@shopify/cli-kit 3.0.25 → 3.1.0

package/dist/session/validate.d.ts

@@ -0,0 +1,17 @@
+import { ApplicationToken, IdentityToken } from './schema.js';
+import { OAuthApplications } from '../session.js';
+declare type ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok';
+/**
+ * Validate if the current session is valid or we need to refresh/re-authenticate
+ * @param scopes {string[]} requested scopes to validate
+ * @param applications {OAuthApplications} requested applications
+ * @param session current session with identity and application tokens
+ * @returns {ValidationResult} 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session
+ */
+export declare function validateSession(scopes: string[], applications: OAuthApplications, session: {
+    identity: IdentityToken;
+    applications: {
+        [x: string]: ApplicationToken;
+    };
+}): Promise<ValidationResult>;
+export {};

package/dist/session/validate.js

@@ -0,0 +1,75 @@
+import { applicationId } from './identity.js';
+import constants from '../constants.js';
+import { identity, partners } from '../api.js';
+import { debug } from '../output.js';
+/**
+ * Validate if an identity token is valid for the requested scopes
+ * @param requestedScopes scopes
+ * @param identity
+ * @returns
+ */
+function validateScopes(requestedScopes, identity) {
+    const currentScopes = identity.scopes;
+    return requestedScopes.every((scope) => currentScopes.includes(scope));
+}
+/**
+ * Validate if the current session is valid or we need to refresh/re-authenticate
+ * @param scopes {string[]} requested scopes to validate
+ * @param applications {OAuthApplications} requested applications
+ * @param session current session with identity and application tokens
+ * @returns {ValidationResult} 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session
+ */
+export async function validateSession(scopes, applications, session) {
+    if (!session)
+        return 'needs_full_auth';
+    const scopesAreValid = validateScopes(scopes, session.identity);
+    const identityIsValid = await identity.validateIdentityToken(session.identity.accessToken);
+    if (!scopesAreValid)
+        return 'needs_full_auth';
+    let tokensAreExpired = isTokenExpired(session.identity);
+    let tokensAreRevoked = false;
+    if (applications.partnersApi) {
+        const appId = applicationId('partners');
+        const token = session.applications[appId];
+        tokensAreRevoked = tokensAreRevoked || (await isPartnersTokenRevoked(token));
+        tokensAreExpired = tokensAreExpired || isTokenExpired(token);
+    }
+    if (applications.storefrontRendererApi) {
+        const appId = applicationId('storefront-renderer');
+        const token = session.applications[appId];
+        tokensAreExpired = tokensAreExpired || isTokenExpired(token);
+    }
+    if (applications.adminApi) {
+        const appId = applicationId('admin');
+        const realAppId = `${applications.adminApi.storeFqdn}-${appId}`;
+        const token = session.applications[realAppId];
+        tokensAreExpired = tokensAreExpired || isTokenExpired(token);
+    }
+    debug(`
+The validation of the token for application/identity completed with the following results:
+- It's expired: ${tokensAreExpired}
+- It's been revoked: ${tokensAreRevoked}
+- It's invalid in identity: ${!identityIsValid}
+  `);
+    if (tokensAreExpired)
+        return 'needs_refresh';
+    if (tokensAreRevoked)
+        return 'needs_full_auth';
+    if (!identityIsValid)
+        return 'needs_full_auth';
+    return 'ok';
+}
+function isTokenExpired(token) {
+    if (!token)
+        return true;
+    return token.expiresAt < expireThreshold();
+}
+async function isPartnersTokenRevoked(token) {
+    if (!token)
+        return false;
+    return partners.checkIfTokenIsRevoked(token.accessToken);
+}
+function expireThreshold() {
+    return new Date(Date.now() + constants.session.expirationTimeMarginInMinutes * 60 * 1000);
+}
+//# sourceMappingURL=validate.js.map

package/dist/session/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/session/validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,eAAe,CAAA;AAE3C,OAAO,SAAS,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAC,QAAQ,EAAE,QAAQ,EAAC,MAAM,WAAW,CAAA;AAC5C,OAAO,EAAC,KAAK,EAAC,MAAM,cAAc,CAAA;AAIlC;;;;;GAKG;AACH,SAAS,cAAc,CAAC,eAAyB,EAAE,QAAuB;IACxE,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAA;IACrC,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;AACxE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAgB,EAChB,YAA+B,EAC/B,OAGC;IAED,IAAI,CAAC,OAAO;QAAE,OAAO,iBAAiB,CAAA;IACtC,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC/D,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,qBAAqB,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IAC1F,IAAI,CAAC,cAAc;QAAE,OAAO,iBAAiB,CAAA;IAC7C,IAAI,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IACvD,IAAI,gBAAgB,GAAG,KAAK,CAAA;IAE5B,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACzC,gBAAgB,GAAG,gBAAgB,IAAI,CAAC,MAAM,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAA;QAC5E,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;KAC7D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QACzC,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;KAC7D;IAED,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAA;QAC7C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;KAC7D;IAED,KAAK,CAAC;;kBAEU,gBAAgB;uBACX,gBAAgB;8BACT,CAAC,eAAe;GAC3C,CAAC,CAAA;IAEF,IAAI,gBAAgB;QAAE,OAAO,eAAe,CAAA;IAC5C,IAAI,gBAAgB;QAAE,OAAO,iBAAiB,CAAA;IAC9C,IAAI,CAAC,eAAe;QAAE,OAAO,iBAAiB,CAAA;IAC9C,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,cAAc,CAAC,KAAuB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO,KAAK,CAAC,SAAS,GAAG,eAAe,EAAE,CAAA;AAC5C,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,KAAuB;IAC3D,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAA;IACxB,OAAO,QAAQ,CAAC,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;AAC1D,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,6BAA6B,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;AAC3F,CAAC","sourcesContent":["import {applicationId} from './identity.js'\nimport {ApplicationToken, IdentityToken} from './schema.js'\nimport constants from '../constants.js'\nimport {OAuthApplications} from '../session.js'\nimport {identity, partners} from '../api.js'\nimport {debug} from '../output.js'\n\ntype ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok'\n\n/**\n * Validate if an identity token is valid for the requested scopes\n * @param requestedScopes scopes\n * @param identity\n * @returns\n */\nfunction validateScopes(requestedScopes: string[], identity: IdentityToken) {\n  const currentScopes = identity.scopes\n  return requestedScopes.every((scope) => currentScopes.includes(scope))\n}\n\n/**\n * Validate if the current session is valid or we need to refresh/re-authenticate\n * @param scopes {string[]} requested scopes to validate\n * @param applications {OAuthApplications} requested applications\n * @param session current session with identity and application tokens\n * @returns {ValidationResult} 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session\n */\nexport async function validateSession(\n  scopes: string[],\n  applications: OAuthApplications,\n  session: {\n    identity: IdentityToken\n    applications: {[x: string]: ApplicationToken}\n  },\n): Promise<ValidationResult> {\n  if (!session) return 'needs_full_auth'\n  const scopesAreValid = validateScopes(scopes, session.identity)\n  const identityIsValid = await identity.validateIdentityToken(session.identity.accessToken)\n  if (!scopesAreValid) return 'needs_full_auth'\n  let tokensAreExpired = isTokenExpired(session.identity)\n  let tokensAreRevoked = false\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    const token = session.applications[appId]\n    tokensAreRevoked = tokensAreRevoked || (await isPartnersTokenRevoked(token))\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    const token = session.applications[appId]\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = session.applications[realAppId]\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  debug(`\nThe validation of the token for application/identity completed with the following results:\n- It's expired: ${tokensAreExpired}\n- It's been revoked: ${tokensAreRevoked}\n- It's invalid in identity: ${!identityIsValid}\n  `)\n\n  if (tokensAreExpired) return 'needs_refresh'\n  if (tokensAreRevoked) return 'needs_full_auth'\n  if (!identityIsValid) return 'needs_full_auth'\n  return 'ok'\n}\n\nfunction isTokenExpired(token: ApplicationToken): boolean {\n  if (!token) return true\n  return token.expiresAt < expireThreshold()\n}\n\nasync function isPartnersTokenRevoked(token: ApplicationToken) {\n  if (!token) return false\n  return partners.checkIfTokenIsRevoked(token.accessToken)\n}\n\nfunction expireThreshold(): Date {\n  return new Date(Date.now() + constants.session.expirationTimeMarginInMinutes * 60 * 1000)\n}\n"]}

package/dist/session.d.ts

@@ -0,0 +1,88 @@
+/// <reference types="node" />
+import { Abort } from './error.js';
+/**
+ * A scope supported by the Shopify Admin API.
+ */
+declare type AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string;
+/**
+ * It represents the options to authenticate against the Shopify Admin API.
+ */
+interface AdminAPIOAuthOptions {
+    /** Store to request permissions for */
+    storeFqdn: string;
+    /** List of scopes to request permissions for */
+    scopes: AdminAPIScope[];
+}
+/**
+ * A scope supported by the Partners API.
+ */
+declare type PartnersAPIScope = 'cli' | string;
+interface PartnersAPIOAuthOptions {
+    /** List of scopes to request permissions for */
+    scopes: PartnersAPIScope[];
+}
+/**
+ * A scope supported by the Storefront Renderer API.
+ */
+declare type StorefrontRendererScope = 'devtools' | string;
+interface StorefrontRendererAPIOAuthOptions {
+    /** List of scopes to request permissions for */
+    scopes: StorefrontRendererScope[];
+}
+/**
+ * It represents the authentication requirements and
+ * is the input necessary to trigger the authentication
+ * flow.
+ */
+export interface OAuthApplications {
+    adminApi?: AdminAPIOAuthOptions;
+    storefrontRendererApi?: StorefrontRendererAPIOAuthOptions;
+    partnersApi?: PartnersAPIOAuthOptions;
+}
+export interface AdminSession {
+    token: string;
+    storeFqdn: string;
+}
+export interface OAuthSession {
+    admin?: AdminSession;
+    partners?: string;
+    storefront?: string;
+}
+export declare const PartnerOrganizationNotFoundError: () => Abort;
+/**
+ * Ensure that we have a valid session to access the Partners API.
+ * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token
+ * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored
+ * @param scopes {string[]} Optional array of extra scopes to authenticate with.
+ * @returns {Promise<string>} The access token for the Partners API.
+ */
+export declare function ensureAuthenticatedPartners(scopes?: string[], env?: NodeJS.ProcessEnv): Promise<string>;
+/**
+ * Ensure that we have a valid session to access the Storefront API.
+ * @param scopes {string[]} Optional array of extra scopes to authenticate with.
+ * @returns {Promise<string>} The access token for the Storefront API.
+ */
+export declare function ensureAuthenticatedStorefront(scopes?: string[]): Promise<string>;
+/**
+ * Ensure that we have a valid Admin session for the given store.
+ * @param store {string} Store fqdn to request auth for
+ * @param scopes {string[]} Optional array of extra scopes to authenticate with.
+ * @returns {Promise<string>} The access token for the Admin API
+ */
+export declare function ensureAuthenticatedAdmin(store: string, scopes?: string[]): Promise<AdminSession>;
+/**
+ * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.
+ * @param applications {OAuthApplications} An object containing the applications we need to be authenticated with.
+ * @returns {OAuthSession} An instance with the access tokens organized by application.
+ */
+export declare function ensureAuthenticated(applications: OAuthApplications, env?: NodeJS.ProcessEnv): Promise<OAuthSession>;
+export declare function hasPartnerAccount(partnersToken: string): Promise<boolean>;
+/**
+ * If the user creates an account from the Identity website, the created
+ * account won't get a Partner organization created. We need to detect that
+ * and take the user to create a partner organization.
+ * @param partnersToken {string} Partners token
+ */
+export declare function ensureUserHasPartnerAccount(partnersToken: string): Promise<void>;
+export declare function logout(): Promise<void>;
+export {};

package/dist/session.js

@@ -0,0 +1,251 @@
+import { applicationId } from './session/identity.js';
+import { Abort, Bug } from './error.js';
+import { validateSession } from './session/validate.js';
+import { allDefaultScopes, apiScopes } from './session/scopes.js';
+import { identity as identityFqdn } from './environment/fqdn.js';
+import { open } from './system.js';
+import { exchangeAccessForApplicationTokens, exchangeCodeForAccessToken, exchangeCustomPartnerToken, refreshAccessToken, InvalidGrantError, } from './session/exchange.js';
+import { content, token, debug } from './output.js';
+import { keypress } from './ui.js';
+import { authorize } from './session/authorize.js';
+import * as secureStore from './session/store.js';
+import constants from './constants.js';
+import { normalizeStoreName } from './string.js';
+import * as output from './output.js';
+import { partners } from './api.js';
+import { gql } from 'graphql-request';
+const NoSessionError = new Bug('No session found after ensuring authenticated');
+const MissingPartnerTokenError = new Bug('No partners token found after ensuring authenticated');
+const MissingAdminTokenError = new Bug('No admin token found after ensuring authenticated');
+const MissingStorefrontTokenError = new Bug('No storefront token found after ensuring authenticated');
+export const PartnerOrganizationNotFoundError = () => {
+    return new Abort(`Couldn't find your Shopify Partners organization`, `Have you confirmed your accounts from the emails you received?`);
+};
+/**
+ * Ensure that we have a valid session to access the Partners API.
+ * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token
+ * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored
+ * @param scopes {string[]} Optional array of extra scopes to authenticate with.
+ * @returns {Promise<string>} The access token for the Partners API.
+ */
+export async function ensureAuthenticatedPartners(scopes = [], env = process.env) {
+    debug(content `Ensuring that the user is authenticated with the Partners API with the following scopes:
+${token.json(scopes)}
+`);
+    const envToken = env[constants.environmentVariables.partnersToken];
+    if (envToken) {
+        return (await exchangeCustomPartnerToken(envToken)).accessToken;
+    }
+    const tokens = await ensureAuthenticated({ partnersApi: { scopes } });
+    if (!tokens.partners) {
+        throw MissingPartnerTokenError;
+    }
+    return tokens.partners;
+}
+/**
+ * Ensure that we have a valid session to access the Storefront API.
+ * @param scopes {string[]} Optional array of extra scopes to authenticate with.
+ * @returns {Promise<string>} The access token for the Storefront API.
+ */
+export async function ensureAuthenticatedStorefront(scopes = []) {
+    debug(content `Ensuring that the user is authenticated with the Storefront API with the following scopes:
+${token.json(scopes)}
+`);
+    const tokens = await ensureAuthenticated({ storefrontRendererApi: { scopes } });
+    if (!tokens.storefront) {
+        throw MissingStorefrontTokenError;
+    }
+    return tokens.storefront;
+}
+/**
+ * Ensure that we have a valid Admin session for the given store.
+ * @param store {string} Store fqdn to request auth for
+ * @param scopes {string[]} Optional array of extra scopes to authenticate with.
+ * @returns {Promise<string>} The access token for the Admin API
+ */
+export async function ensureAuthenticatedAdmin(store, scopes = []) {
+    debug(content `Ensuring that the user is authenticated with the Admin API with the following scopes for the store ${token.raw(store)}:
+${token.json(scopes)}
+`);
+    const tokens = await ensureAuthenticated({ adminApi: { scopes, storeFqdn: store } });
+    if (!tokens.admin) {
+        throw MissingAdminTokenError;
+    }
+    return tokens.admin;
+}
+/**
+ * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.
+ * @param applications {OAuthApplications} An object containing the applications we need to be authenticated with.
+ * @returns {OAuthSession} An instance with the access tokens organized by application.
+ */
+export async function ensureAuthenticated(applications, env = process.env) {
+    const fqdn = await identityFqdn();
+    if (applications.adminApi?.storeFqdn) {
+        applications.adminApi.storeFqdn = normalizeStoreName(applications.adminApi.storeFqdn);
+    }
+    const currentSession = (await secureStore.fetch()) || {};
+    const fqdnSession = currentSession[fqdn];
+    const scopes = getFlattenScopes(applications);
+    debug(content `Validating existing session against the scopes:
+${token.json(scopes)}
+For applications:
+${token.json(applications)}
+`);
+    const validationResult = await validateSession(scopes, applications, fqdnSession);
+    let newSession = {};
+    if (validationResult === 'needs_full_auth') {
+        debug(content `Initiating the full authentication flow...`);
+        newSession = await executeCompleteFlow(applications, fqdn);
+    }
+    else if (validationResult === 'needs_refresh') {
+        debug(content `The current session is valid but needs refresh. Refreshing...`);
+        try {
+            newSession = await refreshTokens(fqdnSession.identity, applications, fqdn);
+        }
+        catch (error) {
+            if (error instanceof InvalidGrantError) {
+                newSession = await executeCompleteFlow(applications, fqdn);
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    const completeSession = { ...currentSession, ...newSession };
+    await secureStore.store(completeSession);
+    const tokens = await tokensFor(applications, completeSession, fqdn);
+    // Overwrite partners token if using a custom CLI Token
+    const envToken = env[constants.environmentVariables.partnersToken];
+    if (envToken && applications.partnersApi) {
+        tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken;
+    }
+    if (!envToken && tokens.partners) {
+        await ensureUserHasPartnerAccount(tokens.partners);
+    }
+    return tokens;
+}
+export async function hasPartnerAccount(partnersToken) {
+    try {
+        await partners.request(gql `
+        {
+          organizations(first: 1) {
+            nodes {
+              id
+            }
+          }
+        }
+      `, partnersToken);
+        return true;
+        // eslint-disable-next-line no-catch-all/no-catch-all
+    }
+    catch (error) {
+        if (error instanceof partners.RequestClientError && error.statusCode === 404) {
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+/**
+ * If the user creates an account from the Identity website, the created
+ * account won't get a Partner organization created. We need to detect that
+ * and take the user to create a partner organization.
+ * @param partnersToken {string} Partners token
+ */
+export async function ensureUserHasPartnerAccount(partnersToken) {
+    debug(content `Verifying that the user has a Partner organization`);
+    if (!(await hasPartnerAccount(partnersToken))) {
+        output.info(`\nA Shopify Partners organization is needed to proceed.`);
+        output.info(`👉 Press any key to create one`);
+        await keypress();
+        open(`https://partners.shopify.com/signup`);
+        output.info(output.content `👉 Press any key when you have ${output.token.cyan('created the organization')}`);
+        output.warn(output.content `Make sure you've confirmed your Shopify and the Partner organization from the email`);
+        await keypress();
+        if (!(await hasPartnerAccount(partnersToken))) {
+            throw PartnerOrganizationNotFoundError();
+        }
+    }
+}
+async function executeCompleteFlow(applications, identityFqdn) {
+    const scopes = getFlattenScopes(applications);
+    const exchangeScopes = getExchangeScopes(applications);
+    const store = applications.adminApi?.storeFqdn;
+    // Authorize user via browser
+    debug(content `Authorizing through Identity's website...`);
+    const code = await authorize(scopes);
+    // Exchange code for identity token
+    debug(content `Authorization code received. Exchanging it for a CLI token...`);
+    const identityToken = await exchangeCodeForAccessToken(code);
+    // Exchange identity token for application tokens
+    debug(content `CLI token received. Exchanging it for application tokens...`);
+    const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store);
+    const session = {
+        [identityFqdn]: {
+            identity: identityToken,
+            applications: result,
+        },
+    };
+    output.completed('Logged in.');
+    return session;
+}
+async function refreshTokens(token, applications, fqdn) {
+    // Refresh Identity Token
+    const identityToken = await refreshAccessToken(token);
+    // Exchange new identity token for application tokens
+    const exchangeScopes = getExchangeScopes(applications);
+    const applicationTokens = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, applications.adminApi?.storeFqdn);
+    return {
+        [fqdn]: {
+            identity: identityToken,
+            applications: applicationTokens,
+        },
+    };
+}
+async function tokensFor(applications, session, fqdn) {
+    const fqdnSession = session[fqdn];
+    if (!fqdnSession) {
+        throw NoSessionError;
+    }
+    const tokens = {};
+    if (applications.adminApi) {
+        const appId = applicationId('admin');
+        const realAppId = `${applications.adminApi.storeFqdn}-${appId}`;
+        const token = fqdnSession.applications[realAppId]?.accessToken;
+        if (token) {
+            tokens.admin = { token, storeFqdn: applications.adminApi.storeFqdn };
+        }
+    }
+    if (applications.partnersApi) {
+        const appId = applicationId('partners');
+        tokens.partners = fqdnSession.applications[appId]?.accessToken;
+    }
+    if (applications.storefrontRendererApi) {
+        const appId = applicationId('storefront-renderer');
+        tokens.storefront = fqdnSession.applications[appId]?.accessToken;
+    }
+    return tokens;
+}
+// Scope Helpers
+function getFlattenScopes(apps) {
+    const admin = apps.adminApi?.scopes || [];
+    const partner = apps.partnersApi?.scopes || [];
+    const storefront = apps.storefrontRendererApi?.scopes || [];
+    const requestedScopes = [...admin, ...partner, ...storefront];
+    return allDefaultScopes(requestedScopes);
+}
+function getExchangeScopes(apps) {
+    const adminScope = apps.adminApi?.scopes || [];
+    const partnerScope = apps.partnersApi?.scopes || [];
+    const storefrontScopes = apps.storefrontRendererApi?.scopes || [];
+    return {
+        admin: apiScopes('admin', adminScope),
+        partners: apiScopes('partners', partnerScope),
+        storefront: apiScopes('storefront-renderer', storefrontScopes),
+    };
+}
+export function logout() {
+    return secureStore.remove();
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAA;AACnD,OAAO,EAAC,KAAK,EAAE,GAAG,EAAC,MAAM,YAAY,CAAA;AACrC,OAAO,EAAC,eAAe,EAAC,MAAM,uBAAuB,CAAA;AACrD,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,uBAAuB,CAAA;AAC9D,OAAO,EAAC,IAAI,EAAC,MAAM,aAAa,CAAA;AAChC,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,0BAA0B,EAE1B,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AACjD,OAAO,EAAC,QAAQ,EAAC,MAAM,SAAS,CAAA;AAEhC,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAA;AAEhD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,EAAC,kBAAkB,EAAC,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AACrC,OAAO,EAAC,QAAQ,EAAC,MAAM,UAAU,CAAA;AACjC,OAAO,EAAC,GAAG,EAAC,MAAM,iBAAiB,CAAA;AAEnC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,+CAA+C,CAAC,CAAA;AAC/E,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,sDAAsD,CAAC,CAAA;AAChG,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,mDAAmD,CAAC,CAAA;AAC3F,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC,wDAAwD,CAAC,CAAA;AAwDrG,MAAM,CAAC,MAAM,gCAAgC,GAAG,GAAG,EAAE;IACnD,OAAO,IAAI,KAAK,CACd,kDAAkD,EAClD,gEAAgE,CACjE,CAAA;AACH,CAAC,CAAA;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,SAAmB,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IACxF,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,EAAE;QACZ,OAAO,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAChE;IACD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,WAAW,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IACjE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,MAAM,wBAAwB,CAAA;KAC/B;IACD,OAAO,MAAM,CAAC,QAAQ,CAAA;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAAC,SAAmB,EAAE;IACvE,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,qBAAqB,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IAC3E,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE;QACtB,MAAM,2BAA2B,CAAA;KAClC;IACD,OAAO,MAAM,CAAC,UAAU,CAAA;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,KAAa,EAAE,SAAmB,EAAE;IACjF,KAAK,CAAC,OAAO,CAAA,sGAAsG,KAAK,CAAC,GAAG,CAC1H,KAAK,CACN;EACD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAC,EAAC,CAAC,CAAA;IAChF,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;QACjB,MAAM,sBAAsB,CAAA;KAC7B;IACD,OAAO,MAAM,CAAC,KAAK,CAAA;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IAC1F,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IAEjC,IAAI,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE;QACpC,YAAY,CAAC,QAAQ,CAAC,SAAS,GAAG,kBAAkB,CAAC,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;KACtF;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAE7C,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;;EAElB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;CACzB,CAAC,CAAA;IACA,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;IAEjF,IAAI,UAAU,GAAG,EAAE,CAAA;IAEnB,IAAI,gBAAgB,KAAK,iBAAiB,EAAE;QAC1C,KAAK,CAAC,OAAO,CAAA,4CAA4C,CAAC,CAAA;QAC1D,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;KAC3D;SAAM,IAAI,gBAAgB,KAAK,eAAe,EAAE;QAC/C,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;QAC7E,IAAI;YACF,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,CAAA;SAC3E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,iBAAiB,EAAE;gBACtC,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;aAC3D;iBAAM;gBACL,MAAM,KAAK,CAAA;aACZ;SACF;KACF;IAED,MAAM,eAAe,GAAY,EAAC,GAAG,cAAc,EAAE,GAAG,UAAU,EAAC,CAAA;IACnE,MAAM,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAEnE,uDAAuD;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE;QACxC,MAAM,CAAC,QAAQ,GAAG,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAC3E;IACD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChC,MAAM,2BAA2B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;KACnD;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,aAAqB;IAC3D,IAAI;QACF,MAAM,QAAQ,CAAC,OAAO,CACpB,GAAG,CAAA;;;;;;;;OAQF,EACD,aAAa,CACd,CAAA;QACD,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,QAAQ,CAAC,kBAAkB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;YAC5E,OAAO,KAAK,CAAA;SACb;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,aAAqB;IACrE,KAAK,CAAC,OAAO,CAAA,oDAAoD,CAAC,CAAA;IAClE,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAA;QACtE,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;QAC7C,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,qCAAqC,CAAC,CAAA;QAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,kCAAkC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAA;QAC5G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,qFAAqF,CAAC,CAAA;QAChH,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;YAC7C,MAAM,gCAAgC,EAAE,CAAA;SACzC;KACF;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,YAAoB;IACtF,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAE9C,6BAA6B;IAC7B,KAAK,CAAC,OAAO,CAAA,2CAA2C,CAAC,CAAA;IACzD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;IAEpC,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;IAC7E,MAAM,aAAa,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,CAAA;IAE5D,iDAAiD;IACjD,KAAK,CAAC,OAAO,CAAA,6DAA6D,CAAC,CAAA;IAC3E,MAAM,MAAM,GAAG,MAAM,kCAAkC,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;IAE7F,MAAM,OAAO,GAAY;QACvB,CAAC,YAAY,CAAC,EAAE;YACd,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,MAAM;SACrB;KACF,CAAA;IAED,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IAE9B,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,KAAoB,EAAE,YAA+B,EAAE,IAAY;IAC9F,yBAAyB;IACzB,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;IAErD,qDAAqD;IACrD,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,iBAAiB,GAAG,MAAM,kCAAkC,CAChE,aAAa,EACb,cAAc,EACd,YAAY,CAAC,QAAQ,EAAE,SAAS,CACjC,CAAA;IAED,OAAO;QACL,CAAC,IAAI,CAAC,EAAE;YACN,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;SAChC;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAA+B,EAAE,OAAgB,EAAE,IAAY;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,cAAc,CAAA;KACrB;IACD,MAAM,MAAM,GAAiB,EAAE,CAAA;IAC/B,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,WAAW,CAAA;QAC9D,IAAI,KAAK,EAAE;YACT,MAAM,CAAC,KAAK,GAAG,EAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAC,CAAA;SACnE;KACF;IAED,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KAC/D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACjE;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gBAAgB;AAChB,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC3D,MAAM,eAAe,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,CAAC,CAAA;IAC7D,OAAO,gBAAgB,CAAC,eAAe,CAAC,CAAA;AAC1C,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IACjE,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;QACrC,QAAQ,EAAE,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC;QAC7C,UAAU,EAAE,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KAC/D,CAAA;AACH,CAAC;AAED,MAAM,UAAU,MAAM;IACpB,OAAO,WAAW,CAAC,MAAM,EAAE,CAAA;AAC7B,CAAC","sourcesContent":["import {applicationId} from './session/identity.js'\nimport {Abort, Bug} from './error.js'\nimport {validateSession} from './session/validate.js'\nimport {allDefaultScopes, apiScopes} from './session/scopes.js'\nimport {identity as identityFqdn} from './environment/fqdn.js'\nimport {open} from './system.js'\nimport {\n  exchangeAccessForApplicationTokens,\n  exchangeCodeForAccessToken,\n  exchangeCustomPartnerToken,\n  ExchangeScopes,\n  refreshAccessToken,\n  InvalidGrantError,\n} from './session/exchange.js'\n\nimport {content, token, debug} from './output.js'\nimport {keypress} from './ui.js'\n\nimport {authorize} from './session/authorize.js'\nimport {IdentityToken, Session} from './session/schema.js'\nimport * as secureStore from './session/store.js'\nimport constants from './constants.js'\nimport {normalizeStoreName} from './string.js'\nimport * as output from './output.js'\nimport {partners} from './api.js'\nimport {gql} from 'graphql-request'\n\nconst NoSessionError = new Bug('No session found after ensuring authenticated')\nconst MissingPartnerTokenError = new Bug('No partners token found after ensuring authenticated')\nconst MissingAdminTokenError = new Bug('No admin token found after ensuring authenticated')\nconst MissingStorefrontTokenError = new Bug('No storefront token found after ensuring authenticated')\n\n/**\n * A scope supported by the Shopify Admin API.\n */\ntype AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string\n\n/**\n * It represents the options to authenticate against the Shopify Admin API.\n */\ninterface AdminAPIOAuthOptions {\n  /** Store to request permissions for */\n  storeFqdn: string\n  /** List of scopes to request permissions for */\n  scopes: AdminAPIScope[]\n}\n\n/**\n * A scope supported by the Partners API.\n */\ntype PartnersAPIScope = 'cli' | string\ninterface PartnersAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: PartnersAPIScope[]\n}\n\n/**\n * A scope supported by the Storefront Renderer API.\n */\ntype StorefrontRendererScope = 'devtools' | string\ninterface StorefrontRendererAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: StorefrontRendererScope[]\n}\n\n/**\n * It represents the authentication requirements and\n * is the input necessary to trigger the authentication\n * flow.\n */\nexport interface OAuthApplications {\n  adminApi?: AdminAPIOAuthOptions\n  storefrontRendererApi?: StorefrontRendererAPIOAuthOptions\n  partnersApi?: PartnersAPIOAuthOptions\n}\n\nexport interface AdminSession {\n  token: string\n  storeFqdn: string\n}\n\nexport interface OAuthSession {\n  admin?: AdminSession\n  partners?: string\n  storefront?: string\n}\nexport const PartnerOrganizationNotFoundError = () => {\n  return new Abort(\n    `Couldn't find your Shopify Partners organization`,\n    `Have you confirmed your accounts from the emails you received?`,\n  )\n}\n\n/**\n * Ensure that we have a valid session to access the Partners API.\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Partners API.\n */\nexport async function ensureAuthenticatedPartners(scopes: string[] = [], env = process.env): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Partners API with the following scopes:\n${token.json(scopes)}\n`)\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken) {\n    return (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  const tokens = await ensureAuthenticated({partnersApi: {scopes}})\n  if (!tokens.partners) {\n    throw MissingPartnerTokenError\n  }\n  return tokens.partners\n}\n\n/**\n * Ensure that we have a valid session to access the Storefront API.\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Storefront API.\n */\nexport async function ensureAuthenticatedStorefront(scopes: string[] = []): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Storefront API with the following scopes:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({storefrontRendererApi: {scopes}})\n  if (!tokens.storefront) {\n    throw MissingStorefrontTokenError\n  }\n  return tokens.storefront\n}\n\n/**\n * Ensure that we have a valid Admin session for the given store.\n * @param store {string} Store fqdn to request auth for\n * @param scopes {string[]} Optional array of extra scopes to authenticate with.\n * @returns {Promise<string>} The access token for the Admin API\n */\nexport async function ensureAuthenticatedAdmin(store: string, scopes: string[] = []): Promise<AdminSession> {\n  debug(content`Ensuring that the user is authenticated with the Admin API with the following scopes for the store ${token.raw(\n    store,\n  )}:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({adminApi: {scopes, storeFqdn: store}})\n  if (!tokens.admin) {\n    throw MissingAdminTokenError\n  }\n  return tokens.admin\n}\n\n/**\n * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.\n * @param applications {OAuthApplications} An object containing the applications we need to be authenticated with.\n * @returns {OAuthSession} An instance with the access tokens organized by application.\n */\nexport async function ensureAuthenticated(applications: OAuthApplications, env = process.env): Promise<OAuthSession> {\n  const fqdn = await identityFqdn()\n\n  if (applications.adminApi?.storeFqdn) {\n    applications.adminApi.storeFqdn = normalizeStoreName(applications.adminApi.storeFqdn)\n  }\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdnSession = currentSession[fqdn]\n  const scopes = getFlattenScopes(applications)\n\n  debug(content`Validating existing session against the scopes:\n${token.json(scopes)}\nFor applications:\n${token.json(applications)}\n`)\n  const validationResult = await validateSession(scopes, applications, fqdnSession)\n\n  let newSession = {}\n\n  if (validationResult === 'needs_full_auth') {\n    debug(content`Initiating the full authentication flow...`)\n    newSession = await executeCompleteFlow(applications, fqdn)\n  } else if (validationResult === 'needs_refresh') {\n    debug(content`The current session is valid but needs refresh. Refreshing...`)\n    try {\n      newSession = await refreshTokens(fqdnSession.identity, applications, fqdn)\n    } catch (error) {\n      if (error instanceof InvalidGrantError) {\n        newSession = await executeCompleteFlow(applications, fqdn)\n      } else {\n        throw error\n      }\n    }\n  }\n\n  const completeSession: Session = {...currentSession, ...newSession}\n  await secureStore.store(completeSession)\n  const tokens = await tokensFor(applications, completeSession, fqdn)\n\n  // Overwrite partners token if using a custom CLI Token\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken && applications.partnersApi) {\n    tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  if (!envToken && tokens.partners) {\n    await ensureUserHasPartnerAccount(tokens.partners)\n  }\n\n  return tokens\n}\n\nexport async function hasPartnerAccount(partnersToken: string): Promise<boolean> {\n  try {\n    await partners.request(\n      gql`\n        {\n          organizations(first: 1) {\n            nodes {\n              id\n            }\n          }\n        }\n      `,\n      partnersToken,\n    )\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    if (error instanceof partners.RequestClientError && error.statusCode === 404) {\n      return false\n    } else {\n      return true\n    }\n  }\n}\n\n/**\n * If the user creates an account from the Identity website, the created\n * account won't get a Partner organization created. We need to detect that\n * and take the user to create a partner organization.\n * @param partnersToken {string} Partners token\n */\nexport async function ensureUserHasPartnerAccount(partnersToken: string) {\n  debug(content`Verifying that the user has a Partner organization`)\n  if (!(await hasPartnerAccount(partnersToken))) {\n    output.info(`\\nA Shopify Partners organization is needed to proceed.`)\n    output.info(`👉 Press any key to create one`)\n    await keypress()\n    open(`https://partners.shopify.com/signup`)\n    output.info(output.content`👉 Press any key when you have ${output.token.cyan('created the organization')}`)\n    output.warn(output.content`Make sure you've confirmed your Shopify and the Partner organization from the email`)\n    await keypress()\n    if (!(await hasPartnerAccount(partnersToken))) {\n      throw PartnerOrganizationNotFoundError()\n    }\n  }\n}\n\nasync function executeCompleteFlow(applications: OAuthApplications, identityFqdn: string): Promise<Session> {\n  const scopes = getFlattenScopes(applications)\n  const exchangeScopes = getExchangeScopes(applications)\n  const store = applications.adminApi?.storeFqdn\n\n  // Authorize user via browser\n  debug(content`Authorizing through Identity's website...`)\n  const code = await authorize(scopes)\n\n  // Exchange code for identity token\n  debug(content`Authorization code received. Exchanging it for a CLI token...`)\n  const identityToken = await exchangeCodeForAccessToken(code)\n\n  // Exchange identity token for application tokens\n  debug(content`CLI token received. Exchanging it for application tokens...`)\n  const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store)\n\n  const session: Session = {\n    [identityFqdn]: {\n      identity: identityToken,\n      applications: result,\n    },\n  }\n\n  output.completed('Logged in.')\n\n  return session\n}\n\nasync function refreshTokens(token: IdentityToken, applications: OAuthApplications, fqdn: string): Promise<Session> {\n  // Refresh Identity Token\n  const identityToken = await refreshAccessToken(token)\n\n  // Exchange new identity token for application tokens\n  const exchangeScopes = getExchangeScopes(applications)\n  const applicationTokens = await exchangeAccessForApplicationTokens(\n    identityToken,\n    exchangeScopes,\n    applications.adminApi?.storeFqdn,\n  )\n\n  return {\n    [fqdn]: {\n      identity: identityToken,\n      applications: applicationTokens,\n    },\n  }\n}\n\nasync function tokensFor(applications: OAuthApplications, session: Session, fqdn: string): Promise<OAuthSession> {\n  const fqdnSession = session[fqdn]\n  if (!fqdnSession) {\n    throw NoSessionError\n  }\n  const tokens: OAuthSession = {}\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = fqdnSession.applications[realAppId]?.accessToken\n    if (token) {\n      tokens.admin = {token, storeFqdn: applications.adminApi.storeFqdn}\n    }\n  }\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    tokens.partners = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    tokens.storefront = fqdnSession.applications[appId]?.accessToken\n  }\n  return tokens\n}\n\n// Scope Helpers\nfunction getFlattenScopes(apps: OAuthApplications): string[] {\n  const admin = apps.adminApi?.scopes || []\n  const partner = apps.partnersApi?.scopes || []\n  const storefront = apps.storefrontRendererApi?.scopes || []\n  const requestedScopes = [...admin, ...partner, ...storefront]\n  return allDefaultScopes(requestedScopes)\n}\n\nfunction getExchangeScopes(apps: OAuthApplications): ExchangeScopes {\n  const adminScope = apps.adminApi?.scopes || []\n  const partnerScope = apps.partnersApi?.scopes || []\n  const storefrontScopes = apps.storefrontRendererApi?.scopes || []\n  return {\n    admin: apiScopes('admin', adminScope),\n    partners: apiScopes('partners', partnerScope),\n    storefront: apiScopes('storefront-renderer', storefrontScopes),\n  }\n}\n\nexport function logout() {\n  return secureStore.remove()\n}\n"]}

package/dist/store/schema.d.ts

@@ -0,0 +1,3 @@
+import type { Schema } from 'conf';
+declare const schema: Schema<unknown>;
+export default schema;

package/dist/store/schema.js

@@ -0,0 +1,27 @@
+const schema = {
+    appInfo: {
+        type: 'array',
+        items: {
+            type: 'object',
+            properties: {
+                appId: {
+                    type: 'string',
+                },
+                title: {
+                    type: 'string',
+                },
+                orgId: {
+                    type: 'string',
+                },
+                storeFqdn: {
+                    type: 'string',
+                },
+                directory: {
+                    type: 'string',
+                },
+            },
+        },
+    },
+};
+export default schema;
+//# sourceMappingURL=schema.js.map

package/dist/store/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/store/schema.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAAoB;IAC9B,OAAO,EAAE;QACP,IAAI,EAAE,OAAO;QACb,KAAK,EAAE;YACL,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;iBACf;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;iBACf;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;iBACf;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;iBACf;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;iBACf;aACF;SACF;KACF;CACF,CAAA;AAED,eAAe,MAAM,CAAA","sourcesContent":["import type {Schema} from 'conf'\n\nconst schema: Schema<unknown> = {\n  appInfo: {\n    type: 'array',\n    items: {\n      type: 'object',\n      properties: {\n        appId: {\n          type: 'string',\n        },\n        title: {\n          type: 'string',\n        },\n        orgId: {\n          type: 'string',\n        },\n        storeFqdn: {\n          type: 'string',\n        },\n        directory: {\n          type: 'string',\n        },\n      },\n    },\n  },\n}\n\nexport default schema\n"]}

package/dist/store.d.ts

@@ -0,0 +1,32 @@
+import Conf from 'conf';
+export interface CachedAppInfo {
+    directory: string;
+    appId: string;
+    title?: string;
+    orgId?: string;
+    storeFqdn?: string;
+}
+interface ConfSchema {
+    appInfo: CachedAppInfo[];
+    themeStore: string;
+    session: string;
+}
+export declare function cliKitStore(): CLIKitStore;
+export declare function initializeCliKitStore(): Promise<void>;
+export declare class CLIKitStore extends Conf<ConfSchema> {
+    getAppInfo(directory: string): CachedAppInfo | undefined;
+    setAppInfo(options: {
+        directory: string;
+        appId: string;
+        title?: string;
+        storeFqdn?: string;
+        orgId?: string;
+    }): void;
+    clearAppInfo(directory: string): void;
+    getTheme(): string | undefined;
+    setTheme(store: string): void;
+    getSession(): string | undefined;
+    setSession(store: string): void;
+    removeSession(): void;
+}
+export {};

package/dist/store.js

@@ -0,0 +1,102 @@
+import { content, token, debug } from './output.js';
+import constants from './constants.js';
+import { Abort } from './error.js';
+import Conf from 'conf';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore
+const migrations = {};
+const schema = {
+    appInfo: {
+        type: 'array',
+        items: {
+            type: 'object',
+            properties: {
+                appId: {
+                    type: 'string',
+                },
+                orgId: {
+                    type: 'string',
+                },
+                storeFqdn: {
+                    type: 'string',
+                },
+            },
+        },
+    },
+};
+let _instance;
+export function cliKitStore() {
+    if (!_instance) {
+        throw new Abort("The CLIKitStore instance hasn't been initialized");
+    }
+    return _instance;
+}
+export async function initializeCliKitStore() {
+    if (!_instance) {
+        // eslint-disable-next-line require-atomic-updates
+        _instance = new CLIKitStore({
+            schema,
+            migrations,
+            projectName: 'shopify-cli-kit',
+            projectVersion: await constants.versions.cliKit(),
+        });
+    }
+}
+export class CLIKitStore extends Conf {
+    getAppInfo(directory) {
+        debug(content `Reading cached app information for directory ${token.path(directory)}...`);
+        const apps = this.get('appInfo') ?? [];
+        return apps.find((app) => app.directory === directory);
+    }
+    setAppInfo(options) {
+        debug(content `Storing app information for directory ${token.path(options.directory)}:
+${token.json(options)}
+`);
+        const apps = this.get('appInfo') ?? [];
+        const index = apps.findIndex((saved) => saved.directory === options.directory);
+        if (index === -1) {
+            apps.push(options);
+        }
+        else {
+            const app = apps[index];
+            apps[index] = {
+                appId: options.appId,
+                directory: options.directory,
+                title: options.title ?? app.title,
+                storeFqdn: options.storeFqdn ?? app.storeFqdn,
+                orgId: options.orgId ?? app.orgId,
+            };
+        }
+        this.set('appInfo', apps);
+    }
+    clearAppInfo(directory) {
+        debug(content `Clearning app information for directory ${token.path(directory)}...`);
+        const apps = this.get('appInfo') ?? [];
+        const index = apps.findIndex((saved) => saved.directory === directory);
+        if (index !== -1) {
+            apps.splice(index, 1);
+        }
+        this.set('appInfo', apps);
+    }
+    getTheme() {
+        debug(content `Getting theme store...`);
+        return this.get('themeStore');
+    }
+    setTheme(store) {
+        debug(content `Setting theme store...`);
+        this.set('themeStore', store);
+    }
+    getSession() {
+        debug(content `Getting session store...`);
+        return this.get('sessionStore');
+    }
+    setSession(store) {
+        debug(content `Setting session store...`);
+        this.set('sessionStore', store);
+    }
+    removeSession() {
+        debug(content `Removing session store...`);
+        this.set('sessionStore', '');
+    }
+}
+//# sourceMappingURL=store.js.map