@cubist-labs/cubesigner-sdk 0.1.23

package/dist/src/session/oidc_session_manager.js

@@ -0,0 +1,142 @@
+"use strict";
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var _a, _OidcSessionManager_client, _OidcSessionManager_exchangeToken;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OidcSessionManager = void 0;
+const util_1 = require("../util");
+const session_manager_1 = require("./session_manager");
+const openapi_fetch_1 = __importDefault(require("openapi-fetch"));
+// An token obtained from an OIDC token is valid for 5 minutes
+const OIDC_TOKEN_EXP_SECS = 300;
+/** Manager for OIDC sessions. */
+class OidcSessionManager extends session_manager_1.OrgSessionManager {
+    /**
+     * @return {string} The current auth token.
+     * @internal
+     */
+    async token() {
+        const session = await this.storage.retrieve();
+        return session.token;
+    }
+    /**
+     * Returns a client with the current session and refreshes the current
+     * session. May **UPDATE/MUTATE** self.
+     */
+    async client() {
+        await this.refreshIfNeeded();
+        return __classPrivateFieldGet(this, _OidcSessionManager_client, "f");
+    }
+    /** Revokes the session. */
+    async revoke() {
+        this.unsupported("revoke");
+    }
+    /**
+     * Refreshes the session and **UPDATES/MUTATES** self.
+     */
+    async refresh() {
+        const session = await this.storage.retrieve();
+        const [token, tokenExp] = await __classPrivateFieldGet(OidcSessionManager, _a, "m", _OidcSessionManager_exchangeToken).call(OidcSessionManager, session.env, session.oidc_token, session.org_id, session.scopes);
+        await this.storage.save({
+            ...session,
+            token: token,
+            token_exp: tokenExp,
+        });
+        __classPrivateFieldSet(this, _OidcSessionManager_client, this.createClient(token), "f");
+    }
+    /**
+     * Returns whether it's time to refresh this token.
+     * @return {boolean} Whether it's time to refresh this token.
+     * @internal
+     */
+    async isStale() {
+        const session = await this.storage.retrieve();
+        return this.hasExpired(session.token_exp);
+    }
+    /**
+     * Refreshes the session if it is about to expire.
+     * @return {boolean} Whether the session token was refreshed.
+     * @internal
+     */
+    async refreshIfNeeded() {
+        if (await this.isStale()) {
+            await this.refresh();
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Authenticate an OIDC user and create a new session for them.
+     * @param {EnvInterface} env The environment of the session
+     * @param {SessionStorage<SignerSessionObject>} storage The signer session storage
+     * @param {string} oidcToken The OIDC token
+     * @param {string} orgId The id of the organization that the user is in
+     * @param {List<string>} scopes The scopes of the resulting session
+     * @return {Promise<OidcSessionManager>} The signer session
+     */
+    static async create(env, storage, oidcToken, orgId, scopes) {
+        const [token, tokenExp] = await __classPrivateFieldGet(OidcSessionManager, _a, "m", _OidcSessionManager_exchangeToken).call(OidcSessionManager, env, oidcToken, orgId, scopes);
+        await storage.save({
+            env,
+            org_id: orgId,
+            oidc_token: oidcToken,
+            token,
+            token_exp: tokenExp,
+            scopes,
+        });
+        return new OidcSessionManager(env, orgId, token, storage);
+    }
+    /**
+     * Load from storage
+     * @param {OidcSessionStorage} storage The storage to load from
+     * @return {Promise<OidcSessionManager>} New OIDC session manager
+     */
+    static async loadFromStorage(storage) {
+        const info = await storage.retrieve();
+        return new OidcSessionManager(info.env, info.org_id, info.token, storage);
+    }
+    /**
+     * Constructor.
+     * @param {EnvInterface} env The environment of the session
+     * @param {string} orgId The id of the org associated with this session
+     * @param {string} token The authorization token to use
+     * @param {SessionStorage<U>} storage The storage back end to use for storing
+     *                                    session information
+     */
+    constructor(env, orgId, token, storage) {
+        super(env, orgId, storage);
+        _OidcSessionManager_client.set(this, void 0);
+        __classPrivateFieldSet(this, _OidcSessionManager_client, this.createClient(token), "f");
+    }
+}
+exports.OidcSessionManager = OidcSessionManager;
+_a = OidcSessionManager, _OidcSessionManager_client = new WeakMap(), _OidcSessionManager_exchangeToken = async function _OidcSessionManager_exchangeToken(env, oidcToken, orgId, scopes) {
+    const client = (0, openapi_fetch_1.default)({
+        baseUrl: env.SignerApiRoot,
+        headers: {
+            Authorization: oidcToken,
+        },
+    });
+    const resp = await client.post("/v0/org/{org_id}/oidc", {
+        params: { path: { org_id: orgId } },
+        body: {
+            scopes,
+        },
+        parseAs: "json",
+    });
+    const data = (0, util_1.assertOk)(resp);
+    return [data.token, new Date().getTime() / 1000 + OIDC_TOKEN_EXP_SECS];
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkY19zZXNzaW9uX21hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2Vzc2lvbi9vaWRjX3Nlc3Npb25fbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFFQSxrQ0FBbUM7QUFDbkMsdURBQXNEO0FBRXRELGtFQUF5QztBQUV6Qyw4REFBOEQ7QUFDOUQsTUFBTSxtQkFBbUIsR0FBRyxHQUFHLENBQUM7QUF3QmhDLGlDQUFpQztBQUNqQyxNQUFhLGtCQUFtQixTQUFRLG1DQUFrQztJQUd4RTs7O09BR0c7SUFDSCxLQUFLLENBQUMsS0FBSztRQUNULE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM5QyxPQUFPLE9BQU8sQ0FBQyxLQUFLLENBQUM7SUFDdkIsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxNQUFNO1FBQ1YsTUFBTSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFDN0IsT0FBTyx1QkFBQSxJQUFJLGtDQUFRLENBQUM7SUFDdEIsQ0FBQztJQUVELDJCQUEyQjtJQUMzQixLQUFLLENBQUMsTUFBTTtRQUNWLElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDOUMsTUFBTSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsR0FBRyxNQUFNLHVCQUFBLGtCQUFrQiw2Q0FBZSxNQUFqQyxrQkFBa0IsRUFDaEQsT0FBTyxDQUFDLEdBQUcsRUFDWCxPQUFPLENBQUMsVUFBVSxFQUNsQixPQUFPLENBQUMsTUFBTSxFQUNkLE9BQU8sQ0FBQyxNQUFNLENBQ2YsQ0FBQztRQUNGLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQWtCO1lBQ3ZDLEdBQUcsT0FBTztZQUNWLEtBQUssRUFBRSxLQUFLO1lBQ1osU0FBUyxFQUFFLFFBQVE7U0FDcEIsQ0FBQyxDQUFDO1FBQ0gsdUJBQUEsSUFBSSw4QkFBVyxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxNQUFBLENBQUM7SUFDMUMsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsT0FBTztRQUNYLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM5QyxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLGVBQWU7UUFDbkIsSUFBSSxNQUFNLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUN4QixNQUFNLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNyQixPQUFPLElBQUksQ0FBQztTQUNiO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FDakIsR0FBaUIsRUFDakIsT0FBd0MsRUFDeEMsU0FBaUIsRUFDakIsS0FBYSxFQUNiLE1BQXFCO1FBRXJCLE1BQU0sQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLEdBQUcsTUFBTSx1QkFBQSxrQkFBa0IsNkNBQWUsTUFBakMsa0JBQWtCLEVBQ2hELEdBQUcsRUFDSCxTQUFTLEVBQ1QsS0FBSyxFQUNMLE1BQU0sQ0FDUCxDQUFDO1FBQ0YsTUFBTSxPQUFPLENBQUMsSUFBSSxDQUFrQjtZQUNsQyxHQUFHO1lBQ0gsTUFBTSxFQUFFLEtBQUs7WUFDYixVQUFVLEVBQUUsU0FBUztZQUNyQixLQUFLO1lBQ0wsU0FBUyxFQUFFLFFBQVE7WUFDbkIsTUFBTTtTQUNQLENBQUMsQ0FBQztRQUNILE9BQU8sSUFBSSxrQkFBa0IsQ0FBQyxHQUFHLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM1RCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLE9BQTJCO1FBQ3RELE1BQU0sSUFBSSxHQUFHLE1BQU0sT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3RDLE9BQU8sSUFBSSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILFlBQ0UsR0FBaUIsRUFDakIsS0FBYSxFQUNiLEtBQWEsRUFDYixPQUF3QztRQUV4QyxLQUFLLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQTVIN0IsNkNBQWdCO1FBNkhkLHVCQUFBLElBQUksOEJBQVcsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsTUFBQSxDQUFDO0lBQzFDLENBQUM7Q0FnQ0Y7QUEvSkQsZ0RBK0pDO3lHQXRCUSxLQUFLLDRDQUNWLEdBQWlCLEVBQ2pCLFNBQWlCLEVBQ2pCLEtBQWEsRUFDYixNQUFxQjtJQUVyQixNQUFNLE1BQU0sR0FBRyxJQUFBLHVCQUFZLEVBQVE7UUFDakMsT0FBTyxFQUFFLEdBQUcsQ0FBQyxhQUFhO1FBQzFCLE9BQU8sRUFBRTtZQUNQLGFBQWEsRUFBRSxTQUFTO1NBQ3pCO0tBQ0YsQ0FBQyxDQUFDO0lBQ0gsTUFBTSxJQUFJLEdBQUcsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDLHVCQUF1QixFQUFFO1FBQ3RELE1BQU0sRUFBRSxFQUFFLElBQUksRUFBRSxFQUFFLE1BQU0sRUFBRSxLQUFLLEVBQUUsRUFBRTtRQUNuQyxJQUFJLEVBQUU7WUFDSixNQUFNO1NBQ1A7UUFDRCxPQUFPLEVBQUUsTUFBTTtLQUNoQixDQUFDLENBQUM7SUFDSCxNQUFNLElBQUksR0FBRyxJQUFBLGVBQVEsRUFBQyxJQUFJLENBQXFCLENBQUM7SUFDaEQsT0FBTyxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsSUFBSSxJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxJQUFJLEdBQUcsbUJBQW1CLENBQUMsQ0FBQztBQUN6RSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgcGF0aHMsIENsaWVudCB9IGZyb20gXCIuLi9jbGllbnRcIjtcbmltcG9ydCB7IEVudkludGVyZmFjZSB9IGZyb20gXCIuLlwiO1xuaW1wb3J0IHsgYXNzZXJ0T2sgfSBmcm9tIFwiLi4vdXRpbFwiO1xuaW1wb3J0IHsgT3JnU2Vzc2lvbk1hbmFnZXIgfSBmcm9tIFwiLi9zZXNzaW9uX21hbmFnZXJcIjtcbmltcG9ydCB7IFNlc3Npb25TdG9yYWdlIH0gZnJvbSBcIi4vc2Vzc2lvbl9zdG9yYWdlXCI7XG5pbXBvcnQgY3JlYXRlQ2xpZW50IGZyb20gXCJvcGVuYXBpLWZldGNoXCI7XG5cbi8vIEFuIHRva2VuIG9idGFpbmVkIGZyb20gYW4gT0lEQyB0b2tlbiBpcyB2YWxpZCBmb3IgNSBtaW51dGVzXG5jb25zdCBPSURDX1RPS0VOX0VYUF9TRUNTID0gMzAwO1xuXG50eXBlIE9pZGNBdXRoUmVzcG9uc2UgPVxuICBwYXRoc1tcIi92MC9vcmcve29yZ19pZH0vb2lkY1wiXVtcInBvc3RcIl1bXCJyZXNwb25zZXNcIl1bXCIyMDBcIl1bXCJjb250ZW50XCJdW1wiYXBwbGljYXRpb24vanNvblwiXTtcblxuLyoqIEpTT04gcmVwcmVzZW50YXRpb24gb2YgdGhlIE9JREMgdG9rZW4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgT2lkY1Nlc3Npb25EYXRhIHtcbiAgLyoqIFRoZSBlbnZpcm9ubWVudCB0aGF0IHRoaXMgdG9rZW4gaXMgZm9yICovXG4gIGVudjogRW52SW50ZXJmYWNlO1xuICAvKiogVGhlIG9yZ2FuaXphdGlvbiBJRCAqL1xuICBvcmdfaWQ6IHN0cmluZztcbiAgLyoqIFRoZSBPSURDIHRva2VuIHRoYXQgdGhpcyBzZXNzaW9uIHdhcyBjcmVhdGVkIGZyb20gKi9cbiAgb2lkY190b2tlbjogc3RyaW5nO1xuICAvKiogVGhlIHRva2VuIHRvIGluY2x1ZGUgaW4gQXV0aG9yaXphdGlvbiBoZWFkZXIgKi9cbiAgdG9rZW46IHN0cmluZztcbiAgLyoqIFRva2VuIGV4cGlyYXRpb24gdGltZXN0YW1wICovXG4gIHRva2VuX2V4cDogbnVtYmVyO1xuICAvKiogVGhlIHNjb3BlcyBvZiB0aGUgdG9rZW4gKi9cbiAgc2NvcGVzOiBBcnJheTxzdHJpbmc+O1xufVxuXG4vKiogVHlwZSBvZiBzdG9yYWdlIHJlcXVpcmVkIGZvciBPSURDIHNlc3Npb25zICovXG5leHBvcnQgdHlwZSBPaWRjU2Vzc2lvblN0b3JhZ2UgPSBTZXNzaW9uU3RvcmFnZTxPaWRjU2Vzc2lvbkRhdGE+O1xuXG4vKiogTWFuYWdlciBmb3IgT0lEQyBzZXNzaW9ucy4gKi9cbmV4cG9ydCBjbGFzcyBPaWRjU2Vzc2lvbk1hbmFnZXIgZXh0ZW5kcyBPcmdTZXNzaW9uTWFuYWdlcjxPaWRjU2Vzc2lvbkRhdGE+IHtcbiAgI2NsaWVudDogQ2xpZW50O1xuXG4gIC8qKlxuICAgKiBAcmV0dXJuIHtzdHJpbmd9IFRoZSBjdXJyZW50IGF1dGggdG9rZW4uXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgYXN5bmMgdG9rZW4oKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBzZXNzaW9uID0gYXdhaXQgdGhpcy5zdG9yYWdlLnJldHJpZXZlKCk7XG4gICAgcmV0dXJuIHNlc3Npb24udG9rZW47XG4gIH1cblxuICAvKipcbiAgICogUmV0dXJucyBhIGNsaWVudCB3aXRoIHRoZSBjdXJyZW50IHNlc3Npb24gYW5kIHJlZnJlc2hlcyB0aGUgY3VycmVudFxuICAgKiBzZXNzaW9uLiBNYXkgKipVUERBVEUvTVVUQVRFKiogc2VsZi5cbiAgICovXG4gIGFzeW5jIGNsaWVudCgpOiBQcm9taXNlPENsaWVudD4ge1xuICAgIGF3YWl0IHRoaXMucmVmcmVzaElmTmVlZGVkKCk7XG4gICAgcmV0dXJuIHRoaXMuI2NsaWVudDtcbiAgfVxuXG4gIC8qKiBSZXZva2VzIHRoZSBzZXNzaW9uLiAqL1xuICBhc3luYyByZXZva2UoKTogUHJvbWlzZTx2b2lkPiB7XG4gICAgdGhpcy51bnN1cHBvcnRlZChcInJldm9rZVwiKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZWZyZXNoZXMgdGhlIHNlc3Npb24gYW5kICoqVVBEQVRFUy9NVVRBVEVTKiogc2VsZi5cbiAgICovXG4gIGFzeW5jIHJlZnJlc2goKTogUHJvbWlzZTx2b2lkPiB7XG4gICAgY29uc3Qgc2Vzc2lvbiA9IGF3YWl0IHRoaXMuc3RvcmFnZS5yZXRyaWV2ZSgpO1xuICAgIGNvbnN0IFt0b2tlbiwgdG9rZW5FeHBdID0gYXdhaXQgT2lkY1Nlc3Npb25NYW5hZ2VyLiNleGNoYW5nZVRva2VuKFxuICAgICAgc2Vzc2lvbi5lbnYsXG4gICAgICBzZXNzaW9uLm9pZGNfdG9rZW4sXG4gICAgICBzZXNzaW9uLm9yZ19pZCxcbiAgICAgIHNlc3Npb24uc2NvcGVzLFxuICAgICk7XG4gICAgYXdhaXQgdGhpcy5zdG9yYWdlLnNhdmUoPE9pZGNTZXNzaW9uRGF0YT57XG4gICAgICAuLi5zZXNzaW9uLFxuICAgICAgdG9rZW46IHRva2VuLFxuICAgICAgdG9rZW5fZXhwOiB0b2tlbkV4cCxcbiAgICB9KTtcbiAgICB0aGlzLiNjbGllbnQgPSB0aGlzLmNyZWF0ZUNsaWVudCh0b2tlbik7XG4gIH1cblxuICAvKipcbiAgICogUmV0dXJucyB3aGV0aGVyIGl0J3MgdGltZSB0byByZWZyZXNoIHRoaXMgdG9rZW4uXG4gICAqIEByZXR1cm4ge2Jvb2xlYW59IFdoZXRoZXIgaXQncyB0aW1lIHRvIHJlZnJlc2ggdGhpcyB0b2tlbi5cbiAgICogQGludGVybmFsXG4gICAqL1xuICBhc3luYyBpc1N0YWxlKCk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICAgIGNvbnN0IHNlc3Npb24gPSBhd2FpdCB0aGlzLnN0b3JhZ2UucmV0cmlldmUoKTtcbiAgICByZXR1cm4gdGhpcy5oYXNFeHBpcmVkKHNlc3Npb24udG9rZW5fZXhwKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZWZyZXNoZXMgdGhlIHNlc3Npb24gaWYgaXQgaXMgYWJvdXQgdG8gZXhwaXJlLlxuICAgKiBAcmV0dXJuIHtib29sZWFufSBXaGV0aGVyIHRoZSBzZXNzaW9uIHRva2VuIHdhcyByZWZyZXNoZWQuXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgYXN5bmMgcmVmcmVzaElmTmVlZGVkKCk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICAgIGlmIChhd2FpdCB0aGlzLmlzU3RhbGUoKSkge1xuICAgICAgYXdhaXQgdGhpcy5yZWZyZXNoKCk7XG4gICAgICByZXR1cm4gdHJ1ZTtcbiAgICB9XG4gICAgcmV0dXJuIGZhbHNlO1xuICB9XG5cbiAgLyoqXG4gICAqIEF1dGhlbnRpY2F0ZSBhbiBPSURDIHVzZXIgYW5kIGNyZWF0ZSBhIG5ldyBzZXNzaW9uIGZvciB0aGVtLlxuICAgKiBAcGFyYW0ge0VudkludGVyZmFjZX0gZW52IFRoZSBlbnZpcm9ubWVudCBvZiB0aGUgc2Vzc2lvblxuICAgKiBAcGFyYW0ge1Nlc3Npb25TdG9yYWdlPFNpZ25lclNlc3Npb25PYmplY3Q+fSBzdG9yYWdlIFRoZSBzaWduZXIgc2Vzc2lvbiBzdG9yYWdlXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBvaWRjVG9rZW4gVGhlIE9JREMgdG9rZW5cbiAgICogQHBhcmFtIHtzdHJpbmd9IG9yZ0lkIFRoZSBpZCBvZiB0aGUgb3JnYW5pemF0aW9uIHRoYXQgdGhlIHVzZXIgaXMgaW5cbiAgICogQHBhcmFtIHtMaXN0PHN0cmluZz59IHNjb3BlcyBUaGUgc2NvcGVzIG9mIHRoZSByZXN1bHRpbmcgc2Vzc2lvblxuICAgKiBAcmV0dXJuIHtQcm9taXNlPE9pZGNTZXNzaW9uTWFuYWdlcj59IFRoZSBzaWduZXIgc2Vzc2lvblxuICAgKi9cbiAgc3RhdGljIGFzeW5jIGNyZWF0ZShcbiAgICBlbnY6IEVudkludGVyZmFjZSxcbiAgICBzdG9yYWdlOiBTZXNzaW9uU3RvcmFnZTxPaWRjU2Vzc2lvbkRhdGE+LFxuICAgIG9pZGNUb2tlbjogc3RyaW5nLFxuICAgIG9yZ0lkOiBzdHJpbmcsXG4gICAgc2NvcGVzOiBBcnJheTxzdHJpbmc+LFxuICApOiBQcm9taXNlPE9pZGNTZXNzaW9uTWFuYWdlcj4ge1xuICAgIGNvbnN0IFt0b2tlbiwgdG9rZW5FeHBdID0gYXdhaXQgT2lkY1Nlc3Npb25NYW5hZ2VyLiNleGNoYW5nZVRva2VuKFxuICAgICAgZW52LFxuICAgICAgb2lkY1Rva2VuLFxuICAgICAgb3JnSWQsXG4gICAgICBzY29wZXMsXG4gICAgKTtcbiAgICBhd2FpdCBzdG9yYWdlLnNhdmUoPE9pZGNTZXNzaW9uRGF0YT57XG4gICAgICBlbnYsXG4gICAgICBvcmdfaWQ6IG9yZ0lkLFxuICAgICAgb2lkY190b2tlbjogb2lkY1Rva2VuLFxuICAgICAgdG9rZW4sXG4gICAgICB0b2tlbl9leHA6IHRva2VuRXhwLFxuICAgICAgc2NvcGVzLFxuICAgIH0pO1xuICAgIHJldHVybiBuZXcgT2lkY1Nlc3Npb25NYW5hZ2VyKGVudiwgb3JnSWQsIHRva2VuLCBzdG9yYWdlKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBMb2FkIGZyb20gc3RvcmFnZVxuICAgKiBAcGFyYW0ge09pZGNTZXNzaW9uU3RvcmFnZX0gc3RvcmFnZSBUaGUgc3RvcmFnZSB0byBsb2FkIGZyb21cbiAgICogQHJldHVybiB7UHJvbWlzZTxPaWRjU2Vzc2lvbk1hbmFnZXI+fSBOZXcgT0lEQyBzZXNzaW9uIG1hbmFnZXJcbiAgICovXG4gIHN0YXRpYyBhc3luYyBsb2FkRnJvbVN0b3JhZ2Uoc3RvcmFnZTogT2lkY1Nlc3Npb25TdG9yYWdlKTogUHJvbWlzZTxPaWRjU2Vzc2lvbk1hbmFnZXI+IHtcbiAgICBjb25zdCBpbmZvID0gYXdhaXQgc3RvcmFnZS5yZXRyaWV2ZSgpO1xuICAgIHJldHVybiBuZXcgT2lkY1Nlc3Npb25NYW5hZ2VyKGluZm8uZW52LCBpbmZvLm9yZ19pZCwgaW5mby50b2tlbiwgc3RvcmFnZSk7XG4gIH1cblxuICAvKipcbiAgICogQ29uc3RydWN0b3IuXG4gICAqIEBwYXJhbSB7RW52SW50ZXJmYWNlfSBlbnYgVGhlIGVudmlyb25tZW50IG9mIHRoZSBzZXNzaW9uXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBvcmdJZCBUaGUgaWQgb2YgdGhlIG9yZyBhc3NvY2lhdGVkIHdpdGggdGhpcyBzZXNzaW9uXG4gICAqIEBwYXJhbSB7c3RyaW5nfSB0b2tlbiBUaGUgYXV0aG9yaXphdGlvbiB0b2tlbiB0byB1c2VcbiAgICogQHBhcmFtIHtTZXNzaW9uU3RvcmFnZTxVPn0gc3RvcmFnZSBUaGUgc3RvcmFnZSBiYWNrIGVuZCB0byB1c2UgZm9yIHN0b3JpbmdcbiAgICogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uIGluZm9ybWF0aW9uXG4gICAqL1xuICBwcml2YXRlIGNvbnN0cnVjdG9yKFxuICAgIGVudjogRW52SW50ZXJmYWNlLFxuICAgIG9yZ0lkOiBzdHJpbmcsXG4gICAgdG9rZW46IHN0cmluZyxcbiAgICBzdG9yYWdlOiBTZXNzaW9uU3RvcmFnZTxPaWRjU2Vzc2lvbkRhdGE+LFxuICApIHtcbiAgICBzdXBlcihlbnYsIG9yZ0lkLCBzdG9yYWdlKTtcbiAgICB0aGlzLiNjbGllbnQgPSB0aGlzLmNyZWF0ZUNsaWVudCh0b2tlbik7XG4gIH1cblxuICAvKipcbiAgICogRXhjaGFuZ2UgYW4gT0lEQyB0b2tlbiBmb3IgYSBDdWJlU2lnbmVyIHNlc3Npb24gdG9rZW4uXG4gICAqIEBwYXJhbSB7RW52SW50ZXJmYWNlfSBlbnYgVGhlIEN1YmVTaWduZXIgZW52aXJvbm1lbnRcbiAgICogQHBhcmFtIHtzdHJpbmd9IG9pZGNUb2tlbiBUaGUgT0lEQyB0b2tlblxuICAgKiBAcGFyYW0ge3N0cmluZ30gb3JnSWQgVGhlIGlkIG9mIHRoZSBvcmdhbml6YXRpb24gdGhhdCB0aGUgdXNlciBpcyBpblxuICAgKiBAcGFyYW0ge0xpc3Q8c3RyaW5nPn0gc2NvcGVzIFRoZSBzY29wZXMgb2YgdGhlIHJlc3VsdGluZyBzZXNzaW9uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8W3N0cmluZywgbnVtYmVyXT59IFRoZSBzZXNzaW9uIHRva2VuIGFuZCBpdHMgZXhwaXJhdGlvbiB0aW1lXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgI2V4Y2hhbmdlVG9rZW4oXG4gICAgZW52OiBFbnZJbnRlcmZhY2UsXG4gICAgb2lkY1Rva2VuOiBzdHJpbmcsXG4gICAgb3JnSWQ6IHN0cmluZyxcbiAgICBzY29wZXM6IEFycmF5PHN0cmluZz4sXG4gICk6IFByb21pc2U8W3N0cmluZywgbnVtYmVyXT4ge1xuICAgIGNvbnN0IGNsaWVudCA9IGNyZWF0ZUNsaWVudDxwYXRocz4oe1xuICAgICAgYmFzZVVybDogZW52LlNpZ25lckFwaVJvb3QsXG4gICAgICBoZWFkZXJzOiB7XG4gICAgICAgIEF1dGhvcml6YXRpb246IG9pZGNUb2tlbixcbiAgICAgIH0sXG4gICAgfSk7XG4gICAgY29uc3QgcmVzcCA9IGF3YWl0IGNsaWVudC5wb3N0KFwiL3YwL29yZy97b3JnX2lkfS9vaWRjXCIsIHtcbiAgICAgIHBhcmFtczogeyBwYXRoOiB7IG9yZ19pZDogb3JnSWQgfSB9LFxuICAgICAgYm9keToge1xuICAgICAgICBzY29wZXMsXG4gICAgICB9LFxuICAgICAgcGFyc2VBczogXCJqc29uXCIsXG4gICAgfSk7XG4gICAgY29uc3QgZGF0YSA9IGFzc2VydE9rKHJlc3ApIGFzIE9pZGNBdXRoUmVzcG9uc2U7XG4gICAgcmV0dXJuIFtkYXRhLnRva2VuLCBuZXcgRGF0ZSgpLmdldFRpbWUoKSAvIDEwMDAgKyBPSURDX1RPS0VOX0VYUF9TRUNTXTtcbiAgfVxufVxuIl19

package/dist/src/session/session_manager.d.ts

@@ -0,0 +1,74 @@
+import { SessionStorage } from "..";
+import { EnvInterface } from "../env";
+import { Client } from "../client";
+/** Generic session manager interface. */
+export declare abstract class SessionManager<U> {
+    readonly env: EnvInterface;
+    readonly storage: SessionStorage<U>;
+    /**
+     * @return {string} The current auth token.
+     * @internal
+     */
+    abstract token(): Promise<string>;
+    /** Returns a client instance that uses the token. */
+    abstract client(): Promise<Client>;
+    /** Revokes the session. */
+    abstract revoke(): Promise<void>;
+    /** Refreshes the session. */
+    abstract refresh(): Promise<void>;
+    /**
+     * Returns whether it's time to refresh this token.
+     * @return {boolean} Whether it's time to refresh this token.
+     * @internal
+     */
+    abstract isStale(): Promise<boolean>;
+    /**
+     * Refreshes the session if it is about to expire.
+     * @return {boolean} Whether the session token was refreshed.
+     * @internal
+     */
+    refreshIfNeeded(): Promise<boolean>;
+    /**
+     * Constructor.
+     * @param {EnvInterface} env The environment of the session
+     * @param {SessionStorage<U>} storage The storage back end to use for storing
+     *                                    session information
+     */
+    constructor(env: EnvInterface, storage: SessionStorage<U>);
+    /**
+     * Creates a new REST client with a given token
+     * @param {string} token The authorization token to use for the client
+     * @return {Client} The new REST client
+     */
+    protected createClient(token: string): Client;
+    /**
+     * Check if a timestamp has expired.
+     * @param {number} exp The timestamp to check
+     * @param {number} buffer Optional time buffer when checking the expiration
+     * @return {boolean} True if the timestamp has expired
+     */
+    protected hasExpired(exp: number, buffer?: number): boolean;
+    /**
+     * Throws an error that says that some feature is unsupported.
+     * @param {string} name The name of the feature that is not supported
+     */
+    protected unsupported(name: string): never;
+}
+/** Interface for a session manager that knows about the org that the session is in. */
+export declare abstract class OrgSessionManager<U> extends SessionManager<U> {
+    readonly orgId: string;
+    /**
+     * Constructor.
+     * @param {EnvInterface} env The environment of the session
+     * @param {string} orgId The id of the org associated with this session
+     * @param {SessionStorage<U>} storage The storage back end to use for storing
+     *                                    session information
+     */
+    constructor(env: EnvInterface, orgId: string, storage: SessionStorage<U>);
+}
+export interface HasEnv {
+    /** The environment */
+    env: {
+        ["Dev-CubeSignerStack"]: EnvInterface;
+    };
+}

package/dist/src/session/session_manager.js

@@ -0,0 +1,79 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OrgSessionManager = exports.SessionManager = void 0;
+const openapi_fetch_1 = __importDefault(require("openapi-fetch"));
+const DEFAULT_EXPIRATION_BUFFER_SECS = 30;
+/** Generic session manager interface. */
+class SessionManager {
+    /**
+     * Refreshes the session if it is about to expire.
+     * @return {boolean} Whether the session token was refreshed.
+     * @internal
+     */
+    async refreshIfNeeded() {
+        if (await this.isStale()) {
+            await this.refresh();
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Constructor.
+     * @param {EnvInterface} env The environment of the session
+     * @param {SessionStorage<U>} storage The storage back end to use for storing
+     *                                    session information
+     */
+    constructor(env, storage) {
+        this.env = env;
+        this.storage = storage;
+    }
+    /**
+     * Creates a new REST client with a given token
+     * @param {string} token The authorization token to use for the client
+     * @return {Client} The new REST client
+     */
+    createClient(token) {
+        return (0, openapi_fetch_1.default)({
+            baseUrl: this.env.SignerApiRoot,
+            headers: {
+                Authorization: token,
+            },
+        });
+    }
+    /**
+     * Check if a timestamp has expired.
+     * @param {number} exp The timestamp to check
+     * @param {number} buffer Optional time buffer when checking the expiration
+     * @return {boolean} True if the timestamp has expired
+     */
+    hasExpired(exp, buffer) {
+        return exp < new Date().getTime() / 1000 + (buffer || DEFAULT_EXPIRATION_BUFFER_SECS);
+    }
+    /**
+     * Throws an error that says that some feature is unsupported.
+     * @param {string} name The name of the feature that is not supported
+     */
+    unsupported(name) {
+        throw new Error(`'${name}' not supported`);
+    }
+}
+exports.SessionManager = SessionManager;
+/** Interface for a session manager that knows about the org that the session is in. */
+class OrgSessionManager extends SessionManager {
+    /**
+     * Constructor.
+     * @param {EnvInterface} env The environment of the session
+     * @param {string} orgId The id of the org associated with this session
+     * @param {SessionStorage<U>} storage The storage back end to use for storing
+     *                                    session information
+     */
+    constructor(env, orgId, storage) {
+        super(env, storage);
+        this.orgId = orgId;
+    }
+}
+exports.OrgSessionManager = OrgSessionManager;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2Vzc2lvbl9tYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Nlc3Npb24vc2Vzc2lvbl9tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUdBLGtFQUF5QztBQUV6QyxNQUFNLDhCQUE4QixHQUFHLEVBQUUsQ0FBQztBQUUxQyx5Q0FBeUM7QUFDekMsTUFBc0IsY0FBYztJQTBCbEM7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxlQUFlO1FBQ25CLElBQUksTUFBTSxJQUFJLENBQUMsT0FBTyxFQUFFLEVBQUU7WUFDeEIsTUFBTSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDckIsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUNELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsWUFBWSxHQUFpQixFQUFFLE9BQTBCO1FBQ3ZELElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO1FBQ2YsSUFBSSxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7O09BSUc7SUFDTyxZQUFZLENBQUMsS0FBYTtRQUNsQyxPQUFPLElBQUEsdUJBQVksRUFBUTtZQUN6QixPQUFPLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhO1lBQy9CLE9BQU8sRUFBRTtnQkFDUCxhQUFhLEVBQUUsS0FBSzthQUNyQjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNPLFVBQVUsQ0FBQyxHQUFXLEVBQUUsTUFBZTtRQUMvQyxPQUFPLEdBQUcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sSUFBSSw4QkFBOEIsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7SUFFRDs7O09BR0c7SUFDTyxXQUFXLENBQUMsSUFBWTtRQUNoQyxNQUFNLElBQUksS0FBSyxDQUFDLElBQUksSUFBSSxpQkFBaUIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7Q0FDRjtBQWpGRCx3Q0FpRkM7QUFFRCx1RkFBdUY7QUFDdkYsTUFBc0IsaUJBQXFCLFNBQVEsY0FBaUI7SUFHbEU7Ozs7OztPQU1HO0lBQ0gsWUFBWSxHQUFpQixFQUFFLEtBQWEsRUFBRSxPQUEwQjtRQUN0RSxLQUFLLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3BCLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO0lBQ3JCLENBQUM7Q0FDRjtBQWRELDhDQWNDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU2Vzc2lvblN0b3JhZ2UgfSBmcm9tIFwiLi5cIjtcbmltcG9ydCB7IEVudkludGVyZmFjZSB9IGZyb20gXCIuLi9lbnZcIjtcbmltcG9ydCB7IHBhdGhzLCBDbGllbnQgfSBmcm9tIFwiLi4vY2xpZW50XCI7XG5pbXBvcnQgY3JlYXRlQ2xpZW50IGZyb20gXCJvcGVuYXBpLWZldGNoXCI7XG5cbmNvbnN0IERFRkFVTFRfRVhQSVJBVElPTl9CVUZGRVJfU0VDUyA9IDMwO1xuXG4vKiogR2VuZXJpYyBzZXNzaW9uIG1hbmFnZXIgaW50ZXJmYWNlLiAqL1xuZXhwb3J0IGFic3RyYWN0IGNsYXNzIFNlc3Npb25NYW5hZ2VyPFU+IHtcbiAgcmVhZG9ubHkgZW52OiBFbnZJbnRlcmZhY2U7XG4gIHJlYWRvbmx5IHN0b3JhZ2U6IFNlc3Npb25TdG9yYWdlPFU+O1xuXG4gIC8qKlxuICAgKiBAcmV0dXJuIHtzdHJpbmd9IFRoZSBjdXJyZW50IGF1dGggdG9rZW4uXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgYWJzdHJhY3QgdG9rZW4oKTogUHJvbWlzZTxzdHJpbmc+O1xuXG4gIC8qKiBSZXR1cm5zIGEgY2xpZW50IGluc3RhbmNlIHRoYXQgdXNlcyB0aGUgdG9rZW4uICovXG4gIGFic3RyYWN0IGNsaWVudCgpOiBQcm9taXNlPENsaWVudD47XG5cbiAgLyoqIFJldm9rZXMgdGhlIHNlc3Npb24uICovXG4gIGFic3RyYWN0IHJldm9rZSgpOiBQcm9taXNlPHZvaWQ+O1xuXG4gIC8qKiBSZWZyZXNoZXMgdGhlIHNlc3Npb24uICovXG4gIGFic3RyYWN0IHJlZnJlc2goKTogUHJvbWlzZTx2b2lkPjtcblxuICAvKipcbiAgICogUmV0dXJucyB3aGV0aGVyIGl0J3MgdGltZSB0byByZWZyZXNoIHRoaXMgdG9rZW4uXG4gICAqIEByZXR1cm4ge2Jvb2xlYW59IFdoZXRoZXIgaXQncyB0aW1lIHRvIHJlZnJlc2ggdGhpcyB0b2tlbi5cbiAgICogQGludGVybmFsXG4gICAqL1xuICBhYnN0cmFjdCBpc1N0YWxlKCk6IFByb21pc2U8Ym9vbGVhbj47XG5cbiAgLyoqXG4gICAqIFJlZnJlc2hlcyB0aGUgc2Vzc2lvbiBpZiBpdCBpcyBhYm91dCB0byBleHBpcmUuXG4gICAqIEByZXR1cm4ge2Jvb2xlYW59IFdoZXRoZXIgdGhlIHNlc3Npb24gdG9rZW4gd2FzIHJlZnJlc2hlZC5cbiAgICogQGludGVybmFsXG4gICAqL1xuICBhc3luYyByZWZyZXNoSWZOZWVkZWQoKTogUHJvbWlzZTxib29sZWFuPiB7XG4gICAgaWYgKGF3YWl0IHRoaXMuaXNTdGFsZSgpKSB7XG4gICAgICBhd2FpdCB0aGlzLnJlZnJlc2goKTtcbiAgICAgIHJldHVybiB0cnVlO1xuICAgIH1cbiAgICByZXR1cm4gZmFsc2U7XG4gIH1cblxuICAvKipcbiAgICogQ29uc3RydWN0b3IuXG4gICAqIEBwYXJhbSB7RW52SW50ZXJmYWNlfSBlbnYgVGhlIGVudmlyb25tZW50IG9mIHRoZSBzZXNzaW9uXG4gICAqIEBwYXJhbSB7U2Vzc2lvblN0b3JhZ2U8VT59IHN0b3JhZ2UgVGhlIHN0b3JhZ2UgYmFjayBlbmQgdG8gdXNlIGZvciBzdG9yaW5nXG4gICAqICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Vzc2lvbiBpbmZvcm1hdGlvblxuICAgKi9cbiAgY29uc3RydWN0b3IoZW52OiBFbnZJbnRlcmZhY2UsIHN0b3JhZ2U6IFNlc3Npb25TdG9yYWdlPFU+KSB7XG4gICAgdGhpcy5lbnYgPSBlbnY7XG4gICAgdGhpcy5zdG9yYWdlID0gc3RvcmFnZTtcbiAgfVxuXG4gIC8qKlxuICAgKiBDcmVhdGVzIGEgbmV3IFJFU1QgY2xpZW50IHdpdGggYSBnaXZlbiB0b2tlblxuICAgKiBAcGFyYW0ge3N0cmluZ30gdG9rZW4gVGhlIGF1dGhvcml6YXRpb24gdG9rZW4gdG8gdXNlIGZvciB0aGUgY2xpZW50XG4gICAqIEByZXR1cm4ge0NsaWVudH0gVGhlIG5ldyBSRVNUIGNsaWVudFxuICAgKi9cbiAgcHJvdGVjdGVkIGNyZWF0ZUNsaWVudCh0b2tlbjogc3RyaW5nKTogQ2xpZW50IHtcbiAgICByZXR1cm4gY3JlYXRlQ2xpZW50PHBhdGhzPih7XG4gICAgICBiYXNlVXJsOiB0aGlzLmVudi5TaWduZXJBcGlSb290LFxuICAgICAgaGVhZGVyczoge1xuICAgICAgICBBdXRob3JpemF0aW9uOiB0b2tlbixcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICAvKipcbiAgICogQ2hlY2sgaWYgYSB0aW1lc3RhbXAgaGFzIGV4cGlyZWQuXG4gICAqIEBwYXJhbSB7bnVtYmVyfSBleHAgVGhlIHRpbWVzdGFtcCB0byBjaGVja1xuICAgKiBAcGFyYW0ge251bWJlcn0gYnVmZmVyIE9wdGlvbmFsIHRpbWUgYnVmZmVyIHdoZW4gY2hlY2tpbmcgdGhlIGV4cGlyYXRpb25cbiAgICogQHJldHVybiB7Ym9vbGVhbn0gVHJ1ZSBpZiB0aGUgdGltZXN0YW1wIGhhcyBleHBpcmVkXG4gICAqL1xuICBwcm90ZWN0ZWQgaGFzRXhwaXJlZChleHA6IG51bWJlciwgYnVmZmVyPzogbnVtYmVyKTogYm9vbGVhbiB7XG4gICAgcmV0dXJuIGV4cCA8IG5ldyBEYXRlKCkuZ2V0VGltZSgpIC8gMTAwMCArIChidWZmZXIgfHwgREVGQVVMVF9FWFBJUkFUSU9OX0JVRkZFUl9TRUNTKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBUaHJvd3MgYW4gZXJyb3IgdGhhdCBzYXlzIHRoYXQgc29tZSBmZWF0dXJlIGlzIHVuc3VwcG9ydGVkLlxuICAgKiBAcGFyYW0ge3N0cmluZ30gbmFtZSBUaGUgbmFtZSBvZiB0aGUgZmVhdHVyZSB0aGF0IGlzIG5vdCBzdXBwb3J0ZWRcbiAgICovXG4gIHByb3RlY3RlZCB1bnN1cHBvcnRlZChuYW1lOiBzdHJpbmcpOiBuZXZlciB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGAnJHtuYW1lfScgbm90IHN1cHBvcnRlZGApO1xuICB9XG59XG5cbi8qKiBJbnRlcmZhY2UgZm9yIGEgc2Vzc2lvbiBtYW5hZ2VyIHRoYXQga25vd3MgYWJvdXQgdGhlIG9yZyB0aGF0IHRoZSBzZXNzaW9uIGlzIGluLiAqL1xuZXhwb3J0IGFic3RyYWN0IGNsYXNzIE9yZ1Nlc3Npb25NYW5hZ2VyPFU+IGV4dGVuZHMgU2Vzc2lvbk1hbmFnZXI8VT4ge1xuICByZWFkb25seSBvcmdJZDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBDb25zdHJ1Y3Rvci5cbiAgICogQHBhcmFtIHtFbnZJbnRlcmZhY2V9IGVudiBUaGUgZW52aXJvbm1lbnQgb2YgdGhlIHNlc3Npb25cbiAgICogQHBhcmFtIHtzdHJpbmd9IG9yZ0lkIFRoZSBpZCBvZiB0aGUgb3JnIGFzc29jaWF0ZWQgd2l0aCB0aGlzIHNlc3Npb25cbiAgICogQHBhcmFtIHtTZXNzaW9uU3RvcmFnZTxVPn0gc3RvcmFnZSBUaGUgc3RvcmFnZSBiYWNrIGVuZCB0byB1c2UgZm9yIHN0b3JpbmdcbiAgICogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzZXNzaW9uIGluZm9ybWF0aW9uXG4gICAqL1xuICBjb25zdHJ1Y3RvcihlbnY6IEVudkludGVyZmFjZSwgb3JnSWQ6IHN0cmluZywgc3RvcmFnZTogU2Vzc2lvblN0b3JhZ2U8VT4pIHtcbiAgICBzdXBlcihlbnYsIHN0b3JhZ2UpO1xuICAgIHRoaXMub3JnSWQgPSBvcmdJZDtcbiAgfVxufVxuXG5leHBvcnQgaW50ZXJmYWNlIEhhc0VudiB7XG4gIC8qKiBUaGUgZW52aXJvbm1lbnQgKi9cbiAgZW52OiB7XG4gICAgW1wiRGV2LUN1YmVTaWduZXJTdGFja1wiXTogRW52SW50ZXJmYWNlO1xuICB9O1xufVxuIl19

package/dist/src/session/session_storage.d.ts

@@ -0,0 +1,47 @@
+/** Interface for storing sessions. */
+export interface SessionStorage<U> {
+    /** Store session information */
+    save(data: U): Promise<void>;
+    /** Retrieve session information */
+    retrieve(): Promise<U>;
+}
+/** Stores session information in memory */
+export declare class MemorySessionStorage<U> implements SessionStorage<U> {
+    #private;
+    /**
+     * Store session information.
+     * @param {U} data The session information to store
+     * @return {Promise<void>}
+     */
+    save(data: U): Promise<void>;
+    /**
+     * Retrieve session information.
+     * @return {Promise<U>} The session information
+     */
+    retrieve(): Promise<U>;
+    /**
+     * Constructor.
+     * @param {U?} data The initial data
+     */
+    constructor(data?: U);
+}
+/** Stores session information in a JSON file */
+export declare class JsonFileSessionStorage<U> implements SessionStorage<U> {
+    #private;
+    /**
+     * Store session information.
+     * @param {U} data The session information to store
+     * @return {Promise<void>}
+     */
+    save(data: U): Promise<void>;
+    /**
+     * Retrieve session information.
+     * @return {Promise<U>} The session information
+     */
+    retrieve(): Promise<U>;
+    /**
+     * Constructor.
+     * @param {string} filePath The file path to use for storage
+     */
+    constructor(filePath: string);
+}

package/dist/src/session/session_storage.js

@@ -0,0 +1,76 @@
+"use strict";
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _MemorySessionStorage_data, _JsonFileSessionStorage_filePath;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JsonFileSessionStorage = exports.MemorySessionStorage = void 0;
+const fs_1 = require("fs");
+/** Stores session information in memory */
+class MemorySessionStorage {
+    /**
+     * Store session information.
+     * @param {U} data The session information to store
+     * @return {Promise<void>}
+     */
+    async save(data) {
+        __classPrivateFieldSet(this, _MemorySessionStorage_data, data, "f");
+    }
+    /**
+     * Retrieve session information.
+     * @return {Promise<U>} The session information
+     */
+    async retrieve() {
+        if (!__classPrivateFieldGet(this, _MemorySessionStorage_data, "f")) {
+            throw new Error("Missing session information");
+        }
+        return __classPrivateFieldGet(this, _MemorySessionStorage_data, "f");
+    }
+    /**
+     * Constructor.
+     * @param {U?} data The initial data
+     */
+    constructor(data) {
+        _MemorySessionStorage_data.set(this, void 0);
+        __classPrivateFieldSet(this, _MemorySessionStorage_data, data, "f");
+    }
+}
+exports.MemorySessionStorage = MemorySessionStorage;
+_MemorySessionStorage_data = new WeakMap();
+/** Stores session information in a JSON file */
+class JsonFileSessionStorage {
+    /**
+     * Store session information.
+     * @param {U} data The session information to store
+     * @return {Promise<void>}
+     */
+    async save(data) {
+        await fs_1.promises.writeFile(__classPrivateFieldGet(this, _JsonFileSessionStorage_filePath, "f"), JSON.stringify(data), "utf-8");
+    }
+    /**
+     * Retrieve session information.
+     * @return {Promise<U>} The session information
+     */
+    async retrieve() {
+        return JSON.parse(await fs_1.promises.readFile(__classPrivateFieldGet(this, _JsonFileSessionStorage_filePath, "f"), "utf-8"));
+    }
+    /**
+     * Constructor.
+     * @param {string} filePath The file path to use for storage
+     */
+    constructor(filePath) {
+        _JsonFileSessionStorage_filePath.set(this, void 0);
+        __classPrivateFieldSet(this, _JsonFileSessionStorage_filePath, filePath, "f");
+    }
+}
+exports.JsonFileSessionStorage = JsonFileSessionStorage;
+_JsonFileSessionStorage_filePath = new WeakMap();
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2Vzc2lvbl9zdG9yYWdlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Nlc3Npb24vc2Vzc2lvbl9zdG9yYWdlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJCQUFvQztBQVdwQywyQ0FBMkM7QUFDM0MsTUFBYSxvQkFBb0I7SUFHL0I7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBTztRQUNoQix1QkFBQSxJQUFJLDhCQUFTLElBQUksTUFBQSxDQUFDO0lBQ3BCLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsUUFBUTtRQUNaLElBQUksQ0FBQyx1QkFBQSxJQUFJLGtDQUFNLEVBQUU7WUFDZixNQUFNLElBQUksS0FBSyxDQUFDLDZCQUE2QixDQUFDLENBQUM7U0FDaEQ7UUFDRCxPQUFPLHVCQUFBLElBQUksa0NBQU0sQ0FBQztJQUNwQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsWUFBWSxJQUFRO1FBMUJwQiw2Q0FBVTtRQTJCUix1QkFBQSxJQUFJLDhCQUFTLElBQUksTUFBQSxDQUFDO0lBQ3BCLENBQUM7Q0FDRjtBQTlCRCxvREE4QkM7O0FBRUQsZ0RBQWdEO0FBQ2hELE1BQWEsc0JBQXNCO0lBR2pDOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsSUFBSSxDQUFDLElBQU87UUFDaEIsTUFBTSxhQUFFLENBQUMsU0FBUyxDQUFDLHVCQUFBLElBQUksd0NBQVUsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsUUFBUTtRQUNaLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLGFBQUUsQ0FBQyxRQUFRLENBQUMsdUJBQUEsSUFBSSx3Q0FBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDaEUsQ0FBQztJQUVEOzs7T0FHRztJQUNILFlBQVksUUFBZ0I7UUF2QjVCLG1EQUFrQjtRQXdCaEIsdUJBQUEsSUFBSSxvQ0FBYSxRQUFRLE1BQUEsQ0FBQztJQUM1QixDQUFDO0NBQ0Y7QUEzQkQsd0RBMkJDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgcHJvbWlzZXMgYXMgZnMgfSBmcm9tIFwiZnNcIjtcblxuLyoqIEludGVyZmFjZSBmb3Igc3RvcmluZyBzZXNzaW9ucy4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgU2Vzc2lvblN0b3JhZ2U8VT4ge1xuICAvKiogU3RvcmUgc2Vzc2lvbiBpbmZvcm1hdGlvbiAqL1xuICBzYXZlKGRhdGE6IFUpOiBQcm9taXNlPHZvaWQ+O1xuXG4gIC8qKiBSZXRyaWV2ZSBzZXNzaW9uIGluZm9ybWF0aW9uICovXG4gIHJldHJpZXZlKCk6IFByb21pc2U8VT47XG59XG5cbi8qKiBTdG9yZXMgc2Vzc2lvbiBpbmZvcm1hdGlvbiBpbiBtZW1vcnkgKi9cbmV4cG9ydCBjbGFzcyBNZW1vcnlTZXNzaW9uU3RvcmFnZTxVPiBpbXBsZW1lbnRzIFNlc3Npb25TdG9yYWdlPFU+IHtcbiAgI2RhdGE/OiBVO1xuXG4gIC8qKlxuICAgKiBTdG9yZSBzZXNzaW9uIGluZm9ybWF0aW9uLlxuICAgKiBAcGFyYW0ge1V9IGRhdGEgVGhlIHNlc3Npb24gaW5mb3JtYXRpb24gdG8gc3RvcmVcbiAgICogQHJldHVybiB7UHJvbWlzZTx2b2lkPn1cbiAgICovXG4gIGFzeW5jIHNhdmUoZGF0YTogVSk6IFByb21pc2U8dm9pZD4ge1xuICAgIHRoaXMuI2RhdGEgPSBkYXRhO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHJpZXZlIHNlc3Npb24gaW5mb3JtYXRpb24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8VT59IFRoZSBzZXNzaW9uIGluZm9ybWF0aW9uXG4gICAqL1xuICBhc3luYyByZXRyaWV2ZSgpOiBQcm9taXNlPFU+IHtcbiAgICBpZiAoIXRoaXMuI2RhdGEpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIk1pc3Npbmcgc2Vzc2lvbiBpbmZvcm1hdGlvblwiKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMuI2RhdGE7XG4gIH1cblxuICAvKipcbiAgICogQ29uc3RydWN0b3IuXG4gICAqIEBwYXJhbSB7VT99IGRhdGEgVGhlIGluaXRpYWwgZGF0YVxuICAgKi9cbiAgY29uc3RydWN0b3IoZGF0YT86IFUpIHtcbiAgICB0aGlzLiNkYXRhID0gZGF0YTtcbiAgfVxufVxuXG4vKiogU3RvcmVzIHNlc3Npb24gaW5mb3JtYXRpb24gaW4gYSBKU09OIGZpbGUgKi9cbmV4cG9ydCBjbGFzcyBKc29uRmlsZVNlc3Npb25TdG9yYWdlPFU+IGltcGxlbWVudHMgU2Vzc2lvblN0b3JhZ2U8VT4ge1xuICAjZmlsZVBhdGg6IHN0cmluZztcblxuICAvKipcbiAgICogU3RvcmUgc2Vzc2lvbiBpbmZvcm1hdGlvbi5cbiAgICogQHBhcmFtIHtVfSBkYXRhIFRoZSBzZXNzaW9uIGluZm9ybWF0aW9uIHRvIHN0b3JlXG4gICAqIEByZXR1cm4ge1Byb21pc2U8dm9pZD59XG4gICAqL1xuICBhc3luYyBzYXZlKGRhdGE6IFUpOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBhd2FpdCBmcy53cml0ZUZpbGUodGhpcy4jZmlsZVBhdGgsIEpTT04uc3RyaW5naWZ5KGRhdGEpLCBcInV0Zi04XCIpO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHJpZXZlIHNlc3Npb24gaW5mb3JtYXRpb24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8VT59IFRoZSBzZXNzaW9uIGluZm9ybWF0aW9uXG4gICAqL1xuICBhc3luYyByZXRyaWV2ZSgpOiBQcm9taXNlPFU+IHtcbiAgICByZXR1cm4gSlNPTi5wYXJzZShhd2FpdCBmcy5yZWFkRmlsZSh0aGlzLiNmaWxlUGF0aCwgXCJ1dGYtOFwiKSk7XG4gIH1cblxuICAvKipcbiAgICogQ29uc3RydWN0b3IuXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBmaWxlUGF0aCBUaGUgZmlsZSBwYXRoIHRvIHVzZSBmb3Igc3RvcmFnZVxuICAgKi9cbiAgY29uc3RydWN0b3IoZmlsZVBhdGg6IHN0cmluZykge1xuICAgIHRoaXMuI2ZpbGVQYXRoID0gZmlsZVBhdGg7XG4gIH1cbn1cbiJdfQ==

package/dist/src/session/signer_session_manager.d.ts

@@ -0,0 +1,88 @@
+import { CubeSigner } from "..";
+import { components, paths, Client } from "../client";
+import { HasEnv, OrgSessionManager } from "./session_manager";
+import { SessionStorage } from "./session_storage";
+export type ClientSessionInfo = components["schemas"]["ClientSessionInfo"];
+export type CreateSignerSessionRequest = paths["/v0/org/{org_id}/roles/{role_id}/tokens"]["post"]["requestBody"]["content"]["application/json"];
+export type RefreshSignerSessionRequest = paths["/v1/org/{org_id}/token/refresh"]["patch"]["requestBody"]["content"]["application/json"];
+/** JSON representation of our "signer session" file format */
+export interface SignerSessionObject {
+    /** The organization ID */
+    org_id: string;
+    /** The role ID */
+    role_id: string;
+    /** The purpose of the session token */
+    purpose: string;
+    /** The token to include in Authorization header */
+    token: string;
+    /** Session info */
+    session_info: ClientSessionInfo;
+}
+export interface SignerSessionData extends SignerSessionObject, HasEnv {
+}
+/** Type of storage required for signer sessions */
+export type SignerSessionStorage = SessionStorage<SignerSessionData>;
+export interface SignerSessionLifetime {
+    /** Session lifetime (in seconds). Defaults to one week (604800). */
+    session?: number;
+    /** Auth token lifetime (in seconds). Defaults to five minutes (300). */
+    auth: number;
+    /** Refresh token lifetime (in seconds). Defaults to one day (86400). */
+    refresh?: number;
+}
+/** Manager for signer sessions. */
+export declare class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
+    #private;
+    readonly cs?: CubeSigner;
+    readonly roleId: string;
+    /**
+     * @return {string} The current auth token.
+     * @internal
+     */
+    token(): Promise<string>;
+    /**
+     * Returns a client with the current session and refreshes the current
+     * session. May **UPDATE/MUTATE** self.
+     */
+    client(): Promise<Client>;
+    /** Revokes the session. */
+    revoke(): Promise<void>;
+    /**
+     * Returns whether it's time to refresh this token.
+     * @return {boolean} Whether it's time to refresh this token.
+     * @internal
+     */
+    isStale(): Promise<boolean>;
+    /**
+     * Refreshes the session and **UPDATES/MUTATES** self.
+     */
+    refresh(): Promise<void>;
+    /**
+     * Create a new signer session.
+     * @param {CubeSigner} cs The CubeSigner instance
+     * @param {SessionStorage<SignerSessionObject>} storage The session storage to use
+     * @param {string} orgId Org ID
+     * @param {string} roleId Role ID
+     * @param {string} purpose The purpose of the session
+     * @param {SignerSessionLifetime} ttl Lifetime settings
+     * @return {Promise<SignerSessionManager>} New signer session
+     */
+    static create(cs: CubeSigner, storage: SignerSessionStorage, orgId: string, roleId: string, purpose: string, ttl?: SignerSessionLifetime): Promise<SignerSessionManager>;
+    /**
+     * Uses an existing session to create a new signer session manager.
+     * @param {CubeSigner} cs The CubeSigner instance
+     * @param {SessionStorage<SignerSessionObject>} storage The session storage to use
+     * @return {Promise<SingerSession>} New signer session manager
+     */
+    static loadFromStorage(cs: CubeSigner, storage: SignerSessionStorage): Promise<SignerSessionManager>;
+    /**
+     * Constructor.
+     * @param {CubeSigner} cs CubeSigner
+     * @param {string} orgId The id of the org associated with this session
+     * @param {string} roleId The id of the role that this session assumes
+     * @param {string} token The authorization token to use
+     * @param {SignerSessionStorage} storage The session storage to use
+     * @internal
+     */
+    private constructor();
+}