Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Aborting requests with expired tokens from the Authentication Middleware #1985

Open
1 task done
darkbasic opened this issue Nov 5, 2024 · 4 comments
Open
1 task done
Assignees
Labels
enhancement New feature or request good first issue Straightforward problem, solvable for first-time contributors without deep knowledge of the project openapi-fetch Relevant to the openapi-fetch library PRs welcome PRs are welcome to solve this issue!

Comments

@darkbasic
Copy link

Description

I want to create an Authentication interceptor that whenever the JWT token is expired aborts the requests since there is no need to to keep them alive if they're going to return 401 anyway. In order to do so I need a way to access either the AbortController or the abort() function in the MiddlewareOnRequest onRequest callback.

Proposal

Instantiate a new AbortController() and expose either the controller itself or its abort() function in the MiddlewareOnRequest onRequest callback.

const authInterceptor: Middleware = {
  async onRequest({ request, controller, abort }) {
    // Use either abort() or controller.abort()
  }
}

Example of AbortController usage:

const controller = new AbortController()
const signal = controller.signal
fetch(urlToFetch, {
    method: 'get',
    signal: signal,
})
controller.abort()

Checklist

@darkbasic darkbasic added enhancement New feature or request openapi-fetch Relevant to the openapi-fetch library labels Nov 5, 2024
@gzm0
Copy link
Contributor

gzm0 commented Nov 6, 2024

Instead of executing the request and then aborting it, would it make sense to just throw in the onRequest middleware in this case?

In fact, the onRequest middleware gets executed before the fetch call:

for (const m of middlewares) {
if (m && typeof m === "object" && typeof m.onRequest === "function") {
const result = await m.onRequest({
request,
schemaPath,
params,
options,
id,
});
if (result) {
if (!(result instanceof CustomRequest)) {
throw new Error("onRequest: must return new Request() when modifying the request");
}
request = result;
}
}
}
}
// fetch!
let response = await fetch(request);

@kareemmahlees
Copy link

Instead of executing the request and then aborting it, would it make sense to just throw in the onRequest middleware in this case?

@gzm0 But this would entitle that I have to try-catch every outgoing request, what if I just need to silently abort ?

@drwpow
Copy link
Contributor

drwpow commented Jan 3, 2025

Just to add a little more context: this was a feature we talked about and delayed because we were determining how people used this library. When paired with TanStack Query, e.g., it would just add overhead.

But for people who are using openapi-fetch, and only openapi-fetch, without any wrapper (as some stated), it is a useful API.

A side question I have is “would adding an AbortController to every request introduce any overhead or performance concerns?” I don’t have any reason to believe it would, especially since in most scenarios, these won’t persist, will be garbage-collected, and a client should never have more than a dozen requests going at a time or so. So I think an implementation would be safe to just create an AbortController for every request.

I like @darkbasic’s proposal for the API, and would accept a PR introducing that. Any additional concerns/details we have could be addressed in the PR 🙂

@drwpow drwpow added PRs welcome PRs are welcome to solve this issue! good first issue Straightforward problem, solvable for first-time contributors without deep knowledge of the project labels Jan 3, 2025
@drwpow drwpow moved this to Accepted in openapi-fetch 1.0 Roadmap Jan 3, 2025
@drwpow
Copy link
Contributor

drwpow commented Jan 3, 2025

Oh and yes @gzm0 to your comment, I was interpreting this the need to silently fail without throwing an error. Expired tokens are a great case where it’s helpful to at least retry silently in the background a few times before logging the user out or displaying an error message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Straightforward problem, solvable for first-time contributors without deep knowledge of the project openapi-fetch Relevant to the openapi-fetch library PRs welcome PRs are welcome to solve this issue!
Projects
Development

No branches or pull requests

4 participants