@gpc-cli/auth 0.1.2 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +7 -11
  2. package/dist/index.d.ts +10 -1
  3. package/dist/index.js +59 -18
  4. package/dist/index.js.map +1 -1
  5. package/package.json +1 -1
package/README.md CHANGED
@@ -11,11 +11,7 @@ npm install @gpc-cli/auth
11
11
  ## Usage
12
12
 
13
13
  ```typescript
14
- import {
15
- resolveAuth,
16
- createServiceAccountAuth,
17
- loadServiceAccountKey,
18
- } from "@gpc-cli/auth";
14
+ import { resolveAuth, createServiceAccountAuth, loadServiceAccountKey } from "@gpc-cli/auth";
19
15
 
20
16
  // Auto-resolve from config
21
17
  const auth = await resolveAuth({
@@ -33,12 +29,12 @@ const client = createApiClient({ auth });
33
29
 
34
30
  ## Auth Methods
35
31
 
36
- | Method | Best For | Config |
37
- |--------|----------|--------|
38
- | Service account | CI/CD, automation | `serviceAccount` path or JSON string |
39
- | OAuth 2.0 | Local development | Interactive login flow |
40
- | ADC | GCP-hosted runners | `GPC_USE_ADC=1` or `--adc` flag |
41
- | Env var | Docker, ephemeral | `GPC_SERVICE_ACCOUNT` env var |
32
+ | Method | Best For | Config |
33
+ | --------------- | ------------------ | ------------------------------------ |
34
+ | Service account | CI/CD, automation | `serviceAccount` path or JSON string |
35
+ | OAuth 2.0 | Local development | Interactive login flow |
36
+ | ADC | GCP-hosted runners | `GPC_USE_ADC=1` or `--adc` flag |
37
+ | Env var | Docker, ephemeral | `GPC_SERVICE_ACCOUNT` env var |
42
38
 
43
39
  ## API
44
40
 
package/dist/index.d.ts CHANGED
@@ -25,6 +25,15 @@ declare function loadServiceAccountKey(pathOrJson: string): Promise<ServiceAccou
25
25
  declare function createServiceAccountAuth(key: ServiceAccountKey, cachePath?: string): AuthClient;
26
26
 
27
27
  declare function clearTokenCache(cacheDir: string, email?: string): Promise<void>;
28
+ /**
29
+ * Acquire a token with mutex protection.
30
+ * If another caller is already refreshing for this email, waits for that result
31
+ * instead of starting a duplicate refresh.
32
+ */
33
+ declare function acquireToken(email: string, cacheDir: string | undefined, refresh: () => Promise<{
34
+ token: string;
35
+ expiresInSeconds: number;
36
+ }>): Promise<string>;
28
37
 
29
38
  declare class AuthError extends Error {
30
39
  readonly code: string;
@@ -41,4 +50,4 @@ declare class AuthError extends Error {
41
50
  };
42
51
  }
43
52
 
44
- export { type AuthClient, AuthError, type AuthOptions, type ServiceAccountKey, clearTokenCache, createServiceAccountAuth, loadServiceAccountKey, resolveAuth };
53
+ export { type AuthClient, AuthError, type AuthOptions, type ServiceAccountKey, acquireToken, clearTokenCache, createServiceAccountAuth, loadServiceAccountKey, resolveAuth };
package/dist/index.js CHANGED
@@ -33,6 +33,8 @@ import { dirname, join, isAbsolute } from "path";
33
33
  var CACHE_FILE = "token-cache.json";
34
34
  var SAFETY_MARGIN_MS = 5 * 60 * 1e3;
35
35
  var SAFE_CACHE_KEY = /^[a-zA-Z0-9._%+@-]+$/;
36
+ var memoryCache = /* @__PURE__ */ new Map();
37
+ var inflightRefresh = /* @__PURE__ */ new Map();
36
38
  function getCachePath(cacheDir) {
37
39
  if (!isAbsolute(cacheDir)) {
38
40
  throw new Error("Cache directory must be an absolute path");
@@ -65,37 +67,80 @@ async function writeCache(cacheDir, cache) {
65
67
  });
66
68
  await rename(tmpPath, cachePath);
67
69
  }
70
+ function isEntryValid(entry) {
71
+ return Date.now() < entry.expiresAt - SAFETY_MARGIN_MS;
72
+ }
68
73
  async function getCachedToken(cacheDir, email) {
69
74
  validateCacheKey(email);
75
+ const memEntry = memoryCache.get(email);
76
+ if (memEntry && isEntryValid(memEntry)) {
77
+ return memEntry.token;
78
+ }
70
79
  const cache = await readCache(cacheDir);
71
80
  const entry = cache[email];
72
81
  if (!entry) return null;
73
- if (Date.now() >= entry.expiresAt - SAFETY_MARGIN_MS) {
82
+ if (!isEntryValid(entry)) {
74
83
  return null;
75
84
  }
85
+ memoryCache.set(email, entry);
76
86
  return entry.token;
77
87
  }
78
88
  async function setCachedToken(cacheDir, email, token, expiresInSeconds) {
79
89
  validateCacheKey(email);
80
- const cache = await readCache(cacheDir);
81
- cache[email] = {
90
+ const entry = {
82
91
  token,
83
92
  expiresAt: Date.now() + expiresInSeconds * 1e3
84
93
  };
94
+ memoryCache.set(email, entry);
95
+ const cache = await readCache(cacheDir);
96
+ cache[email] = entry;
85
97
  await writeCache(cacheDir, cache);
86
98
  }
87
99
  async function clearTokenCache(cacheDir, email) {
88
100
  if (email) {
101
+ memoryCache.delete(email);
89
102
  const cache = await readCache(cacheDir);
90
- delete cache[email];
91
- await writeCache(cacheDir, cache);
103
+ const updated = Object.fromEntries(Object.entries(cache).filter(([key]) => key !== email));
104
+ await writeCache(cacheDir, updated);
92
105
  } else {
106
+ memoryCache.clear();
93
107
  try {
94
108
  await unlink(getCachePath(cacheDir));
95
109
  } catch {
96
110
  }
97
111
  }
98
112
  }
113
+ async function acquireToken(email, cacheDir, refresh) {
114
+ const memEntry = memoryCache.get(email);
115
+ if (memEntry && isEntryValid(memEntry)) {
116
+ return memEntry.token;
117
+ }
118
+ if (cacheDir) {
119
+ const cached = await getCachedToken(cacheDir, email);
120
+ if (cached) return cached;
121
+ }
122
+ const inflight = inflightRefresh.get(email);
123
+ if (inflight) return inflight;
124
+ const refreshPromise = (async () => {
125
+ const { token, expiresInSeconds } = await refresh();
126
+ const entry = {
127
+ token,
128
+ expiresAt: Date.now() + expiresInSeconds * 1e3
129
+ };
130
+ memoryCache.set(email, entry);
131
+ if (cacheDir) {
132
+ await setCachedToken(cacheDir, email, token, expiresInSeconds).catch(() => {
133
+ });
134
+ }
135
+ return token;
136
+ })();
137
+ inflightRefresh.set(email, refreshPromise);
138
+ try {
139
+ return await refreshPromise;
140
+ } finally {
141
+ inflightRefresh.delete(email);
142
+ }
143
+ }
99
144
 
100
145
  // src/service-account.ts
101
146
  var ANDROID_PUBLISHER_SCOPE = "https://www.googleapis.com/auth/androidpublisher";
@@ -170,21 +215,16 @@ function createServiceAccountAuth(key, cachePath) {
170
215
  });
171
216
  return {
172
217
  async getAccessToken() {
173
- if (cachePath) {
174
- const cached = await getCachedToken(cachePath, key.client_email);
175
- if (cached) return cached;
176
- }
177
218
  try {
178
- const { token } = await jwtClient.getAccessToken();
179
- if (!token) {
180
- throw new Error("Token response was empty.");
181
- }
182
- if (cachePath) {
183
- await setCachedToken(cachePath, key.client_email, token, TOKEN_EXPIRY_SECONDS).catch(() => {
184
- });
185
- }
186
- return token;
219
+ return await acquireToken(key.client_email, cachePath, async () => {
220
+ const { token } = await jwtClient.getAccessToken();
221
+ if (!token) {
222
+ throw new Error("Token response was empty.");
223
+ }
224
+ return { token, expiresInSeconds: TOKEN_EXPIRY_SECONDS };
225
+ });
187
226
  } catch (err) {
227
+ if (err instanceof AuthError) throw err;
188
228
  const rawMsg = err instanceof Error ? err.message : String(err);
189
229
  const safeMsg = rawMsg.length > 150 ? rawMsg.slice(0, 150) + "..." : rawMsg;
190
230
  throw new AuthError(
@@ -276,6 +316,7 @@ async function resolveAuth(options) {
276
316
  }
277
317
  export {
278
318
  AuthError,
319
+ acquireToken,
279
320
  clearTokenCache,
280
321
  createServiceAccountAuth,
281
322
  loadServiceAccountKey,
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/resolve.ts","../src/errors.ts","../src/service-account.ts","../src/token-cache.ts"],"sourcesContent":["import { GoogleAuth } from \"google-auth-library\";\nimport { AuthError } from \"./errors.js\";\nimport { createServiceAccountAuth, loadServiceAccountKey } from \"./service-account.js\";\nimport type { AuthClient, AuthOptions } from \"./types.js\";\n\nconst ANDROID_PUBLISHER_SCOPE =\n \"https://www.googleapis.com/auth/androidpublisher\";\n\nasync function tryApplicationDefaultCredentials(): Promise<AuthClient | null> {\n try {\n const auth = new GoogleAuth({\n scopes: [ANDROID_PUBLISHER_SCOPE],\n });\n\n const client = await auth.getClient();\n const projectId = await auth.getProjectId().catch(() => undefined);\n const email = (client as { email?: string }).email;\n\n return {\n async getAccessToken(): Promise<string> {\n const { token } = await client.getAccessToken();\n if (!token) {\n throw new AuthError(\n \"Application Default Credentials returned an empty token.\",\n \"AUTH_TOKEN_FAILED\",\n \"Verify your ADC configuration with: gcloud auth application-default print-access-token\",\n );\n }\n return token;\n },\n\n getProjectId(): string | undefined {\n return projectId ?? undefined;\n },\n\n getClientEmail(): string {\n return email ?? \"unknown\";\n },\n };\n } catch {\n return null;\n }\n}\n\nexport async function resolveAuth(\n options?: AuthOptions,\n): Promise<AuthClient> {\n // 1. Explicit options\n if (options?.serviceAccountJson) {\n const key = await loadServiceAccountKey(options.serviceAccountJson);\n return createServiceAccountAuth(key, options?.cachePath);\n }\n\n if (options?.serviceAccountPath) {\n const key = await loadServiceAccountKey(options.serviceAccountPath);\n return createServiceAccountAuth(key, options?.cachePath);\n }\n\n // 2. GPC_SERVICE_ACCOUNT environment variable\n const envValue = process.env[\"GPC_SERVICE_ACCOUNT\"];\n if (envValue) {\n const key = await loadServiceAccountKey(envValue);\n return createServiceAccountAuth(key, options?.cachePath);\n }\n\n // 3. GOOGLE_APPLICATION_CREDENTIALS environment variable\n const gacPath = process.env[\"GOOGLE_APPLICATION_CREDENTIALS\"];\n if (gacPath) {\n try {\n const key = await loadServiceAccountKey(gacPath);\n return createServiceAccountAuth(key, options?.cachePath);\n } catch {\n // Fall through to ADC which also reads GOOGLE_APPLICATION_CREDENTIALS\n }\n }\n\n // 4. Application Default Credentials\n const adcClient = await tryApplicationDefaultCredentials();\n if (adcClient) {\n return adcClient;\n }\n\n throw new AuthError(\n \"No credentials found. Could not authenticate with the Google Play Developer API.\",\n \"AUTH_NO_CREDENTIALS\",\n [\n \"Provide credentials using one of these methods:\",\n \" 1. Pass serviceAccountPath or serviceAccountJson in options\",\n \" 2. Set the GPC_SERVICE_ACCOUNT environment variable to a file path or raw JSON\",\n \" 3. Set GOOGLE_APPLICATION_CREDENTIALS to a service account key file\",\n \" 4. Configure Application Default Credentials: gcloud auth application-default login\",\n ].join(\"\\n\"),\n );\n}\n","export class AuthError extends Error {\n public readonly exitCode = 3;\n constructor(\n message: string,\n public readonly code: string,\n public readonly suggestion?: string,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n toJSON() {\n return {\n success: false,\n error: {\n code: this.code,\n message: this.message,\n suggestion: this.suggestion,\n },\n };\n }\n}\n","import { readFile } from \"node:fs/promises\";\nimport { resolve } from \"node:path\";\nimport { JWT } from \"google-auth-library\";\nimport { AuthError } from \"./errors.js\";\nimport { getCachedToken, setCachedToken } from \"./token-cache.js\";\nimport type { AuthClient, ServiceAccountKey } from \"./types.js\";\n\nconst ANDROID_PUBLISHER_SCOPE =\n \"https://www.googleapis.com/auth/androidpublisher\";\n\nconst REQUIRED_FIELDS: readonly (keyof ServiceAccountKey)[] = [\n \"type\",\n \"private_key\",\n \"client_email\",\n];\n\nfunction validateServiceAccountKey(\n data: unknown,\n): asserts data is ServiceAccountKey {\n if (typeof data !== \"object\" || data === null) {\n throw new AuthError(\n \"Service account key must be a JSON object.\",\n \"AUTH_INVALID_KEY\",\n \"Ensure the file contains valid JSON with the required service account fields.\",\n );\n }\n\n const record = data as Record<string, unknown>;\n\n for (const field of REQUIRED_FIELDS) {\n if (typeof record[field] !== \"string\" || record[field] === \"\") {\n throw new AuthError(\n `Service account key is missing required field: \"${field}\".`,\n \"AUTH_INVALID_KEY\",\n `Download a fresh service account key from the Google Cloud Console. The key must include: ${REQUIRED_FIELDS.join(\", \")}.`,\n );\n }\n }\n\n if (record[\"type\"] !== \"service_account\") {\n throw new AuthError(\n `Invalid key type \"${String(record[\"type\"])}\". Expected \"service_account\".`,\n \"AUTH_INVALID_KEY\",\n \"Ensure you are using a service account key, not an OAuth client or API key.\",\n );\n }\n}\n\nexport async function loadServiceAccountKey(\n pathOrJson: string,\n): Promise<ServiceAccountKey> {\n let raw: string;\n\n const trimmed = pathOrJson.trim();\n\n if (trimmed.startsWith(\"{\")) {\n raw = trimmed;\n } else {\n const absolutePath = resolve(trimmed);\n try {\n raw = await readFile(absolutePath, \"utf-8\");\n } catch (err) {\n const code =\n err instanceof Error && \"code\" in err && err.code === \"ENOENT\"\n ? \"AUTH_FILE_NOT_FOUND\"\n : \"AUTH_INVALID_KEY\";\n\n throw new AuthError(\n `Failed to read service account key file: ${absolutePath}`,\n code,\n code === \"AUTH_FILE_NOT_FOUND\"\n ? `File not found. Check that the path is correct: ${absolutePath}`\n : \"Ensure the file is readable and contains valid JSON.\",\n );\n }\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(raw);\n } catch {\n throw new AuthError(\n \"Failed to parse service account key as JSON.\",\n \"AUTH_INVALID_KEY\",\n \"Ensure the value is valid JSON. If passing a file path, check that the path points to a JSON file.\",\n );\n }\n\n validateServiceAccountKey(parsed);\n return parsed;\n}\n\nconst TOKEN_EXPIRY_SECONDS = 3600; // Google OAuth2 tokens expire in 1 hour\n\nexport function createServiceAccountAuth(key: ServiceAccountKey, cachePath?: string): AuthClient {\n const jwtClient = new JWT({\n email: key.client_email,\n key: key.private_key,\n scopes: [ANDROID_PUBLISHER_SCOPE],\n });\n\n return {\n async getAccessToken(): Promise<string> {\n // Check cache first\n if (cachePath) {\n const cached = await getCachedToken(cachePath, key.client_email);\n if (cached) return cached;\n }\n\n try {\n const { token } = await jwtClient.getAccessToken();\n if (!token) {\n throw new Error(\"Token response was empty.\");\n }\n\n // Cache the token\n if (cachePath) {\n await setCachedToken(cachePath, key.client_email, token, TOKEN_EXPIRY_SECONDS).catch(() => {});\n }\n\n return token;\n } catch (err) {\n const rawMsg = err instanceof Error ? err.message : String(err);\n const safeMsg = rawMsg.length > 150 ? rawMsg.slice(0, 150) + \"...\" : rawMsg;\n throw new AuthError(\n `Failed to obtain access token: ${safeMsg}`,\n \"AUTH_TOKEN_FAILED\",\n \"Verify that the service account key is valid and not expired. Check that the private key has not been revoked.\",\n );\n }\n },\n\n getProjectId(): string | undefined {\n return key.project_id || undefined;\n },\n\n getClientEmail(): string {\n return key.client_email;\n },\n };\n}\n","import { chmod, mkdir, readFile, writeFile, rename, unlink } from \"node:fs/promises\";\nimport { dirname, join, isAbsolute } from \"node:path\";\n\nexport interface TokenCacheEntry {\n token: string;\n expiresAt: number;\n}\n\nexport type TokenCache = Record<string, TokenCacheEntry>;\n\nconst CACHE_FILE = \"token-cache.json\";\nconst SAFETY_MARGIN_MS = 5 * 60 * 1000; // 5 minutes\n\n// Email must look like a service account email — no path separators or special chars\nconst SAFE_CACHE_KEY = /^[a-zA-Z0-9._%+@-]+$/;\n\nfunction getCachePath(cacheDir: string): string {\n if (!isAbsolute(cacheDir)) {\n throw new Error(\"Cache directory must be an absolute path\");\n }\n return join(cacheDir, CACHE_FILE);\n}\n\nfunction validateCacheKey(email: string): void {\n if (!SAFE_CACHE_KEY.test(email)) {\n throw new Error(\"Invalid cache key: must be a valid email address\");\n }\n}\n\nasync function readCache(cacheDir: string): Promise<TokenCache> {\n try {\n const content = await readFile(getCachePath(cacheDir), \"utf-8\");\n return JSON.parse(content) as TokenCache;\n } catch {\n return {};\n }\n}\n\nasync function writeCache(cacheDir: string, cache: TokenCache): Promise<void> {\n const cachePath = getCachePath(cacheDir);\n const tmpPath = cachePath + \".tmp\";\n\n const cacheParent = dirname(cachePath);\n await mkdir(cacheParent, { recursive: true });\n // Restrict cache directory to owner-only (0o700)\n await chmod(cacheParent, 0o700).catch(() => {});\n await writeFile(tmpPath, JSON.stringify(cache, null, 2) + \"\\n\", {\n encoding: \"utf-8\",\n mode: 0o600,\n });\n await rename(tmpPath, cachePath);\n}\n\nexport async function getCachedToken(\n cacheDir: string,\n email: string,\n): Promise<string | null> {\n validateCacheKey(email);\n const cache = await readCache(cacheDir);\n const entry = cache[email];\n\n if (!entry) return null;\n\n // Check expiry with safety margin\n if (Date.now() >= entry.expiresAt - SAFETY_MARGIN_MS) {\n return null;\n }\n\n return entry.token;\n}\n\nexport async function setCachedToken(\n cacheDir: string,\n email: string,\n token: string,\n expiresInSeconds: number,\n): Promise<void> {\n validateCacheKey(email);\n const cache = await readCache(cacheDir);\n cache[email] = {\n token,\n expiresAt: Date.now() + expiresInSeconds * 1000,\n };\n await writeCache(cacheDir, cache);\n}\n\nexport async function clearTokenCache(\n cacheDir: string,\n email?: string,\n): Promise<void> {\n if (email) {\n const cache = await readCache(cacheDir);\n delete cache[email];\n await writeCache(cacheDir, cache);\n } else {\n try {\n await unlink(getCachePath(cacheDir));\n } catch {\n // File doesn't exist — nothing to clear\n }\n }\n}\n"],"mappings":";AAAA,SAAS,kBAAkB;;;ACApB,IAAM,YAAN,cAAwB,MAAM;AAAA,EAEnC,YACE,SACgB,MACA,YAChB;AACA,UAAM,OAAO;AAHG;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EARgB,WAAW;AAAA,EAS3B,SAAS;AACP,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,QACL,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,YAAY,KAAK;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACF;;;ACpBA,SAAS,YAAAA,iBAAgB;AACzB,SAAS,eAAe;AACxB,SAAS,WAAW;;;ACFpB,SAAS,OAAO,OAAO,UAAU,WAAW,QAAQ,cAAc;AAClE,SAAS,SAAS,MAAM,kBAAkB;AAS1C,IAAM,aAAa;AACnB,IAAM,mBAAmB,IAAI,KAAK;AAGlC,IAAM,iBAAiB;AAEvB,SAAS,aAAa,UAA0B;AAC9C,MAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,SAAO,KAAK,UAAU,UAAU;AAClC;AAEA,SAAS,iBAAiB,OAAqB;AAC7C,MAAI,CAAC,eAAe,KAAK,KAAK,GAAG;AAC/B,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACpE;AACF;AAEA,eAAe,UAAU,UAAuC;AAC9D,MAAI;AACF,UAAM,UAAU,MAAM,SAAS,aAAa,QAAQ,GAAG,OAAO;AAC9D,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAe,WAAW,UAAkB,OAAkC;AAC5E,QAAM,YAAY,aAAa,QAAQ;AACvC,QAAM,UAAU,YAAY;AAE5B,QAAM,cAAc,QAAQ,SAAS;AACrC,QAAM,MAAM,aAAa,EAAE,WAAW,KAAK,CAAC;AAE5C,QAAM,MAAM,aAAa,GAAK,EAAE,MAAM,MAAM;AAAA,EAAC,CAAC;AAC9C,QAAM,UAAU,SAAS,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,MAAM;AAAA,IAC9D,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,SAAS,SAAS;AACjC;AAEA,eAAsB,eACpB,UACA,OACwB;AACxB,mBAAiB,KAAK;AACtB,QAAM,QAAQ,MAAM,UAAU,QAAQ;AACtC,QAAM,QAAQ,MAAM,KAAK;AAEzB,MAAI,CAAC,MAAO,QAAO;AAGnB,MAAI,KAAK,IAAI,KAAK,MAAM,YAAY,kBAAkB;AACpD,WAAO;AAAA,EACT;AAEA,SAAO,MAAM;AACf;AAEA,eAAsB,eACpB,UACA,OACA,OACA,kBACe;AACf,mBAAiB,KAAK;AACtB,QAAM,QAAQ,MAAM,UAAU,QAAQ;AACtC,QAAM,KAAK,IAAI;AAAA,IACb;AAAA,IACA,WAAW,KAAK,IAAI,IAAI,mBAAmB;AAAA,EAC7C;AACA,QAAM,WAAW,UAAU,KAAK;AAClC;AAEA,eAAsB,gBACpB,UACA,OACe;AACf,MAAI,OAAO;AACT,UAAM,QAAQ,MAAM,UAAU,QAAQ;AACtC,WAAO,MAAM,KAAK;AAClB,UAAM,WAAW,UAAU,KAAK;AAAA,EAClC,OAAO;AACL,QAAI;AACF,YAAM,OAAO,aAAa,QAAQ,CAAC;AAAA,IACrC,QAAQ;AAAA,IAER;AAAA,EACF;AACF;;;AD9FA,IAAM,0BACJ;AAEF,IAAM,kBAAwD;AAAA,EAC5D;AAAA,EACA;AAAA,EACA;AACF;AAEA,SAAS,0BACP,MACmC;AACnC,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS;AAEf,aAAW,SAAS,iBAAiB;AACnC,QAAI,OAAO,OAAO,KAAK,MAAM,YAAY,OAAO,KAAK,MAAM,IAAI;AAC7D,YAAM,IAAI;AAAA,QACR,mDAAmD,KAAK;AAAA,QACxD;AAAA,QACA,6FAA6F,gBAAgB,KAAK,IAAI,CAAC;AAAA,MACzH;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,MAAM,MAAM,mBAAmB;AACxC,UAAM,IAAI;AAAA,MACR,qBAAqB,OAAO,OAAO,MAAM,CAAC,CAAC;AAAA,MAC3C;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,sBACpB,YAC4B;AAC5B,MAAI;AAEJ,QAAM,UAAU,WAAW,KAAK;AAEhC,MAAI,QAAQ,WAAW,GAAG,GAAG;AAC3B,UAAM;AAAA,EACR,OAAO;AACL,UAAM,eAAe,QAAQ,OAAO;AACpC,QAAI;AACF,YAAM,MAAMC,UAAS,cAAc,OAAO;AAAA,IAC5C,SAAS,KAAK;AACZ,YAAM,OACJ,eAAe,SAAS,UAAU,OAAO,IAAI,SAAS,WAClD,wBACA;AAEN,YAAM,IAAI;AAAA,QACR,4CAA4C,YAAY;AAAA,QACxD;AAAA,QACA,SAAS,wBACL,mDAAmD,YAAY,KAC/D;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,GAAG;AAAA,EACzB,QAAQ;AACN,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,4BAA0B,MAAM;AAChC,SAAO;AACT;AAEA,IAAM,uBAAuB;AAEtB,SAAS,yBAAyB,KAAwB,WAAgC;AAC/F,QAAM,YAAY,IAAI,IAAI;AAAA,IACxB,OAAO,IAAI;AAAA,IACX,KAAK,IAAI;AAAA,IACT,QAAQ,CAAC,uBAAuB;AAAA,EAClC,CAAC;AAED,SAAO;AAAA,IACL,MAAM,iBAAkC;AAEtC,UAAI,WAAW;AACb,cAAM,SAAS,MAAM,eAAe,WAAW,IAAI,YAAY;AAC/D,YAAI,OAAQ,QAAO;AAAA,MACrB;AAEA,UAAI;AACF,cAAM,EAAE,MAAM,IAAI,MAAM,UAAU,eAAe;AACjD,YAAI,CAAC,OAAO;AACV,gBAAM,IAAI,MAAM,2BAA2B;AAAA,QAC7C;AAGA,YAAI,WAAW;AACb,gBAAM,eAAe,WAAW,IAAI,cAAc,OAAO,oBAAoB,EAAE,MAAM,MAAM;AAAA,UAAC,CAAC;AAAA,QAC/F;AAEA,eAAO;AAAA,MACT,SAAS,KAAK;AACZ,cAAM,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC9D,cAAM,UAAU,OAAO,SAAS,MAAM,OAAO,MAAM,GAAG,GAAG,IAAI,QAAQ;AACrE,cAAM,IAAI;AAAA,UACR,kCAAkC,OAAO;AAAA,UACzC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IAEA,eAAmC;AACjC,aAAO,IAAI,cAAc;AAAA,IAC3B;AAAA,IAEA,iBAAyB;AACvB,aAAO,IAAI;AAAA,IACb;AAAA,EACF;AACF;;;AFvIA,IAAMC,2BACJ;AAEF,eAAe,mCAA+D;AAC5E,MAAI;AACF,UAAM,OAAO,IAAI,WAAW;AAAA,MAC1B,QAAQ,CAACA,wBAAuB;AAAA,IAClC,CAAC;AAED,UAAM,SAAS,MAAM,KAAK,UAAU;AACpC,UAAM,YAAY,MAAM,KAAK,aAAa,EAAE,MAAM,MAAM,MAAS;AACjE,UAAM,QAAS,OAA8B;AAE7C,WAAO;AAAA,MACL,MAAM,iBAAkC;AACtC,cAAM,EAAE,MAAM,IAAI,MAAM,OAAO,eAAe;AAC9C,YAAI,CAAC,OAAO;AACV,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT;AAAA,MAEA,eAAmC;AACjC,eAAO,aAAa;AAAA,MACtB;AAAA,MAEA,iBAAyB;AACvB,eAAO,SAAS;AAAA,MAClB;AAAA,IACF;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,YACpB,SACqB;AAErB,MAAI,SAAS,oBAAoB;AAC/B,UAAM,MAAM,MAAM,sBAAsB,QAAQ,kBAAkB;AAClE,WAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,EACzD;AAEA,MAAI,SAAS,oBAAoB;AAC/B,UAAM,MAAM,MAAM,sBAAsB,QAAQ,kBAAkB;AAClE,WAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,EACzD;AAGA,QAAM,WAAW,QAAQ,IAAI,qBAAqB;AAClD,MAAI,UAAU;AACZ,UAAM,MAAM,MAAM,sBAAsB,QAAQ;AAChD,WAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,EACzD;AAGA,QAAM,UAAU,QAAQ,IAAI,gCAAgC;AAC5D,MAAI,SAAS;AACX,QAAI;AACF,YAAM,MAAM,MAAM,sBAAsB,OAAO;AAC/C,aAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,IACzD,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,QAAM,YAAY,MAAM,iCAAiC;AACzD,MAAI,WAAW;AACb,WAAO;AAAA,EACT;AAEA,QAAM,IAAI;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,EAAE,KAAK,IAAI;AAAA,EACb;AACF;","names":["readFile","readFile","ANDROID_PUBLISHER_SCOPE"]}
1
+ {"version":3,"sources":["../src/resolve.ts","../src/errors.ts","../src/service-account.ts","../src/token-cache.ts"],"sourcesContent":["import { GoogleAuth } from \"google-auth-library\";\nimport { AuthError } from \"./errors.js\";\nimport { createServiceAccountAuth, loadServiceAccountKey } from \"./service-account.js\";\nimport type { AuthClient, AuthOptions } from \"./types.js\";\n\nconst ANDROID_PUBLISHER_SCOPE = \"https://www.googleapis.com/auth/androidpublisher\";\n\nasync function tryApplicationDefaultCredentials(): Promise<AuthClient | null> {\n try {\n const auth = new GoogleAuth({\n scopes: [ANDROID_PUBLISHER_SCOPE],\n });\n\n const client = await auth.getClient();\n const projectId = await auth.getProjectId().catch(() => undefined);\n const email = (client as { email?: string }).email;\n\n return {\n async getAccessToken(): Promise<string> {\n const { token } = await client.getAccessToken();\n if (!token) {\n throw new AuthError(\n \"Application Default Credentials returned an empty token.\",\n \"AUTH_TOKEN_FAILED\",\n \"Verify your ADC configuration with: gcloud auth application-default print-access-token\",\n );\n }\n return token;\n },\n\n getProjectId(): string | undefined {\n return projectId ?? undefined;\n },\n\n getClientEmail(): string {\n return email ?? \"unknown\";\n },\n };\n } catch {\n return null;\n }\n}\n\nexport async function resolveAuth(options?: AuthOptions): Promise<AuthClient> {\n // 1. Explicit options\n if (options?.serviceAccountJson) {\n const key = await loadServiceAccountKey(options.serviceAccountJson);\n return createServiceAccountAuth(key, options?.cachePath);\n }\n\n if (options?.serviceAccountPath) {\n const key = await loadServiceAccountKey(options.serviceAccountPath);\n return createServiceAccountAuth(key, options?.cachePath);\n }\n\n // 2. GPC_SERVICE_ACCOUNT environment variable\n const envValue = process.env[\"GPC_SERVICE_ACCOUNT\"];\n if (envValue) {\n const key = await loadServiceAccountKey(envValue);\n return createServiceAccountAuth(key, options?.cachePath);\n }\n\n // 3. GOOGLE_APPLICATION_CREDENTIALS environment variable\n const gacPath = process.env[\"GOOGLE_APPLICATION_CREDENTIALS\"];\n if (gacPath) {\n try {\n const key = await loadServiceAccountKey(gacPath);\n return createServiceAccountAuth(key, options?.cachePath);\n } catch {\n // Fall through to ADC which also reads GOOGLE_APPLICATION_CREDENTIALS\n }\n }\n\n // 4. Application Default Credentials\n const adcClient = await tryApplicationDefaultCredentials();\n if (adcClient) {\n return adcClient;\n }\n\n throw new AuthError(\n \"No credentials found. Could not authenticate with the Google Play Developer API.\",\n \"AUTH_NO_CREDENTIALS\",\n [\n \"Provide credentials using one of these methods:\",\n \" 1. Pass serviceAccountPath or serviceAccountJson in options\",\n \" 2. Set the GPC_SERVICE_ACCOUNT environment variable to a file path or raw JSON\",\n \" 3. Set GOOGLE_APPLICATION_CREDENTIALS to a service account key file\",\n \" 4. Configure Application Default Credentials: gcloud auth application-default login\",\n ].join(\"\\n\"),\n );\n}\n","export class AuthError extends Error {\n public readonly exitCode = 3;\n constructor(\n message: string,\n public readonly code: string,\n public readonly suggestion?: string,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n toJSON() {\n return {\n success: false,\n error: {\n code: this.code,\n message: this.message,\n suggestion: this.suggestion,\n },\n };\n }\n}\n","import { readFile } from \"node:fs/promises\";\nimport { resolve } from \"node:path\";\nimport { JWT } from \"google-auth-library\";\nimport { AuthError } from \"./errors.js\";\nimport { acquireToken } from \"./token-cache.js\";\nimport type { AuthClient, ServiceAccountKey } from \"./types.js\";\n\nconst ANDROID_PUBLISHER_SCOPE = \"https://www.googleapis.com/auth/androidpublisher\";\n\nconst REQUIRED_FIELDS: readonly (keyof ServiceAccountKey)[] = [\n \"type\",\n \"private_key\",\n \"client_email\",\n];\n\nfunction validateServiceAccountKey(data: unknown): asserts data is ServiceAccountKey {\n if (typeof data !== \"object\" || data === null) {\n throw new AuthError(\n \"Service account key must be a JSON object.\",\n \"AUTH_INVALID_KEY\",\n \"Ensure the file contains valid JSON with the required service account fields.\",\n );\n }\n\n const record = data as Record<string, unknown>;\n\n for (const field of REQUIRED_FIELDS) {\n if (typeof record[field] !== \"string\" || record[field] === \"\") {\n throw new AuthError(\n `Service account key is missing required field: \"${field}\".`,\n \"AUTH_INVALID_KEY\",\n `Download a fresh service account key from the Google Cloud Console. The key must include: ${REQUIRED_FIELDS.join(\", \")}.`,\n );\n }\n }\n\n if (record[\"type\"] !== \"service_account\") {\n throw new AuthError(\n `Invalid key type \"${String(record[\"type\"])}\". Expected \"service_account\".`,\n \"AUTH_INVALID_KEY\",\n \"Ensure you are using a service account key, not an OAuth client or API key.\",\n );\n }\n}\n\nexport async function loadServiceAccountKey(pathOrJson: string): Promise<ServiceAccountKey> {\n let raw: string;\n\n const trimmed = pathOrJson.trim();\n\n if (trimmed.startsWith(\"{\")) {\n raw = trimmed;\n } else {\n const absolutePath = resolve(trimmed);\n try {\n raw = await readFile(absolutePath, \"utf-8\");\n } catch (err) {\n const code =\n err instanceof Error && \"code\" in err && err.code === \"ENOENT\"\n ? \"AUTH_FILE_NOT_FOUND\"\n : \"AUTH_INVALID_KEY\";\n\n throw new AuthError(\n `Failed to read service account key file: ${absolutePath}`,\n code,\n code === \"AUTH_FILE_NOT_FOUND\"\n ? `File not found. Check that the path is correct: ${absolutePath}`\n : \"Ensure the file is readable and contains valid JSON.\",\n );\n }\n }\n\n let parsed: unknown;\n try {\n parsed = JSON.parse(raw);\n } catch {\n throw new AuthError(\n \"Failed to parse service account key as JSON.\",\n \"AUTH_INVALID_KEY\",\n \"Ensure the value is valid JSON. If passing a file path, check that the path points to a JSON file.\",\n );\n }\n\n validateServiceAccountKey(parsed);\n return parsed;\n}\n\nconst TOKEN_EXPIRY_SECONDS = 3600; // Google OAuth2 tokens expire in 1 hour\n\nexport function createServiceAccountAuth(key: ServiceAccountKey, cachePath?: string): AuthClient {\n const jwtClient = new JWT({\n email: key.client_email,\n key: key.private_key,\n scopes: [ANDROID_PUBLISHER_SCOPE],\n });\n\n return {\n async getAccessToken(): Promise<string> {\n try {\n return await acquireToken(key.client_email, cachePath, async () => {\n const { token } = await jwtClient.getAccessToken();\n if (!token) {\n throw new Error(\"Token response was empty.\");\n }\n return { token, expiresInSeconds: TOKEN_EXPIRY_SECONDS };\n });\n } catch (err) {\n if (err instanceof AuthError) throw err;\n const rawMsg = err instanceof Error ? err.message : String(err);\n const safeMsg = rawMsg.length > 150 ? rawMsg.slice(0, 150) + \"...\" : rawMsg;\n throw new AuthError(\n `Failed to obtain access token: ${safeMsg}`,\n \"AUTH_TOKEN_FAILED\",\n \"Verify that the service account key is valid and not expired. Check that the private key has not been revoked.\",\n );\n }\n },\n\n getProjectId(): string | undefined {\n return key.project_id || undefined;\n },\n\n getClientEmail(): string {\n return key.client_email;\n },\n };\n}\n","import { chmod, mkdir, readFile, writeFile, rename, unlink } from \"node:fs/promises\";\nimport { dirname, join, isAbsolute } from \"node:path\";\n\nexport interface TokenCacheEntry {\n token: string;\n expiresAt: number;\n}\n\nexport type TokenCache = Record<string, TokenCacheEntry>;\n\nconst CACHE_FILE = \"token-cache.json\";\nconst SAFETY_MARGIN_MS = 5 * 60 * 1000; // 5 minutes\n\n// Email must look like a service account email — no path separators or special chars\nconst SAFE_CACHE_KEY = /^[a-zA-Z0-9._%+@-]+$/;\n\n// In-memory cache layer — avoids filesystem I/O on every token request\nconst memoryCache = new Map<string, TokenCacheEntry>();\n\n// Mutex: one in-flight token refresh per email, deduplicates concurrent callers\nconst inflightRefresh = new Map<string, Promise<string>>();\n\nfunction getCachePath(cacheDir: string): string {\n if (!isAbsolute(cacheDir)) {\n throw new Error(\"Cache directory must be an absolute path\");\n }\n return join(cacheDir, CACHE_FILE);\n}\n\nfunction validateCacheKey(email: string): void {\n if (!SAFE_CACHE_KEY.test(email)) {\n throw new Error(\"Invalid cache key: must be a valid email address\");\n }\n}\n\nasync function readCache(cacheDir: string): Promise<TokenCache> {\n try {\n const content = await readFile(getCachePath(cacheDir), \"utf-8\");\n return JSON.parse(content) as TokenCache;\n } catch {\n return {};\n }\n}\n\nasync function writeCache(cacheDir: string, cache: TokenCache): Promise<void> {\n const cachePath = getCachePath(cacheDir);\n const tmpPath = cachePath + \".tmp\";\n\n const cacheParent = dirname(cachePath);\n await mkdir(cacheParent, { recursive: true });\n // Restrict cache directory to owner-only (0o700)\n await chmod(cacheParent, 0o700).catch(() => {});\n await writeFile(tmpPath, JSON.stringify(cache, null, 2) + \"\\n\", {\n encoding: \"utf-8\",\n mode: 0o600,\n });\n await rename(tmpPath, cachePath);\n}\n\nfunction isEntryValid(entry: TokenCacheEntry): boolean {\n return Date.now() < entry.expiresAt - SAFETY_MARGIN_MS;\n}\n\nexport async function getCachedToken(cacheDir: string, email: string): Promise<string | null> {\n validateCacheKey(email);\n\n // Check in-memory cache first — no I/O\n const memEntry = memoryCache.get(email);\n if (memEntry && isEntryValid(memEntry)) {\n return memEntry.token;\n }\n\n // Fall back to filesystem cache\n const cache = await readCache(cacheDir);\n const entry = cache[email];\n\n if (!entry) return null;\n\n if (!isEntryValid(entry)) {\n return null;\n }\n\n // Populate in-memory cache from disk\n memoryCache.set(email, entry);\n return entry.token;\n}\n\nexport async function setCachedToken(\n cacheDir: string,\n email: string,\n token: string,\n expiresInSeconds: number,\n): Promise<void> {\n validateCacheKey(email);\n const entry: TokenCacheEntry = {\n token,\n expiresAt: Date.now() + expiresInSeconds * 1000,\n };\n\n // Update in-memory cache immediately\n memoryCache.set(email, entry);\n\n // Persist to disk\n const cache = await readCache(cacheDir);\n cache[email] = entry;\n await writeCache(cacheDir, cache);\n}\n\nexport async function clearTokenCache(cacheDir: string, email?: string): Promise<void> {\n if (email) {\n memoryCache.delete(email);\n const cache = await readCache(cacheDir);\n const updated = Object.fromEntries(Object.entries(cache).filter(([key]) => key !== email));\n await writeCache(cacheDir, updated);\n } else {\n memoryCache.clear();\n try {\n await unlink(getCachePath(cacheDir));\n } catch {\n // File doesn't exist — nothing to clear\n }\n }\n}\n\n/**\n * Acquire a token with mutex protection.\n * If another caller is already refreshing for this email, waits for that result\n * instead of starting a duplicate refresh.\n */\nexport async function acquireToken(\n email: string,\n cacheDir: string | undefined,\n refresh: () => Promise<{ token: string; expiresInSeconds: number }>,\n): Promise<string> {\n // Fast path: in-memory hit\n const memEntry = memoryCache.get(email);\n if (memEntry && isEntryValid(memEntry)) {\n return memEntry.token;\n }\n\n // Disk cache check (only if cacheDir provided)\n if (cacheDir) {\n const cached = await getCachedToken(cacheDir, email);\n if (cached) return cached;\n }\n\n // Deduplicate concurrent refreshes for the same email\n const inflight = inflightRefresh.get(email);\n if (inflight) return inflight;\n\n const refreshPromise = (async () => {\n const { token, expiresInSeconds } = await refresh();\n\n // Update both memory and disk caches\n const entry: TokenCacheEntry = {\n token,\n expiresAt: Date.now() + expiresInSeconds * 1000,\n };\n memoryCache.set(email, entry);\n\n if (cacheDir) {\n await setCachedToken(cacheDir, email, token, expiresInSeconds).catch(() => {});\n }\n\n return token;\n })();\n\n inflightRefresh.set(email, refreshPromise);\n\n try {\n return await refreshPromise;\n } finally {\n inflightRefresh.delete(email);\n }\n}\n\n/** Reset in-memory state. Exported for testing only. */\nexport function _resetMemoryCache(): void {\n memoryCache.clear();\n inflightRefresh.clear();\n}\n"],"mappings":";AAAA,SAAS,kBAAkB;;;ACApB,IAAM,YAAN,cAAwB,MAAM;AAAA,EAEnC,YACE,SACgB,MACA,YAChB;AACA,UAAM,OAAO;AAHG;AACA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EARgB,WAAW;AAAA,EAS3B,SAAS;AACP,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,QACL,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,YAAY,KAAK;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACF;;;ACpBA,SAAS,YAAAA,iBAAgB;AACzB,SAAS,eAAe;AACxB,SAAS,WAAW;;;ACFpB,SAAS,OAAO,OAAO,UAAU,WAAW,QAAQ,cAAc;AAClE,SAAS,SAAS,MAAM,kBAAkB;AAS1C,IAAM,aAAa;AACnB,IAAM,mBAAmB,IAAI,KAAK;AAGlC,IAAM,iBAAiB;AAGvB,IAAM,cAAc,oBAAI,IAA6B;AAGrD,IAAM,kBAAkB,oBAAI,IAA6B;AAEzD,SAAS,aAAa,UAA0B;AAC9C,MAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,SAAO,KAAK,UAAU,UAAU;AAClC;AAEA,SAAS,iBAAiB,OAAqB;AAC7C,MAAI,CAAC,eAAe,KAAK,KAAK,GAAG;AAC/B,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACpE;AACF;AAEA,eAAe,UAAU,UAAuC;AAC9D,MAAI;AACF,UAAM,UAAU,MAAM,SAAS,aAAa,QAAQ,GAAG,OAAO;AAC9D,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,eAAe,WAAW,UAAkB,OAAkC;AAC5E,QAAM,YAAY,aAAa,QAAQ;AACvC,QAAM,UAAU,YAAY;AAE5B,QAAM,cAAc,QAAQ,SAAS;AACrC,QAAM,MAAM,aAAa,EAAE,WAAW,KAAK,CAAC;AAE5C,QAAM,MAAM,aAAa,GAAK,EAAE,MAAM,MAAM;AAAA,EAAC,CAAC;AAC9C,QAAM,UAAU,SAAS,KAAK,UAAU,OAAO,MAAM,CAAC,IAAI,MAAM;AAAA,IAC9D,UAAU;AAAA,IACV,MAAM;AAAA,EACR,CAAC;AACD,QAAM,OAAO,SAAS,SAAS;AACjC;AAEA,SAAS,aAAa,OAAiC;AACrD,SAAO,KAAK,IAAI,IAAI,MAAM,YAAY;AACxC;AAEA,eAAsB,eAAe,UAAkB,OAAuC;AAC5F,mBAAiB,KAAK;AAGtB,QAAM,WAAW,YAAY,IAAI,KAAK;AACtC,MAAI,YAAY,aAAa,QAAQ,GAAG;AACtC,WAAO,SAAS;AAAA,EAClB;AAGA,QAAM,QAAQ,MAAM,UAAU,QAAQ;AACtC,QAAM,QAAQ,MAAM,KAAK;AAEzB,MAAI,CAAC,MAAO,QAAO;AAEnB,MAAI,CAAC,aAAa,KAAK,GAAG;AACxB,WAAO;AAAA,EACT;AAGA,cAAY,IAAI,OAAO,KAAK;AAC5B,SAAO,MAAM;AACf;AAEA,eAAsB,eACpB,UACA,OACA,OACA,kBACe;AACf,mBAAiB,KAAK;AACtB,QAAM,QAAyB;AAAA,IAC7B;AAAA,IACA,WAAW,KAAK,IAAI,IAAI,mBAAmB;AAAA,EAC7C;AAGA,cAAY,IAAI,OAAO,KAAK;AAG5B,QAAM,QAAQ,MAAM,UAAU,QAAQ;AACtC,QAAM,KAAK,IAAI;AACf,QAAM,WAAW,UAAU,KAAK;AAClC;AAEA,eAAsB,gBAAgB,UAAkB,OAA+B;AACrF,MAAI,OAAO;AACT,gBAAY,OAAO,KAAK;AACxB,UAAM,QAAQ,MAAM,UAAU,QAAQ;AACtC,UAAM,UAAU,OAAO,YAAY,OAAO,QAAQ,KAAK,EAAE,OAAO,CAAC,CAAC,GAAG,MAAM,QAAQ,KAAK,CAAC;AACzF,UAAM,WAAW,UAAU,OAAO;AAAA,EACpC,OAAO;AACL,gBAAY,MAAM;AAClB,QAAI;AACF,YAAM,OAAO,aAAa,QAAQ,CAAC;AAAA,IACrC,QAAQ;AAAA,IAER;AAAA,EACF;AACF;AAOA,eAAsB,aACpB,OACA,UACA,SACiB;AAEjB,QAAM,WAAW,YAAY,IAAI,KAAK;AACtC,MAAI,YAAY,aAAa,QAAQ,GAAG;AACtC,WAAO,SAAS;AAAA,EAClB;AAGA,MAAI,UAAU;AACZ,UAAM,SAAS,MAAM,eAAe,UAAU,KAAK;AACnD,QAAI,OAAQ,QAAO;AAAA,EACrB;AAGA,QAAM,WAAW,gBAAgB,IAAI,KAAK;AAC1C,MAAI,SAAU,QAAO;AAErB,QAAM,kBAAkB,YAAY;AAClC,UAAM,EAAE,OAAO,iBAAiB,IAAI,MAAM,QAAQ;AAGlD,UAAM,QAAyB;AAAA,MAC7B;AAAA,MACA,WAAW,KAAK,IAAI,IAAI,mBAAmB;AAAA,IAC7C;AACA,gBAAY,IAAI,OAAO,KAAK;AAE5B,QAAI,UAAU;AACZ,YAAM,eAAe,UAAU,OAAO,OAAO,gBAAgB,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IAC/E;AAEA,WAAO;AAAA,EACT,GAAG;AAEH,kBAAgB,IAAI,OAAO,cAAc;AAEzC,MAAI;AACF,WAAO,MAAM;AAAA,EACf,UAAE;AACA,oBAAgB,OAAO,KAAK;AAAA,EAC9B;AACF;;;ADvKA,IAAM,0BAA0B;AAEhC,IAAM,kBAAwD;AAAA,EAC5D;AAAA,EACA;AAAA,EACA;AACF;AAEA,SAAS,0BAA0B,MAAkD;AACnF,MAAI,OAAO,SAAS,YAAY,SAAS,MAAM;AAC7C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,SAAS;AAEf,aAAW,SAAS,iBAAiB;AACnC,QAAI,OAAO,OAAO,KAAK,MAAM,YAAY,OAAO,KAAK,MAAM,IAAI;AAC7D,YAAM,IAAI;AAAA,QACR,mDAAmD,KAAK;AAAA,QACxD;AAAA,QACA,6FAA6F,gBAAgB,KAAK,IAAI,CAAC;AAAA,MACzH;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,MAAM,MAAM,mBAAmB;AACxC,UAAM,IAAI;AAAA,MACR,qBAAqB,OAAO,OAAO,MAAM,CAAC,CAAC;AAAA,MAC3C;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,sBAAsB,YAAgD;AAC1F,MAAI;AAEJ,QAAM,UAAU,WAAW,KAAK;AAEhC,MAAI,QAAQ,WAAW,GAAG,GAAG;AAC3B,UAAM;AAAA,EACR,OAAO;AACL,UAAM,eAAe,QAAQ,OAAO;AACpC,QAAI;AACF,YAAM,MAAMC,UAAS,cAAc,OAAO;AAAA,IAC5C,SAAS,KAAK;AACZ,YAAM,OACJ,eAAe,SAAS,UAAU,OAAO,IAAI,SAAS,WAClD,wBACA;AAEN,YAAM,IAAI;AAAA,QACR,4CAA4C,YAAY;AAAA,QACxD;AAAA,QACA,SAAS,wBACL,mDAAmD,YAAY,KAC/D;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,GAAG;AAAA,EACzB,QAAQ;AACN,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,4BAA0B,MAAM;AAChC,SAAO;AACT;AAEA,IAAM,uBAAuB;AAEtB,SAAS,yBAAyB,KAAwB,WAAgC;AAC/F,QAAM,YAAY,IAAI,IAAI;AAAA,IACxB,OAAO,IAAI;AAAA,IACX,KAAK,IAAI;AAAA,IACT,QAAQ,CAAC,uBAAuB;AAAA,EAClC,CAAC;AAED,SAAO;AAAA,IACL,MAAM,iBAAkC;AACtC,UAAI;AACF,eAAO,MAAM,aAAa,IAAI,cAAc,WAAW,YAAY;AACjE,gBAAM,EAAE,MAAM,IAAI,MAAM,UAAU,eAAe;AACjD,cAAI,CAAC,OAAO;AACV,kBAAM,IAAI,MAAM,2BAA2B;AAAA,UAC7C;AACA,iBAAO,EAAE,OAAO,kBAAkB,qBAAqB;AAAA,QACzD,CAAC;AAAA,MACH,SAAS,KAAK;AACZ,YAAI,eAAe,UAAW,OAAM;AACpC,cAAM,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAC9D,cAAM,UAAU,OAAO,SAAS,MAAM,OAAO,MAAM,GAAG,GAAG,IAAI,QAAQ;AACrE,cAAM,IAAI;AAAA,UACR,kCAAkC,OAAO;AAAA,UACzC;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,IAEA,eAAmC;AACjC,aAAO,IAAI,cAAc;AAAA,IAC3B;AAAA,IAEA,iBAAyB;AACvB,aAAO,IAAI;AAAA,IACb;AAAA,EACF;AACF;;;AFzHA,IAAMC,2BAA0B;AAEhC,eAAe,mCAA+D;AAC5E,MAAI;AACF,UAAM,OAAO,IAAI,WAAW;AAAA,MAC1B,QAAQ,CAACA,wBAAuB;AAAA,IAClC,CAAC;AAED,UAAM,SAAS,MAAM,KAAK,UAAU;AACpC,UAAM,YAAY,MAAM,KAAK,aAAa,EAAE,MAAM,MAAM,MAAS;AACjE,UAAM,QAAS,OAA8B;AAE7C,WAAO;AAAA,MACL,MAAM,iBAAkC;AACtC,cAAM,EAAE,MAAM,IAAI,MAAM,OAAO,eAAe;AAC9C,YAAI,CAAC,OAAO;AACV,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT;AAAA,MAEA,eAAmC;AACjC,eAAO,aAAa;AAAA,MACtB;AAAA,MAEA,iBAAyB;AACvB,eAAO,SAAS;AAAA,MAClB;AAAA,IACF;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,YAAY,SAA4C;AAE5E,MAAI,SAAS,oBAAoB;AAC/B,UAAM,MAAM,MAAM,sBAAsB,QAAQ,kBAAkB;AAClE,WAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,EACzD;AAEA,MAAI,SAAS,oBAAoB;AAC/B,UAAM,MAAM,MAAM,sBAAsB,QAAQ,kBAAkB;AAClE,WAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,EACzD;AAGA,QAAM,WAAW,QAAQ,IAAI,qBAAqB;AAClD,MAAI,UAAU;AACZ,UAAM,MAAM,MAAM,sBAAsB,QAAQ;AAChD,WAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,EACzD;AAGA,QAAM,UAAU,QAAQ,IAAI,gCAAgC;AAC5D,MAAI,SAAS;AACX,QAAI;AACF,YAAM,MAAM,MAAM,sBAAsB,OAAO;AAC/C,aAAO,yBAAyB,KAAK,SAAS,SAAS;AAAA,IACzD,QAAQ;AAAA,IAER;AAAA,EACF;AAGA,QAAM,YAAY,MAAM,iCAAiC;AACzD,MAAI,WAAW;AACb,WAAO;AAAA,EACT;AAEA,QAAM,IAAI;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,EAAE,KAAK,IAAI;AAAA,EACb;AACF;","names":["readFile","readFile","ANDROID_PUBLISHER_SCOPE"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gpc-cli/auth",
3
- "version": "0.1.2",
3
+ "version": "0.9.4",
4
4
  "description": "Authentication strategies for Google Play Developer API",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",