@grindxp/cli 0.1.7 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/web/client/assets/Copy.es-Bs4NgJu-.js +1 -0
- package/dist/web/client/assets/Sword.es-2Xm7T3t2.js +1 -0
- package/dist/web/client/assets/geist-cyrillic-wght-normal-CHSlOQsW.woff2 +0 -0
- package/dist/web/client/assets/geist-latin-ext-wght-normal-DMtmJ5ZE.woff2 +0 -0
- package/dist/web/client/assets/geist-latin-wght-normal-Dm3htQBi.woff2 +0 -0
- package/dist/web/client/assets/index-6XDcqRbL.js +42 -0
- package/dist/web/client/assets/index-BXM1N6tm.js +1 -0
- package/dist/web/client/assets/index-B_KMiE38.js +1 -0
- package/dist/web/client/assets/index-CGj2rOLm.js +1 -0
- package/dist/web/client/assets/index-CS5BuFbt.js +1 -0
- package/dist/web/client/assets/index-CYsASiu-.js +1 -0
- package/dist/web/client/assets/index-DAvwM0SX.js +1 -0
- package/dist/web/client/assets/index-DCBFp5DJ.js +1 -0
- package/dist/web/client/assets/index-DjKt1qNz.js +1 -0
- package/dist/web/client/assets/index-PIcFs1vr.js +1 -0
- package/dist/web/client/assets/instrument-serif-latin-400-italic-DKMiL14s.woff2 +0 -0
- package/dist/web/client/assets/instrument-serif-latin-400-italic-u__WvvIK.woff +0 -0
- package/dist/web/client/assets/instrument-serif-latin-400-normal-BVbkICAY.woff +0 -0
- package/dist/web/client/assets/instrument-serif-latin-400-normal-DnYpCC2O.woff2 +0 -0
- package/dist/web/client/assets/instrument-serif-latin-ext-400-italic-C9HzH3YL.woff2 +0 -0
- package/dist/web/client/assets/instrument-serif-latin-ext-400-italic-D7-lnxEk.woff +0 -0
- package/dist/web/client/assets/instrument-serif-latin-ext-400-normal-C2je3j2s.woff2 +0 -0
- package/dist/web/client/assets/instrument-serif-latin-ext-400-normal-CFCUzsTy.woff +0 -0
- package/dist/web/client/assets/jetbrains-mono-cyrillic-wght-normal-D73BlboJ.woff2 +0 -0
- package/dist/web/client/assets/jetbrains-mono-greek-wght-normal-Bw9x6K1M.woff2 +0 -0
- package/dist/web/client/assets/jetbrains-mono-latin-ext-wght-normal-DBQx-q_a.woff2 +0 -0
- package/dist/web/client/assets/jetbrains-mono-latin-wght-normal-B9CIFXIH.woff2 +0 -0
- package/dist/web/client/assets/jetbrains-mono-vietnamese-wght-normal-Bt-aOZkq.woff2 +0 -0
- package/dist/web/client/assets/main-BI1EOhmt.js +18 -0
- package/dist/web/client/assets/styles-7TpWqjrh.css +1 -0
- package/dist/web/client/favicon.ico +0 -0
- package/dist/web/server/assets/_tanstack-start-manifest_v-B_rvI8DG.js +4 -0
- package/dist/web/server/assets/agent.functions-zpMkBrG3.js +19144 -0
- package/dist/web/server/assets/data.functions-9hSsMFx_.js +285 -0
- package/dist/web/server/assets/index-4SxmUYH6.js +14 -0
- package/dist/web/server/assets/index-BDL7hA7T.js +5924 -0
- package/dist/web/server/assets/index-BL8u2X7w.js +14 -0
- package/dist/web/server/assets/index-BRRsXrOi.js +14 -0
- package/dist/web/server/assets/index-BiD7uOOh.js +14 -0
- package/dist/web/server/assets/index-C09LXa7Z.js +4587 -0
- package/dist/web/server/assets/index-CJ_-TSqN.js +1426 -0
- package/dist/web/server/assets/index-D2fMUSdJ.js +477 -0
- package/dist/web/server/assets/index-D2yaimYL.js +14 -0
- package/dist/web/server/assets/index-D31yYLCV.js +2275 -0
- package/dist/web/server/assets/index-D3RUqTdb.js +14 -0
- package/dist/web/server/assets/index-D7z4dRpK.js +66 -0
- package/dist/web/server/assets/index-b30aLTKp.js +66 -0
- package/dist/web/server/assets/router-1koL9I3U.js +589 -0
- package/dist/web/server/assets/sessions-DOkG47Ex.js +403 -0
- package/dist/web/server/assets/start-HYkvq4Ni.js +4 -0
- package/dist/web/server/assets/token-W0NPKas8.js +86 -0
- package/dist/web/server/assets/token-util-1cB5CD6M.js +30 -0
- package/dist/web/server/assets/token-util-DA5xS0pj.js +451 -0
- package/dist/web/server/assets/vault.server-Ndu49yTf.js +19356 -0
- package/dist/web/server/server.js +4889 -0
- package/package.json +53 -51
|
@@ -0,0 +1,451 @@
|
|
|
1
|
+
import path__default from "path";
|
|
2
|
+
import require$$1 from "fs";
|
|
3
|
+
import { a2 as requireTokenError } from "./agent.functions-zpMkBrG3.js";
|
|
4
|
+
import os from "os";
|
|
5
|
+
var tokenIo;
|
|
6
|
+
var hasRequiredTokenIo;
|
|
7
|
+
function requireTokenIo() {
|
|
8
|
+
if (hasRequiredTokenIo) return tokenIo;
|
|
9
|
+
hasRequiredTokenIo = 1;
|
|
10
|
+
var __create = Object.create;
|
|
11
|
+
var __defProp = Object.defineProperty;
|
|
12
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
13
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
14
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
15
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
16
|
+
var __export = (target, all) => {
|
|
17
|
+
for (var name in all)
|
|
18
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
19
|
+
};
|
|
20
|
+
var __copyProps = (to, from, except, desc) => {
|
|
21
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
22
|
+
for (let key of __getOwnPropNames(from))
|
|
23
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
24
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
25
|
+
}
|
|
26
|
+
return to;
|
|
27
|
+
};
|
|
28
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
29
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
30
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
31
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
32
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
33
|
+
!mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
34
|
+
mod
|
|
35
|
+
));
|
|
36
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
37
|
+
var token_io_exports = {};
|
|
38
|
+
__export(token_io_exports, {
|
|
39
|
+
findRootDir: () => findRootDir,
|
|
40
|
+
getUserDataDir: () => getUserDataDir
|
|
41
|
+
});
|
|
42
|
+
tokenIo = __toCommonJS(token_io_exports);
|
|
43
|
+
var import_path2 = __toESM(path__default);
|
|
44
|
+
var import_fs2 = __toESM(require$$1);
|
|
45
|
+
var import_os2 = __toESM(os);
|
|
46
|
+
var import_token_error = requireTokenError();
|
|
47
|
+
function findRootDir() {
|
|
48
|
+
try {
|
|
49
|
+
let dir = process.cwd();
|
|
50
|
+
while (dir !== import_path2.default.dirname(dir)) {
|
|
51
|
+
const pkgPath = import_path2.default.join(dir, ".vercel");
|
|
52
|
+
if (import_fs2.default.existsSync(pkgPath)) {
|
|
53
|
+
return dir;
|
|
54
|
+
}
|
|
55
|
+
dir = import_path2.default.dirname(dir);
|
|
56
|
+
}
|
|
57
|
+
} catch (e) {
|
|
58
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
59
|
+
"Token refresh only supported in node server environments"
|
|
60
|
+
);
|
|
61
|
+
}
|
|
62
|
+
return null;
|
|
63
|
+
}
|
|
64
|
+
function getUserDataDir() {
|
|
65
|
+
if (process.env.XDG_DATA_HOME) {
|
|
66
|
+
return process.env.XDG_DATA_HOME;
|
|
67
|
+
}
|
|
68
|
+
switch (import_os2.default.platform()) {
|
|
69
|
+
case "darwin":
|
|
70
|
+
return import_path2.default.join(import_os2.default.homedir(), "Library/Application Support");
|
|
71
|
+
case "linux":
|
|
72
|
+
return import_path2.default.join(import_os2.default.homedir(), ".local/share");
|
|
73
|
+
case "win32":
|
|
74
|
+
if (process.env.LOCALAPPDATA) {
|
|
75
|
+
return process.env.LOCALAPPDATA;
|
|
76
|
+
}
|
|
77
|
+
return null;
|
|
78
|
+
default:
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
return tokenIo;
|
|
83
|
+
}
|
|
84
|
+
var authConfig;
|
|
85
|
+
var hasRequiredAuthConfig;
|
|
86
|
+
function requireAuthConfig() {
|
|
87
|
+
if (hasRequiredAuthConfig) return authConfig;
|
|
88
|
+
hasRequiredAuthConfig = 1;
|
|
89
|
+
var __create = Object.create;
|
|
90
|
+
var __defProp = Object.defineProperty;
|
|
91
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
92
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
93
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
94
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
95
|
+
var __export = (target, all) => {
|
|
96
|
+
for (var name in all)
|
|
97
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
98
|
+
};
|
|
99
|
+
var __copyProps = (to, from, except, desc) => {
|
|
100
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
101
|
+
for (let key of __getOwnPropNames(from))
|
|
102
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
103
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
104
|
+
}
|
|
105
|
+
return to;
|
|
106
|
+
};
|
|
107
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
108
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
109
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
110
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
111
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
112
|
+
!mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
113
|
+
mod
|
|
114
|
+
));
|
|
115
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
116
|
+
var auth_config_exports = {};
|
|
117
|
+
__export(auth_config_exports, {
|
|
118
|
+
isValidAccessToken: () => isValidAccessToken,
|
|
119
|
+
readAuthConfig: () => readAuthConfig,
|
|
120
|
+
writeAuthConfig: () => writeAuthConfig
|
|
121
|
+
});
|
|
122
|
+
authConfig = __toCommonJS(auth_config_exports);
|
|
123
|
+
var fs = __toESM(require$$1);
|
|
124
|
+
var path = __toESM(path__default);
|
|
125
|
+
var import_token_util = requireTokenUtil();
|
|
126
|
+
function getAuthConfigPath() {
|
|
127
|
+
const dataDir = (0, import_token_util.getVercelDataDir)();
|
|
128
|
+
if (!dataDir) {
|
|
129
|
+
throw new Error(
|
|
130
|
+
`Unable to find Vercel CLI data directory. Your platform: ${process.platform}. Supported: darwin, linux, win32.`
|
|
131
|
+
);
|
|
132
|
+
}
|
|
133
|
+
return path.join(dataDir, "auth.json");
|
|
134
|
+
}
|
|
135
|
+
function readAuthConfig() {
|
|
136
|
+
try {
|
|
137
|
+
const authPath = getAuthConfigPath();
|
|
138
|
+
if (!fs.existsSync(authPath)) {
|
|
139
|
+
return null;
|
|
140
|
+
}
|
|
141
|
+
const content = fs.readFileSync(authPath, "utf8");
|
|
142
|
+
if (!content) {
|
|
143
|
+
return null;
|
|
144
|
+
}
|
|
145
|
+
return JSON.parse(content);
|
|
146
|
+
} catch (error) {
|
|
147
|
+
return null;
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
function writeAuthConfig(config) {
|
|
151
|
+
const authPath = getAuthConfigPath();
|
|
152
|
+
const authDir = path.dirname(authPath);
|
|
153
|
+
if (!fs.existsSync(authDir)) {
|
|
154
|
+
fs.mkdirSync(authDir, { mode: 504, recursive: true });
|
|
155
|
+
}
|
|
156
|
+
fs.writeFileSync(authPath, JSON.stringify(config, null, 2), { mode: 384 });
|
|
157
|
+
}
|
|
158
|
+
function isValidAccessToken(authConfig2) {
|
|
159
|
+
if (!authConfig2.token)
|
|
160
|
+
return false;
|
|
161
|
+
if (typeof authConfig2.expiresAt !== "number")
|
|
162
|
+
return true;
|
|
163
|
+
const nowInSeconds = Math.floor(Date.now() / 1e3);
|
|
164
|
+
return authConfig2.expiresAt >= nowInSeconds;
|
|
165
|
+
}
|
|
166
|
+
return authConfig;
|
|
167
|
+
}
|
|
168
|
+
var oauth;
|
|
169
|
+
var hasRequiredOauth;
|
|
170
|
+
function requireOauth() {
|
|
171
|
+
if (hasRequiredOauth) return oauth;
|
|
172
|
+
hasRequiredOauth = 1;
|
|
173
|
+
var __defProp = Object.defineProperty;
|
|
174
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
175
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
176
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
177
|
+
var __export = (target, all) => {
|
|
178
|
+
for (var name in all)
|
|
179
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
180
|
+
};
|
|
181
|
+
var __copyProps = (to, from, except, desc) => {
|
|
182
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
183
|
+
for (let key of __getOwnPropNames(from))
|
|
184
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
185
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
186
|
+
}
|
|
187
|
+
return to;
|
|
188
|
+
};
|
|
189
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
190
|
+
var oauth_exports = {};
|
|
191
|
+
__export(oauth_exports, {
|
|
192
|
+
processTokenResponse: () => processTokenResponse,
|
|
193
|
+
refreshTokenRequest: () => refreshTokenRequest
|
|
194
|
+
});
|
|
195
|
+
oauth = __toCommonJS(oauth_exports);
|
|
196
|
+
var import_os2 = os;
|
|
197
|
+
const VERCEL_ISSUER = "https://vercel.com";
|
|
198
|
+
const VERCEL_CLI_CLIENT_ID = "cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp";
|
|
199
|
+
const userAgent = `@vercel/oidc node-${process.version} ${(0, import_os2.platform)()} (${(0, import_os2.arch)()}) ${(0, import_os2.hostname)()}`;
|
|
200
|
+
let _tokenEndpoint = null;
|
|
201
|
+
async function getTokenEndpoint() {
|
|
202
|
+
if (_tokenEndpoint) {
|
|
203
|
+
return _tokenEndpoint;
|
|
204
|
+
}
|
|
205
|
+
const discoveryUrl = `${VERCEL_ISSUER}/.well-known/openid-configuration`;
|
|
206
|
+
const response = await fetch(discoveryUrl, {
|
|
207
|
+
headers: { "user-agent": userAgent }
|
|
208
|
+
});
|
|
209
|
+
if (!response.ok) {
|
|
210
|
+
throw new Error("Failed to discover OAuth endpoints");
|
|
211
|
+
}
|
|
212
|
+
const metadata = await response.json();
|
|
213
|
+
if (!metadata || typeof metadata.token_endpoint !== "string") {
|
|
214
|
+
throw new Error("Invalid OAuth discovery response");
|
|
215
|
+
}
|
|
216
|
+
const endpoint = metadata.token_endpoint;
|
|
217
|
+
_tokenEndpoint = endpoint;
|
|
218
|
+
return endpoint;
|
|
219
|
+
}
|
|
220
|
+
async function refreshTokenRequest(options) {
|
|
221
|
+
const tokenEndpoint = await getTokenEndpoint();
|
|
222
|
+
return await fetch(tokenEndpoint, {
|
|
223
|
+
method: "POST",
|
|
224
|
+
headers: {
|
|
225
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
226
|
+
"user-agent": userAgent
|
|
227
|
+
},
|
|
228
|
+
body: new URLSearchParams({
|
|
229
|
+
client_id: VERCEL_CLI_CLIENT_ID,
|
|
230
|
+
grant_type: "refresh_token",
|
|
231
|
+
...options
|
|
232
|
+
})
|
|
233
|
+
});
|
|
234
|
+
}
|
|
235
|
+
async function processTokenResponse(response) {
|
|
236
|
+
const json = await response.json();
|
|
237
|
+
if (!response.ok) {
|
|
238
|
+
const errorMsg = typeof json === "object" && json && "error" in json ? String(json.error) : "Token refresh failed";
|
|
239
|
+
return [new Error(errorMsg)];
|
|
240
|
+
}
|
|
241
|
+
if (typeof json !== "object" || json === null) {
|
|
242
|
+
return [new Error("Invalid token response")];
|
|
243
|
+
}
|
|
244
|
+
if (typeof json.access_token !== "string") {
|
|
245
|
+
return [new Error("Missing access_token in response")];
|
|
246
|
+
}
|
|
247
|
+
if (json.token_type !== "Bearer") {
|
|
248
|
+
return [new Error("Invalid token_type in response")];
|
|
249
|
+
}
|
|
250
|
+
if (typeof json.expires_in !== "number") {
|
|
251
|
+
return [new Error("Missing expires_in in response")];
|
|
252
|
+
}
|
|
253
|
+
return [null, json];
|
|
254
|
+
}
|
|
255
|
+
return oauth;
|
|
256
|
+
}
|
|
257
|
+
var tokenUtil;
|
|
258
|
+
var hasRequiredTokenUtil;
|
|
259
|
+
function requireTokenUtil() {
|
|
260
|
+
if (hasRequiredTokenUtil) return tokenUtil;
|
|
261
|
+
hasRequiredTokenUtil = 1;
|
|
262
|
+
var __create = Object.create;
|
|
263
|
+
var __defProp = Object.defineProperty;
|
|
264
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
265
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
266
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
267
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
268
|
+
var __export = (target, all) => {
|
|
269
|
+
for (var name in all)
|
|
270
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
271
|
+
};
|
|
272
|
+
var __copyProps = (to, from, except, desc) => {
|
|
273
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
274
|
+
for (let key of __getOwnPropNames(from))
|
|
275
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
276
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
277
|
+
}
|
|
278
|
+
return to;
|
|
279
|
+
};
|
|
280
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
281
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
282
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
283
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
284
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
285
|
+
!mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
286
|
+
mod
|
|
287
|
+
));
|
|
288
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
289
|
+
var token_util_exports = {};
|
|
290
|
+
__export(token_util_exports, {
|
|
291
|
+
assertVercelOidcTokenResponse: () => assertVercelOidcTokenResponse,
|
|
292
|
+
findProjectInfo: () => findProjectInfo,
|
|
293
|
+
getTokenPayload: () => getTokenPayload,
|
|
294
|
+
getVercelCliToken: () => getVercelCliToken,
|
|
295
|
+
getVercelDataDir: () => getVercelDataDir,
|
|
296
|
+
getVercelOidcToken: () => getVercelOidcToken,
|
|
297
|
+
isExpired: () => isExpired,
|
|
298
|
+
loadToken: () => loadToken,
|
|
299
|
+
saveToken: () => saveToken
|
|
300
|
+
});
|
|
301
|
+
tokenUtil = __toCommonJS(token_util_exports);
|
|
302
|
+
var path = __toESM(path__default);
|
|
303
|
+
var fs = __toESM(require$$1);
|
|
304
|
+
var import_token_error = requireTokenError();
|
|
305
|
+
var import_token_io = requireTokenIo();
|
|
306
|
+
var import_auth_config = requireAuthConfig();
|
|
307
|
+
var import_oauth = requireOauth();
|
|
308
|
+
function getVercelDataDir() {
|
|
309
|
+
const vercelFolder = "com.vercel.cli";
|
|
310
|
+
const dataDir = (0, import_token_io.getUserDataDir)();
|
|
311
|
+
if (!dataDir) {
|
|
312
|
+
return null;
|
|
313
|
+
}
|
|
314
|
+
return path.join(dataDir, vercelFolder);
|
|
315
|
+
}
|
|
316
|
+
async function getVercelCliToken() {
|
|
317
|
+
const authConfig2 = (0, import_auth_config.readAuthConfig)();
|
|
318
|
+
if (!authConfig2) {
|
|
319
|
+
return null;
|
|
320
|
+
}
|
|
321
|
+
if ((0, import_auth_config.isValidAccessToken)(authConfig2)) {
|
|
322
|
+
return authConfig2.token || null;
|
|
323
|
+
}
|
|
324
|
+
if (!authConfig2.refreshToken) {
|
|
325
|
+
(0, import_auth_config.writeAuthConfig)({});
|
|
326
|
+
return null;
|
|
327
|
+
}
|
|
328
|
+
try {
|
|
329
|
+
const tokenResponse = await (0, import_oauth.refreshTokenRequest)({
|
|
330
|
+
refresh_token: authConfig2.refreshToken
|
|
331
|
+
});
|
|
332
|
+
const [tokensError, tokens] = await (0, import_oauth.processTokenResponse)(tokenResponse);
|
|
333
|
+
if (tokensError || !tokens) {
|
|
334
|
+
(0, import_auth_config.writeAuthConfig)({});
|
|
335
|
+
return null;
|
|
336
|
+
}
|
|
337
|
+
const updatedConfig = {
|
|
338
|
+
token: tokens.access_token,
|
|
339
|
+
expiresAt: Math.floor(Date.now() / 1e3) + tokens.expires_in
|
|
340
|
+
};
|
|
341
|
+
if (tokens.refresh_token) {
|
|
342
|
+
updatedConfig.refreshToken = tokens.refresh_token;
|
|
343
|
+
}
|
|
344
|
+
(0, import_auth_config.writeAuthConfig)(updatedConfig);
|
|
345
|
+
return updatedConfig.token ?? null;
|
|
346
|
+
} catch (error) {
|
|
347
|
+
(0, import_auth_config.writeAuthConfig)({});
|
|
348
|
+
return null;
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
async function getVercelOidcToken(authToken, projectId, teamId) {
|
|
352
|
+
const url = `https://api.vercel.com/v1/projects/${projectId}/token?source=vercel-oidc-refresh${teamId ? `&teamId=${teamId}` : ""}`;
|
|
353
|
+
const res = await fetch(url, {
|
|
354
|
+
method: "POST",
|
|
355
|
+
headers: {
|
|
356
|
+
Authorization: `Bearer ${authToken}`
|
|
357
|
+
}
|
|
358
|
+
});
|
|
359
|
+
if (!res.ok) {
|
|
360
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
361
|
+
`Failed to refresh OIDC token: ${res.statusText}`
|
|
362
|
+
);
|
|
363
|
+
}
|
|
364
|
+
const tokenRes = await res.json();
|
|
365
|
+
assertVercelOidcTokenResponse(tokenRes);
|
|
366
|
+
return tokenRes;
|
|
367
|
+
}
|
|
368
|
+
function assertVercelOidcTokenResponse(res) {
|
|
369
|
+
if (!res || typeof res !== "object") {
|
|
370
|
+
throw new TypeError(
|
|
371
|
+
"Vercel OIDC token is malformed. Expected an object. Please run `vc env pull` and try again"
|
|
372
|
+
);
|
|
373
|
+
}
|
|
374
|
+
if (!("token" in res) || typeof res.token !== "string") {
|
|
375
|
+
throw new TypeError(
|
|
376
|
+
"Vercel OIDC token is malformed. Expected a string-valued token property. Please run `vc env pull` and try again"
|
|
377
|
+
);
|
|
378
|
+
}
|
|
379
|
+
}
|
|
380
|
+
function findProjectInfo() {
|
|
381
|
+
const dir = (0, import_token_io.findRootDir)();
|
|
382
|
+
if (!dir) {
|
|
383
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
384
|
+
"Unable to find project root directory. Have you linked your project with `vc link?`"
|
|
385
|
+
);
|
|
386
|
+
}
|
|
387
|
+
const prjPath = path.join(dir, ".vercel", "project.json");
|
|
388
|
+
if (!fs.existsSync(prjPath)) {
|
|
389
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
390
|
+
"project.json not found, have you linked your project with `vc link?`"
|
|
391
|
+
);
|
|
392
|
+
}
|
|
393
|
+
const prj = JSON.parse(fs.readFileSync(prjPath, "utf8"));
|
|
394
|
+
if (typeof prj.projectId !== "string" && typeof prj.orgId !== "string") {
|
|
395
|
+
throw new TypeError(
|
|
396
|
+
"Expected a string-valued projectId property. Try running `vc link` to re-link your project."
|
|
397
|
+
);
|
|
398
|
+
}
|
|
399
|
+
return { projectId: prj.projectId, teamId: prj.orgId };
|
|
400
|
+
}
|
|
401
|
+
function saveToken(token, projectId) {
|
|
402
|
+
const dir = (0, import_token_io.getUserDataDir)();
|
|
403
|
+
if (!dir) {
|
|
404
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
405
|
+
"Unable to find user data directory. Please reach out to Vercel support."
|
|
406
|
+
);
|
|
407
|
+
}
|
|
408
|
+
const tokenPath = path.join(dir, "com.vercel.token", `${projectId}.json`);
|
|
409
|
+
const tokenJson = JSON.stringify(token);
|
|
410
|
+
fs.mkdirSync(path.dirname(tokenPath), { mode: 504, recursive: true });
|
|
411
|
+
fs.writeFileSync(tokenPath, tokenJson);
|
|
412
|
+
fs.chmodSync(tokenPath, 432);
|
|
413
|
+
return;
|
|
414
|
+
}
|
|
415
|
+
function loadToken(projectId) {
|
|
416
|
+
const dir = (0, import_token_io.getUserDataDir)();
|
|
417
|
+
if (!dir) {
|
|
418
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
419
|
+
"Unable to find user data directory. Please reach out to Vercel support."
|
|
420
|
+
);
|
|
421
|
+
}
|
|
422
|
+
const tokenPath = path.join(dir, "com.vercel.token", `${projectId}.json`);
|
|
423
|
+
if (!fs.existsSync(tokenPath)) {
|
|
424
|
+
return null;
|
|
425
|
+
}
|
|
426
|
+
const token = JSON.parse(fs.readFileSync(tokenPath, "utf8"));
|
|
427
|
+
assertVercelOidcTokenResponse(token);
|
|
428
|
+
return token;
|
|
429
|
+
}
|
|
430
|
+
function getTokenPayload(token) {
|
|
431
|
+
const tokenParts = token.split(".");
|
|
432
|
+
if (tokenParts.length !== 3) {
|
|
433
|
+
throw new import_token_error.VercelOidcTokenError(
|
|
434
|
+
"Invalid token. Please run `vc env pull` and try again"
|
|
435
|
+
);
|
|
436
|
+
}
|
|
437
|
+
const base64 = tokenParts[1].replace(/-/g, "+").replace(/_/g, "/");
|
|
438
|
+
const padded = base64.padEnd(
|
|
439
|
+
base64.length + (4 - base64.length % 4) % 4,
|
|
440
|
+
"="
|
|
441
|
+
);
|
|
442
|
+
return JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
|
|
443
|
+
}
|
|
444
|
+
function isExpired(token) {
|
|
445
|
+
return token.exp * 1e3 < Date.now();
|
|
446
|
+
}
|
|
447
|
+
return tokenUtil;
|
|
448
|
+
}
|
|
449
|
+
export {
|
|
450
|
+
requireTokenUtil as r
|
|
451
|
+
};
|