refactor: remove all token caching — always fetch fresh session

Every call now hits /auth/skill-credit/session directly. Deletes cache.ts, removes CachedTokenData type, strips cacheDir/minTtlSec options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-20 06:19:16 +08:00 · 2026-03-20 06:19:16 +08:00 · 153b05414e
parent f7f385321f
commit 153b05414e
5 changed files with 5 additions and 161 deletions
--- a/src/auth.ts
+++ b/src/auth.ts
@ -1,6 +1,5 @@
 import type { ApiResponse, EnvConfig, HttpMethod, SessionResponse } from './types.js';
 import { requestApi } from './http.js';
 import { getCacheFile, readCachedToken, writeCache, deleteCache } from './cache.js';
 const SESSION_RETRYABLE_STATUS = new Set([401, 403]);
 const SESSION_RETRYABLE_BODY_MARKERS = [
@ -18,8 +17,6 @@ export function createEnvConfig(): EnvConfig {
  return {
    authBase: (process.env.AUTH_BASE || 'https://api-gw-test.yuanwei-lnc.com').replace(/\/$/, ''),
    clientKey: process.env.CLIENT_KEY || '',
    authCacheDir: process.env.AUTH_CACHE_DIR || '/tmp/skill-auth-cache',
    authMinTtlSec: parseInt(process.env.AUTH_MIN_TTL_SEC || '60', 10),
  };
 }
@ -65,53 +62,23 @@ export async function fetchSessionJson(
 }
 /**
- * Get access token with caching
+ * Get access token (always fetches fresh)
 */
 export async function getAccessToken(
  dryRun: boolean,
  config: EnvConfig
 ): Promise<string> {
  if (dryRun) {
    return '<dry-run-token>';
  }
  if (!config.clientKey) {
    throw new Error('CLIENT_KEY is required');
  }
  const cacheFile = getCacheFile(config.authBase, config.clientKey, config.authCacheDir);
  const cachedToken = readCachedToken(cacheFile, config.authMinTtlSec);
  if (cachedToken) {
    return cachedToken;
  }
  const session = await fetchSessionJson(dryRun, config);
  writeCache(cacheFile, session);
  return session.accessToken;
 }
 /**
- * Refresh access token (bypass cache)
+ * Refresh access token (same as getAccessToken — no cache to clear)
 */
 export async function refreshAccessToken(
  dryRun: boolean,
  config: EnvConfig
 ): Promise<string> {
  if (dryRun) {
    return '<dry-run-token>';
  }
  if (!config.clientKey) {
    throw new Error('CLIENT_KEY is required');
  }
  const cacheFile = getCacheFile(config.authBase, config.clientKey, config.authCacheDir);
  // Remove cache file if exists
  deleteCache(cacheFile);
  return getAccessToken(dryRun, config);
 }
--- a/src/cache.ts
+++ b/src/cache.ts
@ -1,83 +0,0 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import * as crypto from 'crypto';
 import type { CachedTokenData } from './types.js';
 /**
 * Generate SHA256 hash for cache key
 */
 export function sha256(input: string): string {
  return crypto.createHash('sha256').update(input).digest('hex');
 }
 /**
 * Get cache file path for current AUTH_BASE and CLIENT_KEY
 */
 export function getCacheFile(authBase: string, clientKey: string, cacheDir: string): string {
  const key = sha256(`${authBase}|${clientKey}`);
  if (!fs.existsSync(cacheDir)) {
    fs.mkdirSync(cacheDir, { recursive: true });
  }
  return path.join(cacheDir, `session_${key}.json`);
 }
 /**
 * Read cached token if valid
 */
 export function readCachedToken(
  cacheFile: string,
  minTtlSec: number
 ): string | null {
  if (!fs.existsSync(cacheFile)) {
    return null;
  }
  try {
    const data = JSON.parse(fs.readFileSync(cacheFile, 'utf-8')) as CachedTokenData;
    const now = Math.floor(Date.now() / 1000);
    if (!data.accessToken || data.expiresAtEpoch <= 0) {
      return null;
    }
    // Check if token is still valid (with min TTL buffer)
    if (now + minTtlSec >= data.expiresAtEpoch) {
      return null;
    }
    return data.accessToken;
  } catch (error) {
    return null;
  }
 }
 /**
 * Write token to cache
 */
 export function writeCache(
  cacheFile: string,
  sessionJson: { accessToken: string; expiresIn: number }
 ): void {
  const nowEpoch = Math.floor(Date.now() / 1000);
  const expiresIn = sessionJson.expiresIn > 0 ? sessionJson.expiresIn : 900;
  const expiresAtEpoch = nowEpoch + expiresIn;
  const cacheData: CachedTokenData = {
    accessToken: sessionJson.accessToken,
    expiresAtEpoch,
    createdAtEpoch: nowEpoch,
  };
  fs.writeFileSync(cacheFile, JSON.stringify(cacheData, null, 2), 'utf-8');
 }
 /**
 * Delete cache file if exists
 */
 export function deleteCache(cacheFile: string): void {
  if (fs.existsSync(cacheFile)) {
    fs.unlinkSync(cacheFile);
  }
 }
--- a/src/client.ts
+++ b/src/client.ts
@ -1,6 +1,5 @@
 import type { ApiResponse, ClientConfig, EnvConfig, HttpMethod, SessionResponse } from './types.js';
 import { requestApi } from './http.js';
 import { getCacheFile, readCachedToken, writeCache, deleteCache } from './cache.js';
 import { loadGlobalEnv } from './env.js';
 const SESSION_RETRYABLE_STATUS = new Set([401, 403]);
@ -21,10 +20,6 @@ export interface SkillClientOptions {
  apiBase?: string;
  /** Dry run mode — no real HTTP calls */
  dryRun?: boolean;
  /** Cache directory (default: /tmp/skill-auth-cache) */
  cacheDir?: string;
  /** Min TTL before token refresh, seconds (default: 60) */
  minTtlSec?: number;
 }
 function buildConfig(options: SkillClientOptions): EnvConfig {
@ -32,8 +27,6 @@ function buildConfig(options: SkillClientOptions): EnvConfig {
  return {
    authBase: (options.authBase || process.env.AUTH_BASE || 'https://api-gw-test.yuanwei-lnc.com').replace(/\/$/, ''),
    clientKey: options.clientKey || process.env.CLIENT_KEY || '',
    authCacheDir: options.cacheDir || process.env.AUTH_CACHE_DIR || '/tmp/skill-auth-cache',
    authMinTtlSec: options.minTtlSec ?? parseInt(process.env.AUTH_MIN_TTL_SEC || '60', 10),
  };
 }
@ -118,37 +111,18 @@ export class SkillClient {
    const url = `${this.apiBase}${path}`;
    const bodyStr = body != null ? JSON.stringify(body) : undefined;
-    const token = await this.getToken();
+    const token = (await this.fetchSession()).accessToken;
    const first = await requestApi(method, url, token, bodyStr);
    if (!isRetryable(first)) {
      return first;
    }
-    // Token expired — refresh and retry once
+    // Token rejected — fetch fresh and retry once
-    const freshToken = await this.refreshToken();
+    const freshToken = (await this.fetchSession()).accessToken;
    return requestApi(method, url, freshToken, bodyStr);
  }
  private async getToken(): Promise<string> {
    const cacheFile = getCacheFile(this.config.authBase, this.config.clientKey, this.config.authCacheDir);
    const cached = readCachedToken(cacheFile, this.config.authMinTtlSec);
    if (cached) return cached;
    const session = await this.fetchSession();
    writeCache(cacheFile, session);
    return session.accessToken;
  }
  private async refreshToken(): Promise<string> {
    const cacheFile = getCacheFile(this.config.authBase, this.config.clientKey, this.config.authCacheDir);
    deleteCache(cacheFile);
    const session = await this.fetchSession();
    writeCache(cacheFile, session);
    return session.accessToken;
  }
  private async fetchSession(): Promise<SessionResponse> {
    const result = await requestApi(
      'POST',
--- a/src/index.ts
+++ b/src/index.ts
@ -19,7 +19,6 @@ export type {
  EnvConfig,
  SessionResponse,
  ClientConfig,
  CachedTokenData,
  ApiResponse,
  HttpMethod,
 } from './types.js';
--- a/src/types.ts
+++ b/src/types.ts
@ -6,10 +6,6 @@ export interface EnvConfig {
  authBase: string;
  /** Client key for authentication */
  clientKey: string;
  /** Directory for storing auth cache files */
  authCacheDir: string;
  /** Minimum TTL for cached tokens in seconds */
  authMinTtlSec: number;
 }
 /**
@ -33,15 +29,6 @@ export interface ClientConfig {
  metadata: Record<string, unknown>;
 }
 /**
 * Cached token data stored on disk
 */
 export interface CachedTokenData {
  accessToken: string;
  expiresAtEpoch: number;
  createdAtEpoch: number;
 }
 /**
 * HTTP method used by requestApi
 */