClientHandler&	 m_Handler;
 	HttpWsClientSettings m_Settings;
 	LoggerRef			 m_Log;
 
+	RwLock				  m_AccessTokenLock;
+	HttpClientAccessToken m_CachedAccessToken;
+
 	std::string m_Host;
 	std::string m_Port;
 	std::string m_Path;
author	Stefan Boberg <[email protected]>	2026-03-18 22:41:38 +0100
committer	GitHub Enterprise <[email protected]>	2026-03-18 22:41:38 +0100
commit	d48a83be4e75d5726cbd37274705b1c5ce7e625d (patch)
tree	208811d25ecabff8a8695544bc93ffd1d0a12fbf /src/zenhttp/clients/httpwsclient.cpp
parent	Remove IgnoreChildSignals() from zenserver main (diff)
parent	improve auth token refresh (#863) (diff)
download	zen-sb/pipes.tar.xz zen-sb/pipes.zip