npm - @faable/faable - Versions diffs - 1.5.30 → 1.5.32 - Mend

@faable/faable 1.5.30 → 1.5.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/api/auth.js +10 -1
package/dist/commands/login/index.js +4 -7
package/package.json +1 -1

package/dist/api/auth.js CHANGED Viewed

@@ -13,5 +13,14 @@ async function getDeviceToken(device_code) {
     const res = await api.post(`/oauth/token`, { device_code, client_id: CLIENT_ID, grant_type: "urn:ietf:params:oauth:grant-type:device_code" });
     return res.data;
 }
+// Validate a device-flow access token against the Faable Auth server. The token
+// is issued by the auth server, so it must be introspected there — NOT against
+// the deploy API (api.faable.com), which has no /me route and would 404.
+async function getMe(access_token) {
+    const res = await api.get(`/me`, {
+        headers: { Authorization: `Bearer ${access_token}` },
+    });
+    return res.data;
+}
-export { getDeviceCode, getDeviceToken };
+export { getDeviceCode, getDeviceToken, getMe };

package/dist/commands/login/index.js CHANGED Viewed

@@ -1,7 +1,6 @@
 import { FaableApi } from '../../api/FaableApi.js';
-import { getDeviceCode, getDeviceToken } from '../../api/auth.js';
+import { getDeviceCode, getDeviceToken, getMe } from '../../api/auth.js';
 import { CredentialsStore } from '../../lib/CredentialsStore.js';
-import { bearer_strategy } from '../../api/strategies/bearer.strategy.js';
 import open from 'open';
 import ora from 'ora';
 import { log } from '../../log.js';
@@ -123,11 +122,9 @@ const login = {
                     const { access_token } = await getDeviceToken(device_code);
                     if (access_token) {
                         spinner.stop();
-                        const tempApi = FaableApi.create({
-                            auth: { token: access_token },
-                            authStrategy: bearer_strategy,
-                        });
-                        const me = await tempApi.getMe();
+                        // Validate the freshly issued token against the Auth server (it
+                        // issued the token). The deploy API has no /me route.
+                        const me = await getMe(access_token);
                         await store.saveCredentials({ token: access_token, email: me.email });
                         log.info(`✅ Successfully logged in as ${me.email}`);
                         return;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@faable/faable",
-  "version": "1.5.30",
+  "version": "1.5.32",
   "main": "dist/index.js",
   "license": "MIT",
   "author": "Marc Pomar <marc@faable.com>",