Files
steipete--codexbar/Sources/CodexBarCore/CookieHeaderCache.swift
T
2026-07-13 12:22:33 +08:00

983 lines
38 KiB
Swift

import Foundation
#if canImport(CryptoKit)
import CryptoKit
#endif
#if canImport(Darwin)
import Darwin
#elseif canImport(Glibc)
import Glibc
#elseif canImport(Musl)
import Musl
#endif
public enum CookieHeaderCache {
public enum Scope: Sendable, Equatable {
case managedAccount(UUID)
case managedStoreUnreadable
case profileHome(String)
case providerVariant(String)
public var isolationIdentifier: String {
switch self {
case let .managedAccount(accountID):
"managed.\(accountID.uuidString.lowercased())"
case .managedStoreUnreadable:
"managed-store-unreadable"
case let .profileHome(path):
"profile-home.\(Self.profileHomeDigest(path))"
case let .providerVariant(variant):
"provider-variant.\(Self.providerVariantDigest(variant))"
}
}
fileprivate var keychainIdentifier: String {
self.isolationIdentifier
}
private static func profileHomeDigest(_ path: String) -> String {
let standardized = URL(fileURLWithPath: path, isDirectory: true).standardizedFileURL.path
#if canImport(CryptoKit)
return SHA256.hash(data: Data(standardized.utf8))
.map { String(format: "%02x", $0) }
.joined()
#else
let digest = standardized.utf8.reduce(UInt64(14_695_981_039_346_656_037)) { partial, byte in
(partial ^ UInt64(byte)) &* 1_099_511_628_211
}
return String(digest, radix: 16)
#endif
}
private static func providerVariantDigest(_ variant: String) -> String {
#if canImport(CryptoKit)
return SHA256.hash(data: Data(variant.utf8))
.map { String(format: "%02x", $0) }
.joined()
#else
let digest = variant.utf8.reduce(UInt64(14_695_981_039_346_656_037)) { partial, byte in
(partial ^ UInt64(byte)) &* 1_099_511_628_211
}
return String(digest, radix: 16)
#endif
}
}
public struct Entry: Codable, Sendable {
public let cookieHeader: String
public let storedAt: Date
public let sourceLabel: String
public init(cookieHeader: String, storedAt: Date, sourceLabel: String) {
self.cookieHeader = cookieHeader
self.storedAt = storedAt
self.sourceLabel = sourceLabel
}
}
public struct ClearSummary: Equatable, Sendable {
public let clearedCount: Int
public let failedCount: Int
public init(clearedCount: Int, failedCount: Int) {
self.clearedCount = clearedCount
self.failedCount = failedCount
}
}
private static let log = CodexBarLog.logger(LogCategories.cookieCache)
private static let legacyBaseURLOverrideLock = NSLock()
private nonisolated(unsafe) static var legacyBaseURLOverride: URL?
private struct DisplaySnapshot {
let entry: Entry?
let refreshAfter: Date
}
private enum LoadOutcome {
case authoritative(Entry?, loadedFromLegacy: Bool)
case temporarilyUnavailable
}
private static let legacyMutationLock = NSLock()
private static let displayCacheLock = NSLock()
private nonisolated(unsafe) static var displayCache: [KeychainCacheStore.Key: DisplaySnapshot] = [:]
private nonisolated(unsafe) static var displayGenerations: [KeychainCacheStore.Key: UInt64] = [:]
private nonisolated(unsafe) static var displayRevalidationsInFlight: Set<KeychainCacheStore.Key> = []
private nonisolated(unsafe) static var legacyMigrationsInFlight: Set<UsageProvider> = []
private nonisolated(unsafe) static var displayStalenessIntervalOverride: TimeInterval?
private nonisolated(unsafe) static var displayUnavailableRetryIntervalOverride: TimeInterval?
private static let displayStalenessInterval: TimeInterval = 30
private static let displayUnavailableRetryInterval: TimeInterval = 1
#if DEBUG
@TaskLocal private static var taskLegacyBaseURLOverride: URL?
@TaskLocal private static var legacyRemovalFailureOverride = false
#endif
private enum LegacyRemovalResult: Equatable {
case removed
case missing
case failed
}
/// Settings rows render the "Cached: …" cookie label inside SwiftUI body evaluations, which
/// run repeatedly within a single AppKit layout pass. Each `load` pays a synchronous
/// securityd round-trip and decrypt, so display paths use this memoized variant instead: it
/// returns the last known entry immediately and revalidates a stale snapshot off the calling
/// path. In-process `store` and `clear` calls update the snapshot synchronously; only the
/// first lookup per key pays the keychain read.
public static func loadForDisplay(provider: UsageProvider, scope: Scope? = nil) -> Entry? {
let key = self.key(for: provider, scope: scope)
let (cached, generation) = self.beginDisplayRead(key: key)
guard let cached else {
switch self.loadOutcome(provider: provider, scope: scope, migrateLegacy: false) {
case let .authoritative(entry, loadedFromLegacy):
let committed = self.commitDisplaySnapshotIfCurrent(key: key, entry: entry, generation: generation)
if loadedFromLegacy {
self.scheduleLegacyMigration(provider: provider)
}
return committed
case .temporarilyUnavailable:
return self.commitTemporaryDisplaySnapshotIfCurrent(key: key, generation: generation)
}
}
if Date() >= cached.refreshAfter {
self.scheduleDisplayRevalidation(provider: provider, scope: scope, key: key, generation: generation)
}
return cached.entry
}
/// Registers the key before the Keychain read starts so `clearAll` can invalidate an
/// in-flight first population even when no display snapshot exists yet.
private static func beginDisplayRead(key: KeychainCacheStore.Key) -> (DisplaySnapshot?, UInt64) {
self.displayCacheLock.lock()
defer { self.displayCacheLock.unlock() }
let generation = self.displayGenerations[key] ?? 0
self.displayGenerations[key] = generation
return (self.displayCache[key], generation)
}
private static func scheduleDisplayRevalidation(
provider: UsageProvider,
scope: Scope?,
key: KeychainCacheStore.Key,
generation: UInt64)
{
self.displayCacheLock.lock()
let inserted = self.displayRevalidationsInFlight.insert(key).inserted
self.displayCacheLock.unlock()
guard inserted else { return }
Task(priority: .utility) {
self.revalidateDisplaySnapshot(provider: provider, scope: scope, key: key, generation: generation)
}
}
private static func revalidateDisplaySnapshot(
provider: UsageProvider,
scope: Scope?,
key: KeychainCacheStore.Key,
generation: UInt64)
{
switch self.loadOutcome(provider: provider, scope: scope, migrateLegacy: false) {
case let .authoritative(entry, loadedFromLegacy):
_ = self.commitDisplaySnapshotIfCurrent(key: key, entry: entry, generation: generation)
if loadedFromLegacy {
self.scheduleLegacyMigration(provider: provider)
}
case .temporarilyUnavailable:
self.deferDisplayRetryIfCurrent(key: key, generation: generation)
}
self.displayCacheLock.lock()
self.displayRevalidationsInFlight.remove(key)
self.displayCacheLock.unlock()
}
private static func scheduleLegacyMigration(provider: UsageProvider) {
self.displayCacheLock.lock()
let inserted = self.legacyMigrationsInFlight.insert(provider).inserted
self.displayCacheLock.unlock()
guard inserted else { return }
Task(priority: .utility) {
_ = self.migrateLegacyEntryIfNeeded(provider: provider)
_ = self.displayCacheLock.withLock {
self.legacyMigrationsInFlight.remove(provider)
}
}
}
/// Keychain reads for the display cache happen outside the lock, so a concurrent `store` or
/// `clear` can publish newer state before the read commits. Each mutation bumps the per-key
/// generation; a read only commits if the generation it started from is still current, and
/// otherwise returns whatever newer snapshot won the race.
private static func commitDisplaySnapshotIfCurrent(
key: KeychainCacheStore.Key,
entry: Entry?,
generation: UInt64) -> Entry?
{
self.displayCacheLock.lock()
defer { self.displayCacheLock.unlock() }
guard self.displayGenerations[key, default: 0] == generation else {
return self.displayCache[key]?.entry
}
self.displayCache[key] = self.authoritativeDisplaySnapshot(entry: entry)
return entry
}
private static func commitTemporaryDisplaySnapshotIfCurrent(
key: KeychainCacheStore.Key,
generation: UInt64) -> Entry?
{
self.displayCacheLock.lock()
defer { self.displayCacheLock.unlock() }
guard self.displayGenerations[key, default: 0] == generation else {
return self.displayCache[key]?.entry
}
if let current = self.displayCache[key] {
return current.entry
}
self.displayCache[key] = self.temporaryDisplaySnapshot(entry: nil)
return nil
}
private static func deferDisplayRetryIfCurrent(key: KeychainCacheStore.Key, generation: UInt64) {
self.displayCacheLock.lock()
defer { self.displayCacheLock.unlock() }
guard self.displayGenerations[key, default: 0] == generation,
let current = self.displayCache[key]
else { return }
self.displayCache[key] = self.temporaryDisplaySnapshot(entry: current.entry)
}
private static func updateDisplaySnapshot(key: KeychainCacheStore.Key, entry: Entry?) {
self.displayCacheLock.lock()
self.displayCache[key] = self.authoritativeDisplaySnapshot(entry: entry)
self.displayGenerations[key, default: 0] += 1
self.displayCacheLock.unlock()
}
private static func invalidateDisplaySnapshot(key: KeychainCacheStore.Key) {
self.displayCacheLock.lock()
self.displayCache.removeValue(forKey: key)
self.displayGenerations[key, default: 0] += 1
self.displayCacheLock.unlock()
}
private static func currentDisplayEntry(key: KeychainCacheStore.Key) -> Entry? {
self.displayCacheLock.lock()
defer { self.displayCacheLock.unlock() }
return self.displayCache[key]?.entry
}
private static func authoritativeDisplaySnapshot(entry: Entry?) -> DisplaySnapshot {
DisplaySnapshot(entry: entry, refreshAfter: Date().addingTimeInterval(self.currentDisplayStalenessInterval))
}
private static func temporaryDisplaySnapshot(entry: Entry?) -> DisplaySnapshot {
DisplaySnapshot(
entry: entry,
refreshAfter: Date().addingTimeInterval(self.currentDisplayUnavailableRetryInterval))
}
private static var currentDisplayStalenessInterval: TimeInterval {
self.displayStalenessIntervalOverride ?? self.displayStalenessInterval
}
private static var currentDisplayUnavailableRetryInterval: TimeInterval {
self.displayUnavailableRetryIntervalOverride ?? self.displayUnavailableRetryInterval
}
static func setDisplayStalenessIntervalOverrideForTesting(_ interval: TimeInterval?) {
self.displayStalenessIntervalOverride = interval
}
static func setDisplayUnavailableRetryIntervalOverrideForTesting(_ interval: TimeInterval?) {
self.displayUnavailableRetryIntervalOverride = interval
}
static func resetDisplayCacheForTesting() {
self.displayCacheLock.lock()
self.displayCache.removeAll()
self.displayGenerations.removeAll()
self.displayRevalidationsInFlight.removeAll()
self.legacyMigrationsInFlight.removeAll()
self.displayCacheLock.unlock()
}
static func beginDisplayReadGenerationForTesting(provider: UsageProvider, scope: Scope? = nil) -> UInt64 {
self.beginDisplayRead(key: self.key(for: provider, scope: scope)).1
}
static func currentDisplayEntryForTesting(provider: UsageProvider, scope: Scope? = nil) -> Entry? {
self.currentDisplayEntry(key: self.key(for: provider, scope: scope))
}
#if DEBUG
static func withLegacyRemovalFailureForTesting<T>(_ operation: () throws -> T) rethrows -> T {
try self.$legacyRemovalFailureOverride.withValue(true) {
try operation()
}
}
#endif
@discardableResult
static func commitDisplaySnapshotIfCurrentForTesting(
provider: UsageProvider,
scope: Scope? = nil,
entry: Entry?,
generation: UInt64) -> Entry?
{
self.commitDisplaySnapshotIfCurrent(
key: self.key(for: provider, scope: scope),
entry: entry,
generation: generation)
}
public static func load(provider: UsageProvider, scope: Scope? = nil) -> Entry? {
switch self.loadOutcome(provider: provider, scope: scope, migrateLegacy: true) {
case let .authoritative(entry, _):
entry
case .temporarilyUnavailable:
nil
}
}
static func loadSerialized(provider: UsageProvider, scope: Scope? = nil) -> Entry? {
do {
return try self.withLegacyMutationLock {
let key = self.key(for: provider, scope: scope)
switch KeychainCacheStore.load(key: key, as: Entry.self) {
case let .found(entry):
return entry
case .temporarilyUnavailable:
return nil
case .invalid:
KeychainCacheStore.clear(key: key)
case .missing:
break
}
guard scope == nil else { return nil }
return self.migrateLegacyEntryIfNeededLocked(provider: provider)
}
} catch {
self.log.error("Cookie cache serialized load failed: \(error)")
return nil
}
}
private static func loadOutcome(
provider: UsageProvider,
scope: Scope?,
migrateLegacy: Bool) -> LoadOutcome
{
let key = self.key(for: provider, scope: scope)
switch KeychainCacheStore.load(key: key, as: Entry.self) {
case let .found(entry):
self.log.debug("Cookie cache hit", metadata: ["provider": provider.rawValue])
return .authoritative(entry, loadedFromLegacy: false)
case .temporarilyUnavailable:
self.log.debug("Cookie cache temporarily unavailable", metadata: ["provider": provider.rawValue])
return .temporarilyUnavailable
case .invalid:
self.log.warning("Cookie cache invalid; clearing", metadata: ["provider": provider.rawValue])
KeychainCacheStore.clear(key: key)
case .missing:
self.log.debug("Cookie cache miss", metadata: ["provider": provider.rawValue])
}
guard scope == nil else { return .authoritative(nil, loadedFromLegacy: false) }
if migrateLegacy {
return .authoritative(
self.migrateLegacyEntryIfNeeded(provider: provider),
loadedFromLegacy: false)
}
guard let legacy = self.loadLegacyEntry(for: provider) else {
return .authoritative(nil, loadedFromLegacy: false)
}
return .authoritative(legacy, loadedFromLegacy: true)
}
/// Re-reads both stores while serialized with global cookie mutations. A display-triggered
/// migration may be queued before a clear, so using the captured legacy entry here would
/// otherwise allow the delayed task to restore credentials the user just removed.
private static func migrateLegacyEntryIfNeeded(provider: UsageProvider) -> Entry? {
do {
return try self.withLegacyMutationLock {
self.migrateLegacyEntryIfNeededLocked(provider: provider)
}
} catch {
self.log.error("Cookie cache migration lock failed: \(error)")
return nil
}
}
private static func migrateLegacyEntryIfNeededLocked(provider: UsageProvider) -> Entry? {
let key = self.key(for: provider, scope: nil)
switch KeychainCacheStore.load(key: key, as: Entry.self) {
case let .found(entry):
_ = self.removeLegacyEntry(for: provider)
return entry
case .temporarilyUnavailable:
return nil
case .invalid:
KeychainCacheStore.clear(key: key)
case .missing:
break
}
guard let legacy = self.loadLegacyEntry(for: provider) else { return nil }
if KeychainCacheStore.storeResult(key: key, entry: legacy),
self.removeLegacyEntry(for: provider) == .removed
{
self.log.debug("Cookie cache migrated from legacy store", metadata: ["provider": provider.rawValue])
}
return legacy
}
public static func store(
provider: UsageProvider,
scope: Scope? = nil,
cookieHeader: String,
sourceLabel: String,
now: Date = Date())
{
let trimmed = cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines)
guard let normalized = CookieHeaderNormalizer.normalize(trimmed), !normalized.isEmpty else {
self.clear(provider: provider, scope: scope)
return
}
let entry = Entry(cookieHeader: normalized, storedAt: now, sourceLabel: sourceLabel)
do {
try self.withLegacyMutationLock {
_ = self.store(entry: entry, provider: provider, scope: scope, sourceLabel: sourceLabel)
}
} catch {
self.log.error("Cookie cache store lock failed: \(error)")
}
}
/// Stores only while the cache still matches the entry observed before an asynchronous refresh.
/// A nil expected entry means the cache must still be empty.
@discardableResult
static func storeIfCurrent(
provider: UsageProvider,
scope: Scope? = nil,
expected: Entry?,
cookieHeader: String,
sourceLabel: String,
now: Date = Date()) -> Bool
{
let trimmed = cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines)
guard let normalized = CookieHeaderNormalizer.normalize(trimmed), !normalized.isEmpty else { return false }
let entry = Entry(cookieHeader: normalized, storedAt: now, sourceLabel: sourceLabel)
do {
return try self.withLegacyMutationLock {
guard self.currentEntryMatches(expected, provider: provider, scope: scope) else { return false }
return self.store(entry: entry, provider: provider, scope: scope, sourceLabel: sourceLabel)
}
} catch {
self.log.error("Cookie cache conditional store lock failed: \(error)")
return false
}
}
/// Clears only while the cache still matches the entry that produced a failed asynchronous refresh.
@discardableResult
static func clearIfCurrent(
provider: UsageProvider,
scope: Scope? = nil,
expected: Entry?) -> Bool
{
do {
return try self.withLegacyMutationLock {
guard self.currentEntryMatches(expected, provider: provider, scope: scope) else { return false }
// Keep the expected Keychain row intact when legacy cleanup fails so fallback can replace it.
if scope == nil, self.removeLegacyEntry(for: provider) == .failed {
return false
}
let key = self.key(for: provider, scope: scope)
let result = KeychainCacheStore.clearResult(key: key)
guard result != .failed else { return false }
self.updateDisplaySnapshot(key: key, entry: nil)
return true
}
} catch {
self.log.error("Cookie cache conditional clear lock failed: \(error)")
return false
}
}
private static func currentEntryMatches(
_ expected: Entry?,
provider: UsageProvider,
scope: Scope?) -> Bool
{
let key = self.key(for: provider, scope: scope)
switch KeychainCacheStore.load(key: key, as: Entry.self) {
case let .found(current):
return self.entriesMatch(current, expected)
case .missing:
if scope == nil, let legacy = self.loadLegacyEntry(for: provider) {
return self.entriesMatch(legacy, expected)
}
return expected == nil
case .invalid, .temporarilyUnavailable:
return false
}
}
private static func entriesMatch(_ current: Entry, _ expected: Entry?) -> Bool {
guard let expected else { return false }
return current.cookieHeader == expected.cookieHeader
&& current.storedAt == expected.storedAt
&& current.sourceLabel == expected.sourceLabel
}
@discardableResult
private static func store(
entry: Entry,
provider: UsageProvider,
scope: Scope?,
sourceLabel: String) -> Bool
{
let key = self.key(for: provider, scope: scope)
guard KeychainCacheStore.storeResult(key: key, entry: entry) else { return false }
self.updateDisplaySnapshot(key: key, entry: entry)
if scope == nil {
_ = self.removeLegacyEntry(for: provider)
}
self.log.debug("Cookie cache stored", metadata: ["provider": provider.rawValue, "source": sourceLabel])
return true
}
@discardableResult
public static func clear(provider: UsageProvider, scope: Scope? = nil) -> Int {
self.clearDetailed(provider: provider, scope: scope).clearedCount
}
public static func clearDetailed(provider: UsageProvider, scope: Scope? = nil) -> ClearSummary {
do {
return try self.withLegacyMutationLock {
self.clearDetailedLocked(provider: provider, scope: scope)
}
} catch {
self.log.error("Cookie cache clear lock failed: \(error)")
return ClearSummary(clearedCount: 0, failedCount: 1)
}
}
private static func clearDetailedLocked(provider: UsageProvider, scope: Scope?) -> ClearSummary {
let key = self.key(for: provider, scope: scope)
let result = KeychainCacheStore.clearResult(key: key)
var cleared = result == .removed ? 1 : 0
var failed = result == .failed ? 1 : 0
if result != .failed {
self.updateDisplaySnapshot(key: key, entry: nil)
}
let legacyResult: LegacyRemovalResult = if scope == nil {
self.removeLegacyEntry(for: provider)
} else {
.missing
}
if legacyResult == .removed {
cleared += 1
if result == .failed {
self.invalidateDisplaySnapshot(key: key)
}
} else if legacyResult == .failed {
failed += 1
}
self.log.debug("Cookie cache cleared", metadata: ["provider": provider.rawValue])
return ClearSummary(clearedCount: cleared, failedCount: failed)
}
/// Clears all cookie cache scopes for one provider, including managed Codex account scopes.
/// Returns keychain/legacy removal and failure counts.
@discardableResult
public static func clearAllScopes(provider: UsageProvider) -> Int {
self.clearAllScopesDetailed(provider: provider).clearedCount
}
public static func clearAllScopesDetailed(provider: UsageProvider) -> ClearSummary {
do {
return try self.withLegacyMutationLock {
self.clearAllScopesDetailedLocked(provider: provider)
}
} catch {
self.log.error("Cookie cache clearAllScopes lock failed: \(error)")
return ClearSummary(clearedCount: 0, failedCount: 1)
}
}
private static func clearAllScopesDetailedLocked(provider: UsageProvider) -> ClearSummary {
let (keys, enumerationFailed) = self.cookieKeysResult(for: provider)
var cleared = 0
var failedKeys = Set<KeychainCacheStore.Key>()
for key in keys {
let result = KeychainCacheStore.clearResult(key: key)
if result == .removed {
cleared += 1
}
if result != .failed {
self.updateDisplaySnapshot(key: key, entry: nil)
} else {
failedKeys.insert(key)
}
}
let legacyResult = self.removeLegacyEntry(for: provider)
if legacyResult == .removed {
cleared += 1
let globalKey = self.key(for: provider, scope: nil)
if failedKeys.contains(globalKey) {
self.invalidateDisplaySnapshot(key: globalKey)
}
}
let failedCount = failedKeys.count + (enumerationFailed ? 1 : 0) + (legacyResult == .failed ? 1 : 0)
self.log.debug("Cookie cache clearAllScopes completed", metadata: [
"provider": provider.rawValue,
"cleared": "\(cleared)",
])
return ClearSummary(clearedCount: cleared, failedCount: failedCount)
}
/// Clears cookie caches for all providers, including corrupt/invalid entries.
/// Returns keychain/legacy removal and failure counts.
@discardableResult
public static func clearAll() -> Int {
self.clearAllDetailed().clearedCount
}
public static func clearAllDetailed() -> ClearSummary {
do {
return try self.withLegacyMutationLock {
self.clearAllDetailedLocked()
}
} catch {
self.log.error("Cookie cache clearAll lock failed: \(error)")
return ClearSummary(clearedCount: 0, failedCount: 1)
}
}
private static func clearAllDetailedLocked() -> ClearSummary {
self.displayCacheLock.lock()
let knownDisplayKeys = Set(self.displayCache.keys).union(self.displayGenerations.keys)
self.displayCacheLock.unlock()
let enumeratedKeys: [KeychainCacheStore.Key]
let enumerationFailed: Bool
switch KeychainCacheStore.keysResult(category: "cookie") {
case let .found(keys):
enumeratedKeys = keys
enumerationFailed = false
case .temporarilyUnavailable, .failed:
enumeratedKeys = []
enumerationFailed = true
}
let keys = Set(enumeratedKeys).union(knownDisplayKeys)
var cleared = 0
var failedKeys = Set<KeychainCacheStore.Key>()
for key in keys {
let result = KeychainCacheStore.clearResult(key: key)
if result == .removed {
cleared += 1
}
if result != .failed {
self.updateDisplaySnapshot(key: key, entry: nil)
} else {
failedKeys.insert(key)
}
}
var legacyFailures = 0
for provider in UsageProvider.allCases {
switch self.removeLegacyEntry(for: provider) {
case .removed:
cleared += 1
let globalKey = self.key(for: provider, scope: nil)
if failedKeys.contains(globalKey) {
self.invalidateDisplaySnapshot(key: globalKey)
}
case .failed:
legacyFailures += 1
case .missing:
break
}
}
self.log.debug("Cookie cache clearAll completed", metadata: ["cleared": "\(cleared)"])
return ClearSummary(
clearedCount: cleared,
failedCount: failedKeys.count + (enumerationFailed ? 1 : 0) + legacyFailures)
}
private static func cookieKeysResult(for provider: UsageProvider) -> ([KeychainCacheStore.Key], Bool) {
let exactIdentifier = provider.rawValue
let scopedPrefix = "\(provider.rawValue)."
var seen = Set<KeychainCacheStore.Key>()
var keys: [KeychainCacheStore.Key] = []
let enumeratedKeys: [KeychainCacheStore.Key]
let enumerationFailed: Bool
switch KeychainCacheStore.keysResult(category: "cookie") {
case let .found(keys):
enumeratedKeys = keys
enumerationFailed = false
case .temporarilyUnavailable, .failed:
enumeratedKeys = []
enumerationFailed = true
}
for key in enumeratedKeys {
guard key.identifier == exactIdentifier || key.identifier.hasPrefix(scopedPrefix) else {
continue
}
if seen.insert(key).inserted {
keys.append(key)
}
}
let global = self.key(for: provider, scope: nil)
if seen.insert(global).inserted {
keys.append(global)
}
return (keys, enumerationFailed)
}
static func load(from url: URL) -> Entry? {
guard let data = try? Data(contentsOf: url) else { return nil }
let decoder = JSONDecoder()
decoder.dateDecodingStrategy = .iso8601
return try? decoder.decode(Entry.self, from: data)
}
static func store(_ entry: Entry, to url: URL) {
do {
let dir = url.deletingLastPathComponent()
try FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
let encoder = JSONEncoder()
encoder.dateEncodingStrategy = .iso8601
let data = try encoder.encode(entry)
try data.write(to: url, options: [.atomic])
} catch {
self.log.error("Failed to persist cookie cache: \(error)")
}
}
static func setLegacyBaseURLOverrideForTesting(_ url: URL?) {
self.legacyBaseURLOverrideLock.withLock {
self.legacyBaseURLOverride = url
}
}
#if DEBUG
static func withLegacyBaseURLOverrideForTesting<T>(
_ url: URL?,
operation: () throws -> T) rethrows -> T
{
try self.$taskLegacyBaseURLOverride.withValue(url) {
try operation()
}
}
static func withLegacyBaseURLOverrideForTesting<T>(
_ url: URL?,
operation: () async throws -> T) async rethrows -> T
{
try await self.$taskLegacyBaseURLOverride.withValue(url) {
try await operation()
}
}
#endif
static func hasLegacyEntryForTesting(provider: UsageProvider) -> Bool {
self.loadLegacyEntry(for: provider) != nil
}
static func legacyURLForTesting(provider: UsageProvider) -> URL {
self.legacyURL(for: provider)
}
private static func hasKeychainEntry(provider: UsageProvider, scope: Scope?) -> Bool {
let key = self.key(for: provider, scope: scope)
switch KeychainCacheStore.load(key: key, as: Entry.self) {
case .found, .invalid:
return true
case .missing, .temporarilyUnavailable:
return false
}
}
static func hasKeychainEntryForTesting(provider: UsageProvider, scope: Scope? = nil) -> Bool {
self.hasKeychainEntry(provider: provider, scope: scope)
}
static func migrateLegacyEntryIfNeededForTesting(provider: UsageProvider) -> Entry? {
self.migrateLegacyEntryIfNeeded(provider: provider)
}
private static func withLegacyMutationLock<T>(_ operation: () throws -> T) throws -> T {
try self.legacyMutationLock.withLock {
let lockURL = self.legacyMutationLockURL
try FileManager.default.createDirectory(
at: lockURL.deletingLastPathComponent(),
withIntermediateDirectories: true)
let fd = open(lockURL.path, O_CREAT | O_RDWR | O_CLOEXEC, S_IRUSR | S_IWUSR)
guard fd >= 0 else {
throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO)
}
defer {
_ = flock(fd, LOCK_UN)
close(fd)
}
while flock(fd, LOCK_EX) != 0 {
guard errno == EINTR else {
throw POSIXError(POSIXErrorCode(rawValue: errno) ?? .EIO)
}
}
return try operation()
}
}
private static var legacyMutationLockURL: URL {
let base = self.currentLegacyBaseURLOverride ?? self.defaultLegacyBaseURL
return base.appendingPathComponent("cookie-cache.lock")
}
private static func removeLegacyEntry(for provider: UsageProvider) -> LegacyRemovalResult {
let url = self.legacyURL(for: provider)
#if DEBUG
if self.legacyRemovalFailureOverride {
return .failed
}
#endif
let existed = FileManager.default.fileExists(atPath: url.path)
do {
try FileManager.default.removeItem(at: url)
return existed ? .removed : .missing
} catch {
if (error as NSError).code != NSFileNoSuchFileError {
Self.log.error("Failed to remove cookie cache (\(provider.rawValue)): \(error)")
return .failed
}
return .missing
}
}
private static func loadLegacyEntry(for provider: UsageProvider) -> Entry? {
self.load(from: self.legacyURL(for: provider))
}
private static func legacyURL(for provider: UsageProvider) -> URL {
if let override = self.currentLegacyBaseURLOverride {
return override.appendingPathComponent("\(provider.rawValue)-cookie.json")
}
return self.defaultLegacyBaseURL.appendingPathComponent("\(provider.rawValue)-cookie.json")
}
private static var currentLegacyBaseURLOverride: URL? {
#if DEBUG
if let taskOverride = self.taskLegacyBaseURLOverride {
return taskOverride
}
#endif
return self.legacyBaseURLOverrideLock.withLock {
self.legacyBaseURLOverride
}
}
private static var defaultLegacyBaseURL: URL {
let fm = FileManager.default
let base = fm.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
?? fm.temporaryDirectory
return base.appendingPathComponent("CodexBar", isDirectory: true)
}
private static func key(for provider: UsageProvider, scope: Scope?) -> KeychainCacheStore.Key {
KeychainCacheStore.Key.cookie(provider: provider, scopeIdentifier: scope?.keychainIdentifier)
}
}
extension CookieHeaderCache {
enum ConditionalMutationObservation {
case authoritative(Entry?)
case keychainTemporarilyUnavailable(legacyEntry: Entry?)
var entry: Entry? {
switch self {
case let .authoritative(entry): entry
case .keychainTemporarilyUnavailable: nil
}
}
}
/// Captures enough state to conditionally persist an asynchronous refresh after a transient
/// Keychain read failure without mistaking an untouched legacy entry for a concurrent write.
static func observeForConditionalMutation(
provider: UsageProvider,
scope: Scope? = nil) -> ConditionalMutationObservation
{
do {
return try self.withLegacyMutationLock {
let key = self.key(for: provider, scope: scope)
switch KeychainCacheStore.load(key: key, as: Entry.self) {
case let .found(entry):
return .authoritative(entry)
case .temporarilyUnavailable:
let legacyEntry = scope == nil ? self.loadLegacyEntry(for: provider) : nil
return .keychainTemporarilyUnavailable(legacyEntry: legacyEntry)
case .invalid:
KeychainCacheStore.clear(key: key)
case .missing:
break
}
guard scope == nil else { return .authoritative(nil) }
return .authoritative(self.migrateLegacyEntryIfNeededLocked(provider: provider))
}
} catch {
self.log.error("Cookie cache observation lock failed: \(error)")
return .keychainTemporarilyUnavailable(legacyEntry: nil)
}
}
/// Stores against a state captured by `observeForConditionalMutation`. A transient initial
/// Keychain failure may proceed only after Keychain recovers as missing and legacy state is unchanged.
@discardableResult
static func storeIfObservationCurrent(
provider: UsageProvider,
scope: Scope? = nil,
expected: ConditionalMutationObservation,
cookieHeader: String,
sourceLabel: String,
now: Date = Date()) -> Bool
{
let trimmed = cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines)
guard let normalized = CookieHeaderNormalizer.normalize(trimmed), !normalized.isEmpty else { return false }
let entry = Entry(cookieHeader: normalized, storedAt: now, sourceLabel: sourceLabel)
do {
return try self.withLegacyMutationLock {
guard self.currentStateMatches(expected, provider: provider, scope: scope) else { return false }
return self.store(entry: entry, provider: provider, scope: scope, sourceLabel: sourceLabel)
}
} catch {
self.log.error("Cookie cache observed store lock failed: \(error)")
return false
}
}
private static func currentStateMatches(
_ expected: ConditionalMutationObservation,
provider: UsageProvider,
scope: Scope?) -> Bool
{
switch expected {
case let .authoritative(entry):
return self.currentEntryMatches(entry, provider: provider, scope: scope)
case let .keychainTemporarilyUnavailable(expectedLegacyEntry):
let key = self.key(for: provider, scope: scope)
guard case .missing = KeychainCacheStore.load(key: key, as: Entry.self) else { return false }
guard scope == nil else { return true }
return self.optionalEntriesMatch(self.loadLegacyEntry(for: provider), expectedLegacyEntry)
}
}
private static func optionalEntriesMatch(_ current: Entry?, _ expected: Entry?) -> Bool {
switch (current, expected) {
case (nil, nil): true
case let (current?, expected?): self.entriesMatch(current, expected)
default: false
}
}
}