o ;i@snddlZddlZddlZddlZddlZddlmZddlmZddlm Z m Z ddl m Z GdddZ dS) N)Any)ExecutionError)api_pb2modal_api_grpc)loggerc@sveZdZdZdZdZdddZdefd d Zd d Z de j fd dZ e dedeeeffddZddZddZdS)_AuthTokenManagerz>Handles fetching and refreshing of the input plane auth token.i,istubmodal_api_grpc.ModalClientModalcCs||_d|_d|_d|_dS)Ng)_stub_token_expiry_lock)selfr rS/home/ubuntu/.local/lib/python3.10/site-packages/modal/_utils/auth_token_manager.py__init__s z_AuthTokenManager.__init__returncs\|jr|r|IdH|jS|r+|IdH}|r$|jS|IdH|jS)an When called, the AuthTokenManager can be in one of three states: 1. Has a valid cached token. It is returned to the caller. 2. Has no cached token, or the token is expired. We fetch a new one and cache it. If `get_token` is called concurrently by multiple coroutines, all requests will block until the token has been fetched. But only one coroutine will actually make a request to the control plane to fetch the new token. This ensures we do not hit the control plane with more requests than needed. 3. Has a valid cached token, but it is going to expire in the next 5 minutes. In this case we fetch a new token and cache it. If `get_token` is called concurrently, only one request will fetch the new token, and the others will be given the old (but still valid) token - i.e. they will not block. N)r _is_expired_refresh_token_needs_refresh _get_locklocked)rlockrrr get_tokens  z_AuthTokenManager.get_tokenc s|IdH}|4IdHS|jr"|s" WdIdHdS|jtIdH}|js4td|j|_| |j d}rIt ||_ n t dt|j|_ WdIdHdS1IdHsgwYdS)z Fetch a new token from the control plane. If called concurrently, only one coroutine will make a request for a new token. The others will block on a lock, until the first coroutine has fetched the new token. NzUInternal error: Did not receive auth token from server. Please contact Modal support.expz-x-modal-auth-token does not contain exp field)rr rr AuthTokenGetrAuthTokenGetRequesttokenr _decode_jwtgetfloatrrwarningtimeDEFAULT_EXPIRY_OFFSET)rrresprrrrr8s"  .z _AuthTokenManager._refresh_tokencs|jdur t|_|jSN)rasyncioLockrrrrrTs  z_AuthTokenManager._get_lockrc Cs^z|dd}dt| d}t||}t|WSty.}ztd|d}~ww)z Decodes a JWT into a dict without verifying signature. We do this manually instead of using a library to avoid adding another dependency to the client. .r=zFInternal error: Cannot parse auth token. Please contact Modal support.N)splitlenbase64urlsafe_b64decodejsonloads Exception ValueError)rpayloadpadding decoded_byteserrrr ]s  z_AuthTokenManager._decode_jwtcCst|j|jkSr')r$rREFRESH_WINDOWr*rrrrksz _AuthTokenManager._needs_refreshcCst|jkSr')r$rr*rrrrnsz_AuthTokenManager._is_expiredN)r r )__name__ __module__ __qualname____doc__r:r%rstrrrr(r)r staticmethoddictrr rrrrrrrs   r) r(r0r2r$typingrmodal.exceptionr modal_protorrrrrrrrs