@metaplay/metaplay-auth 1.7.0 → 1.7.1

package/index.ts

@@ -89,7 +89,7 @@ interface PortalEnvironmentInfo {
  * @param environment Environment slug.
  * @returns The portal's information about the environment.
  */
-// eslint-disable-next-line @typescript-eslint/max-params
+ 
 async function fetchManagedEnvironmentInfoWithSlugs(
   tokens: TokenSet,
   organization: string,
@@ -154,7 +154,7 @@ async function fetchManageEnvironmentInfoWithHumanId(tokens: TokenSet, humanId:
  * @param environment Environment slug.
  * @returns The TargetEnvironment instance needed to operate with the environment.
  */
-// eslint-disable-next-line @typescript-eslint/max-params
+ 
 async function resolveTargetEnvironmentFromSlugs(
   tokens: TokenSet,
   organization: string,
@@ -630,7 +630,7 @@ program
                 reject(error)
               } else {
                 // result contains an array of all the progress objects
-                logger.debug('Succesfully finished pushing docker image')
+                logger.debug('Successfully finished pushing docker image')
                 resolve(result)
               }
             },
@@ -749,7 +749,7 @@ program
                     reject(error)
                   } else {
                     // result contains an array of all the progress objects
-                    logger.debug('Succesfully finished pulling image')
+                    logger.debug('Successfully finished pulling image')
                     resolve(result)
                   }
                 },
@@ -790,14 +790,16 @@ program
           options.helmChartRepo ?? imageLabels['io.metaplay.default_helm_repo'] ?? 'https://charts.metaplay.dev'
         )
 
+        // Warn about Helm chart version needing to be specified explicitly (unless using a local chart)
+        if (!options.helmChartVersion && !options.localChartPath) {
+          console.warn('Warning: You should specify the Helm chart version explicitly with --helm-chart-version=<version>!')
+        }
+
         // Resolve helmChartVersion, in order of precedence:
         // - Specified in the cli options
         // - Specified in the docker image label
         // - Unknown, error out!
         const helmChartVersionSpec = options.helmChartVersion ?? imageLabels['io.metaplay.default_server_chart_version']
-        if (!options.helmChartVersion) {
-          console.warn('Warning: You should specify the Helm chart version with --helm-chart-version=<version>!')
-        }
         if (!helmChartVersionSpec) {
           throw new Error('No Helm chart version defined. With pre-R28 SDK versions, you must specify the Helm chart version explicitly with --helm-chart-version=<version>.')
         }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@metaplay/metaplay-auth",
   "description": "Utility CLI for authenticating with the Metaplay Auth and making authenticated calls to infrastructure endpoints.",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE",
   "homepage": "https://metaplay.io",
@@ -18,22 +18,22 @@
   "devDependencies": {
     "@metaplay/eslint-config": "workspace:*",
     "@types/dockerode": "3.3.31",
-    "@types/express": "4.17.21",
+    "@types/express": "5.0.0",
     "@types/js-yaml": "4.0.9",
     "@types/jsonwebtoken": "9.0.7",
     "@types/jwk-to-pem": "2.0.3",
-    "@types/node": "20.16.1",
+    "@types/node": "20.16.10",
     "@types/semver": "7.5.8",
     "esbuild": "0.24.0",
     "tsx": "4.19.1",
-    "typescript": "5.6.2",
-    "vitest": "2.1.1",
-    "@aws-sdk/client-ecr": "3.654.0",
-    "@kubernetes/client-node": "1.0.0-rc6",
-    "@ory/client": "1.15.4",
+    "typescript": "5.6.3",
+    "vitest": "2.1.3",
+    "@aws-sdk/client-ecr": "3.675.0",
+    "@kubernetes/client-node": "1.0.0-rc7",
+    "@ory/client": "1.15.7",
     "commander": "12.1.0",
     "dockerode": "4.0.2",
-    "h3": "1.12.0",
+    "h3": "1.13.0",
     "js-yaml": "4.1.0",
     "jsonwebtoken": "9.0.2",
     "jwk-to-pem": "2.0.6",

package/src/auth.ts

@@ -1,4 +1,4 @@
-/* eslint-disable @typescript-eslint/no-misused-promises */
+ 
 import { toNodeListener, createApp, defineEventHandler, getQuery, sendError } from 'h3'
 import jwt from 'jsonwebtoken'
 import jwkToPem from 'jwk-to-pem'
@@ -324,7 +324,7 @@ async function extendCurrentSessionWithRefreshToken(
  * @param code
  * @returns
  */
-// eslint-disable-next-line @typescript-eslint/max-params
+ 
 async function getTokensWithAuthorizationCode(
   state: string,
   redirectUri: string,
@@ -356,7 +356,7 @@ async function getTokensWithAuthorizationCode(
  */
 export async function loadTokens(): Promise<TokenSet> {
   try {
-    const tokens = (await getSecret('tokens')) as TokenSet
+    const tokens = (await getSecret('tokens')) as unknown as TokenSet
 
     if (!tokens) {
       throw new Error('Unable to load tokens. You need to login first.')

package/src/deployment.ts

@@ -3,7 +3,8 @@ import os from 'os'
 import path from 'path'
 import { exit } from 'process'
 import { EnvironmentDetails, TargetEnvironment } from 'targetenvironment.js'
-import * as net from 'net'
+import { promises as dns } from 'dns'
+import tls from 'tls'
 
 import {
   KubeConfig,
@@ -404,8 +405,8 @@ export async function waitForGameServerPodsToBeReady(
 
       // Handle state of the deployment
       if (anyPodsInPhase(podStatuses, GameServerPodPhase.Failed)) {
-        logger.error(`Gameserver start failed with pod statuses: ${JSON.stringify(podStatuses, undefined, 2)}`)
-        console.log('Gameserver failed to start due to the pods not starting properly! See above for details.')
+        logger.error(`Game server start failed with pod statuses: ${JSON.stringify(podStatuses, undefined, 2)}`)
+        console.log('Game server failed to start due to the pods not starting properly! See above for details.')
         for (let ndx = 0; ndx < pods.length; ndx += 1) {
           const status = podStatuses[ndx]
           const suffix = status.phase !== GameServerPodPhase.Ready ? ` -- ${status.message}` : ''
@@ -417,14 +418,14 @@ export async function waitForGameServerPodsToBeReady(
         anyPodsInPhase(podStatuses, GameServerPodPhase.Pending) ||
         anyPodsInPhase(podStatuses, GameServerPodPhase.Running)
       ) {
-        console.log('Waiting for gameserver(s) to be ready...')
+        console.log('Waiting for pod(s) to be ready...')
         for (let ndx = 0; ndx < pods.length; ndx += 1) {
           const status = podStatuses[ndx]
           const suffix = status.phase !== GameServerPodPhase.Ready ? ` -- ${status.message}` : ''
           console.log(`  ${pods[ndx].metadata?.name}: ${status.phase}${suffix}`)
         }
       } else if (allPodsInPhase(podStatuses, GameServerPodPhase.Ready)) {
-        console.log('Gameserver is up and ready to serve!')
+        console.log('Game server pod(s) are up and ready to serve!')
         return
       } else {
         console.log('Deployment in inconsistent state, waiting...')
@@ -445,9 +446,34 @@ export async function waitForGameServerPodsToBeReady(
   }
 }
 
+async function waitForDomainResolution(hostname: string): Promise<void> {
+  // Use 15min timeout -- DNS propagation can take a while
+  const timeoutAt = Date.now() + 15 * 60 * 1000
+
+  while (true) {
+    try {
+      const addresses = await dns.lookup(hostname)
+      console.log(`Successfully resolved domain ${hostname} to:`, addresses)
+      return
+    } catch (err) {
+      if (Date.now() > timeoutAt) {
+        throw new Error(`Could not resolve domain ${hostname} before timeout.`)
+      }
+
+      if (err instanceof Error && (err as NodeJS.ErrnoException).code === 'ENOTFOUND') {
+        console.log(`Waiting for domain name ${hostname} to propagate... This can take up to 15 minutes on the first deploy.`)
+      } else {
+        console.log(`Failed to resolve ${hostname}: ${String(err)}. Retrying...`)
+      }
+      await delay(5000) // use long timeout as it can take ~5min for DNS to propagate
+    }
+  }
+}
+
 /**
  * Wait until we can establish a client-simulating connection to the target
- * game server, or a timeout happens.
+ * game server and perform the TLS handshake and wait for the initial bytes
+ * to be received from the server, or a timeout happens.
  * @param hostname Hostname of the target server to connect to.
  * @param port Port to use for the connections (usually 9339).
  */
@@ -455,47 +481,49 @@ async function waitForGameServerClientEndpointToBeReady(
   hostname: string,
   port: number
 ): Promise<void> {
-  const checkConnection = async (): Promise<boolean> => {
-      return await new Promise((resolve) => {
-          const socket = new net.Socket()
-          // Set a short timeout for each attempt
-          // Note: This does not include the DNS resolve time which can take a minute or so.
-          // \todo Consider adding a DNS resolve step before trying to connect.
-          socket.setTimeout(2000)
-
-          socket.on('connect', () => {
-              socket.destroy() // Clean up after success
-              resolve(true)
-          })
-
-          socket.on('error', () => {
-              socket.destroy() // Clean up after error
-              resolve(false)
-          })
-
-          socket.on('timeout', () => {
-              socket.destroy() // Clean up after timeout
-              resolve(false)
-          })
-
-          socket.connect(port, hostname)
-      })
-  }
-
-  // Try for 2 min before giving up
-  const timeoutAt = Date.now() + 2 * 60 * 1000
+  // Try for a few minutes before giving up
+  const timeoutAt = Date.now() + 5 * 60 * 1000
 
   while (Date.now() < timeoutAt) {
-    const connected = await checkConnection()
-    if (connected) {
-      console.log(`Successfully connected to ${hostname}:${port}`)
+    try {
+      await new Promise<void>((resolve, reject) => {
+        const socket: tls.TLSSocket = tls.connect({ host: hostname, port }, () => {
+          if (socket.authorized) {
+            console.log('TLS handshake completed, waiting to receive data from the server...')
+            // \todo This is enough with direct connection to the server but with the upcoming
+            //       client-traffic-proxy, we may need to exchange the proper handshake messages
+            socket.once('data', (bytes: Buffer) => {
+              const hexBytes = Array.from(bytes).map(byte => byte.toString(16).padStart(2, '0'))
+              console.log(`Received ${bytes.length} bytes from server: ${hexBytes.join(' ')}`)
+              socket.end()
+              resolve()
+            })
+          } else {
+            socket.end()
+            reject(new Error(`TLS handshake failed: ${String(socket.authorizationError)}`))
+          }
+        })
+
+        socket.on('error', reject)
+
+        socket.setTimeout(5000, () => {
+          socket.end()
+          reject(new Error('Timeout while waiting for data after handshake'))
+        })
+      })
+
+      // Success
+      console.log(`Successfully connected to the target environment ${hostname}:${port}`)
       return
+    } catch (error) {
+      console.log(`Attempt failed, retrying: ${String(error)}`)
     }
-    console.log(`Retrying connection to ${hostname}:${port}...`)
-    await new Promise((resolve) => setTimeout(resolve, 1000))
+
+    // Wait a bit before trying again
+    await delay(1000)
   }
 
-  throw new Error(`Timeout while trying to connect to ${hostname}:${port}.`)
+  throw new Error(`Timeout reached while waiting to establish connection to ${hostname}:${port}`)
 }
 
 /**
@@ -515,7 +543,10 @@ export async function checkGameServerDeployment(
   console.log('Waiting for game server pods to be ready...')
   await waitForGameServerPodsToBeReady(envInfo.deployment.kubernetes_namespace, kubeconfig, requiredImageTag)
 
-  // \todo Add a separate step for a DNS check on the game server
+  // Resolve DNS for the target server
+  // \todo Use the -proxy address when client-traffic-proxy is in use
+  console.log(`Resolving the domain name '${envInfo.deployment.server_hostname}' of the server...`)
+  await waitForDomainResolution(envInfo.deployment.server_hostname)
 
   // Check that the game server accepts traffic on its client-facing endpoint
   const clientTrafficPort = 9339 // \todo check for other ports, too?

package/src/secret_store.ts

@@ -78,7 +78,7 @@ export async function setSecret(key: string, value: any): Promise<void> {
   await fs.writeFile(filePath, content)
 }
 
-export async function getSecret(key: string): Promise<any | undefined> {
+export async function getSecret(key: string): Promise<string> {
   logger.debug(`Getting secret ${key}...`)
 
   const secrets = await loadSecrets()

package/src/targetenvironment.ts

@@ -113,7 +113,7 @@ export class TargetEnvironment {
   }
 
   async fetchText(url: string, method: string): Promise<string> {
-    // eslint-disable-next-line @typescript-eslint/init-declarations
+     
     let response
     try {
       response = await fetch(url, {
@@ -168,7 +168,7 @@ export class TargetEnvironment {
     logger.debug(`Getting Kubernetes KubeConfig from ${url}...`)
 
     // get the execcredential and morph it into a kubeconfig which calls metaplay-auth for the token
-    // eslint-disable-next-line @typescript-eslint/init-declarations
+     
     let kubeExecCredential: KubeExecCredential
     try {
       kubeExecCredential = await this.fetchJson<KubeExecCredential>(url, 'POST')

package/src/version.ts

@@ -1 +1 @@
-export const PACKAGE_VERSION = "1.7.0"
+export const PACKAGE_VERSION = "1.7.1"