npm - @dereekb/dbx-cli - Versions diffs - 13.11.3 → 13.11.4 - Mend

@dereekb/dbx-cli 13.11.3 → 13.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/firebase-api-manifest/package.json +1 -1
package/index.cjs.js +26 -2
package/index.esm.js +27 -3
package/manifest-extract/package.json +1 -1
package/package.json +5 -4
package/src/lib/auth/oidc.flow.d.ts +7 -0

package/firebase-api-manifest/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dereekb/dbx-cli-firebase-api-manifest",
-  "version": "13.11.3",
+  "version": "13.11.4",
   "private": true,
   "type": "module",
   "devDependencies": {

package/index.cjs.js CHANGED Viewed

@@ -4,6 +4,7 @@ var node_fs = require('node:fs');
 var node_path = require('node:path');
 var firebase = require('@dereekb/firebase');
 var util = require('@dereekb/util');
+var date = require('@dereekb/date');
 var nestjs = require('@dereekb/nestjs');
 var node_os = require('node:os');
 var node_readline = require('node:readline');
@@ -2553,6 +2554,15 @@ function _ts_generator$a(thisArg, body) {
         code_challenge_method: 'S256',
         state: input.state
     };
+    if (input.requestedSessionTtlSeconds != null) {
+        if (!Number.isInteger(input.requestedSessionTtlSeconds) || input.requestedSessionTtlSeconds <= 0) {
+            throw new CliError({
+                message: "requestedSessionTtlSeconds must be a positive integer (got ".concat(input.requestedSessionTtlSeconds, ")."),
+                code: 'AUTH_LOGIN_FOR_INVALID'
+            });
+        }
+        authParams.dbx_session_ttl = String(input.requestedSessionTtlSeconds);
+    }
     var endpoint;
     if (input.appClientUrl) {
         endpoint = rebaseUrlOrigin({
@@ -3332,11 +3342,14 @@ function maskEnv$1(env) {
                 type: 'boolean',
                 default: false,
                 describe: 'Drop model.create/model.update/model.delete from the requested scopes (keeps model.read and model.query)'
+            }).option('login-for', {
+                type: 'string',
+                describe: 'Requested login duration with a unit (e.g. 30d, 12h, 3600s). Mixed units are allowed (e.g. "1h30m", "2d 12h"). Subject to server/client caps. Applied to Session, Grant, and RefreshToken.'
             });
         },
         handler: function handler(argv) {
             return _async_to_generator$9(function() {
-                var _argv_code, _tokenResponse_expires_in, _ref, envName, env, meta, _ref1, codeVerifier, codeChallenge, state, requestedScopes, url, pasted, _tmp, code, tokenResponse, expiresAt, entry, e;
+                var _argv_code, _tokenResponse_expires_in, _ref, envName, env, meta, _ref1, codeVerifier, codeChallenge, state, requestedScopes, requestedSessionTtlSeconds, ms, url, pasted, _tmp, code, tokenResponse, expiresAt, entry, e;
                 return _ts_generator$9(this, function(_state) {
                     switch(_state.label){
                         case 0:
@@ -3381,6 +3394,16 @@ function maskEnv$1(env) {
                             _ref1 = _state.sent(), codeVerifier = _ref1.codeVerifier, codeChallenge = _ref1.codeChallenge;
                             state = generateOAuthState();
                             requestedScopes = argv.readOnlyScopes ? filterReadOnlyModelScopes(env.scopes) : env.scopes;
+                            if (argv.loginFor) {
+                                ms = date.durationDataToMilliseconds(date.parseDurationString(argv.loginFor));
+                                if (ms <= 0) {
+                                    throw new CliError({
+                                        message: '--login-for: invalid duration "'.concat(argv.loginFor, '". Use formats like "30d", "12h", "3600s", or mixed units like "1h30m" or "2d 12h".'),
+                                        code: 'AUTH_LOGIN_FOR_INVALID'
+                                    });
+                                }
+                                requestedSessionTtlSeconds = Math.floor(ms / util.MS_IN_SECOND);
+                            }
                             url = buildAuthorizationUrl({
                                 authorizationEndpoint: meta.authorization_endpoint,
                                 apiBaseUrl: env.apiBaseUrl,
@@ -3389,7 +3412,8 @@ function maskEnv$1(env) {
                                 redirectUri: env.redirectUri,
                                 scopes: requestedScopes,
                                 state: state,
-                                codeChallenge: codeChallenge
+                                codeChallenge: codeChallenge,
+                                requestedSessionTtlSeconds: requestedSessionTtlSeconds
                             });
                             // The CLI never opens a browser itself — it prints the URL and reads the redirect back.
                             // Emit the URL through a clearly-prefixed stderr line so JSON stdout stays parseable.

package/index.esm.js CHANGED Viewed

@@ -1,7 +1,8 @@
 import { existsSync, mkdirSync, writeFileSync, appendFileSync } from 'node:fs';
 import { join } from 'node:path';
 export { CALL_MODEL_APP_FUNCTION_KEY } from '@dereekb/firebase';
-import { expirationDetails, generatePkceCodeVerifier, generatePkceCodeChallenge, noop } from '@dereekb/util';
+import { expirationDetails, generatePkceCodeVerifier, generatePkceCodeChallenge, noop, MS_IN_SECOND } from '@dereekb/util';
+import { durationDataToMilliseconds, parseDurationString } from '@dereekb/date';
 import { readJsonFile, writeJsonFile, createMemoizedJsonFileAsyncKeyedValueCache } from '@dereekb/nestjs';
 import { homedir } from 'node:os';
 import { createInterface } from 'node:readline';
@@ -2551,6 +2552,15 @@ function _ts_generator$a(thisArg, body) {
         code_challenge_method: 'S256',
         state: input.state
     };
+    if (input.requestedSessionTtlSeconds != null) {
+        if (!Number.isInteger(input.requestedSessionTtlSeconds) || input.requestedSessionTtlSeconds <= 0) {
+            throw new CliError({
+                message: "requestedSessionTtlSeconds must be a positive integer (got ".concat(input.requestedSessionTtlSeconds, ")."),
+                code: 'AUTH_LOGIN_FOR_INVALID'
+            });
+        }
+        authParams.dbx_session_ttl = String(input.requestedSessionTtlSeconds);
+    }
     var endpoint;
     if (input.appClientUrl) {
         endpoint = rebaseUrlOrigin({
@@ -3330,11 +3340,14 @@ function maskEnv$1(env) {
                 type: 'boolean',
                 default: false,
                 describe: 'Drop model.create/model.update/model.delete from the requested scopes (keeps model.read and model.query)'
+            }).option('login-for', {
+                type: 'string',
+                describe: 'Requested login duration with a unit (e.g. 30d, 12h, 3600s). Mixed units are allowed (e.g. "1h30m", "2d 12h"). Subject to server/client caps. Applied to Session, Grant, and RefreshToken.'
             });
         },
         handler: function handler(argv) {
             return _async_to_generator$9(function() {
-                var _argv_code, _tokenResponse_expires_in, _ref, envName, env, meta, _ref1, codeVerifier, codeChallenge, state, requestedScopes, url, pasted, _tmp, code, tokenResponse, expiresAt, entry, e;
+                var _argv_code, _tokenResponse_expires_in, _ref, envName, env, meta, _ref1, codeVerifier, codeChallenge, state, requestedScopes, requestedSessionTtlSeconds, ms, url, pasted, _tmp, code, tokenResponse, expiresAt, entry, e;
                 return _ts_generator$9(this, function(_state) {
                     switch(_state.label){
                         case 0:
@@ -3379,6 +3392,16 @@ function maskEnv$1(env) {
                             _ref1 = _state.sent(), codeVerifier = _ref1.codeVerifier, codeChallenge = _ref1.codeChallenge;
                             state = generateOAuthState();
                             requestedScopes = argv.readOnlyScopes ? filterReadOnlyModelScopes(env.scopes) : env.scopes;
+                            if (argv.loginFor) {
+                                ms = durationDataToMilliseconds(parseDurationString(argv.loginFor));
+                                if (ms <= 0) {
+                                    throw new CliError({
+                                        message: '--login-for: invalid duration "'.concat(argv.loginFor, '". Use formats like "30d", "12h", "3600s", or mixed units like "1h30m" or "2d 12h".'),
+                                        code: 'AUTH_LOGIN_FOR_INVALID'
+                                    });
+                                }
+                                requestedSessionTtlSeconds = Math.floor(ms / MS_IN_SECOND);
+                            }
                             url = buildAuthorizationUrl({
                                 authorizationEndpoint: meta.authorization_endpoint,
                                 apiBaseUrl: env.apiBaseUrl,
@@ -3387,7 +3410,8 @@ function maskEnv$1(env) {
                                 redirectUri: env.redirectUri,
                                 scopes: requestedScopes,
                                 state: state,
-                                codeChallenge: codeChallenge
+                                codeChallenge: codeChallenge,
+                                requestedSessionTtlSeconds: requestedSessionTtlSeconds
                             });
                             // The CLI never opens a browser itself — it prints the URL and reads the redirect back.
                             // Emit the URL through a clearly-prefixed stderr line so JSON stdout stays parseable.

package/manifest-extract/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dereekb/dbx-cli/manifest-extract",
-  "version": "13.11.3",
+  "version": "13.11.4",
   "sideEffects": false,
   "peerDependencies": {
     "ts-morph": "^21.0.0"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dereekb/dbx-cli",
-  "version": "13.11.3",
+  "version": "13.11.4",
   "sideEffects": false,
   "bin": {
     "dbx-cli-generate-firebase-api-manifest": "firebase-api-manifest/main.js"
@@ -24,9 +24,10 @@
     }
   },
   "peerDependencies": {
-    "@dereekb/firebase": "13.11.3",
-    "@dereekb/nestjs": "13.11.3",
-    "@dereekb/util": "13.11.3",
+    "@dereekb/date": "13.11.4",
+    "@dereekb/firebase": "13.11.4",
+    "@dereekb/nestjs": "13.11.4",
+    "@dereekb/util": "13.11.4",
     "arktype": "^2.2.0",
     "yargs": "^18.0.0"
   },

package/src/lib/auth/oidc.flow.d.ts CHANGED Viewed

@@ -22,6 +22,13 @@ export interface BuildAuthorizationUrlInput {
     readonly scopes?: string;
     readonly state: string;
     readonly codeChallenge: string;
+    /**
+     * Optional requested login duration in seconds. When set, the URL includes the
+     * `dbx_session_ttl=<seconds>` query param so the OIDC server applies the requested
+     * lifetime to the issued Session, Grant, and RefreshToken (subject to per-client and
+     * server caps).
+     */
+    readonly requestedSessionTtlSeconds?: Maybe<number>;
 }
 /**
  * Builds the authorization URL the user opens in a browser to start the PKCE flow.