


























@@ -2,7 +2,11 @@ import { existsSync, readFileSync } from "node:fs";
22import { readFile } from "node:fs/promises";
33import os from "node:os";
44import path from "node:path";
5-import { resolveExpiresAtMsFromDurationSeconds } from "openclaw/plugin-sdk/number-runtime";
5+import {
6+asDateTimestampMs,
7+resolveExpiresAtMsFromDurationMs,
8+resolveExpiresAtMsFromDurationSeconds,
9+} from "openclaw/plugin-sdk/number-runtime";
610import { normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime";
711812type GoogleAuthorizedUserCredentials = {
@@ -32,6 +36,7 @@ const GOOGLE_VERTEX_OAUTH_SCOPE = "https://www.googleapis.com/auth/cloud-platfor
3236// leaves the gateway.
3337const GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS = 60_000;
3438const GOOGLE_VERTEX_DEFAULT_TOKEN_LIFETIME_SECONDS = 3600;
39+const GOOGLE_VERTEX_AUTHLIB_TOKEN_CACHE_MS = 5 * 60_000;
35403641let cachedGoogleVertexAuthorizedUserToken: GoogleVertexAuthorizedUserToken | undefined;
3742let cachedGoogleAuthClient:
@@ -43,18 +48,36 @@ let cachedGoogleAuthClient:
4348| undefined;
4449let cachedGoogleVertexAdcToken: GoogleVertexAdcToken | undefined;
455046-function resolveAuthorizedUserTokenExpiresAtMs(value: unknown, nowMs: number): number {
47-if (typeof value === "number" && Number.isFinite(value)) {
48-return (
49-resolveExpiresAtMsFromDurationSeconds(Math.max(1, value), { nowMs }) ??
50-nowMs - GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS
51-);
51+function isGoogleVertexTokenFresh(expiresAtMsRaw: number, nowRaw = Date.now()): boolean {
52+const expiresAtMs = asDateTimestampMs(expiresAtMsRaw);
53+const nowMs = asDateTimestampMs(nowRaw);
54+if (expiresAtMs === undefined || nowMs === undefined) {
55+return false;
5256}
53-return (
54-resolveExpiresAtMsFromDurationSeconds(GOOGLE_VERTEX_DEFAULT_TOKEN_LIFETIME_SECONDS, {
55- nowMs,
56-}) ?? nowMs - GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS
57+const minFreshExpiresAtMs = resolveExpiresAtMsFromDurationMs(
58+GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS,
59+{ nowMs },
5760);
61+return minFreshExpiresAtMs !== undefined && expiresAtMs > minFreshExpiresAtMs;
62+}
63+64+function resolveAuthorizedUserTokenExpiresAtMs(value: unknown, nowRaw: number): number | undefined {
65+const nowMs = asDateTimestampMs(nowRaw);
66+if (nowMs === undefined) {
67+return undefined;
68+}
69+const lifetimeSeconds =
70+typeof value === "number" && Number.isFinite(value)
71+ ? Math.max(1, value)
72+ : GOOGLE_VERTEX_DEFAULT_TOKEN_LIFETIME_SECONDS;
73+return resolveExpiresAtMsFromDurationSeconds(lifetimeSeconds, { nowMs }) ?? nowMs;
74+}
75+76+function resolveGoogleAuthLibraryTokenExpiresAtMs(nowRaw = Date.now()): number | undefined {
77+const nowMs = asDateTimestampMs(nowRaw);
78+return nowMs === undefined
79+ ? undefined
80+ : resolveExpiresAtMsFromDurationMs(GOOGLE_VERTEX_AUTHLIB_TOKEN_CACHE_MS, { nowMs });
5881}
59826083export function resetGoogleVertexAuthorizedUserTokenCacheForTest(): void {
@@ -177,7 +200,7 @@ async function refreshGoogleVertexAuthorizedUserAccessToken(params: {
177200if (
178201cached?.credentialsPath === params.credentialsPath &&
179202cached.refreshToken === refreshToken &&
180-cached.expiresAtMs - Date.now() > GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS
203+isGoogleVertexTokenFresh(cached.expiresAtMs)
181204) {
182205return cached.token;
183206}
@@ -208,12 +231,15 @@ async function refreshGoogleVertexAuthorizedUserAccessToken(params: {
208231throw new Error("Google Vertex ADC token refresh response did not include an access_token.");
209232}
210233const nowMs = Date.now();
211-cachedGoogleVertexAuthorizedUserToken = {
212- token,
213-expiresAtMs: resolveAuthorizedUserTokenExpiresAtMs(payload?.expires_in, nowMs),
214-credentialsPath: params.credentialsPath,
215- refreshToken,
216-};
234+const expiresAtMs = resolveAuthorizedUserTokenExpiresAtMs(payload?.expires_in, nowMs);
235+if (expiresAtMs !== undefined) {
236+cachedGoogleVertexAuthorizedUserToken = {
237+ token,
238+ expiresAtMs,
239+credentialsPath: params.credentialsPath,
240+ refreshToken,
241+};
242+}
217243return token;
218244}
219245@@ -238,7 +264,7 @@ async function resolveGoogleVertexAccessTokenViaGoogleAuth(): Promise<string> {
238264const auth = await cachedGoogleAuthClient.promise;
239265240266const cached = cachedGoogleVertexAdcToken;
241-if (cached && cached.expiresAtMs - Date.now() > GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS) {
267+if (cached && isGoogleVertexTokenFresh(cached.expiresAtMs)) {
242268return cached.token;
243269}
244270@@ -255,10 +281,13 @@ async function resolveGoogleVertexAccessTokenViaGoogleAuth(): Promise<string> {
255281// `getAccessToken()` return type, so we cache for a conservative 5 minutes.
256282// The library itself already refreshes well before its own internal expiry,
257283// so this cache is mainly to avoid hot-loop calls into the auth client.
258-cachedGoogleVertexAdcToken = {
259-token: normalized,
260-expiresAtMs: Date.now() + 5 * 60_000,
261-};
284+const expiresAtMs = resolveGoogleAuthLibraryTokenExpiresAtMs();
285+if (expiresAtMs !== undefined) {
286+cachedGoogleVertexAdcToken = {
287+token: normalized,
288+ expiresAtMs,
289+};
290+}
262291return normalized;
263292}
264293此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。