docker · ryanhristovski · Aug 24, 2024 · Aug 23, 2024 · Aug 23, 2024
@@ -34,6 +34,7 @@ require (
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect

@@ -34,6 +34,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=

@@ -1,4 +1,3 @@
-// API client for hub.docker.com
 package hubclient
 
 import (
@@ -9,7 +8,10 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"sync"
 	"time"
+
+	"github.com/dgrijalva/jwt-go"
 )
 
 type Auth struct {
@@ -22,10 +24,13 @@ type Token struct {
 }
 
 type Client struct {
-	BaseURL    string
-	auth       Auth
-	HTTPClient *http.Client
-	userAgent  string
+	BaseURL     string
+	auth        Auth
+	HTTPClient  *http.Client
+	userAgent   string
+	token       string
+	tokenExpiry time.Time
+	mu          sync.Mutex
 }
 
 type Config struct {
@@ -35,7 +40,6 @@ type Config struct {
 	UserAgentVersion string
 }
 
-// Create the API client, providing the authentication.
 func NewClient(config Config) *Client {
 	version := config.UserAgentVersion
 	if version == "" {
@@ -55,51 +59,87 @@ func NewClient(config Config) *Client {
 	}
 }
 
-func (c *Client) sendRequest(ctx context.Context, method string, url string, body []byte, result interface{}) error {
+// parseTokenExpiration parses the JWT token to get the exact expiration time.
+func parseTokenExpiration(tokenString string) (time.Time, error) {
+	token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
+	if err != nil {
+		return time.Time{}, err
+	}
+
+	if claims, ok := token.Claims.(jwt.MapClaims); ok {
+		if exp, ok := claims["exp"].(float64); ok {
+			return time.Unix(int64(exp), 0), nil
+		}
+	}
+
+	return time.Time{}, fmt.Errorf("could not find expiration in token")
+}
+
+func (c *Client) ensureValidToken(ctx context.Context) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.token != "" && time.Now().Before(c.tokenExpiry) {
+		return nil
+	}
+
 	authJSON, err := json.Marshal(c.auth)
 	if err != nil {
 		return err
 	}
+
 	req, err := http.NewRequest("POST", fmt.Sprintf("%s/users/login/", c.BaseURL), bytes.NewBuffer(authJSON))
 	if err != nil {
 		return err
 	}
-	req.Header.Set("Content-Type", "application/json; charset=utf-8")
-	req.Header.Set("Accept", "application/json; charset=utf-8")
-
+	req.Header.Set("Content-Type", "application/json")
 	req = req.WithContext(ctx)
 
 	res, err := c.HTTPClient.Do(req)
 	if err != nil {
 		return err
 	}
-
 	defer res.Body.Close()
 
 	if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest {
-		bodyBytes, readErr := io.ReadAll(res.Body)
-		if readErr != nil {
-			return readErr
-		}
-		return errors.New(string(bodyBytes))
+		return fmt.Errorf("HTTP error: %s", res.Status)
 	}
+
 	token := Token{}
 	if err = json.NewDecoder(res.Body).Decode(&token); err != nil {
 		return err
 	}
 
-	req, err = http.NewRequest(method, fmt.Sprintf("%s%s", c.BaseURL, url), bytes.NewBuffer(body))
+	// Parse the exact expiration time from the token
+	expirationTime, err := parseTokenExpiration(token.Token)
 	if err != nil {
 		return err
 	}
-	req.Header.Set("Content-Type", "application/json; charset=utf-8")
-	req.Header.Set("Accept", "application/json; charset=utf-8")
+
+	// Store the new token and its exact expiration time
+	c.token = token.Token
+	c.tokenExpiry = expirationTime
+
+	return nil
+}
+
+func (c *Client) sendRequest(ctx context.Context, method string, url string, body []byte, result interface{}) error {
+	if err := c.ensureValidToken(ctx); err != nil {
+		return err
+	}
+
+	req, err := http.NewRequest(method, fmt.Sprintf("%s%s", c.BaseURL, url), bytes.NewBuffer(body))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
 	req.Header.Set("User-Agent", c.userAgent)
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.Token))
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.token))
 
 	req = req.WithContext(ctx)
 
-	res, err = c.HTTPClient.Do(req)
+	res, err := c.HTTPClient.Do(req)
 	if err != nil {
 		return err
 	}