fix: refresh credentials

src/services/storage.ts

@@ -18,6 +18,8 @@ interface StorageServiceConfig {
 export class StorageService {
   private client: S3;
   private credentials!: Credentials;
+  private lastCredentialRefresh: number = 0;
+  private readonly CREDENTIAL_REFRESH_INTERVAL = 5 * 60 * 1000; // 5 minutes
 
   constructor(private config: StorageServiceConfig) {
     this.initializeClient();
@@ -114,7 +116,40 @@ export class StorageService {
     throw new Error(`No valid AWS credentials found:\n${errors.join('\n')}`);
   }
 
+  private async refreshCredentialsIfNeeded() {
+    const now = Date.now();
+    if (now - this.lastCredentialRefresh >= this.CREDENTIAL_REFRESH_INTERVAL) {
+      this.credentials = await this.resolveCredentials();
+      this.lastCredentialRefresh = now;
+      
+      // Reinitialize client with new credentials
+      const factory = new ApiFactory({
+        region: this.config.region,
+        credentials: this.credentials,
+      });
+      this.client = new S3(factory);
+    }
+  }
+
+  private async retryWithRefresh<T>(operation: () => Promise<T>): Promise<T> {
+    try {
+      await this.refreshCredentialsIfNeeded();
+      return await operation();
+    } catch (error) {
+      if (error instanceof Error && 
+          (error.message.includes("ExpiredToken") || 
+           error.message.includes("InvalidToken"))) {
+        // Force refresh credentials and retry once
+        this.lastCredentialRefresh = 0;
+        await this.refreshCredentialsIfNeeded();
+        return await operation();
+      }
+      throw error;
+    }
+  }
+
   async getSignedUrl(key: string, expiresIn = 3600): Promise<string> {
+    return await this.retryWithRefresh(async () => {
       await this.ensureInitialized();
       return await getSignedUrl({
         accessKeyId: this.credentials.awsAccessKeyId,
@@ -125,9 +160,11 @@ export class StorageService {
         region: this.config.region,
         expiresIn,
       });
+    });
   }
 
   async listObjects(options: ListObjectsOptions): Promise<ListObjectsResult> {
+    return await this.retryWithRefresh(async () => {
       await this.ensureInitialized();
       try {
         const params: ListObjectsV2Request = {
@@ -145,10 +182,9 @@ export class StorageService {
           size: obj.Size || 0,
           lastModified: obj.LastModified || new Date(),
           etag: (obj.ETag || "").replace(/^"|"$/g, ""),
-        contentType: undefined, // Content type requires separate HEAD request
+          contentType: undefined,
         })) || [];
 
-      // Get content types in parallel for better performance
         await Promise.all(objects.map(async (obj) => {
           obj.contentType = await this.getContentType(obj.key);
         }));
@@ -164,9 +200,11 @@ export class StorageService {
           `Failed to list objects: ${error instanceof Error ? error.message : String(error)}`
         );
       }
+    });
   }
 
   private async getContentType(key: string): Promise<string | undefined> {
+    return await this.retryWithRefresh(async () => {
       try {
         const response = await this.client.headObject({
           Bucket: this.config.bucket,
@@ -176,6 +214,7 @@ export class StorageService {
       } catch {
         return undefined;
       }
+    });
   }
 }