@sebspark/gcp-iam 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/index.js +40 -11
- package/dist/index.mjs +40 -11
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -8,10 +8,9 @@ import { Logger } from 'winston';
|
|
|
8
8
|
* @param logger An optional logger to use for logging.
|
|
9
9
|
* @returns A JWT.
|
|
10
10
|
*/
|
|
11
|
-
declare const getApiGatewayTokenByUrl: ({ apiURL, key,
|
|
11
|
+
declare const getApiGatewayTokenByUrl: ({ apiURL, key, logger, }: {
|
|
12
12
|
apiURL: string;
|
|
13
13
|
key?: string;
|
|
14
|
-
ttl?: number;
|
|
15
14
|
logger?: Logger;
|
|
16
15
|
}) => Promise<string>;
|
|
17
16
|
/**
|
package/dist/index.d.ts
CHANGED
|
@@ -8,10 +8,9 @@ import { Logger } from 'winston';
|
|
|
8
8
|
* @param logger An optional logger to use for logging.
|
|
9
9
|
* @returns A JWT.
|
|
10
10
|
*/
|
|
11
|
-
declare const getApiGatewayTokenByUrl: ({ apiURL, key,
|
|
11
|
+
declare const getApiGatewayTokenByUrl: ({ apiURL, key, logger, }: {
|
|
12
12
|
apiURL: string;
|
|
13
13
|
key?: string;
|
|
14
|
-
ttl?: number;
|
|
15
14
|
logger?: Logger;
|
|
16
15
|
}) => Promise<string>;
|
|
17
16
|
/**
|
package/dist/index.js
CHANGED
|
@@ -72,16 +72,11 @@ var LruCache = class {
|
|
|
72
72
|
// src/apiGatewayToken.ts
|
|
73
73
|
var expInSeconds = 60 * 60;
|
|
74
74
|
var apiGatewayJwtCache = new LruCache();
|
|
75
|
-
var
|
|
75
|
+
var generateTokenByUrl = async ({
|
|
76
76
|
apiURL,
|
|
77
77
|
key,
|
|
78
|
-
ttl,
|
|
79
78
|
logger
|
|
80
79
|
}) => {
|
|
81
|
-
const cachedJwt = apiGatewayJwtCache.get(key || apiURL);
|
|
82
|
-
if (cachedJwt) {
|
|
83
|
-
return cachedJwt;
|
|
84
|
-
}
|
|
85
80
|
try {
|
|
86
81
|
const iamClient = new import_iam_credentials.IAMCredentialsClient();
|
|
87
82
|
const auth = new import_google_auth_library.GoogleAuth();
|
|
@@ -90,7 +85,7 @@ var getApiGatewayTokenByUrl = async ({
|
|
|
90
85
|
if (!serviceAccountEmail) {
|
|
91
86
|
throw new Error("No service account e-mail could be found.");
|
|
92
87
|
}
|
|
93
|
-
logger?.info(`
|
|
88
|
+
logger?.info(`Service account e-mail being used: ${serviceAccountEmail}`);
|
|
94
89
|
const header = {
|
|
95
90
|
alg: "RS256",
|
|
96
91
|
typ: "JWT"
|
|
@@ -118,10 +113,11 @@ var getApiGatewayTokenByUrl = async ({
|
|
|
118
113
|
"signBlob(...) returned an empty response. Cannot sign JWT."
|
|
119
114
|
);
|
|
120
115
|
}
|
|
121
|
-
|
|
116
|
+
logger?.debug(
|
|
117
|
+
`New JWT for ${key || apiURL} created. Signed with ${response.keyId}.`
|
|
118
|
+
);
|
|
122
119
|
const signature = Buffer.from(response.signedBlob).toString("base64");
|
|
123
120
|
const signedJWT = `${unsignedJWT}.${signature}`;
|
|
124
|
-
apiGatewayJwtCache.put(key || apiURL, signedJWT, ttl);
|
|
125
121
|
return signedJWT;
|
|
126
122
|
} catch (error) {
|
|
127
123
|
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
@@ -132,10 +128,35 @@ var getApiGatewayTokenByUrl = async ({
|
|
|
132
128
|
throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
|
|
133
129
|
}
|
|
134
130
|
};
|
|
131
|
+
var getApiGatewayTokenByUrl = async ({
|
|
132
|
+
apiURL,
|
|
133
|
+
key,
|
|
134
|
+
logger
|
|
135
|
+
}) => {
|
|
136
|
+
return checkCache({
|
|
137
|
+
cacheKey: key || apiURL,
|
|
138
|
+
generate: () => generateTokenByUrl({ apiURL, key, logger }),
|
|
139
|
+
logger
|
|
140
|
+
});
|
|
141
|
+
};
|
|
135
142
|
var clearCache = async (key) => {
|
|
136
143
|
apiGatewayJwtCache.clear(key);
|
|
137
144
|
};
|
|
138
|
-
var
|
|
145
|
+
var checkCache = ({
|
|
146
|
+
cacheKey,
|
|
147
|
+
generate,
|
|
148
|
+
logger
|
|
149
|
+
}) => {
|
|
150
|
+
const cachedJwt = apiGatewayJwtCache.get(cacheKey);
|
|
151
|
+
if (cachedJwt) {
|
|
152
|
+
logger?.debug(`JWT for ${cacheKey} found in cache.`);
|
|
153
|
+
return cachedJwt;
|
|
154
|
+
}
|
|
155
|
+
const jwtPromise = generate();
|
|
156
|
+
apiGatewayJwtCache.put(cacheKey, jwtPromise, expInSeconds / 2);
|
|
157
|
+
return jwtPromise;
|
|
158
|
+
};
|
|
159
|
+
var generateTokenByClientId = async (clientId, logger) => {
|
|
139
160
|
try {
|
|
140
161
|
const auth = new import_google_auth_library.GoogleAuth({
|
|
141
162
|
scopes: "https://www.googleapis.com/auth/cloud-platform"
|
|
@@ -144,13 +165,21 @@ var getApiGatewayTokenByClientId = async (clientId, logger) => {
|
|
|
144
165
|
return await client.idTokenProvider.fetchIdToken(clientId);
|
|
145
166
|
} catch (error) {
|
|
146
167
|
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
147
|
-
logger?.info("Soft fail enabled, returning empty JWT");
|
|
168
|
+
logger?.info("Soft fail enabled, returning empty JWT.");
|
|
148
169
|
return "";
|
|
149
170
|
}
|
|
150
171
|
logger?.error("Error generating system JWT", error);
|
|
172
|
+
logger?.error(JSON.stringify(error, null, 2));
|
|
151
173
|
throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
|
|
152
174
|
}
|
|
153
175
|
};
|
|
176
|
+
var getApiGatewayTokenByClientId = async (clientId, logger) => {
|
|
177
|
+
return checkCache({
|
|
178
|
+
cacheKey: clientId,
|
|
179
|
+
generate: () => generateTokenByClientId(clientId),
|
|
180
|
+
logger
|
|
181
|
+
});
|
|
182
|
+
};
|
|
154
183
|
// Annotate the CommonJS export names for ESM import in node:
|
|
155
184
|
0 && (module.exports = {
|
|
156
185
|
clearCache,
|
package/dist/index.mjs
CHANGED
|
@@ -44,16 +44,11 @@ var LruCache = class {
|
|
|
44
44
|
// src/apiGatewayToken.ts
|
|
45
45
|
var expInSeconds = 60 * 60;
|
|
46
46
|
var apiGatewayJwtCache = new LruCache();
|
|
47
|
-
var
|
|
47
|
+
var generateTokenByUrl = async ({
|
|
48
48
|
apiURL,
|
|
49
49
|
key,
|
|
50
|
-
ttl,
|
|
51
50
|
logger
|
|
52
51
|
}) => {
|
|
53
|
-
const cachedJwt = apiGatewayJwtCache.get(key || apiURL);
|
|
54
|
-
if (cachedJwt) {
|
|
55
|
-
return cachedJwt;
|
|
56
|
-
}
|
|
57
52
|
try {
|
|
58
53
|
const iamClient = new IAMCredentialsClient();
|
|
59
54
|
const auth = new GoogleAuth();
|
|
@@ -62,7 +57,7 @@ var getApiGatewayTokenByUrl = async ({
|
|
|
62
57
|
if (!serviceAccountEmail) {
|
|
63
58
|
throw new Error("No service account e-mail could be found.");
|
|
64
59
|
}
|
|
65
|
-
logger?.info(`
|
|
60
|
+
logger?.info(`Service account e-mail being used: ${serviceAccountEmail}`);
|
|
66
61
|
const header = {
|
|
67
62
|
alg: "RS256",
|
|
68
63
|
typ: "JWT"
|
|
@@ -90,10 +85,11 @@ var getApiGatewayTokenByUrl = async ({
|
|
|
90
85
|
"signBlob(...) returned an empty response. Cannot sign JWT."
|
|
91
86
|
);
|
|
92
87
|
}
|
|
93
|
-
|
|
88
|
+
logger?.debug(
|
|
89
|
+
`New JWT for ${key || apiURL} created. Signed with ${response.keyId}.`
|
|
90
|
+
);
|
|
94
91
|
const signature = Buffer.from(response.signedBlob).toString("base64");
|
|
95
92
|
const signedJWT = `${unsignedJWT}.${signature}`;
|
|
96
|
-
apiGatewayJwtCache.put(key || apiURL, signedJWT, ttl);
|
|
97
93
|
return signedJWT;
|
|
98
94
|
} catch (error) {
|
|
99
95
|
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
@@ -104,10 +100,35 @@ var getApiGatewayTokenByUrl = async ({
|
|
|
104
100
|
throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
|
|
105
101
|
}
|
|
106
102
|
};
|
|
103
|
+
var getApiGatewayTokenByUrl = async ({
|
|
104
|
+
apiURL,
|
|
105
|
+
key,
|
|
106
|
+
logger
|
|
107
|
+
}) => {
|
|
108
|
+
return checkCache({
|
|
109
|
+
cacheKey: key || apiURL,
|
|
110
|
+
generate: () => generateTokenByUrl({ apiURL, key, logger }),
|
|
111
|
+
logger
|
|
112
|
+
});
|
|
113
|
+
};
|
|
107
114
|
var clearCache = async (key) => {
|
|
108
115
|
apiGatewayJwtCache.clear(key);
|
|
109
116
|
};
|
|
110
|
-
var
|
|
117
|
+
var checkCache = ({
|
|
118
|
+
cacheKey,
|
|
119
|
+
generate,
|
|
120
|
+
logger
|
|
121
|
+
}) => {
|
|
122
|
+
const cachedJwt = apiGatewayJwtCache.get(cacheKey);
|
|
123
|
+
if (cachedJwt) {
|
|
124
|
+
logger?.debug(`JWT for ${cacheKey} found in cache.`);
|
|
125
|
+
return cachedJwt;
|
|
126
|
+
}
|
|
127
|
+
const jwtPromise = generate();
|
|
128
|
+
apiGatewayJwtCache.put(cacheKey, jwtPromise, expInSeconds / 2);
|
|
129
|
+
return jwtPromise;
|
|
130
|
+
};
|
|
131
|
+
var generateTokenByClientId = async (clientId, logger) => {
|
|
111
132
|
try {
|
|
112
133
|
const auth = new GoogleAuth({
|
|
113
134
|
scopes: "https://www.googleapis.com/auth/cloud-platform"
|
|
@@ -116,13 +137,21 @@ var getApiGatewayTokenByClientId = async (clientId, logger) => {
|
|
|
116
137
|
return await client.idTokenProvider.fetchIdToken(clientId);
|
|
117
138
|
} catch (error) {
|
|
118
139
|
if (process.env.GCP_IAM_SOFT_FAIL === "true") {
|
|
119
|
-
logger?.info("Soft fail enabled, returning empty JWT");
|
|
140
|
+
logger?.info("Soft fail enabled, returning empty JWT.");
|
|
120
141
|
return "";
|
|
121
142
|
}
|
|
122
143
|
logger?.error("Error generating system JWT", error);
|
|
144
|
+
logger?.error(JSON.stringify(error, null, 2));
|
|
123
145
|
throw new Error(`Error generating system JWT: ${JSON.stringify(error)}`);
|
|
124
146
|
}
|
|
125
147
|
};
|
|
148
|
+
var getApiGatewayTokenByClientId = async (clientId, logger) => {
|
|
149
|
+
return checkCache({
|
|
150
|
+
cacheKey: clientId,
|
|
151
|
+
generate: () => generateTokenByClientId(clientId),
|
|
152
|
+
logger
|
|
153
|
+
});
|
|
154
|
+
};
|
|
126
155
|
export {
|
|
127
156
|
clearCache,
|
|
128
157
|
getApiGatewayTokenByClientId,
|