From bec492fe6522cc3fda801ed84d2229763fe2e70e Mon Sep 17 00:00:00 2001
From: tickstep <tickstep@outlook.com>
Date: Sun, 3 Mar 2024 09:11:58 +0800
Subject: [PATCH] fix refresh & save new token error

---
 internal/command/utils.go                   | 71 ++++++++++++++++++++-
 internal/config/pan_user.go                 |  4 +-
 internal/functions/panlogin/login_helper.go |  6 +-
 main.go                                     |  1 +
 4 files changed, 76 insertions(+), 6 deletions(-)

diff --git a/internal/command/utils.go b/internal/command/utils.go
index ea9bc5c..405c4a8 100644
--- a/internal/command/utils.go
+++ b/internal/command/utils.go
@@ -157,7 +157,7 @@ func RefreshWebTokenInNeed(activeUser *config.PanUser, deviceName string) bool {
 				plugin, _ := pluginManger.GetPlugin()
 				params := &plugins.UserTokenRefreshFinishParams{
 					Result:    "success",
-					Message:   "",
+					Message:   "webapi",
 					OldToken:  "",
 					NewToken:  "",
 					UpdatedAt: utils.NowTimeStr(),
@@ -166,7 +166,7 @@ func RefreshWebTokenInNeed(activeUser *config.PanUser, deviceName string) bool {
 				// need update refresh token
 				logger.Verboseln("web access token expired, get new from server")
 				loginHelper := panlogin.NewLoginHelper(config.DefaultTokenServiceWebHost)
-				wt, e := loginHelper.GetWebapiNewToken(activeUser.TicketId, activeUser.UserId)
+				wt, e := loginHelper.GetWebapiNewToken(activeUser.TicketId, activeUser.UserId, activeUser.PanClient().WebapiPanClient().GetAccessToken())
 				if e != nil {
 					logger.Verboseln("get web token from server error: ", e)
 				}
@@ -175,6 +175,7 @@ func RefreshWebTokenInNeed(activeUser *config.PanUser, deviceName string) bool {
 					params.OldToken = activeUser.WebapiToken.AccessToken
 					params.NewToken = wt.AccessToken
 
+					// update for user & client
 					userWebToken := NewWebLoginToken(wt.AccessToken, wt.Expired)
 					activeUser.WebapiToken = &config.PanClientToken{
 						AccessToken: wt.AccessToken,
@@ -212,6 +213,72 @@ func RefreshWebTokenInNeed(activeUser *config.PanUser, deviceName string) bool {
 	return false
 }
 
+// RefreshOpenTokenInNeed 刷新 openapi access token
+func RefreshOpenTokenInNeed(activeUser *config.PanUser) bool {
+	if activeUser == nil {
+		return false
+	}
+
+	// refresh expired openapi token
+	if activeUser.PanClient().OpenapiPanClient() != nil {
+		if len(activeUser.OpenapiToken.AccessToken) > 0 {
+			cz := time.FixedZone("CST", 8*3600) // 东8区
+			expiredTime := time.Unix(activeUser.OpenapiToken.Expired, 0).In(cz)
+			now := time.Now()
+			if (expiredTime.Unix() - now.Unix()) <= (2 * 60) { // 有效期小于2min就刷新
+				pluginManger := plugins.NewPluginManager(config.GetPluginDir())
+				plugin, _ := pluginManger.GetPlugin()
+				params := &plugins.UserTokenRefreshFinishParams{
+					Result:    "success",
+					Message:   "openapi",
+					OldToken:  "",
+					NewToken:  "",
+					UpdatedAt: utils.NowTimeStr(),
+				}
+
+				// need update refresh token
+				logger.Verboseln("openapi access token expired, get new from server")
+				loginHelper := panlogin.NewLoginHelper(config.DefaultTokenServiceWebHost)
+				wt, e := loginHelper.GetOpenapiNewToken(activeUser.TicketId, activeUser.UserId, activeUser.PanClient().OpenapiPanClient().GetAccessToken())
+				if e != nil {
+					logger.Verboseln("get openapi token from server error: ", e)
+				}
+				if wt != nil {
+					params.Result = "success"
+					params.OldToken = activeUser.WebapiToken.AccessToken
+					params.NewToken = wt.AccessToken
+
+					// update for user
+					activeUser.OpenapiToken = &config.PanClientToken{
+						AccessToken: wt.AccessToken,
+						Expired:     wt.Expired,
+					}
+					logger.Verboseln("get new access token success")
+
+					// plugin callback
+					if er1 := plugin.UserTokenRefreshFinishCallback(plugins.GetContext(activeUser), params); er1 != nil {
+						logger.Verbosef("UserTokenRefreshFinishCallback error: " + er1.Error())
+					}
+
+					return true
+				} else {
+					// token refresh error
+					// if token has expired, callback plugin api for notify
+					if now.Unix() >= expiredTime.Unix() {
+						params.Result = "fail"
+						params.Message = e.Error()
+						params.OldToken = activeUser.WebapiToken.AccessToken
+						if er1 := plugin.UserTokenRefreshFinishCallback(plugins.GetContext(activeUser), params); er1 != nil {
+							logger.Verbosef("UserTokenRefreshFinishCallback error: " + er1.Error())
+						}
+					}
+				}
+			}
+		}
+	}
+	return false
+}
+
 func isIncludeFile(pattern string, fileName string) bool {
 	b, er := filepath.Match(pattern, fileName)
 	if er != nil {
diff --git a/internal/config/pan_user.go b/internal/config/pan_user.go
index ccb5022..7bad1c6 100644
--- a/internal/config/pan_user.go
+++ b/internal/config/pan_user.go
@@ -141,7 +141,7 @@ doOpenLoginAct:
 	if err != nil {
 		if err.Code == apierror.ApiCodeTokenExpiredCode && tryRefreshOpenToken {
 			tryRefreshOpenToken = false
-			wt, e := loginHelper.GetOpenapiNewToken(ticketId, userId)
+			wt, e := loginHelper.GetOpenapiNewToken(ticketId, userId, openapiToken.AccessToken)
 			if e != nil {
 				logger.Verboseln("get openapi token from server error: ", e)
 				return nil, apierror.NewFailedApiError("get new openapi token error, try login again")
@@ -187,7 +187,7 @@ doWebLoginAct:
 		if err2 != nil {
 			if err2.Code == apierror.ApiCodeTokenExpiredCode && tryRefreshWebToken {
 				tryRefreshWebToken = false
-				wt, e := loginHelper.GetWebapiNewToken(ticketId, userId)
+				wt, e := loginHelper.GetWebapiNewToken(ticketId, userId, webapiToken.AccessToken)
 				if e != nil {
 					logger.Verboseln("get web token from server error: ", e)
 				}
diff --git a/internal/functions/panlogin/login_helper.go b/internal/functions/panlogin/login_helper.go
index d97ecfc..10f969a 100644
--- a/internal/functions/panlogin/login_helper.go
+++ b/internal/functions/panlogin/login_helper.go
@@ -233,7 +233,7 @@ func (h *LoginHelper) ParseSecureRefreshToken(keyStr, secureRefreshToken string)
 }
 
 // GetWebapiNewToken 获取Webapi Token
-func (h *LoginHelper) GetWebapiNewToken(ticketId, userId string) (*LoginTokenResult, error) {
+func (h *LoginHelper) GetWebapiNewToken(ticketId, userId, oldAccessToken string) (*LoginTokenResult, error) {
 	fullUrl := strings.Builder{}
 	fmt.Fprintf(&fullUrl, "%s/auth/tickstep/aliyunpan/token/webapi/%s/refresh?userId=%s",
 		h.webHost, ticketId, userId)
@@ -242,6 +242,7 @@ func (h *LoginHelper) GetWebapiNewToken(ticketId, userId string) (*LoginTokenRes
 		"accept":       "application/json, text/plain, */*",
 		"content-type": "application/json;charset=UTF-8",
 		"user-agent":   "aliyunpan/" + global.AppVersion,
+		"old-token":    oldAccessToken,
 	}
 	// request
 	client := requester.NewHTTPClient()
@@ -273,7 +274,7 @@ func (h *LoginHelper) GetWebapiNewToken(ticketId, userId string) (*LoginTokenRes
 }
 
 // GetOpenapiNewToken 获取Openapi Token
-func (h *LoginHelper) GetOpenapiNewToken(ticketId, userId string) (*LoginTokenResult, error) {
+func (h *LoginHelper) GetOpenapiNewToken(ticketId, userId, oldAccessToken string) (*LoginTokenResult, error) {
 	fullUrl := strings.Builder{}
 	fmt.Fprintf(&fullUrl, "%s/auth/tickstep/aliyunpan/token/openapi/%s/refresh?userId=%s",
 		h.webHost, ticketId, userId)
@@ -282,6 +283,7 @@ func (h *LoginHelper) GetOpenapiNewToken(ticketId, userId string) (*LoginTokenRe
 		"accept":       "application/json, text/plain, */*",
 		"content-type": "application/json;charset=UTF-8",
 		"user-agent":   "aliyunpan/" + global.AppVersion,
+		"old-token":    oldAccessToken,
 	}
 	// request
 	client := requester.NewHTTPClient()
diff --git a/main.go b/main.go
index 6d523f3..1d97062 100644
--- a/main.go
+++ b/main.go
@@ -85,6 +85,7 @@ func checkLoginExpiredAndRelogin() {
 	} else {
 		// 刷新过期Token并保存到配置文件
 		command.RefreshWebTokenInNeed(activeUser, config.Config.DeviceName)
+		command.RefreshOpenTokenInNeed(activeUser)
 	}
 	command.SaveConfigFunc(nil)
 }