@mcpher/gas-fakes 2.2.5 → 2.2.7

package/README.md

@@ -196,7 +196,7 @@ As I mentioned earlier, to take this further, I'm going to need a lot of help to
 - [how libhandler works](libhandler.md)
 - [article:using apps script libraries with gas-fakes](https://ramblings.mcpher.com/how-to-use-apps-script-libraries-directly-from-node/)
 - [named range identity](named-range-identity.md)
-- [adc and restricted scopes](https://ramblings.mcpher.com/how-to-allow-access-to-sensitive-scopes-with-application-default-credentials/)
+- [sensitive scopes with local authentication](senstive_scopes.md)
 - [push test pull](pull-test-push.md)
 - [sharing cache and properties between gas-fakes and live apps script](https://ramblings.mcpher.com/sharing-cache-and-properties-between-gas-fakes-and-live-apps-script/)
 - [gas-fakes-cli now has built in mcp server and gemini extension](https://ramblings.mcpher.com/gas-fakes-cli-now-has-built-in-mcp-server-and-gemini-extension/)

package/package.json

@@ -3,7 +3,7 @@
     "node": ">=20.11.0"
   },
   "dependencies": {
-    "@azure/identity": "^4.13.0",
+    "@azure/identity": "^4.13.1",
     "@mcpher/fake-gasenum": "^1.0.6",
     "@mcpher/gas-flex-cache": "^1.1.5",
     "@microsoft/microsoft-graph-client": "^3.0.7",
@@ -13,8 +13,9 @@
     "archiver": "^7.0.1",
     "commander": "^14.0.3",
     "dotenv": "^17.3.1",
-    "fast-xml-parser": "^5.4.2",
+    "fast-xml-parser": "^5.5.8",
     "get-stream": "^9.0.1",
+    "google-auth-library": "^10.6.2",
     "googleapis": "^171.4.0",
     "got": "^14.6.6",
     "into-stream": "^9.1.0",
@@ -26,6 +27,9 @@
     "unzipper": "^0.12.3",
     "zod": "^4.3.6"
   },
+  "overrides": {
+    "glob": "^13.0.6"
+  },
   "type": "module",
   "scripts": {
     "pub": "npm publish --access public",
@@ -35,7 +39,7 @@
   },
   "name": "@mcpher/gas-fakes",
   "author": "bruce mcpherson",
-  "version": "2.2.5",
+  "version": "2.2.7",
   "license": "MIT",
   "main": "main.js",
   "description": "An implementation of the Google Workspace Apps Script runtime: Run native App Script Code on Node and Cloud Run",
@@ -44,4 +48,4 @@
   "bin": {
     "gas-fakes": "gas-fakes.js"
   }
-}
+}

package/src/cli/setup.js

@@ -283,6 +283,7 @@ export async function initializeConfiguration(options = {}) {
       "https://www.googleapis.com/auth/userinfo.email",
       "openid",
       "https://www.googleapis.com/auth/cloud-platform",
+      "https://www.googleapis.com/auth/drive.readonly",
     ];
     responses.DEFAULT_SCOPES = DEFAULT_SCOPES_VALUES.join(",");
     responses.EXTRA_SCOPES = manifestScopes
@@ -303,12 +304,12 @@ export async function initializeConfiguration(options = {}) {
         initial: existingConfig.GOOGLE_SERVICE_ACCOUNT_NAME || "gas-fakes-sa",
       },
       {
-        type: "text",
+        type: responses.AUTH_TYPE === "adc" ? "text" : null,
         name: "CLIENT_CREDENTIAL_FILE",
         message: "Enter path to OAuth client credentials JSON (optional, required for restricted scopes with ADC)",
         initial: existingConfig.CLIENT_CREDENTIAL_FILE || "",
       }
-    ];
+      ];
 
     const googleResponses = await prompts(googleQuestions);
     if (typeof googleResponses.GOOGLE_CLOUD_PROJECT === "undefined") {
@@ -342,10 +343,10 @@ export async function initializeConfiguration(options = {}) {
       message: "What type of Microsoft account are you using?",
       choices: [
         { title: "Consumer (Personal, Outlook.com, Hotmail, etc.)", value: "consumers" },
-        { title: "Business/Education (Work or School)", value: "organizations" },
+        { title: "Business/Education (Work or School) ", value: "organizations" },
         { title: "Standard Multi-tenant", value: "common" }
       ],
-      initial: existingConfig.MS_GRAPH_TENANT_ID === "consumers" ? 0 : (existingConfig.MS_GRAPH_TENANT_ID === "organizations" ? 1 : 2)
+      initial: existingConfig.MS_GRAPH_TENANT_ID === "organizations" ? 1 : (existingConfig.MS_GRAPH_TENANT_ID === "common" ? 2 : 0)
     });
 
     if (typeof msAccountType.type === "undefined") {
@@ -604,13 +605,13 @@ export async function authenticateUser(options = {}) {
       const msScopes = mapGasScopesToMsGraph(gasScopes);
 
       try {
+        const tenantId = process.env.MS_GRAPH_TENANT_ID || 'consumers';
         const azCmd = `az config set core.login_experience_v2=off && az login --allow-no-subscriptions --output none`;
 
         console.log(`Executing: ${azCmd}`);
         try {
           runCommandSync(azCmd);
           console.log(`\n\x1b[1;32mSuccess!\x1b[0m Azure CLI session discovered.`);
-          const tenantId = process.env.MS_GRAPH_TENANT_ID || 'consumers';
           console.log(`Silent fallback is now enabled for: \x1b[1;36m${tenantId}\x1b[0m`);
         } catch (e) {
           console.error(`\x1b[1;31mAzure CLI Login failed.\x1b[0m`);
@@ -662,7 +663,11 @@ export async function authenticateUser(options = {}) {
         ...(EXTRA_SCOPES || "").split(","),
       ])).filter(s => s).join(",");
 
-      console.log(`...requesting scopes: ${scopes}`);
+      const adcScopes = AUTH_TYPE === "dwd" 
+        ? Array.from(new Set((DEFAULT_SCOPES || "").split(","))).filter(s => s).join(",")
+        : scopes;
+
+      console.log(`...requesting scopes: ${adcScopes}`);
 
       const driveAccessFlag = "--enable-gdrive-access";
       const activeConfig = AC || "default";
@@ -684,7 +689,7 @@ export async function authenticateUser(options = {}) {
       runCommandSync(`gcloud auth login ${driveAccessFlag}`);
 
       let clientFlag = "";
-      if (CLIENT_CREDENTIAL_FILE) {
+      if (AUTH_TYPE !== "dwd" && CLIENT_CREDENTIAL_FILE) {
         const clientPath = path.resolve(process.cwd(), CLIENT_CREDENTIAL_FILE);
         if (fs.existsSync(clientPath)) {
           console.log(`...using client credentials from ${clientPath}`);
@@ -693,7 +698,8 @@ export async function authenticateUser(options = {}) {
       }
 
       console.log("Setting up Application Default Credentials (ADC)...");
-      runCommandSync(`gcloud auth application-default login --scopes="${scopes}" ${clientFlag}`);
+      const adcScopeFlag = `--scopes="${adcScopes}"`;
+      runCommandSync(`gcloud auth application-default login ${adcScopeFlag} ${clientFlag}`.trim());
       runCommandSync(`gcloud auth application-default set-quota-project ${projectId}`);
 
       // --- DWD Specific Setup (if configured) ---

package/src/services/spreadsheetapp/fakecontainerinfo.js

@@ -0,0 +1,58 @@
+import { Proxies } from "../../support/proxies.js";
+
+/**
+ * create a new FakeContainerInfo instance
+ * @param  {...any} args
+ * @returns {FakeContainerInfo}
+ */
+export const newFakeContainerInfo = (...args) => {
+  return Proxies.guard(new FakeContainerInfo(...args));
+};
+
+/**
+ * Access to the chart's container position.
+ */
+export class FakeContainerInfo {
+  /**
+   * @param {object} overlayPosition The overlayPosition object from Sheets API
+   */
+  constructor(overlayPosition) {
+    this.__overlayPosition = overlayPosition || {};
+  }
+
+  /**
+   * Returns the column index where the drawing is anchored.
+   * @returns {number}
+   */
+  getAnchorColumn() {
+    return (this.__overlayPosition.anchorCell?.columnIndex || 0) + 1;
+  }
+
+  /**
+   * Returns the row index where the drawing is anchored.
+   * @returns {number}
+   */
+  getAnchorRow() {
+    return (this.__overlayPosition.anchorCell?.rowIndex || 0) + 1;
+  }
+
+  /**
+   * Returns the horizontal offset in pixels from the anchor column.
+   * @returns {number}
+   */
+  getOffsetX() {
+    return this.__overlayPosition.offsetXPixels || 0;
+  }
+
+  /**
+   * Returns the vertical offset in pixels from the anchor row.
+   * @returns {number}
+   */
+  getOffsetY() {
+    return this.__overlayPosition.offsetYPixels || 0;
+  }
+
+  toString() {
+    return "ContainerInfo";
+  }
+}

package/src/services/spreadsheetapp/fakeembeddedchart.js

@@ -2,6 +2,7 @@ import { Proxies } from "../../support/proxies.js";
 import { notYetImplemented, signatureArgs } from "../../support/helpers.js";
 import { batchUpdate } from "./sheetrangehelpers.js";
 import { newFakeEmbeddedChartBuilder } from "./fakeembeddedchartbuilder.js";
+import { newFakeContainerInfo } from "./fakecontainerinfo.js";
 
 /**
  * @returns {FakeEmbeddedChart}
@@ -25,13 +26,20 @@ export class FakeEmbeddedChart {
     const props = [
       "getAs",
       "getBlob",
-      "getContainerInfo",
     ];
     props.forEach((f) => {
       this[f] = () => notYetImplemented(f);
     });
   }
 
+  /**
+   * Returns information about where the chart is positioned within a sheet.
+   * @returns {FakeContainerInfo}
+   */
+  getContainerInfo() {
+    return newFakeContainerInfo(this.__apiChart.position?.overlayPosition);
+  }
+
   /**
    * Returns the ID of this chart.
    * @returns {number}

package/src/support/msgraph/msauth.js

@@ -1,7 +1,9 @@
 import {
   InteractiveBrowserCredential,
-  ClientSecretCredential
+  ClientSecretCredential,
+  useIdentityPlugin
 } from "@azure/identity";
+
 import { execSync } from 'node:child_process';
 import { readFile, writeFile } from 'fs/promises';
 import { existsSync } from 'fs';
@@ -40,20 +42,66 @@ function decodeJWT(token) {
   return JSON.parse(Buffer.from(encodedPayload, 'base64url').toString('utf-8'));
 }
 
+const customCachePlugin = (options) => {
+  return {
+    beforeCacheAccess: async (cacheContext) => {
+      if (existsSync(TOKEN_CACHE_FILE)) {
+        try {
+          const data = await readFile(TOKEN_CACHE_FILE, 'utf-8');
+          let cache;
+          if (data.trim().startsWith('{')) {
+             cache = JSON.parse(data);
+          } else {
+             cache = decodeJWT(data.trim());
+          }
+          if (cache && cache.msalCache) {
+             cacheContext.tokenCache.deserialize(cache.msalCache);
+          }
+        } catch (e) {
+          console.warn(`...failed to load MS Graph token cache: ${e.message}`);
+        }
+      }
+    },
+    afterCacheAccess: async (cacheContext) => {
+      if (cacheContext.cacheHasChanged) {
+        try {
+          const msalCache = cacheContext.tokenCache.serialize();
+          const cacheData = { 
+            msalCache, 
+            token: 'managed-by-msal', 
+            expiresOn: new Date(Date.now() + 86400000 * 30).getTime() // Keep valid for 30 days
+          };
+          const jwtString = encodeJWT(cacheData);
+          await writeFile(TOKEN_CACHE_FILE, jwtString);
+          try {
+            chmodSync(TOKEN_CACHE_FILE, 0o600);
+          } catch (e) {}
+        } catch (e) {
+          console.warn(`...failed to save MS Graph token cache: ${e.message}`);
+        }
+      }
+    }
+  };
+};
+
+useIdentityPlugin((context) => {
+  if (context.cachePluginControl) {
+    context.cachePluginControl.setPersistence(customCachePlugin);
+  }
+});
+
 async function loadTokenCache() {
   if (existsSync(TOKEN_CACHE_FILE)) {
     try {
       const data = await readFile(TOKEN_CACHE_FILE, 'utf-8');
       
       let cache;
-      // Handle legacy plain-text JSON format gracefully
       if (data.trim().startsWith('{')) {
          cache = JSON.parse(data);
       } else {
          cache = decodeJWT(data.trim());
       }
 
-      // Check if expired (buffer of 5 mins)
       if (cache && cache.expiresOn && new Date(cache.expiresOn).getTime() > Date.now() + 300000) {
         return cache.token;
       }
@@ -70,10 +118,8 @@ async function saveTokenCache(token, expiresOn) {
     const jwtString = encodeJWT(cacheData);
     await writeFile(TOKEN_CACHE_FILE, jwtString);
     try {
-      chmodSync(TOKEN_CACHE_FILE, 0o600); // Read/Write only for owner
-    } catch (e) {
-      // Ignore if chmod fails (e.g. on non-posix)
-    }
+      chmodSync(TOKEN_CACHE_FILE, 0o600);
+    } catch (e) {}
   } catch (e) {
     console.warn(`...failed to save MS Graph token cache: ${e.message}`);
   }
@@ -120,7 +166,7 @@ async function isGcpEnv() {
  * Gets a Microsoft Graph token.
  */
 export async function getMsGraphToken(scopes = ['User.Read']) {
-  const envTenant = process.env.MS_GRAPH_TENANT_ID || 'common';
+  const envTenant = process.env.MS_GRAPH_TENANT_ID || 'consumers';
   const clientId = process.env.MS_GRAPH_CLIENT_ID;
   const clientSecret = process.env.MS_GRAPH_CLIENT_SECRET;
   const msAuthType = process.env.MS_AUTH_TYPE;
@@ -230,7 +276,11 @@ export async function getMsGraphToken(scopes = ['User.Read']) {
     const credentialSilent = new InteractiveBrowserCredential({
       tenantId: (envTenant && envTenant !== 'common') ? envTenant : 'consumers',
       clientId,
-      prompt: promptBehavior
+      prompt: promptBehavior,
+      tokenCachePersistenceOptions: {
+        enabled: true,
+        name: 'gas-fakes-msgraph-cache'
+      }
     });
 
     try {
@@ -244,7 +294,11 @@ export async function getMsGraphToken(scopes = ['User.Read']) {
          const credentialInteractive = new InteractiveBrowserCredential({
            tenantId: (envTenant && envTenant !== 'common') ? envTenant : 'consumers',
            clientId,
-           prompt: 'select_account consent'
+           prompt: 'select_account consent',
+           tokenCachePersistenceOptions: {
+             enabled: true,
+             name: 'gas-fakes-msgraph-cache'
+           }
          });
          const tokenResponse = await credentialInteractive.getToken(msScopes);
          syncLog('...retrieved MS Graph token via interactive login');

package/exgcp.sh

@@ -1,54 +0,0 @@
-#!/bin/bash
-
-# This script reads the GCP_PROJECT_ID from a .env file
-# and exports it as GOOGLE_CLOUD_PROJECT for the current shell session.
-#
-# Usage: source . ./exgcp.sh
-
-# Define the path to your .env file relative to the script's location
-ENV_FILE="$(dirname "$0")/.env"
-
-# Check if the .env file exists
-
-if [ ! -f "$ENV_FILE" ]; then
-  echo "Error: .env file not found at path: $ENV_FILE"
-  # Use 'return' instead of 'exit' so it doesn't close the user's terminal when sourced
-  return 1
-fi
-
-# Read the GCP_PROJECT_ID, remove quotes, and handle potential carriage returns
-GOOGLE_CLOUD_PROJECT_VALUE=$(grep -E '^GOOGLE_CLOUD_PROJECT=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"\r')
-GEMINI_API_KEY_VALUE=$(grep -E '^GEMINI_API_KEY=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"\r')
-GEMINI_MODEL_VALUE=$(grep -E '^GEMINI_MODEL=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"\r')
-OMDB_API_KEY_VALUE=$(grep -E '^OMDB_API_KEY=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"\r')
-# Check if a value was extracted
-if [ -z "$GOOGLE_CLOUD_PROJECT_VALUE" ]; then
-  echo "Error: GOOGLE_CLOUD_PROJECT not found or is empty in $ENV_FILE."
-  return 1
-fi
-
-if [ -z "GEMINI_API_KEY_VALUE" ]; then
-  echo "GEMINI_API_KEY not found or is empty in $ENV_FILE."
-else
-  echo "exported: GEMINI_API_KEY"
-  export GEMINI_API_KEY="$GEMINI_API_KEY_VALUE"
-fi  
-
-if [ -z "OMDB_API_KEY_VALUE" ]; then
-  echo "OMDB_API_KEY not found or is empty in $ENV_FILE."
-else
-  echo "exported: OMDB_API_KEY"
-  export OMDB_API_KEY="$OMDB_API_KEY_VALUE"
-fi  
-
-if [ -z "GEMINI_MODEL_VALUE" ]; then
-  echo "GEMINI_MODEL not found or is empty in $ENV_FILE."
-else
-  echo "exported: GEMINI_MODEL=$GEMINI_MODEL_VALUE"
-  export GEMINI_MODEL="$GEMINI_MODEL_VALUE"
-fi  
-
-# Export the variable for the current session
-export GOOGLE_CLOUD_PROJECT="$GOOGLE_CLOUD_PROJECT_VALUE"
-
-echo "exported: GOOGLE_CLOUD_PROJECT=$GOOGLE_CLOUD_PROJECT"

package/testlib.sh

@@ -1,2 +0,0 @@
-gas-fakes -l bmFiddler@13EWG4-lPrEf34itxQhAQ7b9JEbmCBfO8uE4Mhr99CHi3Pw65oxXtq-rU \
--s "const sheet=SpreadsheetApp.openById('1h9IGIShgVBVUrUjjawk5MaCEQte_7t32XeEP1Z5jXKQ').getSheets()[0];const fiddler = new bmFiddler.Fiddler(sheet);console.log (fiddler.getData().slice(0, 5));"