@doist/cli-core 0.17.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/auth/keyring/internal.d.ts +25 -0
- package/dist/auth/keyring/internal.d.ts.map +1 -0
- package/dist/auth/keyring/internal.js +31 -0
- package/dist/auth/keyring/internal.js.map +1 -0
- package/dist/auth/keyring/migrate.d.ts +19 -17
- package/dist/auth/keyring/migrate.d.ts.map +1 -1
- package/dist/auth/keyring/migrate.js +111 -49
- package/dist/auth/keyring/migrate.js.map +1 -1
- package/dist/auth/keyring/record-write.d.ts +13 -1
- package/dist/auth/keyring/record-write.d.ts.map +1 -1
- package/dist/auth/keyring/record-write.js +18 -0
- package/dist/auth/keyring/record-write.js.map +1 -1
- package/dist/auth/keyring/token-store.d.ts.map +1 -1
- package/dist/auth/keyring/token-store.js +13 -23
- package/dist/auth/keyring/token-store.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## [0.18.0](https://github.com/Doist/cli-core/compare/v0.17.0...v0.18.0) (2026-05-19)
|
|
2
|
+
|
|
3
|
+
### Features
|
|
4
|
+
|
|
5
|
+
* **auth:** two-phase migrate write for the bundle-shape contract ([#38](https://github.com/Doist/cli-core/issues/38)) ([9cf5e9c](https://github.com/Doist/cli-core/commit/9cf5e9caaed30ec0a989a026bf5b00f6815a2512))
|
|
6
|
+
|
|
1
7
|
## [0.17.0](https://github.com/Doist/cli-core/compare/v0.16.1...v0.17.0) (2026-05-19)
|
|
2
8
|
|
|
3
9
|
### Features
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import type { AuthAccount } from '../types.js';
|
|
2
|
+
import { type SecureStore } from './secure-store.js';
|
|
3
|
+
import type { UserRecord } from './types.js';
|
|
4
|
+
/**
|
|
5
|
+
* Outcome of resolving the access token for a record. Callers map the
|
|
6
|
+
* structured failure variants to whatever error contract they expose —
|
|
7
|
+
* `KeyringTokenStore.active()` throws `CliError('AUTH_STORE_READ_FAILED', …)`;
|
|
8
|
+
* `migrateLegacyAuth` translates each variant into a `MigrateSkipReason`.
|
|
9
|
+
*/
|
|
10
|
+
export type ReadAccessTokenOutcome = {
|
|
11
|
+
ok: true;
|
|
12
|
+
token: string;
|
|
13
|
+
} | {
|
|
14
|
+
ok: false;
|
|
15
|
+
reason: 'slot-empty' | 'slot-unavailable' | 'slot-error';
|
|
16
|
+
detail: string;
|
|
17
|
+
};
|
|
18
|
+
/**
|
|
19
|
+
* `fallbackToken` first (so an offline-keyring write is preferred over a
|
|
20
|
+
* stale slot), then the keyring slot. Single-source for "is this record
|
|
21
|
+
* readable in the current environment" — `KeyringTokenStore.active()` and
|
|
22
|
+
* `migrateLegacyAuth`'s readability probe both call this.
|
|
23
|
+
*/
|
|
24
|
+
export declare function readAccessTokenForRecord<TAccount extends AuthAccount>(record: UserRecord<TAccount>, secureStore: SecureStore): Promise<ReadAccessTokenOutcome>;
|
|
25
|
+
//# sourceMappingURL=internal.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"internal.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/internal.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,EAAE,KAAK,WAAW,EAA+B,MAAM,mBAAmB,CAAA;AACjF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAE5C;;;;;GAKG;AACH,MAAM,MAAM,sBAAsB,GAC5B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC3B;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,YAAY,GAAG,kBAAkB,GAAG,YAAY,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAE7F;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAAC,QAAQ,SAAS,WAAW,EACvE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,WAAW,EAAE,WAAW,GACzB,OAAO,CAAC,sBAAsB,CAAC,CAmBjC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { getErrorMessage } from '../../errors.js';
|
|
2
|
+
import { SecureStoreUnavailableError } from './secure-store.js';
|
|
3
|
+
/**
|
|
4
|
+
* `fallbackToken` first (so an offline-keyring write is preferred over a
|
|
5
|
+
* stale slot), then the keyring slot. Single-source for "is this record
|
|
6
|
+
* readable in the current environment" — `KeyringTokenStore.active()` and
|
|
7
|
+
* `migrateLegacyAuth`'s readability probe both call this.
|
|
8
|
+
*/
|
|
9
|
+
export async function readAccessTokenForRecord(record, secureStore) {
|
|
10
|
+
const fallback = record.fallbackToken?.trim();
|
|
11
|
+
if (fallback)
|
|
12
|
+
return { ok: true, token: fallback };
|
|
13
|
+
try {
|
|
14
|
+
const raw = await secureStore.getSecret();
|
|
15
|
+
const trimmed = raw?.trim();
|
|
16
|
+
if (trimmed)
|
|
17
|
+
return { ok: true, token: trimmed };
|
|
18
|
+
return {
|
|
19
|
+
ok: false,
|
|
20
|
+
reason: 'slot-empty',
|
|
21
|
+
detail: 'keyring slot returned no credential',
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
catch (error) {
|
|
25
|
+
if (error instanceof SecureStoreUnavailableError) {
|
|
26
|
+
return { ok: false, reason: 'slot-unavailable', detail: error.message };
|
|
27
|
+
}
|
|
28
|
+
return { ok: false, reason: 'slot-error', detail: getErrorMessage(error) };
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=internal.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"internal.js","sourceRoot":"","sources":["../../../src/auth/keyring/internal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEjD,OAAO,EAAoB,2BAA2B,EAAE,MAAM,mBAAmB,CAAA;AAajF;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC1C,MAA4B,EAC5B,WAAwB;IAExB,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,EAAE,IAAI,EAAE,CAAA;IAC7C,IAAI,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAA;IAElD,IAAI,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAA;QACzC,MAAM,OAAO,GAAG,GAAG,EAAE,IAAI,EAAE,CAAA;QAC3B,IAAI,OAAO;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;QAChD,OAAO;YACH,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,qCAAqC;SAChD,CAAA;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,KAAK,YAAY,2BAA2B,EAAE,CAAC;YAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;QAC3E,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,CAAA;IAC9E,CAAC;AACL,CAAC"}
|
|
@@ -49,10 +49,11 @@ export type MigrateLegacyAuthOptions<TAccount extends AuthAccount> = {
|
|
|
49
49
|
logPrefix?: string;
|
|
50
50
|
};
|
|
51
51
|
/**
|
|
52
|
-
* Stable skip reasons.
|
|
53
|
-
* run with the keyring online would succeed); the others are
|
|
52
|
+
* Stable skip reasons. `*-keyring-unreachable` variants are retryable (a
|
|
53
|
+
* later run with the keyring online would succeed); the others are
|
|
54
|
+
* diagnostic.
|
|
54
55
|
*/
|
|
55
|
-
export type MigrateSkipReason = 'identify-failed' | 'legacy-keyring-unreachable' | 'user-record-write-failed' | 'marker-write-failed';
|
|
56
|
+
export type MigrateSkipReason = 'identify-failed' | 'legacy-keyring-unreachable' | 'user-keyring-unreachable' | 'user-record-write-failed' | 'marker-write-failed';
|
|
56
57
|
/**
|
|
57
58
|
* Discriminated by `status`. Narrowing on `status === 'skipped'` exposes
|
|
58
59
|
* the structured `reason` + free-form `detail`; `migrated` carries the
|
|
@@ -72,22 +73,23 @@ export type MigrateAuthResult<TAccount extends AuthAccount = AuthAccount> = {
|
|
|
72
73
|
};
|
|
73
74
|
/**
|
|
74
75
|
* One-time migration of a v1 single-user auth state into a v2 multi-user
|
|
75
|
-
* shape. Best-effort: any failure
|
|
76
|
-
*
|
|
77
|
-
* fallback can keep serving the legacy token until the next attempt.
|
|
76
|
+
* shape. Best-effort: any failure leaves v1 untouched so the runtime
|
|
77
|
+
* fallback keeps serving the legacy token until the next attempt.
|
|
78
78
|
*
|
|
79
|
-
* Order
|
|
79
|
+
* Order is deliberate so the migration is one-way AND safe under retry:
|
|
80
80
|
*
|
|
81
|
-
* 1. `hasMigrated()` short-circuits
|
|
82
|
-
* 2. Read the v1 token (legacy keyring
|
|
83
|
-
* 3. `identifyAccount(token)` resolves the v2 `account
|
|
84
|
-
* 4. `
|
|
85
|
-
*
|
|
86
|
-
*
|
|
87
|
-
*
|
|
88
|
-
*
|
|
89
|
-
*
|
|
90
|
-
*
|
|
81
|
+
* 1. `hasMigrated()` short-circuits when the marker is set.
|
|
82
|
+
* 2. Read the v1 token (legacy keyring first, then plaintext).
|
|
83
|
+
* 3. `identifyAccount(token)` resolves the v2 `account`.
|
|
84
|
+
* 4. **Phase 1** — `ensureV2Record` writes a fallback-bearing record (or
|
|
85
|
+
* no-ops when a v2 record already exists).
|
|
86
|
+
* 5. **Phase 2** — when Phase 1 wrote: move the token to the per-user
|
|
87
|
+
* keyring slot and upsert the clean record. When Phase 1 didn't:
|
|
88
|
+
* verify the existing record is readable before retiring legacy.
|
|
89
|
+
* 6. Best-effort `setDefaultId(account.id)`.
|
|
90
|
+
* 7. `markMigrated()` — the one-way gate. Failure here surfaces as
|
|
91
|
+
* `skipped(marker-write-failed)` so the caller retries.
|
|
92
|
+
* 8. Best-effort legacy cleanup runs concurrently.
|
|
91
93
|
*/
|
|
92
94
|
export declare function migrateLegacyAuth<TAccount extends AuthAccount>(options: MigrateLegacyAuthOptions<TAccount>): Promise<MigrateAuthResult<TAccount>>;
|
|
93
95
|
//# sourceMappingURL=migrate.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/migrate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/migrate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAS9C,OAAO,KAAK,EAAc,eAAe,EAAE,MAAM,YAAY,CAAA;AAE7D,MAAM,MAAM,wBAAwB,CAAC,QAAQ,SAAS,WAAW,IAAI;IACjE,WAAW,EAAE,MAAM,CAAA;IACnB,mEAAmE;IACnE,aAAa,EAAE,MAAM,CAAA;IACrB,gEAAgE;IAChE,WAAW,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACtC,yEAAyE;IACzE,cAAc,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,MAAM,CAAA;IACvC;;;;;;;OAOG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;IACnC;;;;;;OAMG;IACH,YAAY,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC;;;OAGG;IACH,wBAAwB,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IACtD;;;;OAIG;IACH,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;IACrD;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IACzC,2DAA2D;IAC3D,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GACvB,iBAAiB,GACjB,4BAA4B,GAC5B,0BAA0B,GAC1B,0BAA0B,GAC1B,qBAAqB,CAAA;AAU3B;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,QAAQ,SAAS,WAAW,GAAG,WAAW,IAClE;IAAE,MAAM,EAAE,kBAAkB,CAAA;CAAE,GAC9B;IAAE,MAAM,EAAE,iBAAiB,CAAA;CAAE,GAC7B;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,QAAQ,CAAA;CAAE,GACzC;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,iBAAiB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAOtE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,SAAS,WAAW,EAChE,OAAO,EAAE,wBAAwB,CAAC,QAAQ,CAAC,GAC5C,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CA4GtC"}
|
|
@@ -1,30 +1,33 @@
|
|
|
1
1
|
import { getErrorMessage } from '../../errors.js';
|
|
2
|
-
import {
|
|
2
|
+
import { readAccessTokenForRecord } from './internal.js';
|
|
3
|
+
import { buildSingleTokenRecord } from './record-write.js';
|
|
3
4
|
import { createSecureStore, DEFAULT_ACCOUNT_FOR_USER, SecureStoreUnavailableError, } from './secure-store.js';
|
|
4
5
|
const SKIP_REASON_MESSAGES = {
|
|
5
6
|
'identify-failed': 'could not identify user',
|
|
6
7
|
'legacy-keyring-unreachable': 'legacy credential is unreachable (keyring offline)',
|
|
8
|
+
'user-keyring-unreachable': 'per-user credential slot is unreachable (keyring offline)',
|
|
7
9
|
'user-record-write-failed': 'failed to update user records',
|
|
8
10
|
'marker-write-failed': 'failed to persist migration marker',
|
|
9
11
|
};
|
|
10
12
|
/**
|
|
11
13
|
* One-time migration of a v1 single-user auth state into a v2 multi-user
|
|
12
|
-
* shape. Best-effort: any failure
|
|
13
|
-
*
|
|
14
|
-
* fallback can keep serving the legacy token until the next attempt.
|
|
14
|
+
* shape. Best-effort: any failure leaves v1 untouched so the runtime
|
|
15
|
+
* fallback keeps serving the legacy token until the next attempt.
|
|
15
16
|
*
|
|
16
|
-
* Order
|
|
17
|
+
* Order is deliberate so the migration is one-way AND safe under retry:
|
|
17
18
|
*
|
|
18
|
-
* 1. `hasMigrated()` short-circuits
|
|
19
|
-
* 2. Read the v1 token (legacy keyring
|
|
20
|
-
* 3. `identifyAccount(token)` resolves the v2 `account
|
|
21
|
-
* 4. `
|
|
22
|
-
*
|
|
23
|
-
*
|
|
24
|
-
*
|
|
25
|
-
*
|
|
26
|
-
*
|
|
27
|
-
*
|
|
19
|
+
* 1. `hasMigrated()` short-circuits when the marker is set.
|
|
20
|
+
* 2. Read the v1 token (legacy keyring first, then plaintext).
|
|
21
|
+
* 3. `identifyAccount(token)` resolves the v2 `account`.
|
|
22
|
+
* 4. **Phase 1** — `ensureV2Record` writes a fallback-bearing record (or
|
|
23
|
+
* no-ops when a v2 record already exists).
|
|
24
|
+
* 5. **Phase 2** — when Phase 1 wrote: move the token to the per-user
|
|
25
|
+
* keyring slot and upsert the clean record. When Phase 1 didn't:
|
|
26
|
+
* verify the existing record is readable before retiring legacy.
|
|
27
|
+
* 6. Best-effort `setDefaultId(account.id)`.
|
|
28
|
+
* 7. `markMigrated()` — the one-way gate. Failure here surfaces as
|
|
29
|
+
* `skipped(marker-write-failed)` so the caller retries.
|
|
30
|
+
* 8. Best-effort legacy cleanup runs concurrently.
|
|
28
31
|
*/
|
|
29
32
|
export async function migrateLegacyAuth(options) {
|
|
30
33
|
const { serviceName, legacyAccount, userRecords, hasMigrated, markMigrated, loadLegacyPlaintextToken, identifyAccount, cleanupLegacyConfig, silent, } = options;
|
|
@@ -33,8 +36,6 @@ export async function migrateLegacyAuth(options) {
|
|
|
33
36
|
if (await hasMigrated()) {
|
|
34
37
|
return { status: 'already-migrated' };
|
|
35
38
|
}
|
|
36
|
-
// One legacy-keyring handle covers both the initial read and the
|
|
37
|
-
// post-success cleanup delete.
|
|
38
39
|
const legacyStore = createSecureStore({ serviceName, account: legacyAccount });
|
|
39
40
|
const legacyToken = await readLegacyToken(legacyStore, loadLegacyPlaintextToken);
|
|
40
41
|
if (legacyToken.kind === 'none')
|
|
@@ -49,28 +50,41 @@ export async function migrateLegacyAuth(options) {
|
|
|
49
50
|
catch (error) {
|
|
50
51
|
return skipped(silent, logPrefix, 'identify-failed', getErrorMessage(error));
|
|
51
52
|
}
|
|
52
|
-
|
|
53
|
-
// internally (writing to `fallbackToken` instead), so any error here is
|
|
54
|
-
// a non-keyring failure — typically a `userRecords.upsert` rejection.
|
|
53
|
+
let phase1;
|
|
55
54
|
try {
|
|
56
|
-
await
|
|
57
|
-
secureStore: createSecureStore({
|
|
58
|
-
serviceName,
|
|
59
|
-
account: accountForUser(account.id),
|
|
60
|
-
}),
|
|
61
|
-
userRecords,
|
|
62
|
-
account,
|
|
63
|
-
token: legacyToken.token,
|
|
64
|
-
});
|
|
55
|
+
phase1 = await ensureV2Record(userRecords, account, legacyToken.token);
|
|
65
56
|
}
|
|
66
57
|
catch (error) {
|
|
67
58
|
return skipped(silent, logPrefix, 'user-record-write-failed', getErrorMessage(error));
|
|
68
59
|
}
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
//
|
|
60
|
+
const userSlot = createSecureStore({
|
|
61
|
+
serviceName,
|
|
62
|
+
account: accountForUser(account.id),
|
|
63
|
+
});
|
|
64
|
+
// Run Phase 2 when EITHER Phase 1 just wrote the fallback record OR
|
|
65
|
+
// the existing record's fallback matches our legacy token — that's a
|
|
66
|
+
// prior-run Phase 1 we owe an upgrade. Other existing records are
|
|
67
|
+
// external state and get a readability check instead.
|
|
68
|
+
const isOurPriorPhase1 = !phase1.written && phase1.existing.fallbackToken?.trim() === legacyToken.token;
|
|
69
|
+
if (phase1.written || isOurPriorPhase1) {
|
|
70
|
+
const phase2Error = await runPhase2(userRecords, userSlot, account, legacyToken.token);
|
|
71
|
+
if (phase2Error) {
|
|
72
|
+
return skipped(silent, logPrefix, phase2Error.reason, phase2Error.detail);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
// External record — cleaning up legacy is safe only if it can be
|
|
77
|
+
// read in the current environment.
|
|
78
|
+
const outcome = await readAccessTokenForRecord(phase1.existing, userSlot);
|
|
79
|
+
if (!outcome.ok) {
|
|
80
|
+
const reason = outcome.reason === 'slot-unavailable'
|
|
81
|
+
? 'user-keyring-unreachable'
|
|
82
|
+
: 'user-record-write-failed';
|
|
83
|
+
return skipped(silent, logPrefix, reason, outcome.detail);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// Only promote when nothing is pinned — a retry must not overwrite a
|
|
87
|
+
// default the user chose between attempts.
|
|
74
88
|
try {
|
|
75
89
|
const existingDefault = await userRecords.getDefaultId();
|
|
76
90
|
if (!existingDefault) {
|
|
@@ -80,36 +94,84 @@ export async function migrateLegacyAuth(options) {
|
|
|
80
94
|
catch {
|
|
81
95
|
// best-effort
|
|
82
96
|
}
|
|
83
|
-
//
|
|
84
|
-
//
|
|
85
|
-
// `skipped` so the caller retries. Without this ordering, a later
|
|
86
|
-
// `logout` could let the next run re-migrate the stale v1 token.
|
|
97
|
+
// Marker BEFORE cleanup: the gate, not cleanup, is what prevents the
|
|
98
|
+
// next run from re-migrating after a later `logout`.
|
|
87
99
|
try {
|
|
88
100
|
await markMigrated();
|
|
89
101
|
}
|
|
90
102
|
catch (error) {
|
|
91
103
|
return skipped(silent, logPrefix, 'marker-write-failed', getErrorMessage(error));
|
|
92
104
|
}
|
|
93
|
-
//
|
|
94
|
-
//
|
|
95
|
-
//
|
|
96
|
-
// re-migration on the next run. The `Promise.resolve().then(...)`
|
|
97
|
-
// wrappers convert any *synchronous* throw from a consumer-supplied
|
|
98
|
-
// `cleanupLegacyConfig` (or an oddly-implemented `SecureStore`) into
|
|
99
|
-
// a rejected promise that `Promise.allSettled` can swallow.
|
|
105
|
+
// `Promise.resolve().then(...)` converts any *synchronous* throw from
|
|
106
|
+
// a consumer's `cleanupLegacyConfig` into a rejection that
|
|
107
|
+
// `allSettled` can swallow.
|
|
100
108
|
await Promise.allSettled([
|
|
101
109
|
Promise.resolve().then(() => legacyStore.deleteSecret()),
|
|
102
110
|
Promise.resolve().then(() => cleanupLegacyConfig?.()),
|
|
103
111
|
]);
|
|
104
112
|
if (!silent) {
|
|
105
|
-
//
|
|
106
|
-
// but consumers can legitimately use an email or other PII there.
|
|
107
|
-
// Callers that need richer telemetry can compose it from the
|
|
108
|
-
// returned `account`.
|
|
113
|
+
// Account id may carry PII (email, etc.) — keep it out of logs.
|
|
109
114
|
console.error(`${logPrefix}: migrated existing token to multi-user store.`);
|
|
110
115
|
}
|
|
111
116
|
return { status: 'migrated', account };
|
|
112
117
|
}
|
|
118
|
+
/**
|
|
119
|
+
* Phase 1. Writes a `fallbackToken`-bearing record so a crash before
|
|
120
|
+
* Phase 2 still leaves a working credential. Returns `{ written: true }`
|
|
121
|
+
* when this call wrote, or `{ written: false, existing }` when a v2
|
|
122
|
+
* record already existed — the existing record is returned so callers
|
|
123
|
+
* decide whether to upgrade it (Phase 2 retry) or treat it as external
|
|
124
|
+
* state, without paying a second `list()`.
|
|
125
|
+
*/
|
|
126
|
+
async function ensureV2Record(userRecords, account, legacyToken) {
|
|
127
|
+
const record = buildSingleTokenRecord(account, legacyToken);
|
|
128
|
+
if (userRecords.tryInsert) {
|
|
129
|
+
const wrote = await userRecords.tryInsert(record);
|
|
130
|
+
if (wrote)
|
|
131
|
+
return { written: true };
|
|
132
|
+
const existing = (await userRecords.list()).find((r) => r.account.id === account.id);
|
|
133
|
+
if (!existing) {
|
|
134
|
+
throw new Error('tryInsert returned false but no matching record was listed');
|
|
135
|
+
}
|
|
136
|
+
return { written: false, existing };
|
|
137
|
+
}
|
|
138
|
+
// Non-atomic path. Narrow time-of-check, time-of-use race between
|
|
139
|
+
// `list()` and `upsert()`; acceptable for one-time migration since
|
|
140
|
+
// concurrent runs would write the same shape.
|
|
141
|
+
const all = await userRecords.list();
|
|
142
|
+
const existing = all.find((r) => r.account.id === account.id);
|
|
143
|
+
if (existing)
|
|
144
|
+
return { written: false, existing };
|
|
145
|
+
await userRecords.upsert(record);
|
|
146
|
+
return { written: true };
|
|
147
|
+
}
|
|
148
|
+
/**
|
|
149
|
+
* Phase 2: move the legacy token into the per-user keyring slot and
|
|
150
|
+
* upsert a clean (no `fallbackToken`) record. Inlined rather than
|
|
151
|
+
* delegating to `writeRecordWithKeyringFallback` so the offline-keyring
|
|
152
|
+
* branch doesn't double-upsert the same fallback record Phase 1 just
|
|
153
|
+
* wrote. Returns `null` on success (including the silently-handled
|
|
154
|
+
* SecureStoreUnavailable case); a skip descriptor when a non-keyring
|
|
155
|
+
* failure leaves the marker unset for retry.
|
|
156
|
+
*/
|
|
157
|
+
async function runPhase2(userRecords, userSlot, account, legacyToken) {
|
|
158
|
+
try {
|
|
159
|
+
await userSlot.setSecret(legacyToken);
|
|
160
|
+
}
|
|
161
|
+
catch (error) {
|
|
162
|
+
if (error instanceof SecureStoreUnavailableError) {
|
|
163
|
+
return null; // Phase 1 fallback record continues to serve reads.
|
|
164
|
+
}
|
|
165
|
+
return { reason: 'user-record-write-failed', detail: getErrorMessage(error) };
|
|
166
|
+
}
|
|
167
|
+
try {
|
|
168
|
+
await userRecords.upsert(buildSingleTokenRecord(account));
|
|
169
|
+
}
|
|
170
|
+
catch (error) {
|
|
171
|
+
return { reason: 'user-record-write-failed', detail: getErrorMessage(error) };
|
|
172
|
+
}
|
|
173
|
+
return null;
|
|
174
|
+
}
|
|
113
175
|
async function readLegacyToken(legacyStore, loadLegacyPlaintextToken) {
|
|
114
176
|
let keyringUnavailable = false;
|
|
115
177
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"migrate.js","sourceRoot":"","sources":["../../../src/auth/keyring/migrate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEjD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"migrate.js","sourceRoot":"","sources":["../../../src/auth/keyring/migrate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEjD,OAAO,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAA;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EACH,iBAAiB,EACjB,wBAAwB,EAExB,2BAA2B,GAC9B,MAAM,mBAAmB,CAAA;AAgE1B,MAAM,oBAAoB,GAAsC;IAC5D,iBAAiB,EAAE,yBAAyB;IAC5C,4BAA4B,EAAE,oDAAoD;IAClF,0BAA0B,EAAE,2DAA2D;IACvF,0BAA0B,EAAE,+BAA+B;IAC3D,qBAAqB,EAAE,oCAAoC;CAC9D,CAAA;AAkBD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACnC,OAA2C;IAE3C,MAAM,EACF,WAAW,EACX,aAAa,EACb,WAAW,EACX,WAAW,EACX,YAAY,EACZ,wBAAwB,EACxB,eAAe,EACf,mBAAmB,EACnB,MAAM,GACT,GAAG,OAAO,CAAA;IACX,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,wBAAwB,CAAA;IACzE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,KAAK,CAAA;IAE5C,IAAI,MAAM,WAAW,EAAE,EAAE,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAA;IACzC,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAA;IAE9E,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,wBAAwB,CAAC,CAAA;IAChF,IAAI,WAAW,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAA;IACrE,IAAI,WAAW,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QAC7C,OAAO,OAAO,CACV,MAAM,EACN,SAAS,EACT,4BAA4B,EAC5B,kDAAkD,CACrD,CAAA;IACL,CAAC;IAED,IAAI,OAAiB,CAAA;IACrB,IAAI,CAAC;QACD,OAAO,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;IACtD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAA;IAChF,CAAC;IAED,IAAI,MAA8B,CAAA;IAClC,IAAI,CAAC;QACD,MAAM,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC,CAAA;IAC1E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,0BAA0B,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAA;IACzF,CAAC;IAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC;QAC/B,WAAW;QACX,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;KACtC,CAAC,CAAA;IAEF,oEAAoE;IACpE,qEAAqE;IACrE,kEAAkE;IAClE,sDAAsD;IACtD,MAAM,gBAAgB,GAClB,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,IAAI,EAAE,KAAK,WAAW,CAAC,KAAK,CAAA;IAClF,IAAI,MAAM,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC,CAAA;QACtF,IAAI,WAAW,EAAE,CAAC;YACd,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,CAAA;QAC7E,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,iEAAiE;QACjE,mCAAmC;QACnC,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACzE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YACd,MAAM,MAAM,GACR,OAAO,CAAC,MAAM,KAAK,kBAAkB;gBACjC,CAAC,CAAC,0BAA0B;gBAC5B,CAAC,CAAC,0BAA0B,CAAA;YACpC,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;QAC7D,CAAC;IACL,CAAC;IAED,qEAAqE;IACrE,2CAA2C;IAC3C,IAAI,CAAC;QACD,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;QACxD,IAAI,CAAC,eAAe,EAAE,CAAC;YACnB,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC9C,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACL,cAAc;IAClB,CAAC;IAED,qEAAqE;IACrE,qDAAqD;IACrD,IAAI,CAAC;QACD,MAAM,YAAY,EAAE,CAAA;IACxB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,qBAAqB,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,CAAA;IACpF,CAAC;IAED,sEAAsE;IACtE,2DAA2D;IAC3D,4BAA4B;IAC5B,MAAM,OAAO,CAAC,UAAU,CAAC;QACrB,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;QACxD,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,mBAAmB,EAAE,EAAE,CAAC;KACxD,CAAC,CAAA;IAEF,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,gEAAgE;QAChE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,gDAAgD,CAAC,CAAA;IAC/E,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,CAAA;AAC1C,CAAC;AAMD;;;;;;;GAOG;AACH,KAAK,UAAU,cAAc,CACzB,WAAsC,EACtC,OAAiB,EACjB,WAAmB;IAEnB,MAAM,MAAM,GAAG,sBAAsB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IAC3D,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;QACjD,IAAI,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QACnC,MAAM,QAAQ,GAAG,CAAC,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC,EAAE,CAAC,CAAA;QACpF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAA;QACjF,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAA;IACvC,CAAC;IACD,kEAAkE;IAClE,mEAAmE;IACnE,8CAA8C;IAC9C,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAA;IACpC,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC,EAAE,CAAC,CAAA;IAC7D,IAAI,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAA;IACjD,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAChC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC5B,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,SAAS,CACpB,WAAsC,EACtC,QAAqB,EACrB,OAAiB,EACjB,WAAmB;IAEnB,IAAI,CAAC;QACD,MAAM,QAAQ,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;IACzC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,KAAK,YAAY,2BAA2B,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAA,CAAC,oDAAoD;QACpE,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,0BAA0B,EAAE,MAAM,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,CAAA;IACjF,CAAC;IACD,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,MAAM,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAA;IAC7D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,0BAA0B,EAAE,MAAM,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,CAAA;IACjF,CAAC;IACD,OAAO,IAAI,CAAA;AACf,CAAC;AAED,KAAK,UAAU,eAAe,CAC1B,WAAwB,EACxB,wBAAsD;IAEtD,IAAI,kBAAkB,GAAG,KAAK,CAAA;IAC9B,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAA;QAC5C,IAAI,MAAM,EAAE,IAAI,EAAE;YAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,CAAA;IACtE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC;YAAE,MAAM,KAAK,CAAA;QAChE,kBAAkB,GAAG,IAAI,CAAA;IAC7B,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,wBAAwB,EAAE,CAAA;IAClD,IAAI,SAAS,EAAE,IAAI,EAAE;QAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,CAAA;IAExE,OAAO,kBAAkB,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;AAClF,CAAC;AAED;;;;;;GAMG;AACH,SAAS,OAAO,CACZ,MAA2B,EAC3B,SAAiB,EACjB,MAAyB,EACzB,MAAc;IAEd,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CACT,GAAG,SAAS,qCAAqC,oBAAoB,CAAC,MAAM,CAAC,GAAG,CACnF,CAAA;IACL,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;AAChD,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { AuthAccount, TokenBundle } from '../types.js';
|
|
2
2
|
import { type SecureStore } from './secure-store.js';
|
|
3
|
-
import type { UserRecordStore } from './types.js';
|
|
3
|
+
import type { UserRecord, UserRecordStore } from './types.js';
|
|
4
4
|
type WriteRecordOptions<TAccount extends AuthAccount> = {
|
|
5
5
|
/** Per-account keyring slot, already configured by the caller (e.g. via `createSecureStore`). */
|
|
6
6
|
secureStore: SecureStore;
|
|
@@ -72,5 +72,17 @@ export declare function writeRecordWithKeyringFallback<TAccount extends AuthAcco
|
|
|
72
72
|
* error there must not dirty up a successful credential write.
|
|
73
73
|
*/
|
|
74
74
|
export declare function writeBundleWithKeyringFallback<TAccount extends AuthAccount>(options: WriteBundleOptions<TAccount>): Promise<WriteBundleResult>;
|
|
75
|
+
/**
|
|
76
|
+
* Build a `UserRecord` for an access-only credential (no refresh state).
|
|
77
|
+
* Used by `migrateLegacyAuth`'s Phase 1 / Phase 2 record writes; both call
|
|
78
|
+
* sites then agree on the explicit `hasRefreshToken: false` that lets
|
|
79
|
+
* future bundle-aware readers skip the refresh-slot IPC.
|
|
80
|
+
*
|
|
81
|
+
* `writeBundleWithKeyringFallback` builds its own record shape inline
|
|
82
|
+
* because the bundle path also carries expiry fields; the structural
|
|
83
|
+
* overlap is the `hasRefreshToken: false` + optional `fallbackToken`
|
|
84
|
+
* pair, which is what this helper isolates.
|
|
85
|
+
*/
|
|
86
|
+
export declare function buildSingleTokenRecord<TAccount extends AuthAccount>(account: TAccount, fallbackToken?: string): UserRecord<TAccount>;
|
|
75
87
|
export {};
|
|
76
88
|
//# sourceMappingURL=record-write.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"record-write.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/record-write.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC3D,OAAO,EAAE,KAAK,WAAW,EAA+B,MAAM,mBAAmB,CAAA;AACjF,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"record-write.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/record-write.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC3D,OAAO,EAAE,KAAK,WAAW,EAA+B,MAAM,mBAAmB,CAAA;AACjF,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE7D,KAAK,kBAAkB,CAAC,QAAQ,SAAS,WAAW,IAAI;IACpD,iGAAiG;IACjG,WAAW,EAAE,WAAW,CAAA;IACxB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,WAAW,CAAA;IAC1B,WAAW,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACtC,OAAO,EAAE,QAAQ,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,iKAAiK;IACjK,cAAc,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,KAAK,kBAAkB,CAAC,QAAQ,SAAS,WAAW,IAAI;IACpD,6CAA6C;IAC7C,WAAW,EAAE,WAAW,CAAA;IACxB,8CAA8C;IAC9C,YAAY,EAAE,WAAW,CAAA;IACzB,WAAW,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACtC,OAAO,EAAE,QAAQ,CAAA;IACjB,MAAM,EAAE,WAAW,CAAA;CACtB,CAAA;AAED,KAAK,iBAAiB,GAAG;IACrB,2GAA2G;IAC3G,oBAAoB,EAAE,OAAO,CAAA;IAC7B;;;;OAIG;IACH,qBAAqB,EAAE,OAAO,GAAG,SAAS,CAAA;CAC7C,CAAA;AAED;;;;;;;;;GASG;AACH,wBAAsB,8BAA8B,CAAC,QAAQ,SAAS,WAAW,EAC7E,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,GACtC,OAAO,CAAC,iBAAiB,CAAC,CAe5B;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,8BAA8B,CAAC,QAAQ,SAAS,WAAW,EAC7E,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,GACtC,OAAO,CAAC,iBAAiB,CAAC,CAgF5B;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,SAAS,WAAW,EAC/D,OAAO,EAAE,QAAQ,EACjB,aAAa,CAAC,EAAE,MAAM,GACvB,UAAU,CAAC,QAAQ,CAAC,CAMtB"}
|
|
@@ -127,6 +127,24 @@ export async function writeBundleWithKeyringFallback(options) {
|
|
|
127
127
|
}
|
|
128
128
|
return { accessStoredSecurely, refreshStoredSecurely };
|
|
129
129
|
}
|
|
130
|
+
/**
|
|
131
|
+
* Build a `UserRecord` for an access-only credential (no refresh state).
|
|
132
|
+
* Used by `migrateLegacyAuth`'s Phase 1 / Phase 2 record writes; both call
|
|
133
|
+
* sites then agree on the explicit `hasRefreshToken: false` that lets
|
|
134
|
+
* future bundle-aware readers skip the refresh-slot IPC.
|
|
135
|
+
*
|
|
136
|
+
* `writeBundleWithKeyringFallback` builds its own record shape inline
|
|
137
|
+
* because the bundle path also carries expiry fields; the structural
|
|
138
|
+
* overlap is the `hasRefreshToken: false` + optional `fallbackToken`
|
|
139
|
+
* pair, which is what this helper isolates.
|
|
140
|
+
*/
|
|
141
|
+
export function buildSingleTokenRecord(account, fallbackToken) {
|
|
142
|
+
return {
|
|
143
|
+
account,
|
|
144
|
+
...(fallbackToken ? { fallbackToken } : {}),
|
|
145
|
+
hasRefreshToken: false,
|
|
146
|
+
};
|
|
147
|
+
}
|
|
130
148
|
const NOOP_SECURE_STORE = {
|
|
131
149
|
async getSecret() {
|
|
132
150
|
return null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"record-write.js","sourceRoot":"","sources":["../../../src/auth/keyring/record-write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAE1C,OAAO,EAAoB,2BAA2B,EAAE,MAAM,mBAAmB,CAAA;AA4CjF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAChD,OAAqC;IAErC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAE1E,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,8BAA8B,CAAC;QAClE,WAAW,EAAE,WAAW;QACxB,kEAAkE;QAClE,gEAAgE;QAChE,4BAA4B;QAC5B,YAAY,EAAE,YAAY,IAAI,iBAAiB;QAC/C,WAAW;QACX,OAAO;QACP,MAAM,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE;KACjC,CAAC,CAAA;IAEF,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,CAAA;AACnD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAChD,OAAqC;IAErC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAC3E,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAA;IAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;QACf,MAAM,IAAI,QAAQ,CACd,yBAAyB,EACzB,0DAA0D,CAC7D,CAAA;IACL,CAAC;IACD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,CAAA;IAEhD,IAAI,oBAAoB,GAAG,KAAK,CAAA;IAChC,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;QACxC,oBAAoB,GAAG,IAAI,CAAA;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC;YAAE,MAAM,KAAK,CAAA;IACpE,CAAC;IAED,IAAI,qBAA0C,CAAA;IAC9C,IAAI,YAAY,EAAE,CAAC;QACf,IAAI,CAAC;YACD,MAAM,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YAC1C,qBAAqB,GAAG,IAAI,CAAA;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,2BAA2B,EAAE,CAAC;gBAC/C,qBAAqB,GAAG,KAAK,CAAA;YACjC,CAAC;iBAAM,CAAC;gBACJ,IAAI,oBAAoB,EAAE,CAAC;oBACvB,IAAI,CAAC;wBACD,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;oBACpC,CAAC;oBAAC,MAAM,CAAC;wBACL,cAAc;oBAClB,CAAC;gBACL,CAAC;gBACD,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAyB;QACjC,OAAO;QACP,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;QAC/D,GAAG,CAAC,YAAY,IAAI,qBAAqB,KAAK,KAAK;YAC/C,CAAC,CAAC,EAAE,oBAAoB,EAAE,YAAY,EAAE;YACxC,CAAC,CAAC,EAAE,CAAC;QACT,GAAG,CAAC,MAAM,CAAC,oBAAoB,KAAK,SAAS;YACzC,CAAC,CAAC,EAAE,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;QACT,GAAG,CAAC,MAAM,CAAC,qBAAqB,KAAK,SAAS;YAC1C,CAAC,CAAC,EAAE,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE;YACzD,CAAC,CAAC,EAAE,CAAC;QACT,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC;KACzC,CAAA;IAED,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,SAAS,GAAuB,EAAE,CAAA;QACxC,IAAI,oBAAoB;YAAE,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAAA;QACpE,IAAI,qBAAqB,KAAK,IAAI;YAAE,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAA;QAC/E,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QACvC,CAAC;QACD,MAAM,KAAK,CAAA;IACf,CAAC;IAED,oEAAoE;IACpE,qEAAqE;IACrE,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC,YAAY,EAAE,CAAC;QAChB,IAAI,CAAC;YACD,MAAM,YAAY,CAAC,YAAY,EAAE,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACL,cAAc;QAClB,CAAC;IACL,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,CAAA;AAC1D,CAAC;AAED,MAAM,iBAAiB,GAAgB;IACnC,KAAK,CAAC,SAAS;QACX,OAAO,IAAI,CAAA;IACf,CAAC;IACD,KAAK,CAAC,SAAS;QACX,QAAQ;IACZ,CAAC;IACD,KAAK,CAAC,YAAY;QACd,OAAO,KAAK,CAAA;IAChB,CAAC;CACJ,CAAA"}
|
|
1
|
+
{"version":3,"file":"record-write.js","sourceRoot":"","sources":["../../../src/auth/keyring/record-write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAE1C,OAAO,EAAoB,2BAA2B,EAAE,MAAM,mBAAmB,CAAA;AA4CjF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAChD,OAAqC;IAErC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAE1E,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,8BAA8B,CAAC;QAClE,WAAW,EAAE,WAAW;QACxB,kEAAkE;QAClE,gEAAgE;QAChE,4BAA4B;QAC5B,YAAY,EAAE,YAAY,IAAI,iBAAiB;QAC/C,WAAW;QACX,OAAO;QACP,MAAM,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE;KACjC,CAAC,CAAA;IAEF,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,CAAA;AACnD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAChD,OAAqC;IAErC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAC3E,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAA;IAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;QACf,MAAM,IAAI,QAAQ,CACd,yBAAyB,EACzB,0DAA0D,CAC7D,CAAA;IACL,CAAC;IACD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,CAAA;IAEhD,IAAI,oBAAoB,GAAG,KAAK,CAAA;IAChC,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;QACxC,oBAAoB,GAAG,IAAI,CAAA;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,KAAK,YAAY,2BAA2B,CAAC;YAAE,MAAM,KAAK,CAAA;IACpE,CAAC;IAED,IAAI,qBAA0C,CAAA;IAC9C,IAAI,YAAY,EAAE,CAAC;QACf,IAAI,CAAC;YACD,MAAM,YAAY,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;YAC1C,qBAAqB,GAAG,IAAI,CAAA;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,KAAK,YAAY,2BAA2B,EAAE,CAAC;gBAC/C,qBAAqB,GAAG,KAAK,CAAA;YACjC,CAAC;iBAAM,CAAC;gBACJ,IAAI,oBAAoB,EAAE,CAAC;oBACvB,IAAI,CAAC;wBACD,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;oBACpC,CAAC;oBAAC,MAAM,CAAC;wBACL,cAAc;oBAClB,CAAC;gBACL,CAAC;gBACD,MAAM,KAAK,CAAA;YACf,CAAC;QACL,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAyB;QACjC,OAAO;QACP,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;QAC/D,GAAG,CAAC,YAAY,IAAI,qBAAqB,KAAK,KAAK;YAC/C,CAAC,CAAC,EAAE,oBAAoB,EAAE,YAAY,EAAE;YACxC,CAAC,CAAC,EAAE,CAAC;QACT,GAAG,CAAC,MAAM,CAAC,oBAAoB,KAAK,SAAS;YACzC,CAAC,CAAC,EAAE,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;QACT,GAAG,CAAC,MAAM,CAAC,qBAAqB,KAAK,SAAS;YAC1C,CAAC,CAAC,EAAE,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE;YACzD,CAAC,CAAC,EAAE,CAAC;QACT,eAAe,EAAE,OAAO,CAAC,YAAY,CAAC;KACzC,CAAA;IAED,IAAI,CAAC;QACD,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,SAAS,GAAuB,EAAE,CAAA;QACxC,IAAI,oBAAoB;YAAE,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAAA;QACpE,IAAI,qBAAqB,KAAK,IAAI;YAAE,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAA;QAC/E,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;QACvC,CAAC;QACD,MAAM,KAAK,CAAA;IACf,CAAC;IAED,oEAAoE;IACpE,qEAAqE;IACrE,uEAAuE;IACvE,mEAAmE;IACnE,IAAI,CAAC,YAAY,EAAE,CAAC;QAChB,IAAI,CAAC;YACD,MAAM,YAAY,CAAC,YAAY,EAAE,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACL,cAAc;QAClB,CAAC;IACL,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,CAAA;AAC1D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CAClC,OAAiB,EACjB,aAAsB;IAEtB,OAAO;QACH,OAAO;QACP,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,eAAe,EAAE,KAAK;KACzB,CAAA;AACL,CAAC;AAED,MAAM,iBAAiB,GAAgB;IACnC,KAAK,CAAC,SAAS;QACX,OAAO,IAAI,CAAA;IACf,CAAC;IACD,KAAK,CAAC,SAAS;QACX,QAAQ;IACZ,CAAC;IACD,KAAK,CAAC,YAAY;QACd,OAAO,KAAK,CAAA;IAChB,CAAC;CACJ,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/token-store.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAWnF,OAAO,KAAK,EAAE,kBAAkB,EAAc,eAAe,EAAE,MAAM,YAAY,CAAA;AAEjF,MAAM,MAAM,8BAA8B,CAAC,QAAQ,SAAS,WAAW,IAAI;IACvE,kFAAkF;IAClF,WAAW,EAAE,MAAM,CAAA;IACnB,oFAAoF;IACpF,WAAW,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACtC;;;;OAIG;IACH,eAAe,EAAE,MAAM,CAAA;IACvB;;;OAGG;IACH,cAAc,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,MAAM,CAAA;IACvC;;;;OAIG;IACH,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,KAAK,OAAO,CAAA;CACjE,CAAA;AAED,MAAM,MAAM,iBAAiB,CAAC,QAAQ,SAAS,WAAW,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG;IACjF;;;;OAIG;IACH,SAAS,CACL,OAAO,EAAE,QAAQ,EACjB,MAAM,EAAE,WAAW,EACnB,OAAO,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GACvC,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,+JAA+J;IAC/J,oBAAoB,IAAI,kBAAkB,GAAG,SAAS,CAAA;IACtD,oKAAoK;IACpK,kBAAkB,IAAI,kBAAkB,GAAG,SAAS,CAAA;CACvD,CAAA;AAOD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,SAAS,WAAW,EAChE,OAAO,EAAE,8BAA8B,CAAC,QAAQ,CAAC,GAClD,iBAAiB,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../../src/auth/keyring/token-store.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAWnF,OAAO,KAAK,EAAE,kBAAkB,EAAc,eAAe,EAAE,MAAM,YAAY,CAAA;AAEjF,MAAM,MAAM,8BAA8B,CAAC,QAAQ,SAAS,WAAW,IAAI;IACvE,kFAAkF;IAClF,WAAW,EAAE,MAAM,CAAA;IACnB,oFAAoF;IACpF,WAAW,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;IACtC;;;;OAIG;IACH,eAAe,EAAE,MAAM,CAAA;IACvB;;;OAGG;IACH,cAAc,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,MAAM,CAAA;IACvC;;;;OAIG;IACH,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,KAAK,OAAO,CAAA;CACjE,CAAA;AAED,MAAM,MAAM,iBAAiB,CAAC,QAAQ,SAAS,WAAW,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG;IACjF;;;;OAIG;IACH,SAAS,CACL,OAAO,EAAE,QAAQ,EACjB,MAAM,EAAE,WAAW,EACnB,OAAO,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GACvC,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,+JAA+J;IAC/J,oBAAoB,IAAI,kBAAkB,GAAG,SAAS,CAAA;IACtD,oKAAoK;IACpK,kBAAkB,IAAI,kBAAkB,GAAG,SAAS,CAAA;CACvD,CAAA;AAOD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,SAAS,WAAW,EAChE,OAAO,EAAE,8BAA8B,CAAC,QAAQ,CAAC,GAClD,iBAAiB,CAAC,QAAQ,CAAC,CAgR7B"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import { CliError
|
|
1
|
+
import { CliError } from '../../errors.js';
|
|
2
2
|
import { accountNotFoundError } from '../user-flag.js';
|
|
3
|
+
import { readAccessTokenForRecord } from './internal.js';
|
|
3
4
|
import { writeBundleWithKeyringFallback, writeRecordWithKeyringFallback } from './record-write.js';
|
|
4
|
-
import { createSecureStore, DEFAULT_ACCOUNT_FOR_USER, SECURE_STORE_DESCRIPTION,
|
|
5
|
+
import { createSecureStore, DEFAULT_ACCOUNT_FOR_USER, SECURE_STORE_DESCRIPTION, } from './secure-store.js';
|
|
5
6
|
import { refreshAccountSlot } from './slot-naming.js';
|
|
6
7
|
const DEFAULT_MATCH_ACCOUNT = (account, ref) => account.id === ref || account.label === ref;
|
|
7
8
|
/**
|
|
@@ -147,27 +148,16 @@ export function createKeyringTokenStore(options) {
|
|
|
147
148
|
// returns the pre-PR1 snapshot shape — a future bundle-aware
|
|
148
149
|
// read path lights up the refresh slot only when callers
|
|
149
150
|
// actually need it (silent refresh).
|
|
150
|
-
const
|
|
151
|
-
if (
|
|
152
|
-
return { token:
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
}
|
|
161
|
-
// Non-keyring backend failures wrap into the typed code too —
|
|
162
|
-
// a raw exception escaping `active()` would crash the CLI
|
|
163
|
-
// with no useful exit signal.
|
|
164
|
-
throw new CliError('AUTH_STORE_READ_FAILED', `Access-slot read failed (${getErrorMessage(error)})`);
|
|
165
|
-
}
|
|
166
|
-
const token = raw?.trim();
|
|
167
|
-
if (token)
|
|
168
|
-
return { token, account: record.account };
|
|
169
|
-
// Record exists, no `fallbackToken`, slot empty — corruption.
|
|
170
|
-
throw new CliError('AUTH_STORE_READ_FAILED', `${SECURE_STORE_DESCRIPTION} returned no credential for the stored account; the keyring entry may have been removed externally.`);
|
|
151
|
+
const outcome = await readAccessTokenForRecord(record, secureStoreFor(record.account));
|
|
152
|
+
if (outcome.ok)
|
|
153
|
+
return { token: outcome.token, account: record.account };
|
|
154
|
+
// Map structured outcomes to the typed error contract.
|
|
155
|
+
const message = outcome.reason === 'slot-empty'
|
|
156
|
+
? `${SECURE_STORE_DESCRIPTION} returned no credential for the stored account; the keyring entry may have been removed externally.`
|
|
157
|
+
: outcome.reason === 'slot-unavailable'
|
|
158
|
+
? `${SECURE_STORE_DESCRIPTION} unavailable; could not read stored token (${outcome.detail})`
|
|
159
|
+
: `Access-slot read failed (${outcome.detail})`;
|
|
160
|
+
throw new CliError('AUTH_STORE_READ_FAILED', message);
|
|
171
161
|
},
|
|
172
162
|
async set(account, token) {
|
|
173
163
|
// Reset the cached storage result up front so a caller that
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../../src/auth/keyring/token-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,
|
|
1
|
+
{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../../src/auth/keyring/token-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAE1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAA;AACtD,OAAO,EAAE,wBAAwB,EAAE,MAAM,eAAe,CAAA;AACxD,OAAO,EAAE,8BAA8B,EAAE,8BAA8B,EAAE,MAAM,mBAAmB,CAAA;AAClG,OAAO,EACH,iBAAiB,EACjB,wBAAwB,EACxB,wBAAwB,GAE3B,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AA4CrD,MAAM,qBAAqB,GAAG,CAC1B,OAAiB,EACjB,GAAe,EACR,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,GAAG,IAAI,OAAO,CAAC,KAAK,KAAK,GAAG,CAAA;AAEzD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,uBAAuB,CACnC,OAAiD;IAEjD,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,OAAO,CAAA;IAC7D,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,wBAAwB,CAAA;IACzE,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,qBAAqB,CAAA;IAElE,IAAI,iBAAiD,CAAA;IACrD,IAAI,eAA+C,CAAA;IAEnD,SAAS,cAAc,CAAC,OAAiB;QACrC,OAAO,iBAAiB,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;IAClF,CAAC;IAED,SAAS,qBAAqB,CAAC,OAAiB;QAC5C,OAAO,iBAAiB,CAAC;YACrB,WAAW;YACX,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;SAC1D,CAAC,CAAA;IACN,CAAC;IAID;;;;OAIG;IACH,KAAK,UAAU,gBAAgB;QAC3B,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC3C,WAAW,CAAC,IAAI,EAAE;YAClB,WAAW,CAAC,YAAY,EAAE;SAC7B,CAAC,CAAA;QACF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAA;IACjC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,SAAS,aAAa,CAClB,QAAkB,EAClB,GAA2B;QAE3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACpB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAA;YACtF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,QAAQ,CACd,qBAAqB,EACrB,mCAAmC,GAAG,kEAAkE,CAC3G,CAAA;YACL,CAAC;YACD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;QAC7B,CAAC;QACD,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,QAAQ,CAAC,SAAS,CAAC,CAAA;YAChF,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;QAC7B,CAAC;QACD,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;QAC7D,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAC9C,MAAM,IAAI,QAAQ,CACd,qBAAqB,EACrB,+GAA+G,CAClH,CAAA;IACL,CAAC;IAED,SAAS,cAAc,CAAC,MAAc;QAClC,OAAO;YACH,OAAO,EAAE,aAAa;YACtB,OAAO,EAAE,GAAG,wBAAwB,iBAAiB,MAAM,IAAI,eAAe,EAAE;SACnF,CAAA;IACL,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,mBAAmB,CACxB,YAAqB,EACrB,aAAkC;QAElC,MAAM,cAAc,GAAG,CAAC,YAAY,CAAA;QACpC,MAAM,eAAe,GAAG,aAAa,KAAK,KAAK,CAAA;QAC/C,IAAI,CAAC,cAAc,IAAI,CAAC,eAAe;YAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;QAC3E,MAAM,OAAO,GACT,cAAc,IAAI,eAAe;YAC7B,CAAC,CAAC,yBAAyB;YAC3B,CAAC,CAAC,cAAc;gBACd,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,eAAe,CAAA;QAC3B,OAAO,cAAc,CAAC,GAAG,OAAO,wBAAwB,CAAC,CAAA;IAC7D,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,sBAAsB,CAAC,SAAiB;QACnD,IAAI,CAAC;YACD,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;YACxD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACnB,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;YAC7C,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACL,cAAc;QAClB,CAAC;IACL,CAAC;IAED,OAAO;QACH,KAAK,CAAC,MAAM,CAAC,GAAG;YACZ,+DAA+D;YAC/D,gEAAgE;YAChE,+CAA+C;YAC/C,MAAM,QAAQ,GACV,GAAG,KAAK,SAAS;gBACb,CAAC,CAAC,MAAM,gBAAgB,EAAE;gBAC1B,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAA;YAChE,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAA;YAExB,8DAA8D;YAC9D,gEAAgE;YAChE,6DAA6D;YAC7D,yDAAyD;YACzD,qCAAqC;YACrC,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;YACtF,IAAI,OAAO,CAAC,EAAE;gBAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAA;YACxE,uDAAuD;YACvD,MAAM,OAAO,GACT,OAAO,CAAC,MAAM,KAAK,YAAY;gBAC3B,CAAC,CAAC,GAAG,wBAAwB,qGAAqG;gBAClI,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,kBAAkB;oBACrC,CAAC,CAAC,GAAG,wBAAwB,8CAA8C,OAAO,CAAC,MAAM,GAAG;oBAC5F,CAAC,CAAC,4BAA4B,OAAO,CAAC,MAAM,GAAG,CAAA;YACzD,MAAM,IAAI,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAA;QACzD,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK;YACpB,4DAA4D;YAC5D,+DAA+D;YAC/D,kDAAkD;YAClD,iBAAiB,GAAG,SAAS,CAAA;YAE7B,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,8BAA8B,CAAC;gBAC5D,WAAW,EAAE,cAAc,CAAC,OAAO,CAAC;gBACpC,YAAY,EAAE,qBAAqB,CAAC,OAAO,CAAC;gBAC5C,WAAW;gBACX,OAAO;gBACP,KAAK;aACR,CAAC,CAAA;YAEF,MAAM,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAExC,iBAAiB,GAAG,mBAAmB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAA;QACtE,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO;YACpC,iBAAiB,GAAG,SAAS,CAAA;YAE7B,MAAM,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,GACjD,MAAM,8BAA8B,CAAC;gBACjC,WAAW,EAAE,cAAc,CAAC,OAAO,CAAC;gBACpC,YAAY,EAAE,qBAAqB,CAAC,OAAO,CAAC;gBAC5C,WAAW;gBACX,OAAO;gBACP,MAAM;aACT,CAAC,CAAA;YAEN,4DAA4D;YAC5D,0DAA0D;YAC1D,IAAI,OAAO,EAAE,cAAc,EAAE,CAAC;gBAC1B,MAAM,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAC5C,CAAC;YAED,iBAAiB,GAAG,mBAAmB,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAA;QACxF,CAAC;QAED,KAAK,CAAC,KAAK,CAAC,GAAG;YACX,+DAA+D;YAC/D,+DAA+D;YAC/D,QAAQ;YACR,eAAe,GAAG,SAAS,CAAA;YAE3B,+DAA+D;YAC/D,8DAA8D;YAC9D,iCAAiC;YACjC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,EAAE,CAAA;YACzC,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC,MAAM;gBAAE,OAAM;YAEnB,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAE3C,6DAA6D;YAC7D,uDAAuD;YACvD,gEAAgE;YAChE,IAAI,QAAQ,CAAC,SAAS,KAAK,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;gBAC3C,IAAI,CAAC;oBACD,MAAM,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;gBACxC,CAAC;gBAAC,MAAM,CAAC;oBACL,cAAc;gBAClB,CAAC;YACL,CAAC;YAED,MAAM,aAAa,GAAG,cAAc,CAAC,6BAA6B,CAAC,CAAA;YAEnE,2DAA2D;YAC3D,+DAA+D;YAC/D,gEAAgE;YAChE,sDAAsD;YACtD,MAAM,CAAC,aAAa,EAAE,cAAc,CAAC,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC;gBAC7D,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE;gBAC7C,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE;aACvD,CAAC,CAAA;YACF,MAAM,QAAQ,GACV,aAAa,CAAC,MAAM,KAAK,UAAU;gBACnC,cAAc,CAAC,MAAM,KAAK,UAAU;gBACpC,MAAM,CAAC,aAAa,KAAK,SAAS;gBAClC,MAAM,CAAC,oBAAoB,KAAK,SAAS,CAAA;YAC7C,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;QAC5E,CAAC;QAED,KAAK,CAAC,IAAI;YACN,MAAM,QAAQ,GAAG,MAAM,gBAAgB,EAAE,CAAA;YACzC,gEAAgE;YAChE,iEAAiE;YACjE,gEAAgE;YAChE,6DAA6D;YAC7D,6DAA6D;YAC7D,mCAAmC;YACnC,IAAI,eAAe,GAAgC,IAAI,CAAA;YACvD,IAAI,CAAC;gBACD,eAAe,GAAG,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;YACxD,CAAC;YAAC,MAAM,CAAC;gBACL,4DAA4D;YAChE,CAAC;YACD,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBACrC,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,eAAe,EAAE,OAAO,CAAC,EAAE;aAC/D,CAAC,CAAC,CAAA;QACP,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,GAAG;YAChB,4DAA4D;YAC5D,MAAM,QAAQ,GAAa,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAA;YACjF,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;gBACV,MAAM,oBAAoB,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;YACD,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QACrD,CAAC;QAED,oBAAoB;YAChB,OAAO,iBAAiB,CAAA;QAC5B,CAAC;QAED,kBAAkB;YACd,OAAO,eAAe,CAAA;QAC1B,CAAC;KACJ,CAAA;AACL,CAAC"}
|