@ones-open/node-sdk 0.0.4-10001.152 → 0.0.4-10114.223

package/dist/index.cjs

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const lodashEs = require("lodash-es");
+const node_crypto = require("node:crypto");
 const Fetch = require("axios");
+const lodashEs = require("lodash-es");
 const _sortInstanceProperty = require("@babel/runtime-corejs3/core-js-stable/instance/sort");
 const getONESHostedBaseUrl = () => {
   return process.env.ONES_HOSTED_BASE_URL;
@@ -12,12 +13,74 @@ const getONESHostedAppID = () => {
 const getONESHostedToken = () => {
   return process.env.ONES_HOSTED_TOKEN;
 };
-const index$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+const index$2 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
   getONESHostedAppID,
   getONESHostedBaseUrl,
   getONESHostedToken
 }, Symbol.toStringTag, { value: "Module" }));
+const ASSERTION_TTL_SECONDS = 24 * 60 * 60;
+const ASSERTION_JTI_LENGTH = 16;
+const TOKEN_GRANT_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
+const fetch$2 = Fetch.create();
+const buildJWTAssertion = (installationInfo, userID) => {
+  const now = Math.floor(Date.now() / 1e3);
+  const header = {
+    alg: "HS256",
+    typ: "JWT"
+  };
+  const payload = {
+    uid: userID,
+    rsh: "",
+    iss: installationInfo.installation_id,
+    sub: installationInfo.installation_id,
+    aud: "oauth",
+    exp: now + ASSERTION_TTL_SECONDS,
+    iat: now,
+    jti: node_crypto.randomUUID().replace(/-/g, "").slice(0, ASSERTION_JTI_LENGTH)
+  };
+  const encodedHeader = Buffer.from(JSON.stringify(header)).toString("base64url");
+  const encodedPayload = Buffer.from(JSON.stringify(payload)).toString("base64url");
+  const signingInput = `${encodedHeader}.${encodedPayload}`;
+  const signKey = Buffer.from(installationInfo.shared_secret, "base64");
+  const signature = node_crypto.createHmac("sha256", signKey).update(signingInput).digest("base64url");
+  return `${signingInput}.${signature}`;
+};
+const getAccessTokenByInstallationInfo = async function(installationInfo) {
+  let userID = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : "";
+  const assertion = buildJWTAssertion(installationInfo, userID);
+  const tokenURL = new URL("/oauth2/token", installationInfo.ones_base_url);
+  const formData = new URLSearchParams();
+  formData.set("grant_type", TOKEN_GRANT_TYPE);
+  formData.set("client_id", installationInfo.installation_id);
+  formData.set("assertion", assertion);
+  try {
+    const response = await fetch$2.post(tokenURL.toString(), formData.toString(), {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      }
+    });
+    const token = response.data;
+    if (!token.access_token) {
+      throw new Error("failed to get access token: empty access_token in response");
+    }
+    return token.access_token;
+  } catch (error) {
+    if (error instanceof Fetch.AxiosError) {
+      var _error$response, _error$response$statu, _error$response2, _error$response3;
+      const status = (_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.status;
+      const statusText = (_error$response$statu = (_error$response2 = error.response) === null || _error$response2 === void 0 ? void 0 : _error$response2.statusText) !== null && _error$response$statu !== void 0 ? _error$response$statu : "";
+      const data = (_error$response3 = error.response) === null || _error$response3 === void 0 ? void 0 : _error$response3.data;
+      const responseText = typeof data === "string" ? data : JSON.stringify(data);
+      throw new Error(`failed to get access token: ${status !== null && status !== void 0 ? status : "unknown"} ${statusText}, response: ${responseText}`);
+    }
+    throw error;
+  }
+};
+const index$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  getAccessTokenByInstallationInfo
+}, Symbol.toStringTag, { value: "Module" }));
 var EntityWhereConditionEnum = /* @__PURE__ */ ((EntityWhereConditionEnum2) => {
   EntityWhereConditionEnum2["beginsWith"] = "beginsWith";
   EntityWhereConditionEnum2["between"] = "between";
@@ -552,5 +615,6 @@ const index = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.definePropert
   object
 }, Symbol.toStringTag, { value: "Module" }));
 exports.ErrorCode = ErrorCode;
-exports.env = index$1;
+exports.env = index$2;
+exports.oauth = index$1;
 exports.storage = index;

package/dist/index.js

@@ -1,5 +1,6 @@
-import { isNull, isUndefined, isSymbol, set } from "lodash-es";
+import { randomUUID, createHmac } from "node:crypto";
 import Fetch, { AxiosError } from "axios";
+import { isNull, isUndefined, isSymbol, set } from "lodash-es";
 import _sortInstanceProperty from "@babel/runtime-corejs3/core-js-stable/instance/sort";
 const getONESHostedBaseUrl = () => {
   return process.env.ONES_HOSTED_BASE_URL;
@@ -10,12 +11,74 @@ const getONESHostedAppID = () => {
 const getONESHostedToken = () => {
   return process.env.ONES_HOSTED_TOKEN;
 };
-const index$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+const index$2 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
   getONESHostedAppID,
   getONESHostedBaseUrl,
   getONESHostedToken
 }, Symbol.toStringTag, { value: "Module" }));
+const ASSERTION_TTL_SECONDS = 24 * 60 * 60;
+const ASSERTION_JTI_LENGTH = 16;
+const TOKEN_GRANT_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
+const fetch$2 = Fetch.create();
+const buildJWTAssertion = (installationInfo, userID) => {
+  const now = Math.floor(Date.now() / 1e3);
+  const header = {
+    alg: "HS256",
+    typ: "JWT"
+  };
+  const payload = {
+    uid: userID,
+    rsh: "",
+    iss: installationInfo.installation_id,
+    sub: installationInfo.installation_id,
+    aud: "oauth",
+    exp: now + ASSERTION_TTL_SECONDS,
+    iat: now,
+    jti: randomUUID().replace(/-/g, "").slice(0, ASSERTION_JTI_LENGTH)
+  };
+  const encodedHeader = Buffer.from(JSON.stringify(header)).toString("base64url");
+  const encodedPayload = Buffer.from(JSON.stringify(payload)).toString("base64url");
+  const signingInput = `${encodedHeader}.${encodedPayload}`;
+  const signKey = Buffer.from(installationInfo.shared_secret, "base64");
+  const signature = createHmac("sha256", signKey).update(signingInput).digest("base64url");
+  return `${signingInput}.${signature}`;
+};
+const getAccessTokenByInstallationInfo = async function(installationInfo) {
+  let userID = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : "";
+  const assertion = buildJWTAssertion(installationInfo, userID);
+  const tokenURL = new URL("/oauth2/token", installationInfo.ones_base_url);
+  const formData = new URLSearchParams();
+  formData.set("grant_type", TOKEN_GRANT_TYPE);
+  formData.set("client_id", installationInfo.installation_id);
+  formData.set("assertion", assertion);
+  try {
+    const response = await fetch$2.post(tokenURL.toString(), formData.toString(), {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      }
+    });
+    const token = response.data;
+    if (!token.access_token) {
+      throw new Error("failed to get access token: empty access_token in response");
+    }
+    return token.access_token;
+  } catch (error) {
+    if (error instanceof AxiosError) {
+      var _error$response, _error$response$statu, _error$response2, _error$response3;
+      const status = (_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.status;
+      const statusText = (_error$response$statu = (_error$response2 = error.response) === null || _error$response2 === void 0 ? void 0 : _error$response2.statusText) !== null && _error$response$statu !== void 0 ? _error$response$statu : "";
+      const data = (_error$response3 = error.response) === null || _error$response3 === void 0 ? void 0 : _error$response3.data;
+      const responseText = typeof data === "string" ? data : JSON.stringify(data);
+      throw new Error(`failed to get access token: ${status !== null && status !== void 0 ? status : "unknown"} ${statusText}, response: ${responseText}`);
+    }
+    throw error;
+  }
+};
+const index$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  getAccessTokenByInstallationInfo
+}, Symbol.toStringTag, { value: "Module" }));
 var EntityWhereConditionEnum = /* @__PURE__ */ ((EntityWhereConditionEnum2) => {
   EntityWhereConditionEnum2["beginsWith"] = "beginsWith";
   EntityWhereConditionEnum2["between"] = "between";
@@ -551,6 +614,7 @@ const index = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.definePropert
 }, Symbol.toStringTag, { value: "Module" }));
 export {
   ErrorCode,
-  index$1 as env,
+  index$2 as env,
+  index$1 as oauth,
   index as storage
 };

package/dist/types/packages/node/event/index.d.ts

@@ -0,0 +1,2 @@
+export type * from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/packages/node/event/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/packages/node/event/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,SAAS,CAAA"}

package/dist/types/packages/node/event/types.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @description ONES 事件回调 HTTP 请求体
+ */
+export interface EventBody<EventData = unknown> {
+    /**
+     * @description 事件 ID（在 ONES 实例内唯一）
+     */
+    eventID: string;
+    /**
+     * @description 事件类型（如 ones:project:issue:created）
+     */
+    eventType: string;
+    /**
+     * @description 事件发生时间戳（毫秒）
+     */
+    timestamp: number;
+    /**
+     * @description 事件数据载荷
+     */
+    eventData: EventData;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types/packages/node/event/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/packages/node/event/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,SAAS,CAAC,SAAS,GAAG,OAAO;IAC5C;;OAEG;IACH,OAAO,EAAE,MAAM,CAAA;IACf;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;CACrB"}

package/dist/types/packages/node/index.d.ts

@@ -1,5 +1,8 @@
 export * as env from '../../packages/strict/env';
+export * as oauth from './oauth';
 export * as storage from './storage';
+export type * from './event';
 export { ErrorCode } from '../../packages/strict/error';
 export type { Entity, EntityBatchSetItem, EntityQuery, EntityListResultData, EntityError, ObjectError, ObjectStoreUploadResult, ObjectStoreDownloadResult, } from './storage';
+export type { InstallationInfo, OAuthClient } from './oauth';
 //# sourceMappingURL=index.d.ts.map

package/dist/types/packages/node/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/packages/node/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,uBAAuB,CAAA;AAC5C,OAAO,KAAK,OAAO,MAAM,WAAW,CAAA;AAEpC,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAEnD,YAAY,EACV,MAAM,EACN,kBAAkB,EAClB,WAAW,EACX,oBAAoB,EACpB,WAAW,EACX,WAAW,EACX,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/packages/node/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,uBAAuB,CAAA;AAC5C,OAAO,KAAK,KAAK,MAAM,SAAS,CAAA;AAChC,OAAO,KAAK,OAAO,MAAM,WAAW,CAAA;AACpC,mBAAmB,SAAS,CAAA;AAE5B,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAEnD,YAAY,EACV,MAAM,EACN,kBAAkB,EAClB,WAAW,EACX,oBAAoB,EACpB,WAAW,EACX,WAAW,EACX,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,WAAW,CAAA;AAClB,YAAY,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA"}

package/dist/types/packages/node/oauth/index.d.ts

@@ -0,0 +1,4 @@
+import type { OAuthClient } from './types';
+export type * from './types';
+export declare const getAccessTokenByInstallationInfo: OAuthClient['getAccessTokenByInstallationInfo'];
+//# sourceMappingURL=index.d.ts.map

package/dist/types/packages/node/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/packages/node/oauth/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAoB,WAAW,EAAE,MAAM,SAAS,CAAA;AAE5D,mBAAmB,SAAS,CAAA;AAiD5B,eAAO,MAAM,gCAAgC,EAAE,WAAW,CAAC,kCAAkC,CAsC1F,CAAA"}

package/dist/types/packages/node/oauth/types.d.ts

@@ -0,0 +1,28 @@
+/**
+ * @description Installation callback data used for token exchange
+ */
+export interface InstallationInfo {
+    /**
+     * @description Installation ID of the app
+     */
+    installation_id: string;
+    /**
+     * @description Base64 encoded installation shared secret
+     */
+    shared_secret: string;
+    /**
+     * @description ONES base URL of the installation
+     */
+    ones_base_url: string;
+}
+export interface OAuthClient {
+    /**
+     * @description Exchange installation info for an OAuth access token
+     * @param installationInfo Installation callback data
+     * @param userID User ID in the installation organization.
+     *               Empty string means requesting token as the app itself.
+     * @returns Access token
+     */
+    getAccessTokenByInstallationInfo(installationInfo: InstallationInfo, userID?: string): Promise<string>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types/packages/node/oauth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/packages/node/oauth/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B;;OAEG;IACH,eAAe,EAAE,MAAM,CAAA;IACvB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B;;;;;;OAMG;IACH,gCAAgC,CAC9B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CAAA;CACnB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ones-open/node-sdk",
-  "version": "0.0.4-10001.152+e5e51129",
+  "version": "0.0.4-10114.223+882c7713",
   "description": "",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -50,5 +50,5 @@
   "devDependencies": {
     "@types/lodash-es": "^4.17.12"
   },
-  "gitHead": "e5e51129d48f958f3601bad876aad064946c29a9"
+  "gitHead": "882c77136f62dec9551760afa8e6cacb066589ba"
 }