@backstage/integration 1.18.1-next.1 → 1.18.2-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +18 -0
  2. package/dist/github/SingleInstanceGithubCredentialsProvider.cjs.js +6 -4
  3. package/dist/github/SingleInstanceGithubCredentialsProvider.cjs.js.map +1 -1
  4. package/dist/github/SingleInstanceGithubCredentialsProvider.esm.js +6 -4
  5. package/dist/github/SingleInstanceGithubCredentialsProvider.esm.js.map +1 -1
  6. package/dist/index.d.ts +1 -1
  7. package/package.json +4 -4
package/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # @backstage/integration
2
2
 
3
+ ## 1.18.2-next.0
4
+
5
+ ### Patch Changes
6
+
7
+ - 05f60e1: Refactored constructor parameter properties to explicit property declarations for compatibility with TypeScript's `erasableSyntaxOnly` setting. This internal refactoring maintains all existing functionality while ensuring TypeScript compilation compatibility.
8
+ - Updated dependencies
9
+ - @backstage/config@1.3.6-next.0
10
+ - @backstage/errors@1.2.7
11
+
12
+ ## 1.18.1
13
+
14
+ ### Patch Changes
15
+
16
+ - d772b51: remove host from azure blob storage integration type
17
+ - 84443f1: Adds config definitions for Azure Blob Storage.
18
+ - Updated dependencies
19
+ - @backstage/config@1.3.5
20
+
3
21
  ## 1.18.1-next.1
4
22
 
5
23
  ### Patch Changes
package/dist/github/SingleInstanceGithubCredentialsProvider.cjs.js CHANGED
@@ -162,16 +162,18 @@ class GithubAppCredentialsMux {
162
162
  }
163
163
  }
164
164
  class SingleInstanceGithubCredentialsProvider {
165
- constructor(githubAppCredentialsMux, token) {
166
- this.githubAppCredentialsMux = githubAppCredentialsMux;
167
- this.token = token;
168
- }
169
165
  static create = (config) => {
170
166
  return new SingleInstanceGithubCredentialsProvider(
171
167
  new GithubAppCredentialsMux(config),
172
168
  config.token
173
169
  );
174
170
  };
171
+ githubAppCredentialsMux;
172
+ token;
173
+ constructor(githubAppCredentialsMux, token) {
174
+ this.githubAppCredentialsMux = githubAppCredentialsMux;
175
+ this.token = token;
176
+ }
175
177
  /**
176
178
  * Returns {@link GithubCredentials} for a given URL.
177
179
  *
package/dist/github/SingleInstanceGithubCredentialsProvider.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SingleInstanceGithubCredentialsProvider.cjs.js","sources":["../../src/github/SingleInstanceGithubCredentialsProvider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport parseGitUrl from 'git-url-parse';\nimport { GithubAppConfig, GithubIntegrationConfig } from './config';\nimport { createAppAuth } from '@octokit/auth-app';\nimport { Octokit, RestEndpointMethodTypes } from '@octokit/rest';\nimport { DateTime } from 'luxon';\nimport {\n GithubCredentials,\n GithubCredentialsProvider,\n GithubCredentialType,\n} from './types';\n\ntype InstallationData = {\n installationId: number;\n suspended: boolean;\n};\n\ntype InstallationTokenData = {\n token: string;\n expiresAt: DateTime;\n repositories?: String[];\n};\n\nclass Cache {\n private readonly tokenCache = new Map<string, InstallationTokenData>();\n\n async getOrCreateToken(\n owner: string,\n repo: string | undefined,\n supplier: () => Promise<InstallationTokenData>,\n ): Promise<{ accessToken: string }> {\n let existingInstallationData = this.tokenCache.get(owner);\n\n if (\n !existingInstallationData ||\n this.isExpired(existingInstallationData.expiresAt)\n ) {\n existingInstallationData = await supplier();\n // Allow 10 minutes grace to account for clock skew\n existingInstallationData.expiresAt =\n existingInstallationData.expiresAt.minus({ minutes: 10 });\n this.tokenCache.set(owner, existingInstallationData);\n }\n\n if (!this.appliesToRepo(existingInstallationData, repo)) {\n throw new Error(\n `The Backstage GitHub application used in the ${owner} organization does not have access to a repository with the name ${repo}`,\n );\n }\n\n return { accessToken: existingInstallationData.token };\n }\n\n private isExpired = (date: DateTime) => DateTime.local() > date;\n\n private appliesToRepo(tokenData: InstallationTokenData, repo?: string) {\n // If no specific repo has been requested the token is applicable\n if (repo === undefined) {\n return true;\n }\n // If the token is restricted to repositories, the token only applies if the repo is in the allow list\n if (tokenData.repositories !== undefined) {\n return tokenData.repositories.includes(repo);\n }\n // Otherwise the token is applicable\n return true;\n }\n}\n\n/**\n * This accept header is required when calling App APIs in GitHub Enterprise.\n * It has no effect on calls to github.com and can probably be removed entirely\n * once GitHub Apps is out of preview.\n */\nconst HEADERS = {\n Accept: 'application/vnd.github.machine-man-preview+json',\n};\n\n/**\n * GithubAppManager issues and caches tokens for a specific GitHub App.\n */\nclass GithubAppManager {\n private readonly appClient: Octokit;\n private readonly baseUrl?: string;\n private readonly baseAuthConfig: { appId: number; privateKey: string };\n private readonly cache = new Cache();\n private readonly allowedInstallationOwners: string[] | undefined; // undefined allows all installations\n\n constructor(config: GithubAppConfig, baseUrl?: string) {\n this.allowedInstallationOwners = config.allowedInstallationOwners?.map(\n owner => owner.toLocaleLowerCase('en-US'),\n );\n this.baseUrl = baseUrl;\n this.baseAuthConfig = {\n appId: config.appId,\n privateKey: config.privateKey.replace(/\\\\n/gm, '\\n'),\n };\n this.appClient = new Octokit({\n baseUrl,\n headers: HEADERS,\n authStrategy: createAppAuth,\n auth: this.baseAuthConfig,\n });\n }\n\n async getInstallationCredentials(\n owner: string,\n repo?: string,\n ): Promise<{ accessToken: string | undefined }> {\n if (this.allowedInstallationOwners) {\n if (\n !this.allowedInstallationOwners?.includes(\n owner.toLocaleLowerCase('en-US'),\n )\n ) {\n return { accessToken: undefined }; // An empty token allows anonymous access to public repos\n }\n }\n\n // Go and grab an access token for the app scoped to a repository if provided, if not use the organisation installation.\n return this.cache.getOrCreateToken(owner, repo, async () => {\n const { installationId, suspended } = await this.getInstallationData(\n owner,\n );\n if (suspended) {\n throw new Error(`The GitHub application for ${owner} is suspended`);\n }\n\n const result = await this.appClient.apps.createInstallationAccessToken({\n installation_id: installationId,\n headers: HEADERS,\n });\n\n let repositoryNames;\n\n if (result.data.repository_selection === 'selected') {\n const installationClient = new Octokit({\n baseUrl: this.baseUrl,\n auth: result.data.token,\n });\n const repos = await installationClient.paginate(\n installationClient.apps.listReposAccessibleToInstallation,\n );\n // The return type of the paginate method is incorrect.\n const repositories: RestEndpointMethodTypes['apps']['listReposAccessibleToInstallation']['response']['data']['repositories'] =\n repos.repositories ?? repos;\n\n repositoryNames = repositories.map(repository => repository.name);\n }\n return {\n token: result.data.token,\n expiresAt: DateTime.fromISO(result.data.expires_at),\n repositories: repositoryNames,\n };\n });\n }\n\n getInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n return this.appClient.paginate(this.appClient.apps.listInstallations);\n }\n\n private async getInstallationData(owner: string): Promise<InstallationData> {\n const allInstallations = await this.getInstallations();\n const installation = allInstallations.find(\n inst =>\n inst.account &&\n 'login' in inst.account &&\n inst.account.login?.toLocaleLowerCase('en-US') ===\n owner.toLocaleLowerCase('en-US'),\n );\n if (installation) {\n return {\n installationId: installation.id,\n suspended: Boolean(installation.suspended_by),\n };\n }\n const notFoundError = new Error(\n `No app installation found for ${owner} in ${this.baseAuthConfig.appId}`,\n );\n notFoundError.name = 'NotFoundError';\n throw notFoundError;\n }\n}\n\n/**\n * Corresponds to a Github installation which internally could hold several GitHub Apps.\n *\n * @public\n */\nexport class GithubAppCredentialsMux {\n private readonly apps: GithubAppManager[];\n\n constructor(config: GithubIntegrationConfig, appIds: number[] = []) {\n this.apps =\n config.apps\n ?.filter(app => (appIds.length ? appIds.includes(app.appId) : true))\n .map(ac => new GithubAppManager(ac, config.apiBaseUrl)) ?? [];\n }\n\n async getAllInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n if (!this.apps.length) {\n return [];\n }\n\n const installs = await Promise.all(\n this.apps.map(app => app.getInstallations()),\n );\n\n return installs.flat();\n }\n\n async getAppToken(owner: string, repo?: string): Promise<string | undefined> {\n if (this.apps.length === 0) {\n return undefined;\n }\n\n const results = await Promise.all(\n this.apps.map(app =>\n app.getInstallationCredentials(owner, repo).then(\n credentials => ({ credentials, error: undefined }),\n error => ({ credentials: undefined, error }),\n ),\n ),\n );\n\n const result = results.find(\n resultItem => resultItem.credentials?.accessToken,\n );\n if (result) {\n return result.credentials!.accessToken;\n }\n\n const errors = results.map(r => r.error);\n const notNotFoundError = errors.find(err => err?.name !== 'NotFoundError');\n if (notNotFoundError) {\n throw notNotFoundError;\n }\n\n return undefined;\n }\n}\n\n/**\n * Handles the creation and caching of credentials for GitHub integrations.\n *\n * @public\n * @remarks\n *\n * TODO: Possibly move this to a backend only package so that it's not used in the frontend by mistake\n */\nexport class SingleInstanceGithubCredentialsProvider\n implements GithubCredentialsProvider\n{\n static create: (\n config: GithubIntegrationConfig,\n ) => GithubCredentialsProvider = config => {\n return new SingleInstanceGithubCredentialsProvider(\n new GithubAppCredentialsMux(config),\n config.token,\n );\n };\n\n private constructor(\n private readonly githubAppCredentialsMux: GithubAppCredentialsMux,\n private readonly token?: string,\n ) {}\n\n /**\n * Returns {@link GithubCredentials} for a given URL.\n *\n * @remarks\n *\n * Consecutive calls to this method with the same URL will return cached\n * credentials.\n *\n * The shortest lifetime for a token returned is 10 minutes.\n *\n * @example\n * ```ts\n * const { token, headers } = await getCredentials({\n * url: 'github.com/backstage/foobar'\n * })\n * ```\n *\n * @param opts - The organization or repository URL\n * @returns A promise of {@link GithubCredentials}.\n */\n async getCredentials(opts: { url: string }): Promise<GithubCredentials> {\n const parsed = parseGitUrl(opts.url);\n\n const owner = parsed.owner || parsed.name;\n const repo = parsed.owner ? parsed.name : undefined;\n\n let type: GithubCredentialType = 'app';\n let token = await this.githubAppCredentialsMux.getAppToken(owner, repo);\n if (!token) {\n type = 'token';\n token = this.token;\n }\n\n return {\n headers: token ? { Authorization: `Bearer ${token}` } : undefined,\n token,\n type,\n };\n }\n}\n"],"names":["DateTime","Octokit","createAppAuth","parseGitUrl"],"mappings":";;;;;;;;;;;AAsCA,MAAM,KAAA,CAAM;AAAA,EACO,UAAA,uBAAiB,GAAA,EAAmC;AAAA,EAErE,MAAM,gBAAA,CACJ,KAAA,EACA,IAAA,EACA,QAAA,EACkC;AAClC,IAAA,IAAI,wBAAA,GAA2B,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA;AAExD,IAAA,IACE,CAAC,wBAAA,IACD,IAAA,CAAK,SAAA,CAAU,wBAAA,CAAyB,SAAS,CAAA,EACjD;AACA,MAAA,wBAAA,GAA2B,MAAM,QAAA,EAAS;AAE1C,MAAA,wBAAA,CAAyB,YACvB,wBAAA,CAAyB,SAAA,CAAU,MAAM,EAAE,OAAA,EAAS,IAAI,CAAA;AAC1D,MAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAA,EAAO,wBAAwB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,CAAC,IAAA,CAAK,aAAA,CAAc,wBAAA,EAA0B,IAAI,CAAA,EAAG;AACvD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,6CAAA,EAAgD,KAAK,CAAA,iEAAA,EAAoE,IAAI,CAAA;AAAA,OAC/H;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,WAAA,EAAa,wBAAA,CAAyB,KAAA,EAAM;AAAA,EACvD;AAAA,EAEQ,SAAA,GAAY,CAAC,IAAA,KAAmBA,cAAA,CAAS,OAAM,GAAI,IAAA;AAAA,EAEnD,aAAA,CAAc,WAAkC,IAAA,EAAe;AAErE,IAAA,IAAI,SAAS,MAAA,EAAW;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,CAAU,iBAAiB,MAAA,EAAW;AACxC,MAAA,OAAO,SAAA,CAAU,YAAA,CAAa,QAAA,CAAS,IAAI,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAOA,MAAM,OAAA,GAAU;AAAA,EACd,MAAA,EAAQ;AACV,CAAA;AAKA,MAAM,gBAAA,CAAiB;AAAA,EACJ,SAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,KAAA,GAAQ,IAAI,KAAA,EAAM;AAAA,EAClB,yBAAA;AAAA;AAAA,EAEjB,WAAA,CAAY,QAAyB,OAAA,EAAkB;AACrD,IAAA,IAAA,CAAK,yBAAA,GAA4B,OAAO,yBAAA,EAA2B,GAAA;AAAA,MACjE,CAAA,KAAA,KAAS,KAAA,CAAM,iBAAA,CAAkB,OAAO;AAAA,KAC1C;AACA,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,cAAA,GAAiB;AAAA,MACpB,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,MAAA,CAAO,UAAA,CAAW,OAAA,CAAQ,SAAS,IAAI;AAAA,KACrD;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,IAAIC,YAAA,CAAQ;AAAA,MAC3B,OAAA;AAAA,MACA,OAAA,EAAS,OAAA;AAAA,MACT,YAAA,EAAcC,qBAAA;AAAA,MACd,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,0BAAA,CACJ,KAAA,EACA,IAAA,EAC8C;AAC9C,IAAA,IAAI,KAAK,yBAAA,EAA2B;AAClC,MAAA,IACE,CAAC,KAAK,yBAAA,EAA2B,QAAA;AAAA,QAC/B,KAAA,CAAM,kBAAkB,OAAO;AAAA,OACjC,EACA;AACA,QAAA,OAAO,EAAE,aAAa,MAAA,EAAU;AAAA,MAClC;AAAA,IACF;AAGA,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,gBAAA,CAAiB,KAAA,EAAO,MAAM,YAAY;AAC1D,MAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAU,GAAI,MAAM,IAAA,CAAK,mBAAA;AAAA,QAC/C;AAAA,OACF;AACA,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,KAAK,CAAA,aAAA,CAAe,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,6BAAA,CAA8B;AAAA,QACrE,eAAA,EAAiB,cAAA;AAAA,QACjB,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,IAAI,eAAA;AAEJ,MAAA,IAAI,MAAA,CAAO,IAAA,CAAK,oBAAA,KAAyB,UAAA,EAAY;AACnD,QAAA,MAAM,kBAAA,GAAqB,IAAID,YAAA,CAAQ;AAAA,UACrC,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACnB,CAAA;AACD,QAAA,MAAM,KAAA,GAAQ,MAAM,kBAAA,CAAmB,QAAA;AAAA,UACrC,mBAAmB,IAAA,CAAK;AAAA,SAC1B;AAEA,QAAA,MAAM,YAAA,GACJ,MAAM,YAAA,IAAgB,KAAA;AAExB,QAAA,eAAA,GAAkB,YAAA,CAAa,GAAA,CAAI,CAAA,UAAA,KAAc,UAAA,CAAW,IAAI,CAAA;AAAA,MAClE;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,QACnB,SAAA,EAAWD,cAAA,CAAS,OAAA,CAAQ,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,QAClD,YAAA,EAAc;AAAA,OAChB;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,gBAAA,GAEE;AACA,IAAA,OAAO,KAAK,SAAA,CAAU,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,KAAK,iBAAiB,CAAA;AAAA,EACtE;AAAA,EAEA,MAAc,oBAAoB,KAAA,EAA0C;AAC1E,IAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,gBAAA,EAAiB;AACrD,IAAA,MAAM,eAAe,gBAAA,CAAiB,IAAA;AAAA,MACpC,CAAA,IAAA,KACE,IAAA,CAAK,OAAA,IACL,OAAA,IAAW,KAAK,OAAA,IAChB,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,iBAAA,CAAkB,OAAO,CAAA,KAC3C,KAAA,CAAM,kBAAkB,OAAO;AAAA,KACrC;AACA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO;AAAA,QACL,gBAAgB,YAAA,CAAa,EAAA;AAAA,QAC7B,SAAA,EAAW,OAAA,CAAQ,YAAA,CAAa,YAAY;AAAA,OAC9C;AAAA,IACF;AACA,IAAA,MAAM,gBAAgB,IAAI,KAAA;AAAA,MACxB,CAAA,8BAAA,EAAiC,KAAK,CAAA,IAAA,EAAO,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,KACxE;AACA,IAAA,aAAA,CAAc,IAAA,GAAO,eAAA;AACrB,IAAA,MAAM,aAAA;AAAA,EACR;AACF;AAOO,MAAM,uBAAA,CAAwB;AAAA,EAClB,IAAA;AAAA,EAEjB,WAAA,CAAY,MAAA,EAAiC,MAAA,GAAmB,EAAC,EAAG;AAClE,IAAA,IAAA,CAAK,IAAA,GACH,OAAO,IAAA,EACH,MAAA,CAAO,SAAQ,MAAA,CAAO,MAAA,GAAS,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,KAAK,IAAI,IAAK,CAAA,CAClE,GAAA,CAAI,CAAA,EAAA,KAAM,IAAI,gBAAA,CAAiB,IAAI,MAAA,CAAO,UAAU,CAAC,CAAA,IAAK,EAAC;AAAA,EAClE;AAAA,EAEA,MAAM,mBAAA,GAEJ;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,MAAA,EAAQ;AACrB,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC7B,KAAK,IAAA,CAAK,GAAA,CAAI,CAAA,GAAA,KAAO,GAAA,CAAI,kBAAkB;AAAA,KAC7C;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,CAAY,KAAA,EAAe,IAAA,EAA4C;AAC3E,IAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC5B,KAAK,IAAA,CAAK,GAAA;AAAA,QAAI,CAAA,GAAA,KACZ,GAAA,CAAI,0BAAA,CAA2B,KAAA,EAAO,IAAI,CAAA,CAAE,IAAA;AAAA,UAC1C,CAAA,WAAA,MAAgB,EAAE,WAAA,EAAa,KAAA,EAAO,MAAA,EAAU,CAAA;AAAA,UAChD,CAAA,KAAA,MAAU,EAAE,WAAA,EAAa,MAAA,EAAW,KAAA,EAAM;AAAA;AAC5C;AACF,KACF;AAEA,IAAA,MAAM,SAAS,OAAA,CAAQ,IAAA;AAAA,MACrB,CAAA,UAAA,KAAc,WAAW,WAAA,EAAa;AAAA,KACxC;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAO,OAAO,WAAA,CAAa,WAAA;AAAA,IAC7B;AAEA,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AACvC,IAAA,MAAM,mBAAmB,MAAA,CAAO,IAAA,CAAK,CAAA,GAAA,KAAO,GAAA,EAAK,SAAS,eAAe,CAAA;AACzE,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,MAAM,gBAAA;AAAA,IACR;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAUO,MAAM,uCAAA,CAEb;AAAA,EAUU,WAAA,CACW,yBACA,KAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,uBAAA,GAAA,uBAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EAChB;AAAA,EAZH,OAAO,SAE0B,CAAA,MAAA,KAAU;AACzC,IAAA,OAAO,IAAI,uCAAA;AAAA,MACT,IAAI,wBAAwB,MAAM,CAAA;AAAA,MAClC,MAAA,CAAO;AAAA,KACT;AAAA,EACF,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,MAAM,eAAe,IAAA,EAAmD;AACtE,IAAA,MAAM,MAAA,GAASG,4BAAA,CAAY,IAAA,CAAK,GAAG,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,IAAA;AACrC,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,IAAA,GAAO,MAAA;AAE1C,IAAA,IAAI,IAAA,GAA6B,KAAA;AACjC,IAAA,IAAI,QAAQ,MAAM,IAAA,CAAK,uBAAA,CAAwB,WAAA,CAAY,OAAO,IAAI,CAAA;AACtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,IAAA,GAAO,OAAA;AACP,MAAA,KAAA,GAAQ,IAAA,CAAK,KAAA;AAAA,IACf;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,KAAA,GAAQ,EAAE,eAAe,CAAA,OAAA,EAAU,KAAK,IAAG,GAAI,MAAA;AAAA,MACxD,KAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF;;;;;"}
1
+ {"version":3,"file":"SingleInstanceGithubCredentialsProvider.cjs.js","sources":["../../src/github/SingleInstanceGithubCredentialsProvider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport parseGitUrl from 'git-url-parse';\nimport { GithubAppConfig, GithubIntegrationConfig } from './config';\nimport { createAppAuth } from '@octokit/auth-app';\nimport { Octokit, RestEndpointMethodTypes } from '@octokit/rest';\nimport { DateTime } from 'luxon';\nimport {\n GithubCredentials,\n GithubCredentialsProvider,\n GithubCredentialType,\n} from './types';\n\ntype InstallationData = {\n installationId: number;\n suspended: boolean;\n};\n\ntype InstallationTokenData = {\n token: string;\n expiresAt: DateTime;\n repositories?: String[];\n};\n\nclass Cache {\n private readonly tokenCache = new Map<string, InstallationTokenData>();\n\n async getOrCreateToken(\n owner: string,\n repo: string | undefined,\n supplier: () => Promise<InstallationTokenData>,\n ): Promise<{ accessToken: string }> {\n let existingInstallationData = this.tokenCache.get(owner);\n\n if (\n !existingInstallationData ||\n this.isExpired(existingInstallationData.expiresAt)\n ) {\n existingInstallationData = await supplier();\n // Allow 10 minutes grace to account for clock skew\n existingInstallationData.expiresAt =\n existingInstallationData.expiresAt.minus({ minutes: 10 });\n this.tokenCache.set(owner, existingInstallationData);\n }\n\n if (!this.appliesToRepo(existingInstallationData, repo)) {\n throw new Error(\n `The Backstage GitHub application used in the ${owner} organization does not have access to a repository with the name ${repo}`,\n );\n }\n\n return { accessToken: existingInstallationData.token };\n }\n\n private isExpired = (date: DateTime) => DateTime.local() > date;\n\n private appliesToRepo(tokenData: InstallationTokenData, repo?: string) {\n // If no specific repo has been requested the token is applicable\n if (repo === undefined) {\n return true;\n }\n // If the token is restricted to repositories, the token only applies if the repo is in the allow list\n if (tokenData.repositories !== undefined) {\n return tokenData.repositories.includes(repo);\n }\n // Otherwise the token is applicable\n return true;\n }\n}\n\n/**\n * This accept header is required when calling App APIs in GitHub Enterprise.\n * It has no effect on calls to github.com and can probably be removed entirely\n * once GitHub Apps is out of preview.\n */\nconst HEADERS = {\n Accept: 'application/vnd.github.machine-man-preview+json',\n};\n\n/**\n * GithubAppManager issues and caches tokens for a specific GitHub App.\n */\nclass GithubAppManager {\n private readonly appClient: Octokit;\n private readonly baseUrl?: string;\n private readonly baseAuthConfig: { appId: number; privateKey: string };\n private readonly cache = new Cache();\n private readonly allowedInstallationOwners: string[] | undefined; // undefined allows all installations\n\n constructor(config: GithubAppConfig, baseUrl?: string) {\n this.allowedInstallationOwners = config.allowedInstallationOwners?.map(\n owner => owner.toLocaleLowerCase('en-US'),\n );\n this.baseUrl = baseUrl;\n this.baseAuthConfig = {\n appId: config.appId,\n privateKey: config.privateKey.replace(/\\\\n/gm, '\\n'),\n };\n this.appClient = new Octokit({\n baseUrl,\n headers: HEADERS,\n authStrategy: createAppAuth,\n auth: this.baseAuthConfig,\n });\n }\n\n async getInstallationCredentials(\n owner: string,\n repo?: string,\n ): Promise<{ accessToken: string | undefined }> {\n if (this.allowedInstallationOwners) {\n if (\n !this.allowedInstallationOwners?.includes(\n owner.toLocaleLowerCase('en-US'),\n )\n ) {\n return { accessToken: undefined }; // An empty token allows anonymous access to public repos\n }\n }\n\n // Go and grab an access token for the app scoped to a repository if provided, if not use the organisation installation.\n return this.cache.getOrCreateToken(owner, repo, async () => {\n const { installationId, suspended } = await this.getInstallationData(\n owner,\n );\n if (suspended) {\n throw new Error(`The GitHub application for ${owner} is suspended`);\n }\n\n const result = await this.appClient.apps.createInstallationAccessToken({\n installation_id: installationId,\n headers: HEADERS,\n });\n\n let repositoryNames;\n\n if (result.data.repository_selection === 'selected') {\n const installationClient = new Octokit({\n baseUrl: this.baseUrl,\n auth: result.data.token,\n });\n const repos = await installationClient.paginate(\n installationClient.apps.listReposAccessibleToInstallation,\n );\n // The return type of the paginate method is incorrect.\n const repositories: RestEndpointMethodTypes['apps']['listReposAccessibleToInstallation']['response']['data']['repositories'] =\n repos.repositories ?? repos;\n\n repositoryNames = repositories.map(repository => repository.name);\n }\n return {\n token: result.data.token,\n expiresAt: DateTime.fromISO(result.data.expires_at),\n repositories: repositoryNames,\n };\n });\n }\n\n getInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n return this.appClient.paginate(this.appClient.apps.listInstallations);\n }\n\n private async getInstallationData(owner: string): Promise<InstallationData> {\n const allInstallations = await this.getInstallations();\n const installation = allInstallations.find(\n inst =>\n inst.account &&\n 'login' in inst.account &&\n inst.account.login?.toLocaleLowerCase('en-US') ===\n owner.toLocaleLowerCase('en-US'),\n );\n if (installation) {\n return {\n installationId: installation.id,\n suspended: Boolean(installation.suspended_by),\n };\n }\n const notFoundError = new Error(\n `No app installation found for ${owner} in ${this.baseAuthConfig.appId}`,\n );\n notFoundError.name = 'NotFoundError';\n throw notFoundError;\n }\n}\n\n/**\n * Corresponds to a Github installation which internally could hold several GitHub Apps.\n *\n * @public\n */\nexport class GithubAppCredentialsMux {\n private readonly apps: GithubAppManager[];\n\n constructor(config: GithubIntegrationConfig, appIds: number[] = []) {\n this.apps =\n config.apps\n ?.filter(app => (appIds.length ? appIds.includes(app.appId) : true))\n .map(ac => new GithubAppManager(ac, config.apiBaseUrl)) ?? [];\n }\n\n async getAllInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n if (!this.apps.length) {\n return [];\n }\n\n const installs = await Promise.all(\n this.apps.map(app => app.getInstallations()),\n );\n\n return installs.flat();\n }\n\n async getAppToken(owner: string, repo?: string): Promise<string | undefined> {\n if (this.apps.length === 0) {\n return undefined;\n }\n\n const results = await Promise.all(\n this.apps.map(app =>\n app.getInstallationCredentials(owner, repo).then(\n credentials => ({ credentials, error: undefined }),\n error => ({ credentials: undefined, error }),\n ),\n ),\n );\n\n const result = results.find(\n resultItem => resultItem.credentials?.accessToken,\n );\n if (result) {\n return result.credentials!.accessToken;\n }\n\n const errors = results.map(r => r.error);\n const notNotFoundError = errors.find(err => err?.name !== 'NotFoundError');\n if (notNotFoundError) {\n throw notNotFoundError;\n }\n\n return undefined;\n }\n}\n\n/**\n * Handles the creation and caching of credentials for GitHub integrations.\n *\n * @public\n * @remarks\n *\n * TODO: Possibly move this to a backend only package so that it's not used in the frontend by mistake\n */\nexport class SingleInstanceGithubCredentialsProvider\n implements GithubCredentialsProvider\n{\n static create: (\n config: GithubIntegrationConfig,\n ) => GithubCredentialsProvider = config => {\n return new SingleInstanceGithubCredentialsProvider(\n new GithubAppCredentialsMux(config),\n config.token,\n );\n };\n\n private readonly githubAppCredentialsMux: GithubAppCredentialsMux;\n private readonly token?: string;\n\n private constructor(\n githubAppCredentialsMux: GithubAppCredentialsMux,\n token?: string,\n ) {\n this.githubAppCredentialsMux = githubAppCredentialsMux;\n this.token = token;\n }\n\n /**\n * Returns {@link GithubCredentials} for a given URL.\n *\n * @remarks\n *\n * Consecutive calls to this method with the same URL will return cached\n * credentials.\n *\n * The shortest lifetime for a token returned is 10 minutes.\n *\n * @example\n * ```ts\n * const { token, headers } = await getCredentials({\n * url: 'github.com/backstage/foobar'\n * })\n * ```\n *\n * @param opts - The organization or repository URL\n * @returns A promise of {@link GithubCredentials}.\n */\n async getCredentials(opts: { url: string }): Promise<GithubCredentials> {\n const parsed = parseGitUrl(opts.url);\n\n const owner = parsed.owner || parsed.name;\n const repo = parsed.owner ? parsed.name : undefined;\n\n let type: GithubCredentialType = 'app';\n let token = await this.githubAppCredentialsMux.getAppToken(owner, repo);\n if (!token) {\n type = 'token';\n token = this.token;\n }\n\n return {\n headers: token ? { Authorization: `Bearer ${token}` } : undefined,\n token,\n type,\n };\n }\n}\n"],"names":["DateTime","Octokit","createAppAuth","parseGitUrl"],"mappings":";;;;;;;;;;;AAsCA,MAAM,KAAA,CAAM;AAAA,EACO,UAAA,uBAAiB,GAAA,EAAmC;AAAA,EAErE,MAAM,gBAAA,CACJ,KAAA,EACA,IAAA,EACA,QAAA,EACkC;AAClC,IAAA,IAAI,wBAAA,GAA2B,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA;AAExD,IAAA,IACE,CAAC,wBAAA,IACD,IAAA,CAAK,SAAA,CAAU,wBAAA,CAAyB,SAAS,CAAA,EACjD;AACA,MAAA,wBAAA,GAA2B,MAAM,QAAA,EAAS;AAE1C,MAAA,wBAAA,CAAyB,YACvB,wBAAA,CAAyB,SAAA,CAAU,MAAM,EAAE,OAAA,EAAS,IAAI,CAAA;AAC1D,MAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAA,EAAO,wBAAwB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,CAAC,IAAA,CAAK,aAAA,CAAc,wBAAA,EAA0B,IAAI,CAAA,EAAG;AACvD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,6CAAA,EAAgD,KAAK,CAAA,iEAAA,EAAoE,IAAI,CAAA;AAAA,OAC/H;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,WAAA,EAAa,wBAAA,CAAyB,KAAA,EAAM;AAAA,EACvD;AAAA,EAEQ,SAAA,GAAY,CAAC,IAAA,KAAmBA,cAAA,CAAS,OAAM,GAAI,IAAA;AAAA,EAEnD,aAAA,CAAc,WAAkC,IAAA,EAAe;AAErE,IAAA,IAAI,SAAS,MAAA,EAAW;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,CAAU,iBAAiB,MAAA,EAAW;AACxC,MAAA,OAAO,SAAA,CAAU,YAAA,CAAa,QAAA,CAAS,IAAI,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAOA,MAAM,OAAA,GAAU;AAAA,EACd,MAAA,EAAQ;AACV,CAAA;AAKA,MAAM,gBAAA,CAAiB;AAAA,EACJ,SAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,KAAA,GAAQ,IAAI,KAAA,EAAM;AAAA,EAClB,yBAAA;AAAA;AAAA,EAEjB,WAAA,CAAY,QAAyB,OAAA,EAAkB;AACrD,IAAA,IAAA,CAAK,yBAAA,GAA4B,OAAO,yBAAA,EAA2B,GAAA;AAAA,MACjE,CAAA,KAAA,KAAS,KAAA,CAAM,iBAAA,CAAkB,OAAO;AAAA,KAC1C;AACA,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,cAAA,GAAiB;AAAA,MACpB,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,MAAA,CAAO,UAAA,CAAW,OAAA,CAAQ,SAAS,IAAI;AAAA,KACrD;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,IAAIC,YAAA,CAAQ;AAAA,MAC3B,OAAA;AAAA,MACA,OAAA,EAAS,OAAA;AAAA,MACT,YAAA,EAAcC,qBAAA;AAAA,MACd,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,0BAAA,CACJ,KAAA,EACA,IAAA,EAC8C;AAC9C,IAAA,IAAI,KAAK,yBAAA,EAA2B;AAClC,MAAA,IACE,CAAC,KAAK,yBAAA,EAA2B,QAAA;AAAA,QAC/B,KAAA,CAAM,kBAAkB,OAAO;AAAA,OACjC,EACA;AACA,QAAA,OAAO,EAAE,aAAa,MAAA,EAAU;AAAA,MAClC;AAAA,IACF;AAGA,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,gBAAA,CAAiB,KAAA,EAAO,MAAM,YAAY;AAC1D,MAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAU,GAAI,MAAM,IAAA,CAAK,mBAAA;AAAA,QAC/C;AAAA,OACF;AACA,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,KAAK,CAAA,aAAA,CAAe,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,6BAAA,CAA8B;AAAA,QACrE,eAAA,EAAiB,cAAA;AAAA,QACjB,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,IAAI,eAAA;AAEJ,MAAA,IAAI,MAAA,CAAO,IAAA,CAAK,oBAAA,KAAyB,UAAA,EAAY;AACnD,QAAA,MAAM,kBAAA,GAAqB,IAAID,YAAA,CAAQ;AAAA,UACrC,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACnB,CAAA;AACD,QAAA,MAAM,KAAA,GAAQ,MAAM,kBAAA,CAAmB,QAAA;AAAA,UACrC,mBAAmB,IAAA,CAAK;AAAA,SAC1B;AAEA,QAAA,MAAM,YAAA,GACJ,MAAM,YAAA,IAAgB,KAAA;AAExB,QAAA,eAAA,GAAkB,YAAA,CAAa,GAAA,CAAI,CAAA,UAAA,KAAc,UAAA,CAAW,IAAI,CAAA;AAAA,MAClE;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,QACnB,SAAA,EAAWD,cAAA,CAAS,OAAA,CAAQ,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,QAClD,YAAA,EAAc;AAAA,OAChB;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,gBAAA,GAEE;AACA,IAAA,OAAO,KAAK,SAAA,CAAU,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,KAAK,iBAAiB,CAAA;AAAA,EACtE;AAAA,EAEA,MAAc,oBAAoB,KAAA,EAA0C;AAC1E,IAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,gBAAA,EAAiB;AACrD,IAAA,MAAM,eAAe,gBAAA,CAAiB,IAAA;AAAA,MACpC,CAAA,IAAA,KACE,IAAA,CAAK,OAAA,IACL,OAAA,IAAW,KAAK,OAAA,IAChB,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,iBAAA,CAAkB,OAAO,CAAA,KAC3C,KAAA,CAAM,kBAAkB,OAAO;AAAA,KACrC;AACA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO;AAAA,QACL,gBAAgB,YAAA,CAAa,EAAA;AAAA,QAC7B,SAAA,EAAW,OAAA,CAAQ,YAAA,CAAa,YAAY;AAAA,OAC9C;AAAA,IACF;AACA,IAAA,MAAM,gBAAgB,IAAI,KAAA;AAAA,MACxB,CAAA,8BAAA,EAAiC,KAAK,CAAA,IAAA,EAAO,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,KACxE;AACA,IAAA,aAAA,CAAc,IAAA,GAAO,eAAA;AACrB,IAAA,MAAM,aAAA;AAAA,EACR;AACF;AAOO,MAAM,uBAAA,CAAwB;AAAA,EAClB,IAAA;AAAA,EAEjB,WAAA,CAAY,MAAA,EAAiC,MAAA,GAAmB,EAAC,EAAG;AAClE,IAAA,IAAA,CAAK,IAAA,GACH,OAAO,IAAA,EACH,MAAA,CAAO,SAAQ,MAAA,CAAO,MAAA,GAAS,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,KAAK,IAAI,IAAK,CAAA,CAClE,GAAA,CAAI,CAAA,EAAA,KAAM,IAAI,gBAAA,CAAiB,IAAI,MAAA,CAAO,UAAU,CAAC,CAAA,IAAK,EAAC;AAAA,EAClE;AAAA,EAEA,MAAM,mBAAA,GAEJ;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,MAAA,EAAQ;AACrB,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC7B,KAAK,IAAA,CAAK,GAAA,CAAI,CAAA,GAAA,KAAO,GAAA,CAAI,kBAAkB;AAAA,KAC7C;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,CAAY,KAAA,EAAe,IAAA,EAA4C;AAC3E,IAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC5B,KAAK,IAAA,CAAK,GAAA;AAAA,QAAI,CAAA,GAAA,KACZ,GAAA,CAAI,0BAAA,CAA2B,KAAA,EAAO,IAAI,CAAA,CAAE,IAAA;AAAA,UAC1C,CAAA,WAAA,MAAgB,EAAE,WAAA,EAAa,KAAA,EAAO,MAAA,EAAU,CAAA;AAAA,UAChD,CAAA,KAAA,MAAU,EAAE,WAAA,EAAa,MAAA,EAAW,KAAA,EAAM;AAAA;AAC5C;AACF,KACF;AAEA,IAAA,MAAM,SAAS,OAAA,CAAQ,IAAA;AAAA,MACrB,CAAA,UAAA,KAAc,WAAW,WAAA,EAAa;AAAA,KACxC;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAO,OAAO,WAAA,CAAa,WAAA;AAAA,IAC7B;AAEA,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AACvC,IAAA,MAAM,mBAAmB,MAAA,CAAO,IAAA,CAAK,CAAA,GAAA,KAAO,GAAA,EAAK,SAAS,eAAe,CAAA;AACzE,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,MAAM,gBAAA;AAAA,IACR;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAUO,MAAM,uCAAA,CAEb;AAAA,EACE,OAAO,SAE0B,CAAA,MAAA,KAAU;AACzC,IAAA,OAAO,IAAI,uCAAA;AAAA,MACT,IAAI,wBAAwB,MAAM,CAAA;AAAA,MAClC,MAAA,CAAO;AAAA,KACT;AAAA,EACF,CAAA;AAAA,EAEiB,uBAAA;AAAA,EACA,KAAA;AAAA,EAET,WAAA,CACN,yBACA,KAAA,EACA;AACA,IAAA,IAAA,CAAK,uBAAA,GAA0B,uBAAA;AAC/B,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,MAAM,eAAe,IAAA,EAAmD;AACtE,IAAA,MAAM,MAAA,GAASG,4BAAA,CAAY,IAAA,CAAK,GAAG,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,IAAA;AACrC,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,IAAA,GAAO,MAAA;AAE1C,IAAA,IAAI,IAAA,GAA6B,KAAA;AACjC,IAAA,IAAI,QAAQ,MAAM,IAAA,CAAK,uBAAA,CAAwB,WAAA,CAAY,OAAO,IAAI,CAAA;AACtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,IAAA,GAAO,OAAA;AACP,MAAA,KAAA,GAAQ,IAAA,CAAK,KAAA;AAAA,IACf;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,KAAA,GAAQ,EAAE,eAAe,CAAA,OAAA,EAAU,KAAK,IAAG,GAAI,MAAA;AAAA,MACxD,KAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF;;;;;"}
package/dist/github/SingleInstanceGithubCredentialsProvider.esm.js CHANGED
@@ -156,16 +156,18 @@ class GithubAppCredentialsMux {
156
156
  }
157
157
  }
158
158
  class SingleInstanceGithubCredentialsProvider {
159
- constructor(githubAppCredentialsMux, token) {
160
- this.githubAppCredentialsMux = githubAppCredentialsMux;
161
- this.token = token;
162
- }
163
159
  static create = (config) => {
164
160
  return new SingleInstanceGithubCredentialsProvider(
165
161
  new GithubAppCredentialsMux(config),
166
162
  config.token
167
163
  );
168
164
  };
165
+ githubAppCredentialsMux;
166
+ token;
167
+ constructor(githubAppCredentialsMux, token) {
168
+ this.githubAppCredentialsMux = githubAppCredentialsMux;
169
+ this.token = token;
170
+ }
169
171
  /**
170
172
  * Returns {@link GithubCredentials} for a given URL.
171
173
  *
package/dist/github/SingleInstanceGithubCredentialsProvider.esm.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SingleInstanceGithubCredentialsProvider.esm.js","sources":["../../src/github/SingleInstanceGithubCredentialsProvider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport parseGitUrl from 'git-url-parse';\nimport { GithubAppConfig, GithubIntegrationConfig } from './config';\nimport { createAppAuth } from '@octokit/auth-app';\nimport { Octokit, RestEndpointMethodTypes } from '@octokit/rest';\nimport { DateTime } from 'luxon';\nimport {\n GithubCredentials,\n GithubCredentialsProvider,\n GithubCredentialType,\n} from './types';\n\ntype InstallationData = {\n installationId: number;\n suspended: boolean;\n};\n\ntype InstallationTokenData = {\n token: string;\n expiresAt: DateTime;\n repositories?: String[];\n};\n\nclass Cache {\n private readonly tokenCache = new Map<string, InstallationTokenData>();\n\n async getOrCreateToken(\n owner: string,\n repo: string | undefined,\n supplier: () => Promise<InstallationTokenData>,\n ): Promise<{ accessToken: string }> {\n let existingInstallationData = this.tokenCache.get(owner);\n\n if (\n !existingInstallationData ||\n this.isExpired(existingInstallationData.expiresAt)\n ) {\n existingInstallationData = await supplier();\n // Allow 10 minutes grace to account for clock skew\n existingInstallationData.expiresAt =\n existingInstallationData.expiresAt.minus({ minutes: 10 });\n this.tokenCache.set(owner, existingInstallationData);\n }\n\n if (!this.appliesToRepo(existingInstallationData, repo)) {\n throw new Error(\n `The Backstage GitHub application used in the ${owner} organization does not have access to a repository with the name ${repo}`,\n );\n }\n\n return { accessToken: existingInstallationData.token };\n }\n\n private isExpired = (date: DateTime) => DateTime.local() > date;\n\n private appliesToRepo(tokenData: InstallationTokenData, repo?: string) {\n // If no specific repo has been requested the token is applicable\n if (repo === undefined) {\n return true;\n }\n // If the token is restricted to repositories, the token only applies if the repo is in the allow list\n if (tokenData.repositories !== undefined) {\n return tokenData.repositories.includes(repo);\n }\n // Otherwise the token is applicable\n return true;\n }\n}\n\n/**\n * This accept header is required when calling App APIs in GitHub Enterprise.\n * It has no effect on calls to github.com and can probably be removed entirely\n * once GitHub Apps is out of preview.\n */\nconst HEADERS = {\n Accept: 'application/vnd.github.machine-man-preview+json',\n};\n\n/**\n * GithubAppManager issues and caches tokens for a specific GitHub App.\n */\nclass GithubAppManager {\n private readonly appClient: Octokit;\n private readonly baseUrl?: string;\n private readonly baseAuthConfig: { appId: number; privateKey: string };\n private readonly cache = new Cache();\n private readonly allowedInstallationOwners: string[] | undefined; // undefined allows all installations\n\n constructor(config: GithubAppConfig, baseUrl?: string) {\n this.allowedInstallationOwners = config.allowedInstallationOwners?.map(\n owner => owner.toLocaleLowerCase('en-US'),\n );\n this.baseUrl = baseUrl;\n this.baseAuthConfig = {\n appId: config.appId,\n privateKey: config.privateKey.replace(/\\\\n/gm, '\\n'),\n };\n this.appClient = new Octokit({\n baseUrl,\n headers: HEADERS,\n authStrategy: createAppAuth,\n auth: this.baseAuthConfig,\n });\n }\n\n async getInstallationCredentials(\n owner: string,\n repo?: string,\n ): Promise<{ accessToken: string | undefined }> {\n if (this.allowedInstallationOwners) {\n if (\n !this.allowedInstallationOwners?.includes(\n owner.toLocaleLowerCase('en-US'),\n )\n ) {\n return { accessToken: undefined }; // An empty token allows anonymous access to public repos\n }\n }\n\n // Go and grab an access token for the app scoped to a repository if provided, if not use the organisation installation.\n return this.cache.getOrCreateToken(owner, repo, async () => {\n const { installationId, suspended } = await this.getInstallationData(\n owner,\n );\n if (suspended) {\n throw new Error(`The GitHub application for ${owner} is suspended`);\n }\n\n const result = await this.appClient.apps.createInstallationAccessToken({\n installation_id: installationId,\n headers: HEADERS,\n });\n\n let repositoryNames;\n\n if (result.data.repository_selection === 'selected') {\n const installationClient = new Octokit({\n baseUrl: this.baseUrl,\n auth: result.data.token,\n });\n const repos = await installationClient.paginate(\n installationClient.apps.listReposAccessibleToInstallation,\n );\n // The return type of the paginate method is incorrect.\n const repositories: RestEndpointMethodTypes['apps']['listReposAccessibleToInstallation']['response']['data']['repositories'] =\n repos.repositories ?? repos;\n\n repositoryNames = repositories.map(repository => repository.name);\n }\n return {\n token: result.data.token,\n expiresAt: DateTime.fromISO(result.data.expires_at),\n repositories: repositoryNames,\n };\n });\n }\n\n getInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n return this.appClient.paginate(this.appClient.apps.listInstallations);\n }\n\n private async getInstallationData(owner: string): Promise<InstallationData> {\n const allInstallations = await this.getInstallations();\n const installation = allInstallations.find(\n inst =>\n inst.account &&\n 'login' in inst.account &&\n inst.account.login?.toLocaleLowerCase('en-US') ===\n owner.toLocaleLowerCase('en-US'),\n );\n if (installation) {\n return {\n installationId: installation.id,\n suspended: Boolean(installation.suspended_by),\n };\n }\n const notFoundError = new Error(\n `No app installation found for ${owner} in ${this.baseAuthConfig.appId}`,\n );\n notFoundError.name = 'NotFoundError';\n throw notFoundError;\n }\n}\n\n/**\n * Corresponds to a Github installation which internally could hold several GitHub Apps.\n *\n * @public\n */\nexport class GithubAppCredentialsMux {\n private readonly apps: GithubAppManager[];\n\n constructor(config: GithubIntegrationConfig, appIds: number[] = []) {\n this.apps =\n config.apps\n ?.filter(app => (appIds.length ? appIds.includes(app.appId) : true))\n .map(ac => new GithubAppManager(ac, config.apiBaseUrl)) ?? [];\n }\n\n async getAllInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n if (!this.apps.length) {\n return [];\n }\n\n const installs = await Promise.all(\n this.apps.map(app => app.getInstallations()),\n );\n\n return installs.flat();\n }\n\n async getAppToken(owner: string, repo?: string): Promise<string | undefined> {\n if (this.apps.length === 0) {\n return undefined;\n }\n\n const results = await Promise.all(\n this.apps.map(app =>\n app.getInstallationCredentials(owner, repo).then(\n credentials => ({ credentials, error: undefined }),\n error => ({ credentials: undefined, error }),\n ),\n ),\n );\n\n const result = results.find(\n resultItem => resultItem.credentials?.accessToken,\n );\n if (result) {\n return result.credentials!.accessToken;\n }\n\n const errors = results.map(r => r.error);\n const notNotFoundError = errors.find(err => err?.name !== 'NotFoundError');\n if (notNotFoundError) {\n throw notNotFoundError;\n }\n\n return undefined;\n }\n}\n\n/**\n * Handles the creation and caching of credentials for GitHub integrations.\n *\n * @public\n * @remarks\n *\n * TODO: Possibly move this to a backend only package so that it's not used in the frontend by mistake\n */\nexport class SingleInstanceGithubCredentialsProvider\n implements GithubCredentialsProvider\n{\n static create: (\n config: GithubIntegrationConfig,\n ) => GithubCredentialsProvider = config => {\n return new SingleInstanceGithubCredentialsProvider(\n new GithubAppCredentialsMux(config),\n config.token,\n );\n };\n\n private constructor(\n private readonly githubAppCredentialsMux: GithubAppCredentialsMux,\n private readonly token?: string,\n ) {}\n\n /**\n * Returns {@link GithubCredentials} for a given URL.\n *\n * @remarks\n *\n * Consecutive calls to this method with the same URL will return cached\n * credentials.\n *\n * The shortest lifetime for a token returned is 10 minutes.\n *\n * @example\n * ```ts\n * const { token, headers } = await getCredentials({\n * url: 'github.com/backstage/foobar'\n * })\n * ```\n *\n * @param opts - The organization or repository URL\n * @returns A promise of {@link GithubCredentials}.\n */\n async getCredentials(opts: { url: string }): Promise<GithubCredentials> {\n const parsed = parseGitUrl(opts.url);\n\n const owner = parsed.owner || parsed.name;\n const repo = parsed.owner ? parsed.name : undefined;\n\n let type: GithubCredentialType = 'app';\n let token = await this.githubAppCredentialsMux.getAppToken(owner, repo);\n if (!token) {\n type = 'token';\n token = this.token;\n }\n\n return {\n headers: token ? { Authorization: `Bearer ${token}` } : undefined,\n token,\n type,\n };\n }\n}\n"],"names":[],"mappings":";;;;;AAsCA,MAAM,KAAA,CAAM;AAAA,EACO,UAAA,uBAAiB,GAAA,EAAmC;AAAA,EAErE,MAAM,gBAAA,CACJ,KAAA,EACA,IAAA,EACA,QAAA,EACkC;AAClC,IAAA,IAAI,wBAAA,GAA2B,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA;AAExD,IAAA,IACE,CAAC,wBAAA,IACD,IAAA,CAAK,SAAA,CAAU,wBAAA,CAAyB,SAAS,CAAA,EACjD;AACA,MAAA,wBAAA,GAA2B,MAAM,QAAA,EAAS;AAE1C,MAAA,wBAAA,CAAyB,YACvB,wBAAA,CAAyB,SAAA,CAAU,MAAM,EAAE,OAAA,EAAS,IAAI,CAAA;AAC1D,MAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAA,EAAO,wBAAwB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,CAAC,IAAA,CAAK,aAAA,CAAc,wBAAA,EAA0B,IAAI,CAAA,EAAG;AACvD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,6CAAA,EAAgD,KAAK,CAAA,iEAAA,EAAoE,IAAI,CAAA;AAAA,OAC/H;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,WAAA,EAAa,wBAAA,CAAyB,KAAA,EAAM;AAAA,EACvD;AAAA,EAEQ,SAAA,GAAY,CAAC,IAAA,KAAmB,QAAA,CAAS,OAAM,GAAI,IAAA;AAAA,EAEnD,aAAA,CAAc,WAAkC,IAAA,EAAe;AAErE,IAAA,IAAI,SAAS,MAAA,EAAW;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,CAAU,iBAAiB,MAAA,EAAW;AACxC,MAAA,OAAO,SAAA,CAAU,YAAA,CAAa,QAAA,CAAS,IAAI,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAOA,MAAM,OAAA,GAAU;AAAA,EACd,MAAA,EAAQ;AACV,CAAA;AAKA,MAAM,gBAAA,CAAiB;AAAA,EACJ,SAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,KAAA,GAAQ,IAAI,KAAA,EAAM;AAAA,EAClB,yBAAA;AAAA;AAAA,EAEjB,WAAA,CAAY,QAAyB,OAAA,EAAkB;AACrD,IAAA,IAAA,CAAK,yBAAA,GAA4B,OAAO,yBAAA,EAA2B,GAAA;AAAA,MACjE,CAAA,KAAA,KAAS,KAAA,CAAM,iBAAA,CAAkB,OAAO;AAAA,KAC1C;AACA,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,cAAA,GAAiB;AAAA,MACpB,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,MAAA,CAAO,UAAA,CAAW,OAAA,CAAQ,SAAS,IAAI;AAAA,KACrD;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,OAAA,CAAQ;AAAA,MAC3B,OAAA;AAAA,MACA,OAAA,EAAS,OAAA;AAAA,MACT,YAAA,EAAc,aAAA;AAAA,MACd,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,0BAAA,CACJ,KAAA,EACA,IAAA,EAC8C;AAC9C,IAAA,IAAI,KAAK,yBAAA,EAA2B;AAClC,MAAA,IACE,CAAC,KAAK,yBAAA,EAA2B,QAAA;AAAA,QAC/B,KAAA,CAAM,kBAAkB,OAAO;AAAA,OACjC,EACA;AACA,QAAA,OAAO,EAAE,aAAa,MAAA,EAAU;AAAA,MAClC;AAAA,IACF;AAGA,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,gBAAA,CAAiB,KAAA,EAAO,MAAM,YAAY;AAC1D,MAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAU,GAAI,MAAM,IAAA,CAAK,mBAAA;AAAA,QAC/C;AAAA,OACF;AACA,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,KAAK,CAAA,aAAA,CAAe,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,6BAAA,CAA8B;AAAA,QACrE,eAAA,EAAiB,cAAA;AAAA,QACjB,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,IAAI,eAAA;AAEJ,MAAA,IAAI,MAAA,CAAO,IAAA,CAAK,oBAAA,KAAyB,UAAA,EAAY;AACnD,QAAA,MAAM,kBAAA,GAAqB,IAAI,OAAA,CAAQ;AAAA,UACrC,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACnB,CAAA;AACD,QAAA,MAAM,KAAA,GAAQ,MAAM,kBAAA,CAAmB,QAAA;AAAA,UACrC,mBAAmB,IAAA,CAAK;AAAA,SAC1B;AAEA,QAAA,MAAM,YAAA,GACJ,MAAM,YAAA,IAAgB,KAAA;AAExB,QAAA,eAAA,GAAkB,YAAA,CAAa,GAAA,CAAI,CAAA,UAAA,KAAc,UAAA,CAAW,IAAI,CAAA;AAAA,MAClE;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,QACnB,SAAA,EAAW,QAAA,CAAS,OAAA,CAAQ,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,QAClD,YAAA,EAAc;AAAA,OAChB;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,gBAAA,GAEE;AACA,IAAA,OAAO,KAAK,SAAA,CAAU,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,KAAK,iBAAiB,CAAA;AAAA,EACtE;AAAA,EAEA,MAAc,oBAAoB,KAAA,EAA0C;AAC1E,IAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,gBAAA,EAAiB;AACrD,IAAA,MAAM,eAAe,gBAAA,CAAiB,IAAA;AAAA,MACpC,CAAA,IAAA,KACE,IAAA,CAAK,OAAA,IACL,OAAA,IAAW,KAAK,OAAA,IAChB,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,iBAAA,CAAkB,OAAO,CAAA,KAC3C,KAAA,CAAM,kBAAkB,OAAO;AAAA,KACrC;AACA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO;AAAA,QACL,gBAAgB,YAAA,CAAa,EAAA;AAAA,QAC7B,SAAA,EAAW,OAAA,CAAQ,YAAA,CAAa,YAAY;AAAA,OAC9C;AAAA,IACF;AACA,IAAA,MAAM,gBAAgB,IAAI,KAAA;AAAA,MACxB,CAAA,8BAAA,EAAiC,KAAK,CAAA,IAAA,EAAO,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,KACxE;AACA,IAAA,aAAA,CAAc,IAAA,GAAO,eAAA;AACrB,IAAA,MAAM,aAAA;AAAA,EACR;AACF;AAOO,MAAM,uBAAA,CAAwB;AAAA,EAClB,IAAA;AAAA,EAEjB,WAAA,CAAY,MAAA,EAAiC,MAAA,GAAmB,EAAC,EAAG;AAClE,IAAA,IAAA,CAAK,IAAA,GACH,OAAO,IAAA,EACH,MAAA,CAAO,SAAQ,MAAA,CAAO,MAAA,GAAS,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,KAAK,IAAI,IAAK,CAAA,CAClE,GAAA,CAAI,CAAA,EAAA,KAAM,IAAI,gBAAA,CAAiB,IAAI,MAAA,CAAO,UAAU,CAAC,CAAA,IAAK,EAAC;AAAA,EAClE;AAAA,EAEA,MAAM,mBAAA,GAEJ;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,MAAA,EAAQ;AACrB,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC7B,KAAK,IAAA,CAAK,GAAA,CAAI,CAAA,GAAA,KAAO,GAAA,CAAI,kBAAkB;AAAA,KAC7C;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,CAAY,KAAA,EAAe,IAAA,EAA4C;AAC3E,IAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC5B,KAAK,IAAA,CAAK,GAAA;AAAA,QAAI,CAAA,GAAA,KACZ,GAAA,CAAI,0BAAA,CAA2B,KAAA,EAAO,IAAI,CAAA,CAAE,IAAA;AAAA,UAC1C,CAAA,WAAA,MAAgB,EAAE,WAAA,EAAa,KAAA,EAAO,MAAA,EAAU,CAAA;AAAA,UAChD,CAAA,KAAA,MAAU,EAAE,WAAA,EAAa,MAAA,EAAW,KAAA,EAAM;AAAA;AAC5C;AACF,KACF;AAEA,IAAA,MAAM,SAAS,OAAA,CAAQ,IAAA;AAAA,MACrB,CAAA,UAAA,KAAc,WAAW,WAAA,EAAa;AAAA,KACxC;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAO,OAAO,WAAA,CAAa,WAAA;AAAA,IAC7B;AAEA,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AACvC,IAAA,MAAM,mBAAmB,MAAA,CAAO,IAAA,CAAK,CAAA,GAAA,KAAO,GAAA,EAAK,SAAS,eAAe,CAAA;AACzE,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,MAAM,gBAAA;AAAA,IACR;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAUO,MAAM,uCAAA,CAEb;AAAA,EAUU,WAAA,CACW,yBACA,KAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,uBAAA,GAAA,uBAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EAChB;AAAA,EAZH,OAAO,SAE0B,CAAA,MAAA,KAAU;AACzC,IAAA,OAAO,IAAI,uCAAA;AAAA,MACT,IAAI,wBAAwB,MAAM,CAAA;AAAA,MAClC,MAAA,CAAO;AAAA,KACT;AAAA,EACF,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,MAAM,eAAe,IAAA,EAAmD;AACtE,IAAA,MAAM,MAAA,GAAS,WAAA,CAAY,IAAA,CAAK,GAAG,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,IAAA;AACrC,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,IAAA,GAAO,MAAA;AAE1C,IAAA,IAAI,IAAA,GAA6B,KAAA;AACjC,IAAA,IAAI,QAAQ,MAAM,IAAA,CAAK,uBAAA,CAAwB,WAAA,CAAY,OAAO,IAAI,CAAA;AACtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,IAAA,GAAO,OAAA;AACP,MAAA,KAAA,GAAQ,IAAA,CAAK,KAAA;AAAA,IACf;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,KAAA,GAAQ,EAAE,eAAe,CAAA,OAAA,EAAU,KAAK,IAAG,GAAI,MAAA;AAAA,MACxD,KAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF;;;;"}
1
+ {"version":3,"file":"SingleInstanceGithubCredentialsProvider.esm.js","sources":["../../src/github/SingleInstanceGithubCredentialsProvider.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport parseGitUrl from 'git-url-parse';\nimport { GithubAppConfig, GithubIntegrationConfig } from './config';\nimport { createAppAuth } from '@octokit/auth-app';\nimport { Octokit, RestEndpointMethodTypes } from '@octokit/rest';\nimport { DateTime } from 'luxon';\nimport {\n GithubCredentials,\n GithubCredentialsProvider,\n GithubCredentialType,\n} from './types';\n\ntype InstallationData = {\n installationId: number;\n suspended: boolean;\n};\n\ntype InstallationTokenData = {\n token: string;\n expiresAt: DateTime;\n repositories?: String[];\n};\n\nclass Cache {\n private readonly tokenCache = new Map<string, InstallationTokenData>();\n\n async getOrCreateToken(\n owner: string,\n repo: string | undefined,\n supplier: () => Promise<InstallationTokenData>,\n ): Promise<{ accessToken: string }> {\n let existingInstallationData = this.tokenCache.get(owner);\n\n if (\n !existingInstallationData ||\n this.isExpired(existingInstallationData.expiresAt)\n ) {\n existingInstallationData = await supplier();\n // Allow 10 minutes grace to account for clock skew\n existingInstallationData.expiresAt =\n existingInstallationData.expiresAt.minus({ minutes: 10 });\n this.tokenCache.set(owner, existingInstallationData);\n }\n\n if (!this.appliesToRepo(existingInstallationData, repo)) {\n throw new Error(\n `The Backstage GitHub application used in the ${owner} organization does not have access to a repository with the name ${repo}`,\n );\n }\n\n return { accessToken: existingInstallationData.token };\n }\n\n private isExpired = (date: DateTime) => DateTime.local() > date;\n\n private appliesToRepo(tokenData: InstallationTokenData, repo?: string) {\n // If no specific repo has been requested the token is applicable\n if (repo === undefined) {\n return true;\n }\n // If the token is restricted to repositories, the token only applies if the repo is in the allow list\n if (tokenData.repositories !== undefined) {\n return tokenData.repositories.includes(repo);\n }\n // Otherwise the token is applicable\n return true;\n }\n}\n\n/**\n * This accept header is required when calling App APIs in GitHub Enterprise.\n * It has no effect on calls to github.com and can probably be removed entirely\n * once GitHub Apps is out of preview.\n */\nconst HEADERS = {\n Accept: 'application/vnd.github.machine-man-preview+json',\n};\n\n/**\n * GithubAppManager issues and caches tokens for a specific GitHub App.\n */\nclass GithubAppManager {\n private readonly appClient: Octokit;\n private readonly baseUrl?: string;\n private readonly baseAuthConfig: { appId: number; privateKey: string };\n private readonly cache = new Cache();\n private readonly allowedInstallationOwners: string[] | undefined; // undefined allows all installations\n\n constructor(config: GithubAppConfig, baseUrl?: string) {\n this.allowedInstallationOwners = config.allowedInstallationOwners?.map(\n owner => owner.toLocaleLowerCase('en-US'),\n );\n this.baseUrl = baseUrl;\n this.baseAuthConfig = {\n appId: config.appId,\n privateKey: config.privateKey.replace(/\\\\n/gm, '\\n'),\n };\n this.appClient = new Octokit({\n baseUrl,\n headers: HEADERS,\n authStrategy: createAppAuth,\n auth: this.baseAuthConfig,\n });\n }\n\n async getInstallationCredentials(\n owner: string,\n repo?: string,\n ): Promise<{ accessToken: string | undefined }> {\n if (this.allowedInstallationOwners) {\n if (\n !this.allowedInstallationOwners?.includes(\n owner.toLocaleLowerCase('en-US'),\n )\n ) {\n return { accessToken: undefined }; // An empty token allows anonymous access to public repos\n }\n }\n\n // Go and grab an access token for the app scoped to a repository if provided, if not use the organisation installation.\n return this.cache.getOrCreateToken(owner, repo, async () => {\n const { installationId, suspended } = await this.getInstallationData(\n owner,\n );\n if (suspended) {\n throw new Error(`The GitHub application for ${owner} is suspended`);\n }\n\n const result = await this.appClient.apps.createInstallationAccessToken({\n installation_id: installationId,\n headers: HEADERS,\n });\n\n let repositoryNames;\n\n if (result.data.repository_selection === 'selected') {\n const installationClient = new Octokit({\n baseUrl: this.baseUrl,\n auth: result.data.token,\n });\n const repos = await installationClient.paginate(\n installationClient.apps.listReposAccessibleToInstallation,\n );\n // The return type of the paginate method is incorrect.\n const repositories: RestEndpointMethodTypes['apps']['listReposAccessibleToInstallation']['response']['data']['repositories'] =\n repos.repositories ?? repos;\n\n repositoryNames = repositories.map(repository => repository.name);\n }\n return {\n token: result.data.token,\n expiresAt: DateTime.fromISO(result.data.expires_at),\n repositories: repositoryNames,\n };\n });\n }\n\n getInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n return this.appClient.paginate(this.appClient.apps.listInstallations);\n }\n\n private async getInstallationData(owner: string): Promise<InstallationData> {\n const allInstallations = await this.getInstallations();\n const installation = allInstallations.find(\n inst =>\n inst.account &&\n 'login' in inst.account &&\n inst.account.login?.toLocaleLowerCase('en-US') ===\n owner.toLocaleLowerCase('en-US'),\n );\n if (installation) {\n return {\n installationId: installation.id,\n suspended: Boolean(installation.suspended_by),\n };\n }\n const notFoundError = new Error(\n `No app installation found for ${owner} in ${this.baseAuthConfig.appId}`,\n );\n notFoundError.name = 'NotFoundError';\n throw notFoundError;\n }\n}\n\n/**\n * Corresponds to a Github installation which internally could hold several GitHub Apps.\n *\n * @public\n */\nexport class GithubAppCredentialsMux {\n private readonly apps: GithubAppManager[];\n\n constructor(config: GithubIntegrationConfig, appIds: number[] = []) {\n this.apps =\n config.apps\n ?.filter(app => (appIds.length ? appIds.includes(app.appId) : true))\n .map(ac => new GithubAppManager(ac, config.apiBaseUrl)) ?? [];\n }\n\n async getAllInstallations(): Promise<\n RestEndpointMethodTypes['apps']['listInstallations']['response']['data']\n > {\n if (!this.apps.length) {\n return [];\n }\n\n const installs = await Promise.all(\n this.apps.map(app => app.getInstallations()),\n );\n\n return installs.flat();\n }\n\n async getAppToken(owner: string, repo?: string): Promise<string | undefined> {\n if (this.apps.length === 0) {\n return undefined;\n }\n\n const results = await Promise.all(\n this.apps.map(app =>\n app.getInstallationCredentials(owner, repo).then(\n credentials => ({ credentials, error: undefined }),\n error => ({ credentials: undefined, error }),\n ),\n ),\n );\n\n const result = results.find(\n resultItem => resultItem.credentials?.accessToken,\n );\n if (result) {\n return result.credentials!.accessToken;\n }\n\n const errors = results.map(r => r.error);\n const notNotFoundError = errors.find(err => err?.name !== 'NotFoundError');\n if (notNotFoundError) {\n throw notNotFoundError;\n }\n\n return undefined;\n }\n}\n\n/**\n * Handles the creation and caching of credentials for GitHub integrations.\n *\n * @public\n * @remarks\n *\n * TODO: Possibly move this to a backend only package so that it's not used in the frontend by mistake\n */\nexport class SingleInstanceGithubCredentialsProvider\n implements GithubCredentialsProvider\n{\n static create: (\n config: GithubIntegrationConfig,\n ) => GithubCredentialsProvider = config => {\n return new SingleInstanceGithubCredentialsProvider(\n new GithubAppCredentialsMux(config),\n config.token,\n );\n };\n\n private readonly githubAppCredentialsMux: GithubAppCredentialsMux;\n private readonly token?: string;\n\n private constructor(\n githubAppCredentialsMux: GithubAppCredentialsMux,\n token?: string,\n ) {\n this.githubAppCredentialsMux = githubAppCredentialsMux;\n this.token = token;\n }\n\n /**\n * Returns {@link GithubCredentials} for a given URL.\n *\n * @remarks\n *\n * Consecutive calls to this method with the same URL will return cached\n * credentials.\n *\n * The shortest lifetime for a token returned is 10 minutes.\n *\n * @example\n * ```ts\n * const { token, headers } = await getCredentials({\n * url: 'github.com/backstage/foobar'\n * })\n * ```\n *\n * @param opts - The organization or repository URL\n * @returns A promise of {@link GithubCredentials}.\n */\n async getCredentials(opts: { url: string }): Promise<GithubCredentials> {\n const parsed = parseGitUrl(opts.url);\n\n const owner = parsed.owner || parsed.name;\n const repo = parsed.owner ? parsed.name : undefined;\n\n let type: GithubCredentialType = 'app';\n let token = await this.githubAppCredentialsMux.getAppToken(owner, repo);\n if (!token) {\n type = 'token';\n token = this.token;\n }\n\n return {\n headers: token ? { Authorization: `Bearer ${token}` } : undefined,\n token,\n type,\n };\n }\n}\n"],"names":[],"mappings":";;;;;AAsCA,MAAM,KAAA,CAAM;AAAA,EACO,UAAA,uBAAiB,GAAA,EAAmC;AAAA,EAErE,MAAM,gBAAA,CACJ,KAAA,EACA,IAAA,EACA,QAAA,EACkC;AAClC,IAAA,IAAI,wBAAA,GAA2B,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAK,CAAA;AAExD,IAAA,IACE,CAAC,wBAAA,IACD,IAAA,CAAK,SAAA,CAAU,wBAAA,CAAyB,SAAS,CAAA,EACjD;AACA,MAAA,wBAAA,GAA2B,MAAM,QAAA,EAAS;AAE1C,MAAA,wBAAA,CAAyB,YACvB,wBAAA,CAAyB,SAAA,CAAU,MAAM,EAAE,OAAA,EAAS,IAAI,CAAA;AAC1D,MAAA,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI,KAAA,EAAO,wBAAwB,CAAA;AAAA,IACrD;AAEA,IAAA,IAAI,CAAC,IAAA,CAAK,aAAA,CAAc,wBAAA,EAA0B,IAAI,CAAA,EAAG;AACvD,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,6CAAA,EAAgD,KAAK,CAAA,iEAAA,EAAoE,IAAI,CAAA;AAAA,OAC/H;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,WAAA,EAAa,wBAAA,CAAyB,KAAA,EAAM;AAAA,EACvD;AAAA,EAEQ,SAAA,GAAY,CAAC,IAAA,KAAmB,QAAA,CAAS,OAAM,GAAI,IAAA;AAAA,EAEnD,aAAA,CAAc,WAAkC,IAAA,EAAe;AAErE,IAAA,IAAI,SAAS,MAAA,EAAW;AACtB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,CAAU,iBAAiB,MAAA,EAAW;AACxC,MAAA,OAAO,SAAA,CAAU,YAAA,CAAa,QAAA,CAAS,IAAI,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAOA,MAAM,OAAA,GAAU;AAAA,EACd,MAAA,EAAQ;AACV,CAAA;AAKA,MAAM,gBAAA,CAAiB;AAAA,EACJ,SAAA;AAAA,EACA,OAAA;AAAA,EACA,cAAA;AAAA,EACA,KAAA,GAAQ,IAAI,KAAA,EAAM;AAAA,EAClB,yBAAA;AAAA;AAAA,EAEjB,WAAA,CAAY,QAAyB,OAAA,EAAkB;AACrD,IAAA,IAAA,CAAK,yBAAA,GAA4B,OAAO,yBAAA,EAA2B,GAAA;AAAA,MACjE,CAAA,KAAA,KAAS,KAAA,CAAM,iBAAA,CAAkB,OAAO;AAAA,KAC1C;AACA,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,cAAA,GAAiB;AAAA,MACpB,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,UAAA,EAAY,MAAA,CAAO,UAAA,CAAW,OAAA,CAAQ,SAAS,IAAI;AAAA,KACrD;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,OAAA,CAAQ;AAAA,MAC3B,OAAA;AAAA,MACA,OAAA,EAAS,OAAA;AAAA,MACT,YAAA,EAAc,aAAA;AAAA,MACd,MAAM,IAAA,CAAK;AAAA,KACZ,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,0BAAA,CACJ,KAAA,EACA,IAAA,EAC8C;AAC9C,IAAA,IAAI,KAAK,yBAAA,EAA2B;AAClC,MAAA,IACE,CAAC,KAAK,yBAAA,EAA2B,QAAA;AAAA,QAC/B,KAAA,CAAM,kBAAkB,OAAO;AAAA,OACjC,EACA;AACA,QAAA,OAAO,EAAE,aAAa,MAAA,EAAU;AAAA,MAClC;AAAA,IACF;AAGA,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,gBAAA,CAAiB,KAAA,EAAO,MAAM,YAAY;AAC1D,MAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAU,GAAI,MAAM,IAAA,CAAK,mBAAA;AAAA,QAC/C;AAAA,OACF;AACA,MAAA,IAAI,SAAA,EAAW;AACb,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,KAAK,CAAA,aAAA,CAAe,CAAA;AAAA,MACpE;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,6BAAA,CAA8B;AAAA,QACrE,eAAA,EAAiB,cAAA;AAAA,QACjB,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,IAAI,eAAA;AAEJ,MAAA,IAAI,MAAA,CAAO,IAAA,CAAK,oBAAA,KAAyB,UAAA,EAAY;AACnD,QAAA,MAAM,kBAAA,GAAqB,IAAI,OAAA,CAAQ;AAAA,UACrC,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACnB,CAAA;AACD,QAAA,MAAM,KAAA,GAAQ,MAAM,kBAAA,CAAmB,QAAA;AAAA,UACrC,mBAAmB,IAAA,CAAK;AAAA,SAC1B;AAEA,QAAA,MAAM,YAAA,GACJ,MAAM,YAAA,IAAgB,KAAA;AAExB,QAAA,eAAA,GAAkB,YAAA,CAAa,GAAA,CAAI,CAAA,UAAA,KAAc,UAAA,CAAW,IAAI,CAAA;AAAA,MAClE;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,QACnB,SAAA,EAAW,QAAA,CAAS,OAAA,CAAQ,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,QAClD,YAAA,EAAc;AAAA,OAChB;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,gBAAA,GAEE;AACA,IAAA,OAAO,KAAK,SAAA,CAAU,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,KAAK,iBAAiB,CAAA;AAAA,EACtE;AAAA,EAEA,MAAc,oBAAoB,KAAA,EAA0C;AAC1E,IAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,gBAAA,EAAiB;AACrD,IAAA,MAAM,eAAe,gBAAA,CAAiB,IAAA;AAAA,MACpC,CAAA,IAAA,KACE,IAAA,CAAK,OAAA,IACL,OAAA,IAAW,KAAK,OAAA,IAChB,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,iBAAA,CAAkB,OAAO,CAAA,KAC3C,KAAA,CAAM,kBAAkB,OAAO;AAAA,KACrC;AACA,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO;AAAA,QACL,gBAAgB,YAAA,CAAa,EAAA;AAAA,QAC7B,SAAA,EAAW,OAAA,CAAQ,YAAA,CAAa,YAAY;AAAA,OAC9C;AAAA,IACF;AACA,IAAA,MAAM,gBAAgB,IAAI,KAAA;AAAA,MACxB,CAAA,8BAAA,EAAiC,KAAK,CAAA,IAAA,EAAO,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,KACxE;AACA,IAAA,aAAA,CAAc,IAAA,GAAO,eAAA;AACrB,IAAA,MAAM,aAAA;AAAA,EACR;AACF;AAOO,MAAM,uBAAA,CAAwB;AAAA,EAClB,IAAA;AAAA,EAEjB,WAAA,CAAY,MAAA,EAAiC,MAAA,GAAmB,EAAC,EAAG;AAClE,IAAA,IAAA,CAAK,IAAA,GACH,OAAO,IAAA,EACH,MAAA,CAAO,SAAQ,MAAA,CAAO,MAAA,GAAS,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,KAAK,IAAI,IAAK,CAAA,CAClE,GAAA,CAAI,CAAA,EAAA,KAAM,IAAI,gBAAA,CAAiB,IAAI,MAAA,CAAO,UAAU,CAAC,CAAA,IAAK,EAAC;AAAA,EAClE;AAAA,EAEA,MAAM,mBAAA,GAEJ;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,MAAA,EAAQ;AACrB,MAAA,OAAO,EAAC;AAAA,IACV;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC7B,KAAK,IAAA,CAAK,GAAA,CAAI,CAAA,GAAA,KAAO,GAAA,CAAI,kBAAkB;AAAA,KAC7C;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,CAAY,KAAA,EAAe,IAAA,EAA4C;AAC3E,IAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC1B,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,GAAA;AAAA,MAC5B,KAAK,IAAA,CAAK,GAAA;AAAA,QAAI,CAAA,GAAA,KACZ,GAAA,CAAI,0BAAA,CAA2B,KAAA,EAAO,IAAI,CAAA,CAAE,IAAA;AAAA,UAC1C,CAAA,WAAA,MAAgB,EAAE,WAAA,EAAa,KAAA,EAAO,MAAA,EAAU,CAAA;AAAA,UAChD,CAAA,KAAA,MAAU,EAAE,WAAA,EAAa,MAAA,EAAW,KAAA,EAAM;AAAA;AAC5C;AACF,KACF;AAEA,IAAA,MAAM,SAAS,OAAA,CAAQ,IAAA;AAAA,MACrB,CAAA,UAAA,KAAc,WAAW,WAAA,EAAa;AAAA,KACxC;AACA,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAO,OAAO,WAAA,CAAa,WAAA;AAAA,IAC7B;AAEA,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AACvC,IAAA,MAAM,mBAAmB,MAAA,CAAO,IAAA,CAAK,CAAA,GAAA,KAAO,GAAA,EAAK,SAAS,eAAe,CAAA;AACzE,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,MAAM,gBAAA;AAAA,IACR;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAUO,MAAM,uCAAA,CAEb;AAAA,EACE,OAAO,SAE0B,CAAA,MAAA,KAAU;AACzC,IAAA,OAAO,IAAI,uCAAA;AAAA,MACT,IAAI,wBAAwB,MAAM,CAAA;AAAA,MAClC,MAAA,CAAO;AAAA,KACT;AAAA,EACF,CAAA;AAAA,EAEiB,uBAAA;AAAA,EACA,KAAA;AAAA,EAET,WAAA,CACN,yBACA,KAAA,EACA;AACA,IAAA,IAAA,CAAK,uBAAA,GAA0B,uBAAA;AAC/B,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,MAAM,eAAe,IAAA,EAAmD;AACtE,IAAA,MAAM,MAAA,GAAS,WAAA,CAAY,IAAA,CAAK,GAAG,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,IAAA;AACrC,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,KAAA,GAAQ,MAAA,CAAO,IAAA,GAAO,MAAA;AAE1C,IAAA,IAAI,IAAA,GAA6B,KAAA;AACjC,IAAA,IAAI,QAAQ,MAAM,IAAA,CAAK,uBAAA,CAAwB,WAAA,CAAY,OAAO,IAAI,CAAA;AACtE,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,IAAA,GAAO,OAAA;AACP,MAAA,KAAA,GAAQ,IAAA,CAAK,KAAA;AAAA,IACf;AAEA,IAAA,OAAO;AAAA,MACL,SAAS,KAAA,GAAQ,EAAE,eAAe,CAAA,OAAA,EAAU,KAAK,IAAG,GAAI,MAAA;AAAA,MACxD,KAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACF;;;;"}
package/dist/index.d.ts CHANGED
@@ -1772,9 +1772,9 @@ declare class GithubAppCredentialsMux {
1772
1772
  * TODO: Possibly move this to a backend only package so that it's not used in the frontend by mistake
1773
1773
  */
1774
1774
  declare class SingleInstanceGithubCredentialsProvider implements GithubCredentialsProvider {
1775
+ static create: (config: GithubIntegrationConfig) => GithubCredentialsProvider;
1775
1776
  private readonly githubAppCredentialsMux;
1776
1777
  private readonly token?;
1777
- static create: (config: GithubIntegrationConfig) => GithubCredentialsProvider;
1778
1778
  private constructor();
1779
1779
  /**
1780
1780
  * Returns {@link GithubCredentials} for a given URL.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/integration",
3
- "version": "1.18.1-next.1",
3
+ "version": "1.18.2-next.0",
4
4
  "description": "Helpers for managing integrations towards external systems",
5
5
  "backstage": {
6
6
  "role": "common-library"
@@ -39,7 +39,7 @@
39
39
  "dependencies": {
40
40
  "@azure/identity": "^4.0.0",
41
41
  "@azure/storage-blob": "^12.5.0",
42
- "@backstage/config": "1.3.4-next.0",
42
+ "@backstage/config": "1.3.6-next.0",
43
43
  "@backstage/errors": "1.2.7",
44
44
  "@octokit/auth-app": "^4.0.0",
45
45
  "@octokit/rest": "^19.0.3",
@@ -49,8 +49,8 @@
49
49
  "luxon": "^3.0.0"
50
50
  },
51
51
  "devDependencies": {
52
- "@backstage/cli": "0.34.4-next.1",
53
- "@backstage/config-loader": "1.10.4-next.0",
52
+ "@backstage/cli": "0.34.5-next.0",
53
+ "@backstage/config-loader": "1.10.6-next.0",
54
54
  "@types/luxon": "^3.0.0",
55
55
  "msw": "^1.0.0"
56
56
  },