@rusamer/env-guards 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +107 -0
- package/dist/index.d.mts +8 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.js +239 -0
- package/dist/index.js.map +1 -0
- package/dist/index.mjs +236 -0
- package/dist/index.mjs.map +1 -0
- package/dist/keytar-F4YAPN53.node +0 -0
- package/dist/next.d.mts +6 -0
- package/dist/next.d.ts +6 -0
- package/dist/next.js +241 -0
- package/dist/next.js.map +1 -0
- package/dist/next.mjs +239 -0
- package/dist/next.mjs.map +1 -0
- package/dist/types-BxDfpIC9.d.mts +23 -0
- package/dist/types-BxDfpIC9.d.ts +23 -0
- package/package.json +60 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["node-file:D:/projects/envguards-sdk/node_modules/keytar/build/Release/keytar.node","../node_modules/keytar/lib/keytar.js","../src/index.ts"],"names":["exports","require_keytar"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAA,cAAA,GAAA,UAAA,CAAA;AAAA,EAAA,0FAAA,CAAAA,SAAA,EAAA,MAAA,EAAA;AACY,IAAA,WAAA,EAAA;AACA,IAAA,IAAI;AAAE,MAAA,MAAA,CAAO,OAAA,GAAU,UAAQ,cAAI,CAAA;AAAA,IAAE,CAAA,CAAA,MAC/B;AAAA,IAAC;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACHnB,IAAAC,eAAAA,GAAA,UAAA,CAAA;AAAA,EAAA,mCAAA,CAAAD,SAAA,EAAA,MAAA,EAAA;AAAA,IAAA,IAAI,MAAA,GAAS,cAAA,EAAA;AAEb,IAAA,SAAS,aAAA,CAAc,KAAK,IAAA,EAAM;AAChC,MAAA,IAAI,CAAC,GAAA,IAAO,GAAA,CAAI,MAAA,IAAU,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAI,KAAA,CAAM,IAAA,GAAO,eAAe,CAAA;AAAA,MACxC;AAAA,IACF;AAEA,IAAA,MAAA,CAAO,OAAA,GAAU;AAAA,MACf,WAAA,EAAa,SAAU,OAAA,EAAS,OAAA,EAAS;AACvC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,OAAO,CAAA;AAAA,MAC5C,CAAA;AAAA,MAEA,WAAA,EAAa,SAAU,OAAA,EAAS,OAAA,EAAS,QAAA,EAAU;AACjD,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,UAAU,UAAU,CAAA;AAElC,QAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,OAAA,EAAS,QAAQ,CAAA;AAAA,MACtD,CAAA;AAAA,MAEA,cAAA,EAAgB,SAAU,OAAA,EAAS,OAAA,EAAS;AAC1C,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,cAAA,CAAe,OAAA,EAAS,OAAO,CAAA;AAAA,MAC/C,CAAA;AAAA,MAEA,YAAA,EAAc,SAAU,OAAA,EAAS;AAC/B,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,aAAa,OAAO,CAAA;AAAA,MACpC,CAAA;AAAA,MAEA,eAAA,EAAiB,SAAU,OAAA,EAAS;AAClC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,gBAAgB,OAAO,CAAA;AAAA,MACvC;AAAA,KACF;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACjCA,IAAM,KAAA,uBAAY,GAAA,EAAwB;AAC1C,IAAI,kBAAA,GAA6D,IAAA;AAG1D,SAAS,WAAA,GAAc;AAC1B,EAAA,KAAA,CAAM,KAAA,EAAM;AACZ,EAAA,kBAAA,GAAqB,IAAA;AACzB;AAIA,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,0GAA0G,CAAA;AAAA,EAC9H;AACJ;AAEA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACvE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,kBAAkB,MAAA,EAA0C;AAEvE,EAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,OAAO,MAAA,CAAO,MAAA;AAGjC,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,OAAO,QAAQ,GAAA,CAAI,kBAAA;AAGvD,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAA,CAAU,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,MAAA,OAAA,CAAA,eAAA,EAAA,CAAA,CAAA,EAAkB,OAAA;AACxC,IAAA,MAAM,OAAA,GAAU,YAAA;AAChB,IAAA,MAAM,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,SAAQ,GAAI,MAAA;AAC/C,IAAA,IAAI,MAAA,IAAU,GAAA,IAAO,OAAA,IAAW,GAAA,IAAO,OAAA,EAAS;AAC5C,MAAA,MAAM,OAAA,GAAU,CAAA,QAAA,EAAW,MAAM,CAAA,CAAA,EAAI,GAAG,IAAI,OAAO,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AACrE,MAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,WAAA,CAAY,SAAS,OAAO,CAAA;AACrD,MAAA,IAAI,KAAK,OAAO,GAAA;AAAA,IACpB;AAAA,EACJ,SAAS,GAAA,EAAK;AAAA,EAEd;AAEA,EAAA,MAAM,IAAI,MAAM,+HAA+H,CAAA;AACnJ;AAEA,SAAS,cAAc,OAAA,EAA2C;AAC9D,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,OAAO;AAAA,IACH,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,kBAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,kBAAA;AAAA,IACvC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,cAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,kBAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,cAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AACJ;AAEA,eAAe,aAAA,CAAc,MAAA,EAAgB,UAAA,EAAoB,KAAA,EAAiC,SAAiB,KAAA,EAAoC;AACnJ,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IAC7D,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,UAAU,UAAU,CAAA;AAAA,KACzC;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAAA,IAC1B;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,mCAAA,EAAsC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACxF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAgB,KAAA,EAAe,OAAA,EAAkD;AACxG,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IACtD,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS,EAAE,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,EAAG;AAAA,IAC9C;AAAA,GACH,CAAA;AAED,EAAA,IAAI,IAAI,MAAA,KAAW,GAAA,EAAK,MAAM,IAAI,MAAM,KAAK,CAAA;AAC7C,EAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAEhG,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,SAAS,oBAAA,CAAqB,MAAA,EAAgB,UAAA,EAAoB,MAAA,EAAiC;AAC/F,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,SAAA,CAAU,CAAA,EAAG,EAAE,CAAA;AAC5C,EAAA,OAAO,CAAC,MAAA,EAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,OAAA,EAAS,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,OAAO,CAAA,CAAE,KAAK,GAAG,CAAA;AAC/F;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,cAAc,OAAO,CAAA;AACpC,EAAA,MAAM,EAAE,MAAA,EAAQ,GAAG,KAAA,EAAM,GAAI,MAAA;AAE7B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACT,IAAA,MAAM,IAAI,MAAM,kEAAkE,CAAA;AAAA,EACtF;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,MAAM,CAAA;AACjD,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,gBAAgB,EAAA,GAAK,GAAA;AAE3B,EAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,MAAA,EAAQ,UAAA,EAAY,MAAM,CAAA;AACnE,EAAA,IAAI,CAAC,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA,EAAG;AACzB,IAAA,KAAA,CAAM,GAAA,CAAI,aAAa,EAAE,KAAA,EAAO,MAAM,cAAA,EAAgB,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,CAAA;AAAA,EAC9E;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA;AAEnC,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,aAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,KAAA,CAAM,iBAAkB,GAAA,GAAM,aAAA;AAEhF,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,UAAA,EAAY,KAAA,EAAO,SAAS,KAAK,CAAA;AAAA,EACzE;AAEA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAEA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AACvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AACf,MAAA,MAAM,WAAW,MAAM,aAAA,CAAc,QAAQ,UAAA,EAAY,KAAA,EAAO,SAAS,KAAK,CAAA;AAC9E,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAEO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA,CAAQ,MAAM;AACxD,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAED,EAAA,OAAO,kBAAA;AACX","file":"index.mjs","sourcesContent":["\n import path from \"D:\\\\projects\\\\envguards-sdk\\\\node_modules\\\\keytar\\\\build\\\\Release\\\\keytar.node\"\n try { module.exports = require(path) }\n catch {}\n ","var keytar = require('../build/Release/keytar.node')\n\nfunction checkRequired(val, name) {\n if (!val || val.length <= 0) {\n throw new Error(name + ' is required.');\n }\n}\n\nmodule.exports = {\n getPassword: function (service, account) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n\n return keytar.getPassword(service, account)\n },\n\n setPassword: function (service, account, password) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n checkRequired(password, 'Password')\n\n return keytar.setPassword(service, account, password)\n },\n\n deletePassword: function (service, account) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n\n return keytar.deletePassword(service, account)\n },\n\n findPassword: function (service) {\n checkRequired(service, 'Service')\n\n return keytar.findPassword(service)\n },\n\n findCredentials: function (service) {\n checkRequired(service, 'Service')\n\n return keytar.findCredentials(service)\n }\n}\n","import type { EnvGuardsConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst cache = new Map<string, CacheState>();\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n cache.clear();\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[Env.Guards] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[Env.Guards] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function resolveRuntimeKey(config: EnvGuardsConfig): Promise<string> {\r\n // 1. Explicitly passed apiKey\r\n if (config.apiKey) return config.apiKey;\r\n\r\n // 2. Environment variable\r\n if (process.env.ENV_GUARDS_API_KEY) return process.env.ENV_GUARDS_API_KEY;\r\n\r\n // 3. Keytar (for local development, optional)\r\n try {\r\n const keytar = (await import('keytar')).default;\r\n const SERVICE = 'env-guards';\r\n const { apiUrl, org, project, env, service } = config;\r\n if (apiUrl && org && project && env && service) {\r\n const account = `runtime:${apiUrl}:${org}:${project}:${env}:${service}`;\r\n const key = await keytar.getPassword(SERVICE, account);\r\n if (key) return key;\r\n }\r\n } catch (err) {\r\n // Keytar is optional, so we ignore errors (e.g., native module not built).\r\n }\r\n\r\n throw new Error('[Env.Guards] Runtime key not found. Please set ENV_GUARDS_API_KEY, use `env-guards run`, or run `env-guards add-runtime-key`.');\r\n}\r\n\r\nfunction getFullConfig(options?: LoadEnvOptions): EnvGuardsConfig {\r\n const env = process.env;\r\n return {\r\n apiUrl: options?.config?.apiUrl ?? env.ENV_GUARDS_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENV_GUARDS_API_KEY,\r\n org: options?.config?.org ?? env.ENV_GUARDS_ORG,\r\n project: options?.config?.project ?? env.ENV_GUARDS_PROJECT,\r\n env: options?.config?.env ?? env.ENV_GUARDS_ENV,\r\n service: options?.config?.service ?? env.ENV_GUARDS_SERVICE,\r\n };\r\n}\r\n\r\nasync function exchangeToken(apiUrl: string, runtimeKey: string, scope: Partial<EnvGuardsConfig>, timeout: number, state: CacheState): Promise<string> {\r\n const res = await fetchWithTimeout(`${apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${runtimeKey}`,\r\n },\r\n body: JSON.stringify(scope),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[Env.Guards] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(apiUrl: string, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: { 'Authorization': `Bearer ${token}` },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) throw new Error('401'); // Signal to retry\r\n if (!res.ok) throw new Error(`[Env.Guards] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nfunction getConfigFingerprint(apiUrl: string, runtimeKey: string, config: EnvGuardsConfig): string {\r\n const keyPrefix = runtimeKey.substring(0, 12); // env-guards_sk_...\r\n return [apiUrl, keyPrefix, config.org, config.project, config.env, config.service].join('|');\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getFullConfig(options);\r\n const { apiUrl, ...scope } = config;\r\n\r\n if (!apiUrl) {\r\n throw new Error('[Env.Guards] Missing required configuration: apiUrl is required.');\r\n }\r\n\r\n const runtimeKey = await resolveRuntimeKey(config);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n const TOKEN_SKEW_MS = 30 * 1000;\r\n\r\n const fingerprint = getConfigFingerprint(apiUrl, runtimeKey, config);\r\n if (!cache.has(fingerprint)) {\r\n cache.set(fingerprint, { token: null, tokenExpiresAt: null, bundle: null });\r\n }\r\n const state = cache.get(fingerprint)!;\r\n\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > (now + TOKEN_SKEW_MS);\r\n\r\n if (!tokenValid) {\r\n token = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);\r\n }\r\n\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n try {\r\n const values = await fetchBundle(apiUrl, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n state.token = null;\r\n state.bundle = null;\r\n const newToken = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);\r\n const values = await fetchBundle(apiUrl, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options).finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n"]}
|
|
Binary file
|
package/dist/next.d.mts
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { L as LoadEnvOptions } from './types-BxDfpIC9.mjs';
|
|
2
|
+
export { A as AuthExchangeResponse, B as BundleResponse, E as EnvGuardsConfig } from './types-BxDfpIC9.mjs';
|
|
3
|
+
|
|
4
|
+
declare function loadServerEnv(options?: LoadEnvOptions): Promise<Record<string, string>>;
|
|
5
|
+
|
|
6
|
+
export { LoadEnvOptions, loadServerEnv };
|
package/dist/next.d.ts
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { L as LoadEnvOptions } from './types-BxDfpIC9.js';
|
|
2
|
+
export { A as AuthExchangeResponse, B as BundleResponse, E as EnvGuardsConfig } from './types-BxDfpIC9.js';
|
|
3
|
+
|
|
4
|
+
declare function loadServerEnv(options?: LoadEnvOptions): Promise<Record<string, string>>;
|
|
5
|
+
|
|
6
|
+
export { LoadEnvOptions, loadServerEnv };
|
package/dist/next.js
ADDED
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
require('server-only');
|
|
4
|
+
|
|
5
|
+
var __create = Object.create;
|
|
6
|
+
var __defProp = Object.defineProperty;
|
|
7
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
8
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
9
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
10
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
11
|
+
var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
|
|
12
|
+
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
|
|
13
|
+
}) : x)(function(x) {
|
|
14
|
+
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
15
|
+
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
16
|
+
});
|
|
17
|
+
var __esm = (fn, res) => function __init() {
|
|
18
|
+
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
19
|
+
};
|
|
20
|
+
var __commonJS = (cb, mod) => function __require2() {
|
|
21
|
+
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
|
|
22
|
+
};
|
|
23
|
+
var __copyProps = (to, from, except, desc) => {
|
|
24
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
25
|
+
for (let key of __getOwnPropNames(from))
|
|
26
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
27
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
28
|
+
}
|
|
29
|
+
return to;
|
|
30
|
+
};
|
|
31
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
32
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
33
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
34
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
35
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
36
|
+
!mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
37
|
+
mod
|
|
38
|
+
));
|
|
39
|
+
|
|
40
|
+
// node_modules/keytar/build/Release/keytar.node
|
|
41
|
+
var keytar_default;
|
|
42
|
+
var init_keytar = __esm({
|
|
43
|
+
"node_modules/keytar/build/Release/keytar.node"() {
|
|
44
|
+
keytar_default = "./keytar-F4YAPN53.node";
|
|
45
|
+
}
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
// node-file:D:\projects\envguards-sdk\node_modules\keytar\build\Release\keytar.node
|
|
49
|
+
var require_keytar = __commonJS({
|
|
50
|
+
"node-file:D:\\projects\\envguards-sdk\\node_modules\\keytar\\build\\Release\\keytar.node"(exports$1, module) {
|
|
51
|
+
init_keytar();
|
|
52
|
+
try {
|
|
53
|
+
module.exports = __require(keytar_default);
|
|
54
|
+
} catch {
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
// node_modules/keytar/lib/keytar.js
|
|
60
|
+
var require_keytar2 = __commonJS({
|
|
61
|
+
"node_modules/keytar/lib/keytar.js"(exports$1, module) {
|
|
62
|
+
var keytar = require_keytar();
|
|
63
|
+
function checkRequired(val, name) {
|
|
64
|
+
if (!val || val.length <= 0) {
|
|
65
|
+
throw new Error(name + " is required.");
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
module.exports = {
|
|
69
|
+
getPassword: function(service, account) {
|
|
70
|
+
checkRequired(service, "Service");
|
|
71
|
+
checkRequired(account, "Account");
|
|
72
|
+
return keytar.getPassword(service, account);
|
|
73
|
+
},
|
|
74
|
+
setPassword: function(service, account, password) {
|
|
75
|
+
checkRequired(service, "Service");
|
|
76
|
+
checkRequired(account, "Account");
|
|
77
|
+
checkRequired(password, "Password");
|
|
78
|
+
return keytar.setPassword(service, account, password);
|
|
79
|
+
},
|
|
80
|
+
deletePassword: function(service, account) {
|
|
81
|
+
checkRequired(service, "Service");
|
|
82
|
+
checkRequired(account, "Account");
|
|
83
|
+
return keytar.deletePassword(service, account);
|
|
84
|
+
},
|
|
85
|
+
findPassword: function(service) {
|
|
86
|
+
checkRequired(service, "Service");
|
|
87
|
+
return keytar.findPassword(service);
|
|
88
|
+
},
|
|
89
|
+
findCredentials: function(service) {
|
|
90
|
+
checkRequired(service, "Service");
|
|
91
|
+
return keytar.findCredentials(service);
|
|
92
|
+
}
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
});
|
|
96
|
+
|
|
97
|
+
// src/index.ts
|
|
98
|
+
var cache = /* @__PURE__ */ new Map();
|
|
99
|
+
var pendingLoadPromise = null;
|
|
100
|
+
function checkBrowser() {
|
|
101
|
+
if (typeof window !== "undefined") {
|
|
102
|
+
throw new Error("[Env.Guards] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.");
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
async function fetchWithTimeout(url, init) {
|
|
106
|
+
const { timeout = 5e3, ...rest } = init;
|
|
107
|
+
const controller = new AbortController();
|
|
108
|
+
const id = setTimeout(() => controller.abort(), timeout);
|
|
109
|
+
try {
|
|
110
|
+
const res = await fetch(url, { ...rest, signal: controller.signal });
|
|
111
|
+
return res;
|
|
112
|
+
} catch (err) {
|
|
113
|
+
if (err.name === "AbortError") {
|
|
114
|
+
throw new Error(`[Env.Guards] Request timed out after ${timeout}ms`);
|
|
115
|
+
}
|
|
116
|
+
throw err;
|
|
117
|
+
} finally {
|
|
118
|
+
clearTimeout(id);
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
async function resolveRuntimeKey(config) {
|
|
122
|
+
if (config.apiKey) return config.apiKey;
|
|
123
|
+
if (process.env.ENV_GUARDS_API_KEY) return process.env.ENV_GUARDS_API_KEY;
|
|
124
|
+
try {
|
|
125
|
+
const keytar = (await Promise.resolve().then(() => __toESM(require_keytar2()))).default;
|
|
126
|
+
const SERVICE = "env-guards";
|
|
127
|
+
const { apiUrl, org, project, env, service } = config;
|
|
128
|
+
if (apiUrl && org && project && env && service) {
|
|
129
|
+
const account = `runtime:${apiUrl}:${org}:${project}:${env}:${service}`;
|
|
130
|
+
const key = await keytar.getPassword(SERVICE, account);
|
|
131
|
+
if (key) return key;
|
|
132
|
+
}
|
|
133
|
+
} catch (err) {
|
|
134
|
+
}
|
|
135
|
+
throw new Error("[Env.Guards] Runtime key not found. Please set ENV_GUARDS_API_KEY, use `env-guards run`, or run `env-guards add-runtime-key`.");
|
|
136
|
+
}
|
|
137
|
+
function getFullConfig(options) {
|
|
138
|
+
const env = process.env;
|
|
139
|
+
return {
|
|
140
|
+
apiUrl: options?.config?.apiUrl ?? env.ENV_GUARDS_API_URL,
|
|
141
|
+
apiKey: options?.config?.apiKey ?? env.ENV_GUARDS_API_KEY,
|
|
142
|
+
org: options?.config?.org ?? env.ENV_GUARDS_ORG,
|
|
143
|
+
project: options?.config?.project ?? env.ENV_GUARDS_PROJECT,
|
|
144
|
+
env: options?.config?.env ?? env.ENV_GUARDS_ENV,
|
|
145
|
+
service: options?.config?.service ?? env.ENV_GUARDS_SERVICE
|
|
146
|
+
};
|
|
147
|
+
}
|
|
148
|
+
async function exchangeToken(apiUrl, runtimeKey, scope, timeout, state) {
|
|
149
|
+
const res = await fetchWithTimeout(`${apiUrl}/v1/auth/exchange`, {
|
|
150
|
+
method: "POST",
|
|
151
|
+
headers: {
|
|
152
|
+
"Content-Type": "application/json",
|
|
153
|
+
"Authorization": `Bearer ${runtimeKey}`
|
|
154
|
+
},
|
|
155
|
+
body: JSON.stringify(scope),
|
|
156
|
+
timeout
|
|
157
|
+
});
|
|
158
|
+
if (!res.ok) {
|
|
159
|
+
throw new Error(`[Env.Guards] Auth exchange failed: ${res.status} ${res.statusText}`);
|
|
160
|
+
}
|
|
161
|
+
const data = await res.json();
|
|
162
|
+
state.token = data.token;
|
|
163
|
+
state.tokenExpiresAt = new Date(data.expiresAt).getTime();
|
|
164
|
+
return data.token;
|
|
165
|
+
}
|
|
166
|
+
async function fetchBundle(apiUrl, token, timeout) {
|
|
167
|
+
const res = await fetchWithTimeout(`${apiUrl}/v1/bundle`, {
|
|
168
|
+
method: "GET",
|
|
169
|
+
headers: { "Authorization": `Bearer ${token}` },
|
|
170
|
+
timeout
|
|
171
|
+
});
|
|
172
|
+
if (res.status === 401) throw new Error("401");
|
|
173
|
+
if (!res.ok) throw new Error(`[Env.Guards] Fetch bundle failed: ${res.status} ${res.statusText}`);
|
|
174
|
+
const data = await res.json();
|
|
175
|
+
return data.values;
|
|
176
|
+
}
|
|
177
|
+
function getConfigFingerprint(apiUrl, runtimeKey, config) {
|
|
178
|
+
const keyPrefix = runtimeKey.substring(0, 12);
|
|
179
|
+
return [apiUrl, keyPrefix, config.org, config.project, config.env, config.service].join("|");
|
|
180
|
+
}
|
|
181
|
+
async function loadEnvInternal(options) {
|
|
182
|
+
checkBrowser();
|
|
183
|
+
const config = getFullConfig(options);
|
|
184
|
+
const { apiUrl, ...scope } = config;
|
|
185
|
+
if (!apiUrl) {
|
|
186
|
+
throw new Error("[Env.Guards] Missing required configuration: apiUrl is required.");
|
|
187
|
+
}
|
|
188
|
+
const runtimeKey = await resolveRuntimeKey(config);
|
|
189
|
+
const timeout = options?.timeout ?? 5e3;
|
|
190
|
+
const now = Date.now();
|
|
191
|
+
const TOKEN_SKEW_MS = 30 * 1e3;
|
|
192
|
+
const fingerprint = getConfigFingerprint(apiUrl, runtimeKey, config);
|
|
193
|
+
if (!cache.has(fingerprint)) {
|
|
194
|
+
cache.set(fingerprint, { token: null, tokenExpiresAt: null, bundle: null });
|
|
195
|
+
}
|
|
196
|
+
const state = cache.get(fingerprint);
|
|
197
|
+
let token = state.token;
|
|
198
|
+
let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now + TOKEN_SKEW_MS;
|
|
199
|
+
if (!tokenValid) {
|
|
200
|
+
token = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);
|
|
201
|
+
}
|
|
202
|
+
if (state.bundle && tokenValid) {
|
|
203
|
+
Object.assign(process.env, state.bundle);
|
|
204
|
+
return state.bundle;
|
|
205
|
+
}
|
|
206
|
+
try {
|
|
207
|
+
const values = await fetchBundle(apiUrl, token, timeout);
|
|
208
|
+
state.bundle = values;
|
|
209
|
+
Object.assign(process.env, values);
|
|
210
|
+
return values;
|
|
211
|
+
} catch (err) {
|
|
212
|
+
if (err.message === "401") {
|
|
213
|
+
state.token = null;
|
|
214
|
+
state.bundle = null;
|
|
215
|
+
const newToken = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);
|
|
216
|
+
const values = await fetchBundle(apiUrl, newToken, timeout);
|
|
217
|
+
state.bundle = values;
|
|
218
|
+
Object.assign(process.env, values);
|
|
219
|
+
return values;
|
|
220
|
+
}
|
|
221
|
+
throw err;
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
function loadEnv(options) {
|
|
225
|
+
if (pendingLoadPromise) {
|
|
226
|
+
return pendingLoadPromise;
|
|
227
|
+
}
|
|
228
|
+
pendingLoadPromise = loadEnvInternal(options).finally(() => {
|
|
229
|
+
pendingLoadPromise = null;
|
|
230
|
+
});
|
|
231
|
+
return pendingLoadPromise;
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
// src/next.ts
|
|
235
|
+
async function loadServerEnv(options) {
|
|
236
|
+
return loadEnv(options);
|
|
237
|
+
}
|
|
238
|
+
|
|
239
|
+
exports.loadServerEnv = loadServerEnv;
|
|
240
|
+
//# sourceMappingURL=next.js.map
|
|
241
|
+
//# sourceMappingURL=next.js.map
|
package/dist/next.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["node-file:D:/projects/envguards-sdk/node_modules/keytar/build/Release/keytar.node","../node_modules/keytar/lib/keytar.js","../src/index.ts","../src/next.ts"],"names":["exports","require_keytar"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAA,cAAA,GAAA,UAAA,CAAA;AAAA,EAAA,0FAAA,CAAAA,SAAA,EAAA,MAAA,EAAA;AACY,IAAA,WAAA,EAAA;AACA,IAAA,IAAI;AAAE,MAAA,MAAA,CAAO,OAAA,GAAU,UAAQ,cAAI,CAAA;AAAA,IAAE,CAAA,CAAA,MAC/B;AAAA,IAAC;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACHnB,IAAAC,eAAAA,GAAA,UAAA,CAAA;AAAA,EAAA,mCAAA,CAAAD,SAAA,EAAA,MAAA,EAAA;AAAA,IAAA,IAAI,MAAA,GAAS,cAAA,EAAA;AAEb,IAAA,SAAS,aAAA,CAAc,KAAK,IAAA,EAAM;AAChC,MAAA,IAAI,CAAC,GAAA,IAAO,GAAA,CAAI,MAAA,IAAU,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAI,KAAA,CAAM,IAAA,GAAO,eAAe,CAAA;AAAA,MACxC;AAAA,IACF;AAEA,IAAA,MAAA,CAAO,OAAA,GAAU;AAAA,MACf,WAAA,EAAa,SAAU,OAAA,EAAS,OAAA,EAAS;AACvC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,OAAO,CAAA;AAAA,MAC5C,CAAA;AAAA,MAEA,WAAA,EAAa,SAAU,OAAA,EAAS,OAAA,EAAS,QAAA,EAAU;AACjD,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,UAAU,UAAU,CAAA;AAElC,QAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,OAAA,EAAS,QAAQ,CAAA;AAAA,MACtD,CAAA;AAAA,MAEA,cAAA,EAAgB,SAAU,OAAA,EAAS,OAAA,EAAS;AAC1C,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,cAAA,CAAe,OAAA,EAAS,OAAO,CAAA;AAAA,MAC/C,CAAA;AAAA,MAEA,YAAA,EAAc,SAAU,OAAA,EAAS;AAC/B,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,aAAa,OAAO,CAAA;AAAA,MACpC,CAAA;AAAA,MAEA,eAAA,EAAiB,SAAU,OAAA,EAAS;AAClC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,gBAAgB,OAAO,CAAA;AAAA,MACvC;AAAA,KACF;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACjCA,IAAM,KAAA,uBAAY,GAAA,EAAwB;AAC1C,IAAI,kBAAA,GAA6D,IAAA;AAUjE,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,0GAA0G,CAAA;AAAA,EAC9H;AACJ;AAEA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACvE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,kBAAkB,MAAA,EAA0C;AAEvE,EAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,OAAO,MAAA,CAAO,MAAA;AAGjC,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,OAAO,QAAQ,GAAA,CAAI,kBAAA;AAGvD,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAA,CAAU,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,MAAA,OAAA,CAAA,eAAA,EAAA,CAAA,CAAA,EAAkB,OAAA;AACxC,IAAA,MAAM,OAAA,GAAU,YAAA;AAChB,IAAA,MAAM,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,SAAQ,GAAI,MAAA;AAC/C,IAAA,IAAI,MAAA,IAAU,GAAA,IAAO,OAAA,IAAW,GAAA,IAAO,OAAA,EAAS;AAC5C,MAAA,MAAM,OAAA,GAAU,CAAA,QAAA,EAAW,MAAM,CAAA,CAAA,EAAI,GAAG,IAAI,OAAO,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AACrE,MAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,WAAA,CAAY,SAAS,OAAO,CAAA;AACrD,MAAA,IAAI,KAAK,OAAO,GAAA;AAAA,IACpB;AAAA,EACJ,SAAS,GAAA,EAAK;AAAA,EAEd;AAEA,EAAA,MAAM,IAAI,MAAM,+HAA+H,CAAA;AACnJ;AAEA,SAAS,cAAc,OAAA,EAA2C;AAC9D,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,OAAO;AAAA,IACH,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,kBAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,kBAAA;AAAA,IACvC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,cAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,kBAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,cAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AACJ;AAEA,eAAe,aAAA,CAAc,MAAA,EAAgB,UAAA,EAAoB,KAAA,EAAiC,SAAiB,KAAA,EAAoC;AACnJ,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IAC7D,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,UAAU,UAAU,CAAA;AAAA,KACzC;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAAA,IAC1B;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,mCAAA,EAAsC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACxF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAgB,KAAA,EAAe,OAAA,EAAkD;AACxG,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IACtD,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS,EAAE,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,EAAG;AAAA,IAC9C;AAAA,GACH,CAAA;AAED,EAAA,IAAI,IAAI,MAAA,KAAW,GAAA,EAAK,MAAM,IAAI,MAAM,KAAK,CAAA;AAC7C,EAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAEhG,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,SAAS,oBAAA,CAAqB,MAAA,EAAgB,UAAA,EAAoB,MAAA,EAAiC;AAC/F,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,SAAA,CAAU,CAAA,EAAG,EAAE,CAAA;AAC5C,EAAA,OAAO,CAAC,MAAA,EAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,OAAA,EAAS,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,OAAO,CAAA,CAAE,KAAK,GAAG,CAAA;AAC/F;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,cAAc,OAAO,CAAA;AACpC,EAAA,MAAM,EAAE,MAAA,EAAQ,GAAG,KAAA,EAAM,GAAI,MAAA;AAE7B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACT,IAAA,MAAM,IAAI,MAAM,kEAAkE,CAAA;AAAA,EACtF;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,MAAM,CAAA;AACjD,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,gBAAgB,EAAA,GAAK,GAAA;AAE3B,EAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,MAAA,EAAQ,UAAA,EAAY,MAAM,CAAA;AACnE,EAAA,IAAI,CAAC,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA,EAAG;AACzB,IAAA,KAAA,CAAM,GAAA,CAAI,aAAa,EAAE,KAAA,EAAO,MAAM,cAAA,EAAgB,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,CAAA;AAAA,EAC9E;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA;AAEnC,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,aAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,KAAA,CAAM,iBAAkB,GAAA,GAAM,aAAA;AAEhF,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,UAAA,EAAY,KAAA,EAAO,SAAS,KAAK,CAAA;AAAA,EACzE;AAEA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAEA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AACvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AACf,MAAA,MAAM,WAAW,MAAM,aAAA,CAAc,QAAQ,UAAA,EAAY,KAAA,EAAO,SAAS,KAAK,CAAA;AAC9E,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAEO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA,CAAQ,MAAM;AACxD,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAED,EAAA,OAAO,kBAAA;AACX;;;ACpLA,eAAsB,cAAc,OAAA,EAA0B;AAC1D,EAAA,OAAO,QAAQ,OAAO,CAAA;AAC1B","file":"next.js","sourcesContent":["\n import path from \"D:\\\\projects\\\\envguards-sdk\\\\node_modules\\\\keytar\\\\build\\\\Release\\\\keytar.node\"\n try { module.exports = require(path) }\n catch {}\n ","var keytar = require('../build/Release/keytar.node')\n\nfunction checkRequired(val, name) {\n if (!val || val.length <= 0) {\n throw new Error(name + ' is required.');\n }\n}\n\nmodule.exports = {\n getPassword: function (service, account) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n\n return keytar.getPassword(service, account)\n },\n\n setPassword: function (service, account, password) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n checkRequired(password, 'Password')\n\n return keytar.setPassword(service, account, password)\n },\n\n deletePassword: function (service, account) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n\n return keytar.deletePassword(service, account)\n },\n\n findPassword: function (service) {\n checkRequired(service, 'Service')\n\n return keytar.findPassword(service)\n },\n\n findCredentials: function (service) {\n checkRequired(service, 'Service')\n\n return keytar.findCredentials(service)\n }\n}\n","import type { EnvGuardsConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst cache = new Map<string, CacheState>();\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n cache.clear();\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[Env.Guards] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[Env.Guards] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function resolveRuntimeKey(config: EnvGuardsConfig): Promise<string> {\r\n // 1. Explicitly passed apiKey\r\n if (config.apiKey) return config.apiKey;\r\n\r\n // 2. Environment variable\r\n if (process.env.ENV_GUARDS_API_KEY) return process.env.ENV_GUARDS_API_KEY;\r\n\r\n // 3. Keytar (for local development, optional)\r\n try {\r\n const keytar = (await import('keytar')).default;\r\n const SERVICE = 'env-guards';\r\n const { apiUrl, org, project, env, service } = config;\r\n if (apiUrl && org && project && env && service) {\r\n const account = `runtime:${apiUrl}:${org}:${project}:${env}:${service}`;\r\n const key = await keytar.getPassword(SERVICE, account);\r\n if (key) return key;\r\n }\r\n } catch (err) {\r\n // Keytar is optional, so we ignore errors (e.g., native module not built).\r\n }\r\n\r\n throw new Error('[Env.Guards] Runtime key not found. Please set ENV_GUARDS_API_KEY, use `env-guards run`, or run `env-guards add-runtime-key`.');\r\n}\r\n\r\nfunction getFullConfig(options?: LoadEnvOptions): EnvGuardsConfig {\r\n const env = process.env;\r\n return {\r\n apiUrl: options?.config?.apiUrl ?? env.ENV_GUARDS_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENV_GUARDS_API_KEY,\r\n org: options?.config?.org ?? env.ENV_GUARDS_ORG,\r\n project: options?.config?.project ?? env.ENV_GUARDS_PROJECT,\r\n env: options?.config?.env ?? env.ENV_GUARDS_ENV,\r\n service: options?.config?.service ?? env.ENV_GUARDS_SERVICE,\r\n };\r\n}\r\n\r\nasync function exchangeToken(apiUrl: string, runtimeKey: string, scope: Partial<EnvGuardsConfig>, timeout: number, state: CacheState): Promise<string> {\r\n const res = await fetchWithTimeout(`${apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${runtimeKey}`,\r\n },\r\n body: JSON.stringify(scope),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[Env.Guards] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(apiUrl: string, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: { 'Authorization': `Bearer ${token}` },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) throw new Error('401'); // Signal to retry\r\n if (!res.ok) throw new Error(`[Env.Guards] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nfunction getConfigFingerprint(apiUrl: string, runtimeKey: string, config: EnvGuardsConfig): string {\r\n const keyPrefix = runtimeKey.substring(0, 12); // env-guards_sk_...\r\n return [apiUrl, keyPrefix, config.org, config.project, config.env, config.service].join('|');\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getFullConfig(options);\r\n const { apiUrl, ...scope } = config;\r\n\r\n if (!apiUrl) {\r\n throw new Error('[Env.Guards] Missing required configuration: apiUrl is required.');\r\n }\r\n\r\n const runtimeKey = await resolveRuntimeKey(config);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n const TOKEN_SKEW_MS = 30 * 1000;\r\n\r\n const fingerprint = getConfigFingerprint(apiUrl, runtimeKey, config);\r\n if (!cache.has(fingerprint)) {\r\n cache.set(fingerprint, { token: null, tokenExpiresAt: null, bundle: null });\r\n }\r\n const state = cache.get(fingerprint)!;\r\n\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > (now + TOKEN_SKEW_MS);\r\n\r\n if (!tokenValid) {\r\n token = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);\r\n }\r\n\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n try {\r\n const values = await fetchBundle(apiUrl, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n state.token = null;\r\n state.bundle = null;\r\n const newToken = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);\r\n const values = await fetchBundle(apiUrl, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options).finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n","import 'server-only';\r\nimport { loadEnv, type LoadEnvOptions } from './index.js';\r\n\r\nexport async function loadServerEnv(options?: LoadEnvOptions) {\r\n return loadEnv(options);\r\n}\r\n\r\nexport * from './types.js';\r\n"]}
|
package/dist/next.mjs
ADDED
|
@@ -0,0 +1,239 @@
|
|
|
1
|
+
import 'server-only';
|
|
2
|
+
|
|
3
|
+
var __create = Object.create;
|
|
4
|
+
var __defProp = Object.defineProperty;
|
|
5
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
6
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
7
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
8
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
9
|
+
var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
|
|
10
|
+
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
|
|
11
|
+
}) : x)(function(x) {
|
|
12
|
+
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
13
|
+
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
14
|
+
});
|
|
15
|
+
var __esm = (fn, res) => function __init() {
|
|
16
|
+
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
17
|
+
};
|
|
18
|
+
var __commonJS = (cb, mod) => function __require2() {
|
|
19
|
+
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
|
|
20
|
+
};
|
|
21
|
+
var __copyProps = (to, from, except, desc) => {
|
|
22
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
23
|
+
for (let key of __getOwnPropNames(from))
|
|
24
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
25
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
26
|
+
}
|
|
27
|
+
return to;
|
|
28
|
+
};
|
|
29
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
30
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
31
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
32
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
33
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
34
|
+
!mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
35
|
+
mod
|
|
36
|
+
));
|
|
37
|
+
|
|
38
|
+
// node_modules/keytar/build/Release/keytar.node
|
|
39
|
+
var keytar_default;
|
|
40
|
+
var init_keytar = __esm({
|
|
41
|
+
"node_modules/keytar/build/Release/keytar.node"() {
|
|
42
|
+
keytar_default = "./keytar-F4YAPN53.node";
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
// node-file:D:\projects\envguards-sdk\node_modules\keytar\build\Release\keytar.node
|
|
47
|
+
var require_keytar = __commonJS({
|
|
48
|
+
"node-file:D:\\projects\\envguards-sdk\\node_modules\\keytar\\build\\Release\\keytar.node"(exports$1, module) {
|
|
49
|
+
init_keytar();
|
|
50
|
+
try {
|
|
51
|
+
module.exports = __require(keytar_default);
|
|
52
|
+
} catch {
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
// node_modules/keytar/lib/keytar.js
|
|
58
|
+
var require_keytar2 = __commonJS({
|
|
59
|
+
"node_modules/keytar/lib/keytar.js"(exports$1, module) {
|
|
60
|
+
var keytar = require_keytar();
|
|
61
|
+
function checkRequired(val, name) {
|
|
62
|
+
if (!val || val.length <= 0) {
|
|
63
|
+
throw new Error(name + " is required.");
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
module.exports = {
|
|
67
|
+
getPassword: function(service, account) {
|
|
68
|
+
checkRequired(service, "Service");
|
|
69
|
+
checkRequired(account, "Account");
|
|
70
|
+
return keytar.getPassword(service, account);
|
|
71
|
+
},
|
|
72
|
+
setPassword: function(service, account, password) {
|
|
73
|
+
checkRequired(service, "Service");
|
|
74
|
+
checkRequired(account, "Account");
|
|
75
|
+
checkRequired(password, "Password");
|
|
76
|
+
return keytar.setPassword(service, account, password);
|
|
77
|
+
},
|
|
78
|
+
deletePassword: function(service, account) {
|
|
79
|
+
checkRequired(service, "Service");
|
|
80
|
+
checkRequired(account, "Account");
|
|
81
|
+
return keytar.deletePassword(service, account);
|
|
82
|
+
},
|
|
83
|
+
findPassword: function(service) {
|
|
84
|
+
checkRequired(service, "Service");
|
|
85
|
+
return keytar.findPassword(service);
|
|
86
|
+
},
|
|
87
|
+
findCredentials: function(service) {
|
|
88
|
+
checkRequired(service, "Service");
|
|
89
|
+
return keytar.findCredentials(service);
|
|
90
|
+
}
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
});
|
|
94
|
+
|
|
95
|
+
// src/index.ts
|
|
96
|
+
var cache = /* @__PURE__ */ new Map();
|
|
97
|
+
var pendingLoadPromise = null;
|
|
98
|
+
function checkBrowser() {
|
|
99
|
+
if (typeof window !== "undefined") {
|
|
100
|
+
throw new Error("[Env.Guards] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.");
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
async function fetchWithTimeout(url, init) {
|
|
104
|
+
const { timeout = 5e3, ...rest } = init;
|
|
105
|
+
const controller = new AbortController();
|
|
106
|
+
const id = setTimeout(() => controller.abort(), timeout);
|
|
107
|
+
try {
|
|
108
|
+
const res = await fetch(url, { ...rest, signal: controller.signal });
|
|
109
|
+
return res;
|
|
110
|
+
} catch (err) {
|
|
111
|
+
if (err.name === "AbortError") {
|
|
112
|
+
throw new Error(`[Env.Guards] Request timed out after ${timeout}ms`);
|
|
113
|
+
}
|
|
114
|
+
throw err;
|
|
115
|
+
} finally {
|
|
116
|
+
clearTimeout(id);
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
async function resolveRuntimeKey(config) {
|
|
120
|
+
if (config.apiKey) return config.apiKey;
|
|
121
|
+
if (process.env.ENV_GUARDS_API_KEY) return process.env.ENV_GUARDS_API_KEY;
|
|
122
|
+
try {
|
|
123
|
+
const keytar = (await Promise.resolve().then(() => __toESM(require_keytar2()))).default;
|
|
124
|
+
const SERVICE = "env-guards";
|
|
125
|
+
const { apiUrl, org, project, env, service } = config;
|
|
126
|
+
if (apiUrl && org && project && env && service) {
|
|
127
|
+
const account = `runtime:${apiUrl}:${org}:${project}:${env}:${service}`;
|
|
128
|
+
const key = await keytar.getPassword(SERVICE, account);
|
|
129
|
+
if (key) return key;
|
|
130
|
+
}
|
|
131
|
+
} catch (err) {
|
|
132
|
+
}
|
|
133
|
+
throw new Error("[Env.Guards] Runtime key not found. Please set ENV_GUARDS_API_KEY, use `env-guards run`, or run `env-guards add-runtime-key`.");
|
|
134
|
+
}
|
|
135
|
+
function getFullConfig(options) {
|
|
136
|
+
const env = process.env;
|
|
137
|
+
return {
|
|
138
|
+
apiUrl: options?.config?.apiUrl ?? env.ENV_GUARDS_API_URL,
|
|
139
|
+
apiKey: options?.config?.apiKey ?? env.ENV_GUARDS_API_KEY,
|
|
140
|
+
org: options?.config?.org ?? env.ENV_GUARDS_ORG,
|
|
141
|
+
project: options?.config?.project ?? env.ENV_GUARDS_PROJECT,
|
|
142
|
+
env: options?.config?.env ?? env.ENV_GUARDS_ENV,
|
|
143
|
+
service: options?.config?.service ?? env.ENV_GUARDS_SERVICE
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
async function exchangeToken(apiUrl, runtimeKey, scope, timeout, state) {
|
|
147
|
+
const res = await fetchWithTimeout(`${apiUrl}/v1/auth/exchange`, {
|
|
148
|
+
method: "POST",
|
|
149
|
+
headers: {
|
|
150
|
+
"Content-Type": "application/json",
|
|
151
|
+
"Authorization": `Bearer ${runtimeKey}`
|
|
152
|
+
},
|
|
153
|
+
body: JSON.stringify(scope),
|
|
154
|
+
timeout
|
|
155
|
+
});
|
|
156
|
+
if (!res.ok) {
|
|
157
|
+
throw new Error(`[Env.Guards] Auth exchange failed: ${res.status} ${res.statusText}`);
|
|
158
|
+
}
|
|
159
|
+
const data = await res.json();
|
|
160
|
+
state.token = data.token;
|
|
161
|
+
state.tokenExpiresAt = new Date(data.expiresAt).getTime();
|
|
162
|
+
return data.token;
|
|
163
|
+
}
|
|
164
|
+
async function fetchBundle(apiUrl, token, timeout) {
|
|
165
|
+
const res = await fetchWithTimeout(`${apiUrl}/v1/bundle`, {
|
|
166
|
+
method: "GET",
|
|
167
|
+
headers: { "Authorization": `Bearer ${token}` },
|
|
168
|
+
timeout
|
|
169
|
+
});
|
|
170
|
+
if (res.status === 401) throw new Error("401");
|
|
171
|
+
if (!res.ok) throw new Error(`[Env.Guards] Fetch bundle failed: ${res.status} ${res.statusText}`);
|
|
172
|
+
const data = await res.json();
|
|
173
|
+
return data.values;
|
|
174
|
+
}
|
|
175
|
+
function getConfigFingerprint(apiUrl, runtimeKey, config) {
|
|
176
|
+
const keyPrefix = runtimeKey.substring(0, 12);
|
|
177
|
+
return [apiUrl, keyPrefix, config.org, config.project, config.env, config.service].join("|");
|
|
178
|
+
}
|
|
179
|
+
async function loadEnvInternal(options) {
|
|
180
|
+
checkBrowser();
|
|
181
|
+
const config = getFullConfig(options);
|
|
182
|
+
const { apiUrl, ...scope } = config;
|
|
183
|
+
if (!apiUrl) {
|
|
184
|
+
throw new Error("[Env.Guards] Missing required configuration: apiUrl is required.");
|
|
185
|
+
}
|
|
186
|
+
const runtimeKey = await resolveRuntimeKey(config);
|
|
187
|
+
const timeout = options?.timeout ?? 5e3;
|
|
188
|
+
const now = Date.now();
|
|
189
|
+
const TOKEN_SKEW_MS = 30 * 1e3;
|
|
190
|
+
const fingerprint = getConfigFingerprint(apiUrl, runtimeKey, config);
|
|
191
|
+
if (!cache.has(fingerprint)) {
|
|
192
|
+
cache.set(fingerprint, { token: null, tokenExpiresAt: null, bundle: null });
|
|
193
|
+
}
|
|
194
|
+
const state = cache.get(fingerprint);
|
|
195
|
+
let token = state.token;
|
|
196
|
+
let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now + TOKEN_SKEW_MS;
|
|
197
|
+
if (!tokenValid) {
|
|
198
|
+
token = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);
|
|
199
|
+
}
|
|
200
|
+
if (state.bundle && tokenValid) {
|
|
201
|
+
Object.assign(process.env, state.bundle);
|
|
202
|
+
return state.bundle;
|
|
203
|
+
}
|
|
204
|
+
try {
|
|
205
|
+
const values = await fetchBundle(apiUrl, token, timeout);
|
|
206
|
+
state.bundle = values;
|
|
207
|
+
Object.assign(process.env, values);
|
|
208
|
+
return values;
|
|
209
|
+
} catch (err) {
|
|
210
|
+
if (err.message === "401") {
|
|
211
|
+
state.token = null;
|
|
212
|
+
state.bundle = null;
|
|
213
|
+
const newToken = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);
|
|
214
|
+
const values = await fetchBundle(apiUrl, newToken, timeout);
|
|
215
|
+
state.bundle = values;
|
|
216
|
+
Object.assign(process.env, values);
|
|
217
|
+
return values;
|
|
218
|
+
}
|
|
219
|
+
throw err;
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
function loadEnv(options) {
|
|
223
|
+
if (pendingLoadPromise) {
|
|
224
|
+
return pendingLoadPromise;
|
|
225
|
+
}
|
|
226
|
+
pendingLoadPromise = loadEnvInternal(options).finally(() => {
|
|
227
|
+
pendingLoadPromise = null;
|
|
228
|
+
});
|
|
229
|
+
return pendingLoadPromise;
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
// src/next.ts
|
|
233
|
+
async function loadServerEnv(options) {
|
|
234
|
+
return loadEnv(options);
|
|
235
|
+
}
|
|
236
|
+
|
|
237
|
+
export { loadServerEnv };
|
|
238
|
+
//# sourceMappingURL=next.mjs.map
|
|
239
|
+
//# sourceMappingURL=next.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["node-file:D:/projects/envguards-sdk/node_modules/keytar/build/Release/keytar.node","../node_modules/keytar/lib/keytar.js","../src/index.ts","../src/next.ts"],"names":["exports","require_keytar"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAA,cAAA,GAAA,UAAA,CAAA;AAAA,EAAA,0FAAA,CAAAA,SAAA,EAAA,MAAA,EAAA;AACY,IAAA,WAAA,EAAA;AACA,IAAA,IAAI;AAAE,MAAA,MAAA,CAAO,OAAA,GAAU,UAAQ,cAAI,CAAA;AAAA,IAAE,CAAA,CAAA,MAC/B;AAAA,IAAC;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACHnB,IAAAC,eAAAA,GAAA,UAAA,CAAA;AAAA,EAAA,mCAAA,CAAAD,SAAA,EAAA,MAAA,EAAA;AAAA,IAAA,IAAI,MAAA,GAAS,cAAA,EAAA;AAEb,IAAA,SAAS,aAAA,CAAc,KAAK,IAAA,EAAM;AAChC,MAAA,IAAI,CAAC,GAAA,IAAO,GAAA,CAAI,MAAA,IAAU,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAI,KAAA,CAAM,IAAA,GAAO,eAAe,CAAA;AAAA,MACxC;AAAA,IACF;AAEA,IAAA,MAAA,CAAO,OAAA,GAAU;AAAA,MACf,WAAA,EAAa,SAAU,OAAA,EAAS,OAAA,EAAS;AACvC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,OAAO,CAAA;AAAA,MAC5C,CAAA;AAAA,MAEA,WAAA,EAAa,SAAU,OAAA,EAAS,OAAA,EAAS,QAAA,EAAU;AACjD,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,UAAU,UAAU,CAAA;AAElC,QAAA,OAAO,MAAA,CAAO,WAAA,CAAY,OAAA,EAAS,OAAA,EAAS,QAAQ,CAAA;AAAA,MACtD,CAAA;AAAA,MAEA,cAAA,EAAgB,SAAU,OAAA,EAAS,OAAA,EAAS;AAC1C,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAChC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,cAAA,CAAe,OAAA,EAAS,OAAO,CAAA;AAAA,MAC/C,CAAA;AAAA,MAEA,YAAA,EAAc,SAAU,OAAA,EAAS;AAC/B,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,aAAa,OAAO,CAAA;AAAA,MACpC,CAAA;AAAA,MAEA,eAAA,EAAiB,SAAU,OAAA,EAAS;AAClC,QAAA,aAAA,CAAc,SAAS,SAAS,CAAA;AAEhC,QAAA,OAAO,MAAA,CAAO,gBAAgB,OAAO,CAAA;AAAA,MACvC;AAAA,KACF;AAAA,EAAA;AAAA,CAAA,CAAA;;;ACjCA,IAAM,KAAA,uBAAY,GAAA,EAAwB;AAC1C,IAAI,kBAAA,GAA6D,IAAA;AAUjE,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,0GAA0G,CAAA;AAAA,EAC9H;AACJ;AAEA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACvE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,kBAAkB,MAAA,EAA0C;AAEvE,EAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,OAAO,MAAA,CAAO,MAAA;AAGjC,EAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,kBAAA,EAAoB,OAAO,QAAQ,GAAA,CAAI,kBAAA;AAGvD,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAA,CAAU,MAAM,OAAA,CAAA,OAAA,EAAA,CAAA,IAAA,CAAA,MAAA,OAAA,CAAA,eAAA,EAAA,CAAA,CAAA,EAAkB,OAAA;AACxC,IAAA,MAAM,OAAA,GAAU,YAAA;AAChB,IAAA,MAAM,EAAE,MAAA,EAAQ,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,SAAQ,GAAI,MAAA;AAC/C,IAAA,IAAI,MAAA,IAAU,GAAA,IAAO,OAAA,IAAW,GAAA,IAAO,OAAA,EAAS;AAC5C,MAAA,MAAM,OAAA,GAAU,CAAA,QAAA,EAAW,MAAM,CAAA,CAAA,EAAI,GAAG,IAAI,OAAO,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AACrE,MAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,WAAA,CAAY,SAAS,OAAO,CAAA;AACrD,MAAA,IAAI,KAAK,OAAO,GAAA;AAAA,IACpB;AAAA,EACJ,SAAS,GAAA,EAAK;AAAA,EAEd;AAEA,EAAA,MAAM,IAAI,MAAM,+HAA+H,CAAA;AACnJ;AAEA,SAAS,cAAc,OAAA,EAA2C;AAC9D,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,OAAO;AAAA,IACH,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,kBAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,kBAAA;AAAA,IACvC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,cAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,kBAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,cAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AACJ;AAEA,eAAe,aAAA,CAAc,MAAA,EAAgB,UAAA,EAAoB,KAAA,EAAiC,SAAiB,KAAA,EAAoC;AACnJ,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IAC7D,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,UAAU,UAAU,CAAA;AAAA,KACzC;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAAA,IAC1B;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,mCAAA,EAAsC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACxF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAgB,KAAA,EAAe,OAAA,EAAkD;AACxG,EAAA,MAAM,GAAA,GAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IACtD,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS,EAAE,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,EAAG;AAAA,IAC9C;AAAA,GACH,CAAA;AAED,EAAA,IAAI,IAAI,MAAA,KAAW,GAAA,EAAK,MAAM,IAAI,MAAM,KAAK,CAAA;AAC7C,EAAA,IAAI,CAAC,GAAA,CAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAEhG,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,SAAS,oBAAA,CAAqB,MAAA,EAAgB,UAAA,EAAoB,MAAA,EAAiC;AAC/F,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,SAAA,CAAU,CAAA,EAAG,EAAE,CAAA;AAC5C,EAAA,OAAO,CAAC,MAAA,EAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,OAAA,EAAS,MAAA,CAAO,GAAA,EAAK,MAAA,CAAO,OAAO,CAAA,CAAE,KAAK,GAAG,CAAA;AAC/F;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,cAAc,OAAO,CAAA;AACpC,EAAA,MAAM,EAAE,MAAA,EAAQ,GAAG,KAAA,EAAM,GAAI,MAAA;AAE7B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACT,IAAA,MAAM,IAAI,MAAM,kEAAkE,CAAA;AAAA,EACtF;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,MAAM,CAAA;AACjD,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,gBAAgB,EAAA,GAAK,GAAA;AAE3B,EAAA,MAAM,WAAA,GAAc,oBAAA,CAAqB,MAAA,EAAQ,UAAA,EAAY,MAAM,CAAA;AACnE,EAAA,IAAI,CAAC,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA,EAAG;AACzB,IAAA,KAAA,CAAM,GAAA,CAAI,aAAa,EAAE,KAAA,EAAO,MAAM,cAAA,EAAgB,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,CAAA;AAAA,EAC9E;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,GAAA,CAAI,WAAW,CAAA;AAEnC,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,aAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,KAAA,CAAM,iBAAkB,GAAA,GAAM,aAAA;AAEhF,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,UAAA,EAAY,KAAA,EAAO,SAAS,KAAK,CAAA;AAAA,EACzE;AAEA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAEA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AACvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AACf,MAAA,MAAM,WAAW,MAAM,aAAA,CAAc,QAAQ,UAAA,EAAY,KAAA,EAAO,SAAS,KAAK,CAAA;AAC9E,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAEO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CAAE,OAAA,CAAQ,MAAM;AACxD,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAED,EAAA,OAAO,kBAAA;AACX;;;ACpLA,eAAsB,cAAc,OAAA,EAA0B;AAC1D,EAAA,OAAO,QAAQ,OAAO,CAAA;AAC1B","file":"next.mjs","sourcesContent":["\n import path from \"D:\\\\projects\\\\envguards-sdk\\\\node_modules\\\\keytar\\\\build\\\\Release\\\\keytar.node\"\n try { module.exports = require(path) }\n catch {}\n ","var keytar = require('../build/Release/keytar.node')\n\nfunction checkRequired(val, name) {\n if (!val || val.length <= 0) {\n throw new Error(name + ' is required.');\n }\n}\n\nmodule.exports = {\n getPassword: function (service, account) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n\n return keytar.getPassword(service, account)\n },\n\n setPassword: function (service, account, password) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n checkRequired(password, 'Password')\n\n return keytar.setPassword(service, account, password)\n },\n\n deletePassword: function (service, account) {\n checkRequired(service, 'Service')\n checkRequired(account, 'Account')\n\n return keytar.deletePassword(service, account)\n },\n\n findPassword: function (service) {\n checkRequired(service, 'Service')\n\n return keytar.findPassword(service)\n },\n\n findCredentials: function (service) {\n checkRequired(service, 'Service')\n\n return keytar.findCredentials(service)\n }\n}\n","import type { EnvGuardsConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst cache = new Map<string, CacheState>();\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n cache.clear();\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[Env.Guards] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[Env.Guards] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function resolveRuntimeKey(config: EnvGuardsConfig): Promise<string> {\r\n // 1. Explicitly passed apiKey\r\n if (config.apiKey) return config.apiKey;\r\n\r\n // 2. Environment variable\r\n if (process.env.ENV_GUARDS_API_KEY) return process.env.ENV_GUARDS_API_KEY;\r\n\r\n // 3. Keytar (for local development, optional)\r\n try {\r\n const keytar = (await import('keytar')).default;\r\n const SERVICE = 'env-guards';\r\n const { apiUrl, org, project, env, service } = config;\r\n if (apiUrl && org && project && env && service) {\r\n const account = `runtime:${apiUrl}:${org}:${project}:${env}:${service}`;\r\n const key = await keytar.getPassword(SERVICE, account);\r\n if (key) return key;\r\n }\r\n } catch (err) {\r\n // Keytar is optional, so we ignore errors (e.g., native module not built).\r\n }\r\n\r\n throw new Error('[Env.Guards] Runtime key not found. Please set ENV_GUARDS_API_KEY, use `env-guards run`, or run `env-guards add-runtime-key`.');\r\n}\r\n\r\nfunction getFullConfig(options?: LoadEnvOptions): EnvGuardsConfig {\r\n const env = process.env;\r\n return {\r\n apiUrl: options?.config?.apiUrl ?? env.ENV_GUARDS_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENV_GUARDS_API_KEY,\r\n org: options?.config?.org ?? env.ENV_GUARDS_ORG,\r\n project: options?.config?.project ?? env.ENV_GUARDS_PROJECT,\r\n env: options?.config?.env ?? env.ENV_GUARDS_ENV,\r\n service: options?.config?.service ?? env.ENV_GUARDS_SERVICE,\r\n };\r\n}\r\n\r\nasync function exchangeToken(apiUrl: string, runtimeKey: string, scope: Partial<EnvGuardsConfig>, timeout: number, state: CacheState): Promise<string> {\r\n const res = await fetchWithTimeout(`${apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${runtimeKey}`,\r\n },\r\n body: JSON.stringify(scope),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[Env.Guards] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(apiUrl: string, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: { 'Authorization': `Bearer ${token}` },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) throw new Error('401'); // Signal to retry\r\n if (!res.ok) throw new Error(`[Env.Guards] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nfunction getConfigFingerprint(apiUrl: string, runtimeKey: string, config: EnvGuardsConfig): string {\r\n const keyPrefix = runtimeKey.substring(0, 12); // env-guards_sk_...\r\n return [apiUrl, keyPrefix, config.org, config.project, config.env, config.service].join('|');\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getFullConfig(options);\r\n const { apiUrl, ...scope } = config;\r\n\r\n if (!apiUrl) {\r\n throw new Error('[Env.Guards] Missing required configuration: apiUrl is required.');\r\n }\r\n\r\n const runtimeKey = await resolveRuntimeKey(config);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n const TOKEN_SKEW_MS = 30 * 1000;\r\n\r\n const fingerprint = getConfigFingerprint(apiUrl, runtimeKey, config);\r\n if (!cache.has(fingerprint)) {\r\n cache.set(fingerprint, { token: null, tokenExpiresAt: null, bundle: null });\r\n }\r\n const state = cache.get(fingerprint)!;\r\n\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > (now + TOKEN_SKEW_MS);\r\n\r\n if (!tokenValid) {\r\n token = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);\r\n }\r\n\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n try {\r\n const values = await fetchBundle(apiUrl, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n state.token = null;\r\n state.bundle = null;\r\n const newToken = await exchangeToken(apiUrl, runtimeKey, scope, timeout, state);\r\n const values = await fetchBundle(apiUrl, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options).finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n","import 'server-only';\r\nimport { loadEnv, type LoadEnvOptions } from './index.js';\r\n\r\nexport async function loadServerEnv(options?: LoadEnvOptions) {\r\n return loadEnv(options);\r\n}\r\n\r\nexport * from './types.js';\r\n"]}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
interface EnvGuardsConfig {
|
|
2
|
+
apiUrl?: string;
|
|
3
|
+
apiKey?: string;
|
|
4
|
+
org?: string;
|
|
5
|
+
project?: string;
|
|
6
|
+
env?: string;
|
|
7
|
+
service?: string;
|
|
8
|
+
}
|
|
9
|
+
interface LoadEnvOptions {
|
|
10
|
+
/** Override default configuration */
|
|
11
|
+
config?: Partial<EnvGuardsConfig>;
|
|
12
|
+
/** Timeout in milliseconds (default: 5000) */
|
|
13
|
+
timeout?: number;
|
|
14
|
+
}
|
|
15
|
+
interface AuthExchangeResponse {
|
|
16
|
+
token: string;
|
|
17
|
+
expiresAt: string;
|
|
18
|
+
}
|
|
19
|
+
interface BundleResponse {
|
|
20
|
+
values: Record<string, string>;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
export type { AuthExchangeResponse as A, BundleResponse as B, EnvGuardsConfig as E, LoadEnvOptions as L };
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
interface EnvGuardsConfig {
|
|
2
|
+
apiUrl?: string;
|
|
3
|
+
apiKey?: string;
|
|
4
|
+
org?: string;
|
|
5
|
+
project?: string;
|
|
6
|
+
env?: string;
|
|
7
|
+
service?: string;
|
|
8
|
+
}
|
|
9
|
+
interface LoadEnvOptions {
|
|
10
|
+
/** Override default configuration */
|
|
11
|
+
config?: Partial<EnvGuardsConfig>;
|
|
12
|
+
/** Timeout in milliseconds (default: 5000) */
|
|
13
|
+
timeout?: number;
|
|
14
|
+
}
|
|
15
|
+
interface AuthExchangeResponse {
|
|
16
|
+
token: string;
|
|
17
|
+
expiresAt: string;
|
|
18
|
+
}
|
|
19
|
+
interface BundleResponse {
|
|
20
|
+
values: Record<string, string>;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
export type { AuthExchangeResponse as A, BundleResponse as B, EnvGuardsConfig as E, LoadEnvOptions as L };
|