fix: #2467 fix CPU variance issue (#2473)

* fix: #2467 fix CPU variance issue * fix: adds headers for auth
reapit · Aug 25, 2020 · 6cbe9ce · 6cbe9ce
1 parent e04da4e
commit 6cbe9ce
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 33 deletions.
diff --git a/packages/admin-portal/src/services/utils.ts b/packages/admin-portal/src/services/utils.ts
@@ -1,5 +1,4 @@
 import { StringMap } from '@/types/core'
-import { API_VERSION } from './constants'
 import { reapitConnectBrowserSession } from '@/core/connect-session'
 
 export const generateHeader = async (marketplaceApiKey: string): Promise<StringMap> => {
@@ -11,26 +10,11 @@ export const generateHeader = async (marketplaceApiKey: string): Promise<StringM
       }
 }
 
-export const generateHeaderWithApiV2 = async (marketplaceApiKey: string): Promise<StringMap> => {
-  const headers =
-    window.reapit.config.appEnv === 'production'
-      ? await initAuthorizedRequestHeaders()
-      : {
-          'Content-Type': 'application/json',
-          'X-Api-Key': marketplaceApiKey,
-        }
-  return {
-    ...headers,
-    'api-version': '2',
-  }
-}
-
 export const initAuthorizedRequestHeaders = async () => {
   const session = await reapitConnectBrowserSession.connectSession()
   if (session && session.accessToken) {
     return {
       Authorization: `Bearer ${session.accessToken}`,
-      'api-version': API_VERSION,
       'Content-Type': 'application/json',
     }
   }

diff --git a/packages/connect-session/src/utils/verify-decode-id-token.ts b/packages/connect-session/src/utils/verify-decode-id-token.ts
@@ -101,7 +101,11 @@ export const connectSessionVerifyDecodeIdToken = async (
     const claim = jsonwebtoken.verify(token, key.pem) as Claim
     const currentSeconds = Math.floor(new Date().valueOf() / 1000)
 
-    if (currentSeconds > claim.exp || currentSeconds < claim.auth_time) throw new Error('Id verification claim expired')
+    // Allow an extra 5 seconds to avoid CPU clock variance issues. See: https://github.com/reapit/foundations/issues/2467
+    // basically some Windows laptops calculate time nowin the past so the currentSeconds are before the
+    // auth_time in AWS. Not ideal but prevents constant invalid id_token messages
+    if (currentSeconds > claim.exp + 5 || currentSeconds + 5 < claim.auth_time)
+      throw new Error('Id verification claim expired')
     if (claim.iss !== cognitoIssuer) throw new Error('Id verification claim issuer is invalid')
     if (claim.token_use !== 'id') throw new Error('Id verification claim is not an id token')
 

diff --git a/packages/developer-portal/src/services/utils.ts b/packages/developer-portal/src/services/utils.ts
@@ -4,25 +4,28 @@ import { getAccessToken } from '@/utils/session'
 
 export const generateHeader = async (marketplaceApiKey: string): Promise<StringMap> => {
   return window.reapit.config.appEnv === 'production'
-    ? await initAuthorizedRequestHeaders()
+    ? {
+        Authorization: `Bearer ${await getAccessToken()}`,
+        'Content-Type': 'application/json',
+      }
     : {
         'Content-Type': 'application/json',
         'X-Api-Key': marketplaceApiKey,
       }
 }
 
 export const generateHeaderWithApiV2 = async (marketplaceApiKey: string): Promise<StringMap> => {
-  const headers =
-    window.reapit.config.appEnv === 'production'
-      ? await initAuthorizedRequestHeaders()
-      : {
-          'Content-Type': 'application/json',
-          'X-Api-Key': marketplaceApiKey,
-        }
-  return {
-    ...headers,
-    'api-version': '2',
-  }
+  return window.reapit.config.appEnv === 'production'
+    ? ({
+        Authorization: `Bearer ${await getAccessToken()}`,
+        'Content-Type': 'application/json',
+        'api-version': '2',
+      } as StringMap)
+    : {
+        'Content-Type': 'application/json',
+        'X-Api-Key': marketplaceApiKey,
+        'api-version': '2',
+      }
 }
 
 export const initAuthorizedRequestHeaders = async (): Promise<StringMap> => ({

diff --git a/packages/marketplace/src/services/negotiators.ts b/packages/marketplace/src/services/negotiators.ts
@@ -2,7 +2,7 @@ import { logger } from '@reapit/utils'
 import { fetcher, setQueryParams } from '@reapit/elements'
 import { PagedResultNegotiatorModel_ } from '@reapit/foundations-ts-definitions'
 import { initAuthorizedRequestHeaders } from './utils'
-import { URLS } from './constants'
+import { URLS, API_VERSION } from './constants'
 
 export interface FetchNegotiatorsParams {
   pageNumber?: number
@@ -21,7 +21,10 @@ export const fetchNegotiatorsApi = async (params: FetchNegotiatorsParams): Promi
       url: `${URLS.negotiators}?${setQueryParams(params)}`,
       api: window.reapit.config.platformApiUrl,
       method: 'GET',
-      headers,
+      headers: {
+        ...headers,
+        'api-version': API_VERSION,
+      },
     })
     return response
   } catch (error) {

diff --git a/packages/marketplace/src/services/utils.ts b/packages/marketplace/src/services/utils.ts
@@ -1,5 +1,4 @@
 import { StringMap } from '@/types/core'
-import { API_VERSION } from './constants'
 import { reapitConnectBrowserSession } from '@/core/connect-session'
 
 export const generateHeader = async (marketplaceApiKey: string): Promise<StringMap> => {
@@ -30,7 +29,6 @@ export const initAuthorizedRequestHeaders = async () => {
   if (session && session.accessToken) {
     return {
       Authorization: `Bearer ${session.accessToken}`,
-      'api-version': API_VERSION,
       'Content-Type': 'application/json',
     }
   }