Look up auth connections by domain instead of stored ID
Connection IDs change when re-authing. Instead of storing IDs in
settings.json (which go stale), look up connections by domain at
runtime via kernel.auth.connections.list({ domain }). This keeps
the applier in sync regardless of connection recreation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -2,8 +2,11 @@
|
||||
* session.mjs — Kernel Managed Auth session management
|
||||
* Checks auth status before browser creation, triggers re-auth when needed.
|
||||
*
|
||||
* Looks up auth connections by domain (not stored ID) so it stays in sync
|
||||
* even when connections are recreated.
|
||||
*
|
||||
* Flow:
|
||||
* 1. Check connection status via SDK
|
||||
* 1. List connections for domain, find the one matching our profile
|
||||
* 2. If AUTHENTICATED → good to go
|
||||
* 3. If NEEDS_AUTH + can_reauth → trigger login(), poll until done
|
||||
* 4. If NEEDS_AUTH + !can_reauth → return false (caller should alert + skip)
|
||||
@@ -14,29 +17,45 @@ import {
|
||||
} from './constants.mjs';
|
||||
const require = createRequire(import.meta.url);
|
||||
|
||||
const PLATFORM_DOMAINS = {
|
||||
linkedin: 'linkedin.com',
|
||||
wellfound: 'wellfound.com',
|
||||
};
|
||||
|
||||
function getKernel(apiKey) {
|
||||
const Kernel = require(KERNEL_SDK_PATH);
|
||||
return new Kernel({ apiKey });
|
||||
}
|
||||
|
||||
/**
|
||||
* Find auth connection for a platform by domain lookup.
|
||||
* Returns the connection object or null.
|
||||
*/
|
||||
async function findConnection(kernel, platform) {
|
||||
const domain = PLATFORM_DOMAINS[platform];
|
||||
if (!domain) return null;
|
||||
|
||||
const page = await kernel.auth.connections.list({ domain });
|
||||
const connections = [];
|
||||
for await (const conn of page) {
|
||||
connections.push(conn);
|
||||
}
|
||||
|
||||
if (connections.length === 0) return null;
|
||||
// If multiple connections for same domain, prefer AUTHENTICATED
|
||||
return connections.find(c => c.status === 'AUTHENTICATED') || connections[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Check auth connection status and re-auth if needed.
|
||||
* Returns { ok: true } or { ok: false, reason: string }
|
||||
*/
|
||||
export async function ensureAuth(platform, apiKey, connectionIds = {}) {
|
||||
const connectionId = connectionIds[platform];
|
||||
if (!connectionId) {
|
||||
return { ok: false, reason: `no connection ID configured for ${platform}` };
|
||||
}
|
||||
|
||||
export async function ensureAuth(platform, apiKey) {
|
||||
const kernel = getKernel(apiKey);
|
||||
|
||||
// Check current status
|
||||
let conn;
|
||||
try {
|
||||
conn = await kernel.auth.connections.retrieve(connectionId);
|
||||
} catch (e) {
|
||||
return { ok: false, reason: `connection ${connectionId} not found: ${e.message}` };
|
||||
const conn = await findConnection(kernel, platform);
|
||||
if (!conn) {
|
||||
return { ok: false, reason: `no auth connection found for ${platform} (domain: ${PLATFORM_DOMAINS[platform]})` };
|
||||
}
|
||||
|
||||
if (conn.status === 'AUTHENTICATED') {
|
||||
@@ -45,13 +64,13 @@ export async function ensureAuth(platform, apiKey, connectionIds = {}) {
|
||||
|
||||
// NEEDS_AUTH — can we auto re-auth?
|
||||
if (!conn.can_reauth) {
|
||||
return { ok: false, reason: `${platform} needs manual re-login (can_reauth=false). Go to Kernel dashboard or run: kernel auth connections login ${connectionId}` };
|
||||
return { ok: false, reason: `${platform} needs manual re-login (can_reauth=false). Run: kernel auth connections login ${conn.id}` };
|
||||
}
|
||||
|
||||
// Trigger re-auth with stored credentials
|
||||
console.log(` 🔄 ${platform} session expired — re-authenticating...`);
|
||||
try {
|
||||
await kernel.auth.connections.login(connectionId);
|
||||
await kernel.auth.connections.login(conn.id);
|
||||
} catch (e) {
|
||||
return { ok: false, reason: `re-auth login() failed: ${e.message}` };
|
||||
}
|
||||
@@ -60,22 +79,23 @@ export async function ensureAuth(platform, apiKey, connectionIds = {}) {
|
||||
const start = Date.now();
|
||||
while (Date.now() - start < SESSION_REFRESH_POLL_TIMEOUT) {
|
||||
await new Promise(r => setTimeout(r, SESSION_REFRESH_POLL_WAIT));
|
||||
let updated;
|
||||
try {
|
||||
conn = await kernel.auth.connections.retrieve(connectionId);
|
||||
updated = await kernel.auth.connections.retrieve(conn.id);
|
||||
} catch (e) {
|
||||
return { ok: false, reason: `polling failed: ${e.message}` };
|
||||
}
|
||||
|
||||
if (conn.status === 'AUTHENTICATED') {
|
||||
if (updated.status === 'AUTHENTICATED') {
|
||||
console.log(` ✅ ${platform} re-authenticated`);
|
||||
return { ok: true };
|
||||
}
|
||||
|
||||
if (conn.flow_status === 'FAILED') {
|
||||
return { ok: false, reason: `re-auth failed: ${conn.error_message || conn.error_code || 'unknown'}` };
|
||||
if (updated.flow_status === 'FAILED') {
|
||||
return { ok: false, reason: `re-auth failed: ${updated.error_message || updated.error_code || 'unknown'}` };
|
||||
}
|
||||
if (conn.flow_status === 'EXPIRED' || conn.flow_status === 'CANCELED') {
|
||||
return { ok: false, reason: `re-auth ${conn.flow_status.toLowerCase()}` };
|
||||
if (updated.flow_status === 'EXPIRED' || updated.flow_status === 'CANCELED') {
|
||||
return { ok: false, reason: `re-auth ${updated.flow_status.toLowerCase()}` };
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user