@metaplay/metaplay-auth 1.6.0 → 1.6.1

package/index.ts

@@ -1,35 +1,23 @@
 #!/usr/bin/env node
 import { Command } from 'commander'
+import { randomBytes } from 'crypto'
 import Docker from 'dockerode'
+import { existsSync } from 'fs'
+import { writeFile, unlink } from 'fs/promises'
+import { tmpdir } from 'os'
+import { exit } from 'process'
+import * as semver from 'semver'
+
+import { KubeConfig } from '@kubernetes/client-node'
+
+import { loginAndSaveTokens, machineLoginAndSaveTokens, extendCurrentSession, loadTokens, removeTokens, TokenSet } from './src/auth.js'
+import { registerBuildCommand } from './src/buildCommand.js'
 import { portalBaseUrl, setPortalBaseUrl } from './src/config.js'
-import {
-  loginAndSaveTokens,
-  machineLoginAndSaveTokens,
-  extendCurrentSession,
-  loadTokens,
-  removeTokens,
-  TokenSet,
-} from './src/auth.js'
 import { checkGameServerDeployment, debugGameServer } from './src/deployment.js'
-import {
-  pathJoin,
-  isValidFQDN,
-  executeCommand,
-  removeTrailingSlash,
-  fetchHelmChartVersions,
-  resolveBestMatchingVersion,
-} from './src/utils.js'
 import { logger, setLogLevel } from './src/logging.js'
 import { TargetEnvironment } from './src/targetenvironment.js'
-import { exit } from 'process'
-import { tmpdir } from 'os'
-import { randomBytes } from 'crypto'
-import { writeFile, unlink } from 'fs/promises'
-import { existsSync } from 'fs'
-import { KubeConfig } from '@kubernetes/client-node'
-import * as semver from 'semver'
+import { pathJoin, isValidFQDN, executeCommand, removeTrailingSlash, fetchHelmChartVersions, resolveBestMatchingVersion } from './src/utils.js'
 import { PACKAGE_VERSION } from './src/version.js'
-import { registerBuildCommand } from './src/buildCommand.js'
 
 /**
  * Base URL of StackAPI infra to use -- defaults to p1.metaplay.io. Override with the global --stack-api flag.
@@ -136,8 +124,10 @@ async function resolveTargetEnvironmentFromSlugs(
 ): Promise<TargetEnvironment> {
   // Fetch the deployment information from the portal
   const portalEnvInfo = await fetchManagedEnvironmentInfo(tokens, organization, project, environment)
-  // \todo Use legacy '<project>-<environment>' -- should be filled in by portal!
-  const humanId = portalEnvInfo.human_id ?? `${project}-${environment}`
+  const humanId = portalEnvInfo.human_id
+  if (!humanId) {
+    throw new Error(`Portal returned missing human_id for environment '${organization}-${project}-${environment}'`)
+  }
 
   return new TargetEnvironment(tokens.access_token, humanId, defaultStackApiBaseUrl)
 }
@@ -176,9 +166,7 @@ async function resolveTargetEnvironment(
         // Three parts is tuple of slush '<organization>-<project>-<environment>'
         return await resolveTargetEnvironmentFromSlugs(tokens, parts[0], parts[1], parts[2])
       } else {
-        throw new Error(
-          `Invalid environment address syntax '${address}'. Specify either "<organization>-<project>-<environment>", a humanId (eg, "delicious-elephant"), or a fully-qualified domain name (eg, idler-develop.p1.metaplay.io)`
-        )
+        throw new Error(`Invalid environment address syntax '${address}'. Specify either "<organization>-<project>-<environment>", a humanId (eg, "delicious-elephant"), or a fully-qualified domain name (eg, idler-develop.p1.metaplay.io)`)
       }
     }
   } else if (options.organization && options.project && options.environment) {
@@ -188,9 +176,7 @@ async function resolveTargetEnvironment(
     )
     return await resolveTargetEnvironmentFromSlugs(tokens, options.organization, options.project, options.environment)
   } else {
-    throw new Error(
-      'Could not determine target environment from arguments: You need to specify either an environment FQDN or an organization, project, and environment. Run this command with --help flag for more information.'
-    )
+    throw new Error('Could not determine target environment from arguments: You need to specify either an environment FQDN or an organization, project, and environment. Run this command with --help flag for more information.')
   }
 }
 
@@ -202,10 +188,7 @@ program
   .version(PACKAGE_VERSION)
   .option('-d, --debug', 'enable debug output')
   .option('--portal-base-url <portal-base-url>', 'override the default portal base URL (e.g. http://localhost:3000)')
-  .option(
-    '--stack-api <stack-api-base-url>',
-    'override the default stack API base URL (e.g. https://infra.p1.metaplay.io/stackapi/)'
-  )
+  .option('--stack-api <stack-api-base-url>', 'override the default stack API base URL (e.g. https://infra.p1.metaplay.io/stackapi/)')
   .hook('preAction', (thisCommand) => {
     // Handle debug flag for all commands.
     const opts = thisCommand.opts()
@@ -235,13 +218,8 @@ program
 
 program
   .command('machine-login')
-  .description(
-    'login to the Metaplay cloud using a machine account (using credentials in environment variable METAPLAY_CREDENTIALS)'
-  )
-  .option(
-    '--dev-credentials',
-    'machine user credentials to use, only for dev purposes, use METAPLAY_CREDENTIALS env variable for better safety!'
-  )
+  .description('login to the Metaplay cloud using a machine account (using credentials in environment variable METAPLAY_CREDENTIALS)')
+  .option('--dev-credentials', 'machine user credentials to use, only for dev purposes, use METAPLAY_CREDENTIALS env variable for better safety!')
   .action(async (options) => {
     // Get credentials from command line or from METAPLAY_CREDENTIALS environment variable
     let credentials: string
@@ -259,9 +237,7 @@ program
     // \note We can't be certain that the secret does not contain pluses so split at the first occurrence
     const splitOffset = credentials.indexOf('+')
     if (splitOffset === -1) {
-      throw new Error(
-        'Invalid format for credentials, you should copy-paste the value from the developer portal verbatim'
-      )
+      throw new Error('Invalid format for credentials, you should copy-paste the value from the developer portal verbatim')
     }
     const clientId = credentials.substring(0, splitOffset)
     const clientSecret = credentials.substring(splitOffset + 1)
@@ -315,10 +291,7 @@ program
   .option('-p, --project <project>', '[deprecated] project name (e.g. idler)')
   .option('-e, --environment <environment>', '[deprecated] environment name (e.g. develop)')
   .option('-t, --type <credentials-type>', 'type of credentials handling in kubeconfig (static or dynamic)')
-  .option(
-    '--output <kubeconfig-path>',
-    'path of the output file where to write kubeconfig (written to stdout if not specified)'
-  )
+  .option('--output <kubeconfig-path>', 'path of the output file where to write kubeconfig (written to stdout if not specified)')
   .hook('preAction', async () => {
     await extendCurrentSession()
   })
@@ -633,14 +606,8 @@ program
   .argument('gameserver', 'address of gameserver (e.g. metaplay-idler-develop or idler-develop.p1.metaplay.io)')
   .argument('image-tag', 'docker image tag to deploy (usually the SHA of the build)')
   .requiredOption('-f, --values <path-to-values-file>', 'path to Helm values file to use for this deployment')
-  .option(
-    '--local-chart-path <path-to-chart-directory>',
-    'path to local Helm chart directory (to use a chart from local disk)'
-  )
-  .option(
-    '--helm-chart-repo <url>',
-    'override the URL of the Helm chart repository (eg, https://charts.metaplay.dev/testing)'
-  )
+  .option('--local-chart-path <path-to-chart-directory>', 'path to local Helm chart directory (to use a chart from local disk)')
+  .option('--helm-chart-repo <url>', 'override the URL of the Helm chart repository (eg, https://charts.metaplay.dev/testing)')
   .option('--helm-chart-version <version>', 'the Helm chart version to use (eg, 0.6.0)')
   .option('--deployment-name', 'Helm deployment name to use', 'gameserver')
   .hook('preAction', async () => {
@@ -670,16 +637,12 @@ program
         const envInfo = await targetEnv.getEnvironmentDetails()
 
         if (!imageTag) {
-          throw new Error(
-            'Must specify a valid docker image tag as the image-tag argument, usually the SHA of the build'
-          )
+          throw new Error('Must specify a valid docker image tag as the image-tag argument, usually the SHA of the build')
         }
         // \todo validate that imageTag is just the version part (i.e, contains no ':')
 
         if (!options.deploymentName) {
-          throw new Error(
-            `Invalid Helm deployment name '${options.deploymentName}'; specify one with --deployment-name or use the default`
-          )
+          throw new Error(`Invalid Helm deployment name '${options.deploymentName}'; specify one with --deployment-name or use the default`)
         }
 
         // Fetch Docker credentials for target environment registry
@@ -784,9 +747,7 @@ program
           console.warn('You should specify the Helm chart version with --helm-chart-version=<version>!')
         }
         if (!helmChartVersionSpec) {
-          throw new Error(
-            'No Helm chart version defined. With pre-R28 SDK versions, you must specify the Helm chart version explicitly with --helm-chart-version=<version>.'
-          )
+          throw new Error('No Helm chart version defined. With pre-R28 SDK versions, you must specify the Helm chart version explicitly with --helm-chart-version=<version>.')
         }
 
         // Parse the Helm chart version spec into a semver.Range, or null if 'latest' is specified
@@ -795,7 +756,7 @@ program
           try {
             helmChartRange = new semver.Range(helmChartVersionSpec)
           } catch (error) {
-            throw new Error(`Helm chart version '${helmChartVersionSpec}' is not a valid SemVer range!`)
+            throw new Error(`Helm chart version '${helmChartVersionSpec}' is not a valid SemVer range: ${String(error)}`)
           }
         }
 
@@ -811,9 +772,7 @@ program
         // Resolve the best matching Helm chart version
         const resolvedHelmChartVersion = resolveBestMatchingVersion(availableHelmChartVersions, helmChartRange)
         if (!resolvedHelmChartVersion) {
-          throw new Error(
-            `No Helm chart version found that satisfies '${helmChartVersionSpec}' in repository '${helmChartRepo}'`
-          )
+          throw new Error(`No Helm chart version found that satisfies '${helmChartVersionSpec}' in repository '${helmChartRepo}'`)
         }
         logger.debug('Resolved Helm chart version: ', resolvedHelmChartVersion)
 
@@ -845,9 +804,7 @@ program
             // \todo output something from Helm result?
           } catch (error) {
             const errMessage = error instanceof Error ? error.message : String(error)
-            throw new Error(
-              `Failed to execute 'helm': ${errMessage}. You need to have Helm v3 installed to deploy a game server with metaplay-auth.`
-            )
+            throw new Error(`Failed to execute 'helm': ${errMessage}. You need to have Helm v3 installed to deploy a game server with metaplay-auth.`)
           }
 
           // Throw on Helm non-success exit code
@@ -895,9 +852,7 @@ program
 
 program
   .command('check-server-status')
-  .description(
-    'check the status of a deployed server and print out information that is helpful in debugging failed deployments'
-  )
+  .description('check the status of a deployed server and print out information that is helpful in debugging failed deployments')
   .argument('[gameserver]', 'address of gameserver (e.g. metaplay-idler-develop or idler-develop.p1.metaplay.io)')
   .hook('preAction', async () => {
     await extendCurrentSession()
@@ -941,9 +896,7 @@ program
 
 program
   .command('check-deployment')
-  .description(
-    '[deprecated] check that a game server was successfully deployed, or print out useful error messages in case of failure'
-  )
+  .description('[deprecated] check that a game server was successfully deployed, or print out useful error messages in case of failure')
   .argument('[namespace]', 'kubernetes namespace of the deployment')
   .action(async (namespace: string) => {
     console.error(

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@metaplay/metaplay-auth",
   "description": "Utility CLI for authenticating with the Metaplay Auth and making authenticated calls to infrastructure endpoints.",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE",
   "homepage": "https://metaplay.io",
@@ -17,8 +17,6 @@
   },
   "devDependencies": {
     "@metaplay/eslint-config": "workspace:*",
-    "@metaplay/prettier-config": "workspace:^",
-    "@prettier/plugin-pug": "workspace:^",
     "@types/dockerode": "^3.3.31",
     "@types/express": "^4.17.21",
     "@types/js-yaml": "^4.0.9",
@@ -30,7 +28,7 @@
     "tsx": "^4.19.0",
     "typescript": "5.5.4",
     "vitest": "^2.0.5",
-    "@aws-sdk/client-ecr": "^3.637.0",
+    "@aws-sdk/client-ecr": "^3.645.0",
     "@kubernetes/client-node": "^1.0.0-rc6",
     "@ory/client": "^1.14.5",
     "commander": "^12.1.0",
@@ -41,7 +39,6 @@
     "jwk-to-pem": "^2.0.6",
     "open": "^8.4.2",
     "semver": "^7.6.3",
-    "tslog": "^4.9.3",
-    "prettier": "3.3.3"
+    "tslog": "^4.9.3"
   }
 }

package/src/auth.ts

@@ -1,16 +1,16 @@
 /* eslint-disable @typescript-eslint/no-misused-promises */
-
-import { createServer } from 'node:http'
 import { toNodeListener, createApp, defineEventHandler, getQuery, sendError } from 'h3'
-
-import open from 'open'
-import { randomBytes, createHash } from 'node:crypto'
 import jwt from 'jsonwebtoken'
 import jwkToPem from 'jwk-to-pem'
+import { randomBytes, createHash } from 'node:crypto'
+import { createServer } from 'node:http'
+import open from 'open'
+
 import { Configuration, WellknownApi, OidcApi } from '@ory/client'
-import { setSecret, getSecret, removeSecret } from './secret_store.js'
+
 import { portalBaseUrl } from './config.js'
 import { logger } from './logging.js'
+import { setSecret, getSecret, removeSecret } from './secret_store.js'
 
 export interface TokenSet {
   id_token?: string
@@ -241,9 +241,7 @@ export async function extendCurrentSession(): Promise<void> {
 
     // Check that the refresh_token exists (machine users don't have it)
     if (!tokens.refresh_token) {
-      throw new Error(
-        'Cannot refresh an access_token without a refresh_token. With machine users, should just login again instead.'
-      )
+      throw new Error('Cannot refresh an access_token without a refresh_token. With machine users, should just login again instead.')
     }
 
     logger.debug('Access token is no longer valid, trying to extend the current session with a refresh token.')
@@ -295,9 +293,7 @@ async function extendCurrentSessionWithRefreshToken(
     logger.error(`Failed to refresh tokens via endpoint ${tokenEndpoint}`)
     logger.error('Fetch error details:', error)
     if (error.cause?.code === 'UNABLE_TO_VERIFY_LEAF_SIGNATURE') {
-      throw new Error(
-        `Failed to refresh tokens: SSL certificate validation failed for ${tokenEndpoint}. Is someone trying to tamper with your internet connection?`
-      )
+      throw new Error(`Failed to refresh tokens: SSL certificate validation failed for ${tokenEndpoint}. Is someone trying to tamper with your internet connection?`)
     }
     throw new Error(`Failed to refresh tokens via ${tokenEndpoint}: ${error}`)
   }
@@ -386,9 +382,7 @@ export async function saveTokens(tokens: Record<string, string>): Promise<void>
 
     // All tokens must have an access_token (machine users only have it)
     if (!tokens.access_token) {
-      throw new Error(
-        'Metaplay token has no access_token. Please log in again and make sure all checkboxes of permissions are selected before proceeding.'
-      )
+      throw new Error('Metaplay token has no access_token. Please log in again and make sure all checkboxes of permissions are selected before proceeding.')
     }
 
     logger.debug('Token verification completed, storing tokens...')

package/src/buildCommand.ts

@@ -1,9 +1,10 @@
 import { Command } from 'commander'
-import { exit } from 'process'
 import { existsSync } from 'fs'
-import { pathJoin, executeCommand, ExecuteCommandResult } from './utils.js'
-import { logger } from './logging.js'
 import path from 'path'
+import { exit } from 'process'
+
+import { logger } from './logging.js'
+import { pathJoin, executeCommand, ExecuteCommandResult } from './utils.js'
 
 function resolveBuildEngine(engine?: string): string {
   const validBuildEngines = ['buildx', 'buildkit']
@@ -32,22 +33,10 @@ export function registerBuildCommand(program: Command): void {
     .description('build the game server docker image')
     .option('-t, --image-tag <image-tag>', 'tag for the output image, eg, "myserver:d08747679d"', 'gameserver:<timestamp>')
     .option('--sdk-root <directory>', 'relative path to the MetaplaySDK directory', 'MetaplaySDK')
-    .option(
-      '--project-root <directory>',
-      'relative path to the project root (where Backend/ directory is located)',
-      '.'
-    )
+    .option('--project-root <directory>', 'relative path to the project root (where Backend/ directory is located)', '.')
     .option('--backend-dir <directory>', '[for legacy projects] name of the Backend/ directory', 'Backend')
-    .option(
-      '--shared-code-dir <directory>',
-      'path to the shared code directory of the project, relative to --project-root',
-      'Assets/SharedCode'
-    )
-    .option(
-      '--engine <engine>',
-      'docker build engine to use (buildx or buildkit), auto-detected if not specified',
-      'buildx'
-    )
+    .option('--shared-code-dir <directory>', 'path to the shared code directory of the project, relative to --project-root', 'Assets/SharedCode')
+    .option('--engine <engine>', 'docker build engine to use (buildx or buildkit), auto-detected if not specified', 'buildx')
     .option('--architecture <architecture>', 'target platform architecture (amd64 or arm64)', 'amd64')
     .option('--build-number <build-number>', 'number of this build (eg, 153)')
     .option('--commit-id <commit-id>', 'commit id of this build (eg, d08747679d1e7fc9c1c685b396636da689ae476d)')
@@ -72,7 +61,9 @@ export function registerBuildCommand(program: Command): void {
         console.log(`Building docker image '${imageTag}'..`)
 
         if (imageTag.endsWith(':latest')) {
-          console.error('Building docker image with "latest" tag is not allowed as it won\'t update the cloud environments reliably. Use commit id like git sha or timestamp instead.')
+          console.error(
+            'Building docker image with "latest" tag is not allowed as it won\'t update the cloud environments reliably. Use commit id like git sha or timestamp instead.'
+          )
           exit(1)
         }
 
@@ -207,17 +198,16 @@ export function registerBuildCommand(program: Command): void {
         logger.debug(`Using docker build engine: ${buildEngine}`)
 
         // Check that docker is installed and running
-        const checkDockerResult = await executeCommand('docker', ['ps'], { inheritStdio: false, env: {} })
+        const checkDockerResult = await executeCommand('docker', ['info'], { inheritStdio: false })
         if (checkDockerResult.exitCode !== 0) {
-          console.error('Failed to invoke docker, please make sure that docker is installed and running')
+          console.error(`Failed to invoke docker, please make sure that docker is installed and running (exit code = ${checkDockerResult.exitCode})`)
           exit(1)
         }
 
         // If buildx engine specified, check that it works
         if (buildEngine === 'buildx') {
           const checkBuildxResult = await executeCommand('docker', ['buildx', 'version'], {
-            inheritStdio: false,
-            env: {},
+            inheritStdio: false
           })
           if (checkBuildxResult.exitCode !== 0) {
             console.warn('Docker buildx is not supported on this machine, falling back to --engine=buildkit')

package/src/deployment.ts

@@ -1,3 +1,9 @@
+import { unlink, writeFile } from 'fs/promises'
+import os from 'os'
+import path from 'path'
+import { exit } from 'process'
+import { TargetEnvironment } from 'targetenvironment.js'
+
 import {
   KubeConfig,
   CoreV1Api,
@@ -5,13 +11,9 @@ import {
   type CoreV1ApiListNamespacedPodRequest,
   type CoreV1ApiReadNamespacedPodLogRequest,
 } from '@kubernetes/client-node'
+
 import { logger } from './logging.js'
-import { TargetEnvironment } from 'targetenvironment.js'
-import { exit } from 'process'
-import { unlink, writeFile } from 'fs/promises'
 import { executeCommand } from './utils.js'
-import os from 'os'
-import path from 'path'
 
 enum GameServerPodPhase {
   Ready = 'Ready', // Successfully started and ready to accept traffic

package/src/secret_store.ts

@@ -1,7 +1,8 @@
-import { promises as fs } from 'fs'
-import { join } from 'path'
 import { randomBytes, createCipheriv, createDecipheriv, scryptSync } from 'crypto'
+import { promises as fs } from 'fs'
 import { homedir } from 'os'
+import { join } from 'path'
+
 import { logger } from './logging.js'
 
 const filePath: string = process.env.METAPLAY_AUTH_FILE ?? join(homedir(), '.metaplay_auth.json')

package/src/targetenvironment.ts

@@ -1,8 +1,10 @@
-import { logger } from './logging.js'
 import { dump } from 'js-yaml'
+
+import { ECRClient, GetAuthorizationTokenCommand } from '@aws-sdk/client-ecr'
+
 import { getUserinfo } from './auth.js'
+import { logger } from './logging.js'
 import { isRunningUnderNpx } from './utils.js'
-import { ECRClient, GetAuthorizationTokenCommand } from '@aws-sdk/client-ecr'
 
 interface AwsCredentialsResponse {
   AccessKeyId: string
@@ -124,9 +126,7 @@ export class TargetEnvironment {
     } catch (error: any) {
       logger.error(`Failed to fetch ${method} ${url}:`, error)
       if (error.cause?.code === 'UNABLE_TO_VERIFY_LEAF_SIGNATURE') {
-        throw new Error(
-          `Failed to to fetch ${url}: SSL certificate validation failed. Is someone trying to tamper with your internet connection?`
-        )
+        throw new Error(`Failed to to fetch ${url}: SSL certificate validation failed. Is someone trying to tamper with your internet connection?`)
       }
       throw new Error(`Failed to fetch ${url}: ${error}`)
     }

package/src/utils.ts

@@ -1,9 +1,10 @@
 import { spawn } from 'child_process'
-import { logger } from './logging.js'
-import path from 'path'
 import yaml from 'js-yaml'
+import path from 'path'
 import * as semver from 'semver'
 
+import { logger } from './logging.js'
+
 /**
  * Checks if the given string is a fully qualified domain name (FQDN).
  *

package/src/version.ts

@@ -1 +1 @@
-export const PACKAGE_VERSION = "1.6.0"
+export const PACKAGE_VERSION = "1.6.1"

package/.prettierignore

@@ -1,2 +0,0 @@
-dist
-src/version.ts

package/prettier.config.js

@@ -1,3 +0,0 @@
-import MetaplayPrettierConfig from '@metaplay/prettier-config'
-
-export default MetaplayPrettierConfig