@@ -2,6 +2,7 @@ import { existsSync, readFileSync } from "node:fs";
|
2 | 2 | import { readFile } from "node:fs/promises"; |
3 | 3 | import os from "node:os"; |
4 | 4 | import path from "node:path"; |
| 5 | +import { resolveExpiresAtMsFromDurationSeconds } from "openclaw/plugin-sdk/number-runtime"; |
5 | 6 | import { normalizeOptionalString } from "openclaw/plugin-sdk/string-coerce-runtime"; |
6 | 7 | |
7 | 8 | type GoogleAuthorizedUserCredentials = { |
@@ -30,6 +31,7 @@ const GOOGLE_VERTEX_OAUTH_SCOPE = "https://www.googleapis.com/auth/cloud-platfor
|
30 | 31 | // is a 60s buffer) so we don't ship a request that's already revoked when it |
31 | 32 | // leaves the gateway. |
32 | 33 | const GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS = 60_000; |
| 34 | +const GOOGLE_VERTEX_DEFAULT_TOKEN_LIFETIME_SECONDS = 3600; |
33 | 35 | |
34 | 36 | let cachedGoogleVertexAuthorizedUserToken: GoogleVertexAuthorizedUserToken | undefined; |
35 | 37 | let cachedGoogleAuthClient: |
@@ -41,6 +43,20 @@ let cachedGoogleAuthClient:
|
41 | 43 | | undefined; |
42 | 44 | let cachedGoogleVertexAdcToken: GoogleVertexAdcToken | undefined; |
43 | 45 | |
| 46 | +function resolveAuthorizedUserTokenExpiresAtMs(value: unknown, nowMs: number): number { |
| 47 | +if (typeof value === "number" && Number.isFinite(value)) { |
| 48 | +return ( |
| 49 | +resolveExpiresAtMsFromDurationSeconds(Math.max(1, value), { nowMs }) ?? |
| 50 | +nowMs - GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS |
| 51 | +); |
| 52 | +} |
| 53 | +return ( |
| 54 | +resolveExpiresAtMsFromDurationSeconds(GOOGLE_VERTEX_DEFAULT_TOKEN_LIFETIME_SECONDS, { |
| 55 | + nowMs, |
| 56 | +}) ?? nowMs - GOOGLE_VERTEX_TOKEN_EXPIRY_BUFFER_MS |
| 57 | +); |
| 58 | +} |
| 59 | + |
44 | 60 | export function resetGoogleVertexAuthorizedUserTokenCacheForTest(): void { |
45 | 61 | cachedGoogleVertexAuthorizedUserToken = undefined; |
46 | 62 | cachedGoogleAuthClient = undefined; |
@@ -191,13 +207,10 @@ async function refreshGoogleVertexAuthorizedUserAccessToken(params: {
|
191 | 207 | if (!token) { |
192 | 208 | throw new Error("Google Vertex ADC token refresh response did not include an access_token."); |
193 | 209 | } |
194 | | -const expiresInSeconds = |
195 | | -typeof payload?.expires_in === "number" && Number.isFinite(payload.expires_in) |
196 | | - ? payload.expires_in |
197 | | - : 3600; |
| 210 | +const nowMs = Date.now(); |
198 | 211 | cachedGoogleVertexAuthorizedUserToken = { |
199 | 212 | token, |
200 | | -expiresAtMs: Date.now() + Math.max(1, expiresInSeconds) * 1000, |
| 213 | +expiresAtMs: resolveAuthorizedUserTokenExpiresAtMs(payload?.expires_in, nowMs), |
201 | 214 | credentialsPath: params.credentialsPath, |
202 | 215 | refreshToken, |
203 | 216 | }; |
|