npm - @cloudbase/toolbox - Versions diffs - 0.7.21-beta.0 → 0.7.21-beta.1 - Mend

@cloudbase/toolbox 0.7.21-beta.0 → 0.7.21-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/lib/auth/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { DeviceFlowOptions } from './oauth';
+import { DeviceFlowOptions, DeviceCodeInfo, AuthTokenByDeviceCodeOptions } from './oauth';
 import { Credential, RequestConfig } from '../types';
 export * from './common';
 export * from './credential';
@@ -45,6 +45,8 @@ export interface WebAuthOptions {
     onDeviceCode?: DeviceFlowOptions['onDeviceCode'];
     /** 自定义 OAuth API 请求的 endpoint */
     getOAuthEndpoint?: DeviceFlowOptions['getOAuthEndpoint'];
+    /** 返回即将打开的授权链接 */
+    onAuthUrl?: (url: string) => void;
     /** 静默模式，不打印任何日志 */
     silent?: boolean;
     /**
@@ -70,6 +72,10 @@ export interface LoginByApiSecretOptions {
      */
     additionalCredentialFields?: Omit<Credential, 'secretId' | 'secretKey' | 'token'>;
 }
+export interface StartDeviceFlowOptions extends DeviceFlowOptions {
+    noBrowser?: boolean;
+}
+export type CompleteDeviceFlowOptions = AuthTokenByDeviceCodeOptions;
 export declare class AuthSupervisor {
     static instance: AuthSupervisor;
     /**
@@ -92,6 +98,8 @@ export declare class AuthSupervisor {
      * @returns credential
      */
     loginByWebAuth(options?: WebAuthOptions): Promise<Credential>;
+    startDeviceFlow(options?: StartDeviceFlowOptions): Promise<DeviceCodeInfo>;
+    completeDeviceFlow(options: CompleteDeviceFlowOptions): Promise<Credential>;
     /**
      * 通过 API Secret 登录，支持临时秘钥
      * @param secretId
@@ -102,6 +110,8 @@ export declare class AuthSupervisor {
      */
     loginByApiSecret(secretId?: string, secretKey?: string, token?: string, opts?: LoginByApiSecretOptions): Promise<Credential>;
     logout(): Promise<void>;
+    private finalizeWebAuthCredential;
+    private updateCredentialCache;
     private isCacheExpire;
 }
 /**

package/lib/auth/index.js CHANGED Viewed

@@ -22,6 +22,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthSupevisor = exports.AuthSupervisor = void 0;
 const web_auth_1 = require("./web-auth");
@@ -29,6 +40,7 @@ const oauth_1 = require("./oauth");
 const common_1 = require("./common");
 const credential_1 = require("./credential");
 const error_1 = require("../error");
+const web_1 = require("../web");
 __exportStar(require("./common"), exports);
 __exportStar(require("./credential"), exports);
 __exportStar(require("./web-auth"), exports);
@@ -82,7 +94,7 @@ class AuthSupervisor {
      */
     loginByWebAuth(options = {}) {
         return __awaiter(this, void 0, void 0, function* () {
-            const { getAuthUrl, throwError, noBrowser, callbackTimeout, flow = 'device', client_id, onDeviceCode, getOAuthEndpoint, silent, custom } = options;
+            const { getAuthUrl, throwError, noBrowser, callbackTimeout, flow = 'device', client_id, onDeviceCode, getOAuthEndpoint, onAuthUrl, silent, custom } = options;
             if (this.cacheCredential && this.needCache && !this.isCacheExpire()) {
                 return this.cacheCredential;
             }
@@ -96,34 +108,36 @@ class AuthSupervisor {
                     getAuthUrl,
                     noBrowser,
                     callbackTimeout,
-                    silent
+                    silent,
+                    onAuthUrl
                 });
             }
             else {
                 credential = yield (0, oauth_1.getAuthTokenByDeviceFlow)({ client_id, onDeviceCode, getOAuthEndpoint, getAuthUrl, silent, custom });
             }
-            credential = (0, common_1.resolveCredential)(credential);
-            try {
-                yield (0, common_1.checkAuth)(credential, this.requestConfig);
-            }
-            catch (error) {
-                if (throwError || this.throwError) {
-                    throw error;
-                }
-                return null;
+            return this.finalizeWebAuthCredential(credential, throwError);
+        });
+    }
+    startDeviceFlow(options = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { noBrowser } = options, deviceFlowOptions = __rest(options, ["noBrowser"]);
+            const deviceCodeInfo = yield (0, oauth_1.getDeviceCodeByDeviceFlow)(deviceFlowOptions);
+            if (!noBrowser) {
+                yield (0, web_1.openUrl)(deviceCodeInfo.verification_uri);
             }
-            // 通过 Web 登录时，本地要存储 tmpSecretId 形式，方式 CLI 登录失效
-            const webCredential = (0, common_1.resolveWebCredential)(credential);
-            yield credential_1.authStore.set('credential', webCredential);
-            // 缓存处理转换后的 credential
-            if (this.needCache && credential) {
-                this.cacheCredential = credential;
-                const { accessTokenExpired } = credential;
-                this.cacheExpiredTime = accessTokenExpired
-                    ? Number(accessTokenExpired)
-                    : Date.now() + 3600 * 1000;
+            return deviceCodeInfo;
+        });
+    }
+    completeDeviceFlow(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.cacheCredential && this.needCache && !this.isCacheExpire()) {
+                return this.cacheCredential;
             }
-            return credential;
+            let credential = yield (0, credential_1.checkAndGetCredential)(this.requestConfig);
+            if (credential)
+                return credential;
+            credential = yield (0, oauth_1.getAuthTokenByDeviceCode)(options);
+            return this.finalizeWebAuthCredential(credential);
         });
     }
     /**
@@ -200,6 +214,35 @@ class AuthSupervisor {
             }
         });
     }
+    finalizeWebAuthCredential(credential, throwError) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // eslint-disable-next-line no-param-reassign
+            credential = (0, common_1.resolveCredential)(credential);
+            try {
+                yield (0, common_1.checkAuth)(credential, this.requestConfig);
+            }
+            catch (error) {
+                if (throwError || this.throwError) {
+                    throw error;
+                }
+                return null;
+            }
+            const webCredential = (0, common_1.resolveWebCredential)(credential);
+            yield credential_1.authStore.set('credential', webCredential);
+            this.updateCredentialCache(credential);
+            return credential;
+        });
+    }
+    updateCredentialCache(credential) {
+        if (!this.needCache || !credential) {
+            return;
+        }
+        this.cacheCredential = credential;
+        const { accessTokenExpired } = credential;
+        this.cacheExpiredTime = accessTokenExpired
+            ? Number(accessTokenExpired)
+            : Date.now() + 3600 * 1000;
+    }
     isCacheExpire() {
         const now = Date.now();
         this.cacheExpiredTime = this.cacheExpiredTime || 0;

package/lib/auth/oauth.d.ts CHANGED Viewed

@@ -1,4 +1,11 @@
 import { Credential } from "../types";
+export interface DeviceCodeInfo {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    expires_in: number;
+    interval: number;
+}
 export interface DeviceFlowOptions {
     client_id?: string;
     onDeviceCode?: (data: {
@@ -20,4 +27,22 @@ export interface DeviceFlowOptions {
      */
     custom?: boolean;
 }
+export interface AuthTokenByDeviceCodeOptions {
+    device_code: string;
+    /** 初始轮询间隔 s，默认 5 */
+    interval?: number;
+    client_id?: string;
+    /** 自定义 OAuth API 请求的 endpoint */
+    getOAuthEndpoint?: DeviceFlowOptions['getOAuthEndpoint'];
+    /**
+     * 自定义授权流程模式
+     * 为 true 时，token 接口的返回值没有外层 { code, result, reqId } 包装，
+     * 直接就是 result 本体。
+     */
+    custom?: DeviceFlowOptions['custom'];
+    /** 最长等待时长 ms，默认 30000 */
+    timeout?: number;
+}
+export declare function getDeviceCodeByDeviceFlow(options?: DeviceFlowOptions): Promise<DeviceCodeInfo>;
+export declare function getAuthTokenByDeviceCode(options: AuthTokenByDeviceCodeOptions): Promise<Credential>;
 export declare function getAuthTokenByDeviceFlow(options?: DeviceFlowOptions): Promise<Credential>;

package/lib/auth/oauth.js CHANGED Viewed

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuthTokenByDeviceFlow = void 0;
+exports.getAuthTokenByDeviceFlow = exports.getAuthTokenByDeviceCode = exports.getDeviceCodeByDeviceFlow = void 0;
 const net_1 = require("../net");
 const web_1 = require("../web");
 const error_1 = require("../error");
@@ -66,6 +66,17 @@ function sleep(ms) {
         setTimeout(resolve, ms);
     });
 }
+function buildVerificationUri(deviceCodeData, options) {
+    const { custom, getAuthUrl } = options;
+    if (custom) {
+        const rawUri = deviceCodeData.verification_uri || '';
+        return getAuthUrl ? getAuthUrl(rawUri) : rawUri;
+    }
+    const defaultVerificationUri = `${web_auth_1.CLI_AUTH_BASE_URL}#/cli-auth`;
+    // from=cli 后续考虑改用 client_id，因为 toolbox 作为公共依赖，可能被不同 client 所引用
+    const rawVerificationUri = `${defaultVerificationUri}?user_code=${deviceCodeData.user_code}&flow=device&from=cli`;
+    return getAuthUrl ? getAuthUrl(rawVerificationUri) : rawVerificationUri;
+}
 /**
  * 将接口原始返回值归一化为裸数据。
  * - 标准模式：从 { code, result, reqId } 中解包，校验 code
@@ -101,43 +112,24 @@ function unwrapTokenResponse(raw, custom) {
     }
     return { data: resp.result, reqId: resp.reqId };
 }
-function getAuthTokenByDeviceFlow(options = {}) {
+function getDeviceCodeByDeviceFlow(options = {}) {
     return __awaiter(this, void 0, void 0, function* () {
-        const { client_id, onDeviceCode, getOAuthEndpoint, getAuthUrl, silent, custom } = options;
+        const { client_id, getOAuthEndpoint, getAuthUrl, custom } = options;
         const endpoint = yield resolveOAuthEndpoint(getOAuthEndpoint);
-        // ---- 获取 device code ----
         const deviceCodeRaw = yield fetchDeviceCode({ client_id, endpoint });
         const { data: deviceCodeData } = unwrapDeviceCodeResponse(deviceCodeRaw, !!custom);
-        const { device_code, user_code, expires_in, interval } = deviceCodeData;
-        // ---- 构造 verification_uri ----
-        let verification_uri;
-        if (custom) {
-            // custom 模式直接使用接口返回的 verification_uri
-            const rawUri = deviceCodeData.verification_uri || '';
-            verification_uri = getAuthUrl ? getAuthUrl(rawUri) : rawUri;
-        }
-        else {
-            // 标准模式由客户端拼接 verification_uri
-            const defaultVerificationUri = `${web_auth_1.CLI_AUTH_BASE_URL}#/cli-auth`;
-            // from=cli 后续考虑改用 client_id，因为 toolbox 作为公共依赖，可能被不同 client 所引用
-            const rawVerificationUri = `${defaultVerificationUri}?user_code=${user_code}&from=cli&flow=device`;
-            verification_uri = getAuthUrl ? getAuthUrl(rawVerificationUri) : rawVerificationUri;
-        }
-        if (!silent) {
-            console.log('\n\n若链接未自动打开，请手动复制至浏览器，或尝试其他登录方式:');
-            console.log(`\n${verification_uri}`);
-            console.log(`\n用户码: ${user_code}\n`);
-        }
-        // 尝试自动打开授权页面
-        yield (0, web_1.openUrl)(verification_uri);
-        if (onDeviceCode) {
-            onDeviceCode({ user_code, verification_uri, device_code, expires_in });
-        }
-        // ---- 轮询 token ----
+        const verification_uri = buildVerificationUri(deviceCodeData, { custom, getAuthUrl });
+        return Object.assign(Object.assign({}, deviceCodeData), { verification_uri });
+    });
+}
+exports.getDeviceCodeByDeviceFlow = getDeviceCodeByDeviceFlow;
+function getAuthTokenByDeviceCode(options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const { device_code, interval = 5, client_id, getOAuthEndpoint, custom, timeout = 30000 } = options;
+        const endpoint = yield resolveOAuthEndpoint(getOAuthEndpoint);
         let pollInterval = interval;
-        const deadline = Date.now() + expires_in * 1000;
-        while (Date.now() < deadline) {
-            yield sleep(pollInterval * 1000);
+        const deadline = timeout > 0 ? Date.now() + timeout : 0;
+        while (!deadline || Date.now() < deadline) {
             let tokenData;
             let reqId;
             try {
@@ -149,14 +141,23 @@ function getAuthTokenByDeviceFlow(options = {}) {
                     throw e;
                 throw new error_1.CloudBaseError('Device Flow 轮询请求失败', { original: e });
             }
-            // 服务端返回业务错误（携带 error 字段）
             if (tokenData && 'error' in tokenData) {
                 const { error, error_description } = tokenData;
                 if (error === POLL_ERROR_CODES.AUTHORIZATION_PENDING) {
+                    const nextWaitMs = pollInterval * 1000;
+                    if (deadline && Date.now() + nextWaitMs >= deadline) {
+                        break;
+                    }
+                    yield sleep(nextWaitMs);
                     continue;
                 }
                 if (error === POLL_ERROR_CODES.SLOW_DOWN) {
                     pollInterval += 5;
+                    const nextWaitMs = pollInterval * 1000;
+                    if (deadline && Date.now() + nextWaitMs >= deadline) {
+                        break;
+                    }
+                    yield sleep(nextWaitMs);
                     continue;
                 }
                 if (error === POLL_ERROR_CODES.EXPIRED_TOKEN) {
@@ -170,13 +171,47 @@ function getAuthTokenByDeviceFlow(options = {}) {
                     requestId: reqId,
                 });
             }
-            // 成功拿到 Credential
             if (tokenData) {
                 return tokenData;
             }
             throw new error_1.CloudBaseError('Device Flow 授权失败：返回数据异常', { requestId: reqId });
         }
-        throw new error_1.CloudBaseError('授权超时，用户未在有效期内完成授权，请重试');
+        throw new error_1.CloudBaseError('授权尚未完成，请确认已完成授权后重试', {
+            code: POLL_ERROR_CODES.AUTHORIZATION_PENDING,
+        });
+    });
+}
+exports.getAuthTokenByDeviceCode = getAuthTokenByDeviceCode;
+function getAuthTokenByDeviceFlow(options = {}) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const { client_id, onDeviceCode, getOAuthEndpoint, getAuthUrl, silent, custom } = options;
+        const { device_code, user_code, verification_uri, expires_in, interval } = yield getDeviceCodeByDeviceFlow({ client_id, getOAuthEndpoint, getAuthUrl, custom });
+        if (!silent) {
+            console.log('\n\n若链接未自动打开，请手动复制至浏览器，或尝试其他登录方式:');
+            console.log(`\n${verification_uri}`);
+            console.log(`\n用户码: ${user_code}\n`);
+        }
+        // 尝试自动打开授权页面
+        yield (0, web_1.openUrl)(verification_uri);
+        if (onDeviceCode) {
+            onDeviceCode({ user_code, verification_uri, device_code, expires_in });
+        }
+        try {
+            return yield getAuthTokenByDeviceCode({
+                device_code,
+                interval,
+                client_id,
+                getOAuthEndpoint,
+                custom,
+                timeout: expires_in * 1000
+            });
+        }
+        catch (e) {
+            if (e instanceof error_1.CloudBaseError && e.code === POLL_ERROR_CODES.AUTHORIZATION_PENDING) {
+                throw new error_1.CloudBaseError('授权超时，用户未在有效期内完成授权，请重试');
+            }
+            throw e;
+        }
     });
 }
 exports.getAuthTokenByDeviceFlow = getAuthTokenByDeviceFlow;

package/lib/auth/web-auth.d.ts CHANGED Viewed

@@ -6,4 +6,6 @@ export declare function getAuthTokenFromWeb(options?: {
     callbackTimeout?: number;
     /** 静默模式，不打印任何日志 */
     silent?: boolean;
+    /** 返回即将打开的授权链接 */
+    onAuthUrl?: (url: string) => void;
 }): Promise<Credential>;

package/lib/auth/web-auth.js CHANGED Viewed

@@ -18,7 +18,7 @@ exports.CLI_AUTH_BASE_URL = 'https://tcb.cloud.tencent.com/dev';
 // 打开云开发控制台，获取授权
 function getAuthTokenFromWeb(options = {}) {
     return __awaiter(this, void 0, void 0, function* () {
-        const { getAuthUrl, noBrowser, callbackTimeout, silent } = options;
+        const { getAuthUrl, noBrowser, callbackTimeout, silent, onAuthUrl } = options;
         const mac = yield (0, system_1.getMacAddress)();
         const os = (0, system_1.getOSInfo)();
         const macHash = (0, coding_1.md5Encoding)(mac);
@@ -45,7 +45,8 @@ function getAuthTokenFromWeb(options = {}) {
         }, 'login', {
             noBrowser,
             callbackTimeout,
-            silent
+            silent,
+            onUrl: onAuthUrl
         });
         const credential = (0, common_1.resolveCredential)(query);
         return credential;

package/lib/web/web.d.ts CHANGED Viewed

@@ -6,8 +6,10 @@ export type CheckFn = (query: IQuery) => Promise<void>;
 export interface GetDataFromWebOptions {
     noBrowser?: boolean;
     callbackTimeout?: number;
-    /** 静默模式，不打印任何日志，也不自动打开浏览器 */
+    /** 静默模式，不打印任何日志 */
     silent?: boolean;
+    /** 返回即将打开的授权链接 */
+    onUrl?: (url: string) => void;
 }
 export declare function isTruthyFlag(value?: string): boolean;
 export declare function openUrl(url: string): Promise<boolean>;

package/lib/web/web.js CHANGED Viewed

@@ -124,10 +124,14 @@ function getDataFromWeb(getUrl, type, options = {}) {
         const noBrowser = (_a = options.noBrowser) !== null && _a !== void 0 ? _a : isTruthyFlag(process.env.TCB_NO_BROWSER);
         const callbackTimeout = (_b = options.callbackTimeout) !== null && _b !== void 0 ? _b : 180000;
         const silent = (_c = options.silent) !== null && _c !== void 0 ? _c : false;
+        const onUrl = options.onUrl;
         if (!Number.isFinite(callbackTimeout) || callbackTimeout <= 0) {
             throw new error_1.CloudBaseError('callbackTimeout must be a positive number');
         }
         const url = getUrl(port);
+        if (onUrl) {
+            onUrl(url);
+        }
         if (!silent) {
             console.log('\n\n若链接未自动打开，请手动复制至浏览器，或尝试其他登录方式:');
             console.log(`\n${url}\n`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@cloudbase/toolbox",
-    "version": "0.7.21-beta.0",
+    "version": "0.7.21-beta.1",
     "description": "The toolbox for cloudbase",
     "main": "lib/index.js",
     "scripts": {