npm - axvault - Versions diffs - 1.9.2 → 1.9.3 - Mend

axvault 1.9.2 → 1.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/handlers/refresh-credential-on-read.js +5 -28
package/dist/handlers/should-refresh-credential.d.ts +14 -0
package/dist/handlers/should-refresh-credential.js +23 -0
package/package.json +1 -1

package/dist/handlers/refresh-credential-on-read.js CHANGED Viewed

@@ -4,11 +4,11 @@
  * Encapsulates refresh decision logic + per-credential mutex so the handler
  * stays small enough for static complexity checks (FTA).
  */
-import { isCredentialExpired, isRefreshable, refreshBlob, } from "axauth";
-import { isValidAgentCli, isRefreshableCredentialType, parseCredentials, } from "axshared";
+import { refreshBlob } from "axauth";
 import { getCredential, updateCredentialIfUnchanged, } from "../db/repositories/credentials.js";
 import { logAccess } from "../db/repositories/audit-log.js";
 import { decryptCredential, encryptCredential } from "../lib/encryption.js";
+import { shouldRefreshCredential } from "./should-refresh-credential.js";
 /** Per-credential mutex to prevent concurrent refreshes */
 const pendingRefreshes = new Map();
 function getRefreshPromise(name, blob, agent, provider, refreshTimeoutMs) {
@@ -29,31 +29,8 @@ function getRefreshPromise(name, blob, agent, provider, refreshTimeoutMs) {
     return promise;
 }
 async function refreshCredentialOnRead(options) {
-    if (options.refreshThresholdSeconds <= 0) {
-        return {
-            status: "ok",
-            blob: options.blob,
-            updatedAt: options.expectedUpdatedAt,
-            wasRefreshed: false,
-            refreshFailed: false,
-        };
-    }
-    // Refresh requires a valid agent ID (empty means pre-v2 credential)
-    if (!isValidAgentCli(options.agent)) {
-        return {
-            status: "ok",
-            blob: options.blob,
-            updatedAt: options.expectedUpdatedAt,
-            wasRefreshed: false,
-            refreshFailed: false,
-        };
-    }
-    const agent = options.agent;
-    const parsedCredentials = parseCredentials(options.blob);
-    if (parsedCredentials === undefined ||
-        !isRefreshableCredentialType(parsedCredentials.type) ||
-        !isRefreshable(parsedCredentials.data) ||
-        isCredentialExpired(parsedCredentials.data, options.refreshThresholdSeconds) !== true) {
+    const decision = shouldRefreshCredential(options.blob, options.agent, options.refreshThresholdSeconds);
+    if (!decision.refresh) {
         return {
             status: "ok",
             blob: options.blob,
@@ -63,7 +40,7 @@ async function refreshCredentialOnRead(options) {
         };
     }
     try {
-        const refreshResult = await getRefreshPromise(options.name, options.blob, agent, options.provider, options.refreshTimeoutMs);
+        const refreshResult = await getRefreshPromise(options.name, options.blob, decision.agent, options.provider, options.refreshTimeoutMs);
         if (refreshResult.ok) {
             const encrypted = encryptCredential(refreshResult.blob);
             const updateResult = updateCredentialIfUnchanged(options.database, {

package/dist/handlers/should-refresh-credential.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Decision logic for whether a credential should be refreshed on read.
+ *
+ * Extracted to keep refresh-credential-on-read.ts under the FTA threshold.
+ */
+import { type AgentCli } from "axshared";
+/** Check whether a credential should be refreshed */
+declare function shouldRefreshCredential(blob: unknown, agent: string, refreshThresholdSeconds: number): {
+    refresh: true;
+    agent: AgentCli;
+} | {
+    refresh: false;
+};
+export { shouldRefreshCredential };

package/dist/handlers/should-refresh-credential.js ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Decision logic for whether a credential should be refreshed on read.
+ *
+ * Extracted to keep refresh-credential-on-read.ts under the FTA threshold.
+ */
+import { isCredentialExpired, isRefreshable } from "axauth";
+import { isValidAgentCli, isRefreshableCredentialType, parseCredentials, } from "axshared";
+/** Check whether a credential should be refreshed */
+function shouldRefreshCredential(blob, agent, refreshThresholdSeconds) {
+    if (refreshThresholdSeconds <= 0)
+        return { refresh: false };
+    if (!isValidAgentCli(agent))
+        return { refresh: false };
+    const parsed = parseCredentials(blob);
+    if (parsed === undefined ||
+        !isRefreshableCredentialType(parsed.type) ||
+        !isRefreshable(parsed.data) ||
+        isCredentialExpired(parsed.data, refreshThresholdSeconds) !== true) {
+        return { refresh: false };
+    }
+    return { refresh: true, agent };
+}
+export { shouldRefreshCredential };

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "axvault",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "1.9.2",
+  "version": "1.9.3",
   "description": "Remote credential storage server for axkit",
   "repository": {
     "type": "git",