modal 0.3.24 → 0.3.25

package/dist/index.cjs

@@ -42060,9 +42060,135 @@ function imageBuilderVersion(version) {
   return version || clientProfile.imageBuilderVersion || "2024.10";
 }
 
+// src/auth_token_manager.ts
+var REFRESH_WINDOW = 5 * 60;
+var DEFAULT_EXPIRY_OFFSET = 20 * 60;
+var AuthTokenManager = class {
+  client;
+  currentToken = "";
+  tokenExpiry = 0;
+  stopped = false;
+  timeoutId = null;
+  initialTokenPromise = null;
+  constructor(client2) {
+    this.client = client2;
+  }
+  /**
+   * Returns the current cached token.
+   * If the initial token fetch is still in progress, waits for it to complete.
+   */
+  async getToken() {
+    if (this.initialTokenPromise) {
+      await this.initialTokenPromise;
+    }
+    if (this.currentToken && !this.isExpired()) {
+      return this.currentToken;
+    }
+    throw new Error("No valid auth token available");
+  }
+  /**
+   * Fetches a new auth token from the server and stores it.
+   */
+  async fetchToken() {
+    const response = await this.client.authTokenGet({});
+    const token = response.token;
+    if (!token) {
+      throw new Error(
+        "Internal error: did not receive auth token from server, please contact Modal support"
+      );
+    }
+    this.currentToken = token;
+    const exp = this.decodeJWT(token);
+    if (exp > 0) {
+      this.tokenExpiry = exp;
+    } else {
+      console.warn("Failed to decode x-modal-auth-token exp field");
+      this.tokenExpiry = Math.floor(Date.now() / 1e3) + DEFAULT_EXPIRY_OFFSET;
+    }
+  }
+  /**
+   * Background loop that refreshes tokens REFRESH_WINDOW seconds before they expire.
+   */
+  async backgroundRefresh() {
+    while (!this.stopped) {
+      const now = Math.floor(Date.now() / 1e3);
+      const refreshTime = this.tokenExpiry - REFRESH_WINDOW;
+      const delay = Math.max(0, refreshTime - now) * 1e3;
+      await new Promise((resolve) => {
+        this.timeoutId = setTimeout(resolve, delay);
+        this.timeoutId.unref();
+      });
+      if (this.stopped) {
+        return;
+      }
+      try {
+        await this.fetchToken();
+      } catch (error) {
+        console.error("Failed to refresh auth token:", error);
+        await new Promise((resolve) => setTimeout(resolve, 5e3));
+      }
+    }
+  }
+  /**
+   * Fetches the initial token and starts the refresh loop.
+   * Throws an error if the initial token fetch fails.
+   */
+  async start() {
+    this.initialTokenPromise = this.fetchToken();
+    try {
+      await this.initialTokenPromise;
+    } finally {
+      this.initialTokenPromise = null;
+    }
+    this.stopped = false;
+    this.backgroundRefresh();
+  }
+  /**
+   * Stops the background refresh.
+   */
+  stop() {
+    this.stopped = true;
+    if (this.timeoutId) {
+      clearTimeout(this.timeoutId);
+      this.timeoutId = null;
+    }
+  }
+  /**
+   * Extracts the exp claim from a JWT token.
+   */
+  decodeJWT(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 3) {
+        return 0;
+      }
+      let payload = parts[1];
+      while (payload.length % 4 !== 0) {
+        payload += "=";
+      }
+      const decoded = atob(payload);
+      const claims = JSON.parse(decoded);
+      return claims.exp || 0;
+    } catch {
+      return 0;
+    }
+  }
+  isExpired() {
+    const now = Math.floor(Date.now() / 1e3);
+    return now >= this.tokenExpiry;
+  }
+  getCurrentToken() {
+    return this.currentToken;
+  }
+  setToken(token, expiry) {
+    this.currentToken = token;
+    this.tokenExpiry = expiry;
+  }
+};
+
 // src/client.ts
 var defaultProfile = getProfile(process.env["MODAL_PROFILE"]);
-var modalAuthToken;
+var authTokenManager = null;
 function authMiddleware(profile) {
   return async function* authMiddleware2(call, options) {
     if (!profile.tokenId || !profile.tokenSecret) {
@@ -42079,25 +42205,16 @@ function authMiddleware(profile) {
     options.metadata.set("x-modal-client-version", "1.0.0");
     options.metadata.set("x-modal-token-id", tokenId);
     options.metadata.set("x-modal-token-secret", tokenSecret);
-    if (modalAuthToken) {
-      options.metadata.set("x-modal-auth-token", modalAuthToken);
-    }
-    const prevOnHeader = options.onHeader;
-    options.onHeader = (header) => {
-      const token = header.get("x-modal-auth-token");
-      if (token) {
-        modalAuthToken = token;
+    if (call.method.path !== "/modal.client.ModalClient/AuthTokenGet") {
+      if (!authTokenManager) {
+        authTokenManager = new AuthTokenManager(client);
+        authTokenManager.start();
       }
-      prevOnHeader?.(header);
-    };
-    const prevOnTrailer = options.onTrailer;
-    options.onTrailer = (trailer) => {
-      const token = trailer.get("x-modal-auth-token");
+      const token = await authTokenManager.getToken();
       if (token) {
-        modalAuthToken = token;
+        options.metadata.set("x-modal-auth-token", token);
       }
-      prevOnTrailer?.(trailer);
-    };
+    }
     return yield* call.next(call.request, options);
   };
 }
@@ -42233,6 +42350,8 @@ function initializeClient(options) {
   };
   clientProfile = mergedProfile;
   client = createClient(mergedProfile);
+  authTokenManager = new AuthTokenManager(client);
+  authTokenManager.start();
 }
 
 // src/secret.ts
@@ -43646,7 +43765,7 @@ function encodeValue(val, w, proto) {
       if (val >= 0 && val <= 255) {
         w.byte(75 /* BININT1 */);
         w.byte(val);
-      } else if (val >= -32768 && val <= 32767) {
+      } else if (val >= 0 && val <= 65535) {
         w.byte(77 /* BININT2 */);
         w.byte(val & 255);
         w.byte(val >> 8 & 255);
@@ -43781,7 +43900,7 @@ function loads(buf) {
       case 77 /* BININT2 */: {
         const lo = r.byte(), hi = r.byte();
         const n = hi << 8 | lo;
-        push(n & 32768 ? n - 65536 : n);
+        push(n);
         break;
       }
       case 74 /* BININT4 */: {

package/dist/index.js

@@ -42006,9 +42006,135 @@ function imageBuilderVersion(version) {
   return version || clientProfile.imageBuilderVersion || "2024.10";
 }
 
+// src/auth_token_manager.ts
+var REFRESH_WINDOW = 5 * 60;
+var DEFAULT_EXPIRY_OFFSET = 20 * 60;
+var AuthTokenManager = class {
+  client;
+  currentToken = "";
+  tokenExpiry = 0;
+  stopped = false;
+  timeoutId = null;
+  initialTokenPromise = null;
+  constructor(client2) {
+    this.client = client2;
+  }
+  /**
+   * Returns the current cached token.
+   * If the initial token fetch is still in progress, waits for it to complete.
+   */
+  async getToken() {
+    if (this.initialTokenPromise) {
+      await this.initialTokenPromise;
+    }
+    if (this.currentToken && !this.isExpired()) {
+      return this.currentToken;
+    }
+    throw new Error("No valid auth token available");
+  }
+  /**
+   * Fetches a new auth token from the server and stores it.
+   */
+  async fetchToken() {
+    const response = await this.client.authTokenGet({});
+    const token = response.token;
+    if (!token) {
+      throw new Error(
+        "Internal error: did not receive auth token from server, please contact Modal support"
+      );
+    }
+    this.currentToken = token;
+    const exp = this.decodeJWT(token);
+    if (exp > 0) {
+      this.tokenExpiry = exp;
+    } else {
+      console.warn("Failed to decode x-modal-auth-token exp field");
+      this.tokenExpiry = Math.floor(Date.now() / 1e3) + DEFAULT_EXPIRY_OFFSET;
+    }
+  }
+  /**
+   * Background loop that refreshes tokens REFRESH_WINDOW seconds before they expire.
+   */
+  async backgroundRefresh() {
+    while (!this.stopped) {
+      const now = Math.floor(Date.now() / 1e3);
+      const refreshTime = this.tokenExpiry - REFRESH_WINDOW;
+      const delay = Math.max(0, refreshTime - now) * 1e3;
+      await new Promise((resolve) => {
+        this.timeoutId = setTimeout(resolve, delay);
+        this.timeoutId.unref();
+      });
+      if (this.stopped) {
+        return;
+      }
+      try {
+        await this.fetchToken();
+      } catch (error) {
+        console.error("Failed to refresh auth token:", error);
+        await new Promise((resolve) => setTimeout(resolve, 5e3));
+      }
+    }
+  }
+  /**
+   * Fetches the initial token and starts the refresh loop.
+   * Throws an error if the initial token fetch fails.
+   */
+  async start() {
+    this.initialTokenPromise = this.fetchToken();
+    try {
+      await this.initialTokenPromise;
+    } finally {
+      this.initialTokenPromise = null;
+    }
+    this.stopped = false;
+    this.backgroundRefresh();
+  }
+  /**
+   * Stops the background refresh.
+   */
+  stop() {
+    this.stopped = true;
+    if (this.timeoutId) {
+      clearTimeout(this.timeoutId);
+      this.timeoutId = null;
+    }
+  }
+  /**
+   * Extracts the exp claim from a JWT token.
+   */
+  decodeJWT(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 3) {
+        return 0;
+      }
+      let payload = parts[1];
+      while (payload.length % 4 !== 0) {
+        payload += "=";
+      }
+      const decoded = atob(payload);
+      const claims = JSON.parse(decoded);
+      return claims.exp || 0;
+    } catch {
+      return 0;
+    }
+  }
+  isExpired() {
+    const now = Math.floor(Date.now() / 1e3);
+    return now >= this.tokenExpiry;
+  }
+  getCurrentToken() {
+    return this.currentToken;
+  }
+  setToken(token, expiry) {
+    this.currentToken = token;
+    this.tokenExpiry = expiry;
+  }
+};
+
 // src/client.ts
 var defaultProfile = getProfile(process.env["MODAL_PROFILE"]);
-var modalAuthToken;
+var authTokenManager = null;
 function authMiddleware(profile) {
   return async function* authMiddleware2(call, options) {
     if (!profile.tokenId || !profile.tokenSecret) {
@@ -42025,25 +42151,16 @@ function authMiddleware(profile) {
     options.metadata.set("x-modal-client-version", "1.0.0");
     options.metadata.set("x-modal-token-id", tokenId);
     options.metadata.set("x-modal-token-secret", tokenSecret);
-    if (modalAuthToken) {
-      options.metadata.set("x-modal-auth-token", modalAuthToken);
-    }
-    const prevOnHeader = options.onHeader;
-    options.onHeader = (header) => {
-      const token = header.get("x-modal-auth-token");
-      if (token) {
-        modalAuthToken = token;
+    if (call.method.path !== "/modal.client.ModalClient/AuthTokenGet") {
+      if (!authTokenManager) {
+        authTokenManager = new AuthTokenManager(client);
+        authTokenManager.start();
       }
-      prevOnHeader?.(header);
-    };
-    const prevOnTrailer = options.onTrailer;
-    options.onTrailer = (trailer) => {
-      const token = trailer.get("x-modal-auth-token");
+      const token = await authTokenManager.getToken();
       if (token) {
-        modalAuthToken = token;
+        options.metadata.set("x-modal-auth-token", token);
       }
-      prevOnTrailer?.(trailer);
-    };
+    }
     return yield* call.next(call.request, options);
   };
 }
@@ -42179,6 +42296,8 @@ function initializeClient(options) {
   };
   clientProfile = mergedProfile;
   client = createClient(mergedProfile);
+  authTokenManager = new AuthTokenManager(client);
+  authTokenManager.start();
 }
 
 // src/secret.ts
@@ -43592,7 +43711,7 @@ function encodeValue(val, w, proto) {
       if (val >= 0 && val <= 255) {
         w.byte(75 /* BININT1 */);
         w.byte(val);
-      } else if (val >= -32768 && val <= 32767) {
+      } else if (val >= 0 && val <= 65535) {
         w.byte(77 /* BININT2 */);
         w.byte(val & 255);
         w.byte(val >> 8 & 255);
@@ -43727,7 +43846,7 @@ function loads(buf) {
       case 77 /* BININT2 */: {
         const lo = r.byte(), hi = r.byte();
         const n = hi << 8 | lo;
-        push(n & 32768 ? n - 65536 : n);
+        push(n);
         break;
       }
       case 74 /* BININT4 */: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "modal",
-  "version": "0.3.24",
+  "version": "0.3.25",
   "description": "Modal client library for JavaScript",
   "license": "Apache-2.0",
   "homepage": "https://modal.com/docs",
@@ -46,11 +46,13 @@
   },
   "devDependencies": {
     "@eslint/js": "^9.28.0",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^22.15.2",
     "eslint": "^9.28.0",
     "globals": "^16.2.0",
     "grpc-tools": "^1.13.0",
     "http-server": "^14.1.1",
+    "jsonwebtoken": "^9.0.2",
     "p-queue": "^8.1.0",
     "prettier": "^3.5.3",
     "ts-proto": "^2.7.0",