@shopify/cli-kit 3.32.1 → 3.34.0

package/dist/environment/spin-cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"spin-cache.js","sourceRoot":"","sources":["../../src/environment/spin-cache.ts"],"names":[],"mappings":"AAAA,IAAI,cAAsB,CAAA;AAE1B,MAAM,UAAU,iBAAiB;IAC/B,OAAO,cAAc,CAAA;AACvB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,cAAc,GAAG,IAAI,CAAA;AACvB,CAAC","sourcesContent":["let cachedSpinFQDN: string\n\nexport function getCachedSpinFqdn(): string | undefined {\n  return cachedSpinFQDN\n}\n\nexport function setCachedSpinFqdn(fqdn: string) {\n  cachedSpinFQDN = fqdn\n}\n"]}

package/dist/environment/spin.d.ts

@@ -1,50 +0,0 @@
-/// <reference types="node" />
-import { Abort } from '../error.js';
-export declare const SpinInstanceNotFound: (spinInstance: string | undefined, error: string) => Abort;
-/**
- * When ran in a Spin environment, it returns the fqdn of the instance.
- *
- * Will cache the value of the Spin FQDN during the execution of the CLI.
- * To avoid multiple calls to `readSync` or `show`
- * @returns fqdn of the Spin environment.
- */
-export declare function fqdn(env?: NodeJS.ProcessEnv): Promise<string>;
-/**
- * Runs "spin show" and returns the JSON-parsed output.
- * @param spinInstance - When it's undefined, we'll fetch the latest one.
- * @returns The JSON-parsed output of the Spin CLI.
- * @throws Any error raised from the underlying Spin CLI.
- */
-export declare function show(spinInstance: string | undefined, env?: NodeJS.ProcessEnv): Promise<{
-    fqdn: string;
-}>;
-/**
- * Returns true if the CLI is running in a Spin environment.
- * @param env - Environment variables
- * @returns True if the CLI is running in a Spin environment.
- */
-export declare function isSpin(env?: NodeJS.ProcessEnv): boolean;
-/**
- * Returns the value of the SPIN_INSTANCE environment variable.
- * @param env - Environment variables
- * @returns The value of the SPIN_INSTANCE environment variable.
- */
-export declare function instance(env?: NodeJS.ProcessEnv): string | undefined;
-/**
- * Returns the value of the SPIN_WORKSPACE environment variable.
- * @param env - Environment variables
- * @returns The value of the SPIN_WORKSPACE environment variable.
- */
-export declare function workspace(env?: NodeJS.ProcessEnv): string | undefined;
-/**
- * Returns the value of the SPIN_NAMESPACE environment variable.
- * @param env - Environment variables
- * @returns The value of the SPIN_NAMESPACE environment variable.
- */
-export declare function namespace(env?: NodeJS.ProcessEnv): string | undefined;
-/**
- * Returns the value of the SPIN_HOST environment variable.
- * @param env - Environment variables
- * @returns The value of the SPIN_HOST environment variable.
- */
-export declare function host(env?: NodeJS.ProcessEnv): string | undefined;

package/dist/environment/spin.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"spin.js","sourceRoot":"","sources":["../../src/environment/spin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAA;AACvC,OAAO,EAAC,iBAAiB,EAAE,iBAAiB,EAAC,MAAM,iBAAiB,CAAA;AACpE,OAAO,SAAS,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAC,aAAa,EAAC,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAC,KAAK,EAAC,MAAM,aAAa,CAAA;AACjC,OAAO,EAAC,OAAO,EAAE,KAAK,EAAC,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAC,MAAM,EAAE,QAAQ,EAAC,MAAM,YAAY,CAAA;AAE3C,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,YAAgC,EAAE,KAAa,EAAE,EAAE;IACtF,MAAM,YAAY,GAAG,OAAO,CAAA,GAAG,KAAK,CAAC,mBAAmB,CACtD,MAAM,CACP;EACD,KAAK;GACJ,CAAA;IACD,IAAI,SAA6B,CAAA;IACjC,IAAI,YAAY,EAAE;QAChB,SAAS,GAAG,aAAa,YAAY,6DAA6D,CAAA;KACnG;IACD,OAAO,IAAI,KAAK,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;AAC3C,CAAC,CAAA;AAED,MAAM,gBAAgB,GAAG,wBAAwB,CAAA;AAEjD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IAC1C,IAAI,QAAQ,GAAG,iBAAiB,EAAE,CAAA;IAClC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAE7B,IAAI,MAAM,MAAM,CAAC,gBAAgB,CAAC,EAAE;QAClC,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE,CAAA;KACvD;SAAM;QACL,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAA;QACxC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAA;QAElD,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAA;KAC7B;IACD,iBAAiB,CAAC,QAAQ,CAAC,CAAA;IAC3B,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,YAAgC,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IAC5E,MAAM,MAAM,GAAG,YAAY,KAAK,SAAS,CAAA;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IACzE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,EAAC,GAAG,EAAC,CAAC,CAAA;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAC/B,IAAI,IAAI,CAAC,KAAK,EAAE;QACd,MAAM,oBAAoB,CAAC,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;KACrD;SAAM;QACL,OAAO,IAAI,CAAA;KACZ;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IACtC,OAAO,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IACxC,OAAO,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAA;AACzD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IACzC,OAAO,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;AAC1D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IACzC,OAAO,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;AAC1D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG;IACpC,OAAO,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;AACrD,CAAC","sourcesContent":["import {isTruthy} from './utilities.js'\nimport {getCachedSpinFqdn, setCachedSpinFqdn} from './spin-cache.js'\nimport constants from '../constants.js'\nimport {captureOutput} from '../system.js'\nimport {Abort} from '../error.js'\nimport {content, token} from '../output.js'\nimport {exists, readSync} from '../file.js'\n\nexport const SpinInstanceNotFound = (spinInstance: string | undefined, error: string) => {\n  const errorMessage = content`${token.genericShellCommand(\n    `spin`,\n  )} yielded the following error trying to obtain the fully qualified domain name of the Spin instance:\n${error}\n  `\n  let nextSteps: string | undefined\n  if (spinInstance) {\n    nextSteps = `Make sure ${spinInstance} is the instance name and not a fully qualified domain name`\n  }\n  return new Abort(errorMessage, nextSteps)\n}\n\nconst spinFqdnFilePath = '/etc/spin/machine/fqdn'\n\n/**\n * When ran in a Spin environment, it returns the fqdn of the instance.\n *\n * Will cache the value of the Spin FQDN during the execution of the CLI.\n * To avoid multiple calls to `readSync` or `show`\n * @returns fqdn of the Spin environment.\n */\nexport async function fqdn(env = process.env): Promise<string> {\n  let spinFqdn = getCachedSpinFqdn()\n  if (spinFqdn) return spinFqdn\n\n  if (await exists(spinFqdnFilePath)) {\n    spinFqdn = await readSync(spinFqdnFilePath).toString()\n  } else {\n    const spinInstance = await instance(env)\n    const showResponse = await show(spinInstance, env)\n\n    spinFqdn = showResponse.fqdn\n  }\n  setCachedSpinFqdn(spinFqdn)\n  return spinFqdn\n}\n\n/**\n * Runs \"spin show\" and returns the JSON-parsed output.\n * @param spinInstance - When it's undefined, we'll fetch the latest one.\n * @returns The JSON-parsed output of the Spin CLI.\n * @throws Any error raised from the underlying Spin CLI.\n */\nexport async function show(spinInstance: string | undefined, env = process.env): Promise<{fqdn: string}> {\n  const latest = spinInstance === undefined\n  const args = latest ? ['show', '--latest', '--json'] : ['show', '--json']\n  const output = await captureOutput('spin', args, {env})\n  const json = JSON.parse(output)\n  if (json.error) {\n    throw SpinInstanceNotFound(spinInstance, json.error)\n  } else {\n    return json\n  }\n}\n\n/**\n * Returns true if the CLI is running in a Spin environment.\n * @param env - Environment variables\n * @returns True if the CLI is running in a Spin environment.\n */\nexport function isSpin(env = process.env): boolean {\n  return isTruthy(env[constants.environmentVariables.spin])\n}\n\n/**\n * Returns the value of the SPIN_INSTANCE environment variable.\n * @param env - Environment variables\n * @returns The value of the SPIN_INSTANCE environment variable.\n */\nexport function instance(env = process.env): string | undefined {\n  return env[constants.environmentVariables.spinInstance]\n}\n\n/**\n * Returns the value of the SPIN_WORKSPACE environment variable.\n * @param env - Environment variables\n * @returns The value of the SPIN_WORKSPACE environment variable.\n */\nexport function workspace(env = process.env): string | undefined {\n  return env[constants.environmentVariables.spinWorkspace]\n}\n\n/**\n * Returns the value of the SPIN_NAMESPACE environment variable.\n * @param env - Environment variables\n * @returns The value of the SPIN_NAMESPACE environment variable.\n */\nexport function namespace(env = process.env): string | undefined {\n  return env[constants.environmentVariables.spinNamespace]\n}\n\n/**\n * Returns the value of the SPIN_HOST environment variable.\n * @param env - Environment variables\n * @returns The value of the SPIN_HOST environment variable.\n */\nexport function host(env = process.env): string | undefined {\n  return env[constants.environmentVariables.spinHost]\n}\n"]}

package/dist/environment/utilities.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"utilities.js","sourceRoot":"","sources":["../../src/environment/utilities.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,QAA4B;IACnD,IAAI,CAAC,QAAQ,EAAE;QACb,OAAO,KAAK,CAAA;KACb;IACD,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAC,QAA4B;IAChD,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QACpD,OAAO,KAAK,CAAA;KACb;IACD,OAAO,IAAI,CAAA;AACb,CAAC","sourcesContent":["/**\n * Returns whether an environment variable value represents a truthy value.\n */\nexport function isTruthy(variable: string | undefined): boolean {\n  if (!variable) {\n    return false\n  }\n  return ['1', 'true', 'TRUE', 'yes', 'YES'].includes(variable)\n}\n\n/**\n * Returns whether an environment variable has been set and is non-empty\n */\nexport function isSet(variable: string | undefined): boolean {\n  if (variable === undefined || variable.trim() === '') {\n    return false\n  }\n  return true\n}\n"]}

package/dist/environment.d.ts

@@ -1,7 +0,0 @@
-import * as local from './environment/local.js';
-import * as service from './environment/service.js';
-import * as fqdn from './environment/fqdn.js';
-import * as utilities from './environment/utilities.js';
-import * as spin from './environment/spin.js';
-import * as network from './network/service.js';
-export { local, service, fqdn, utilities, spin, network };

package/dist/environment.js

@@ -1,8 +0,0 @@
-import * as local from './environment/local.js';
-import * as service from './environment/service.js';
-import * as fqdn from './environment/fqdn.js';
-import * as utilities from './environment/utilities.js';
-import * as spin from './environment/spin.js';
-import * as network from './network/service.js';
-export { local, service, fqdn, utilities, spin, network };
-//# sourceMappingURL=environment.js.map

package/dist/environment.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,wBAAwB,CAAA;AAC/C,OAAO,KAAK,OAAO,MAAM,0BAA0B,CAAA;AACnD,OAAO,KAAK,IAAI,MAAM,uBAAuB,CAAA;AAC7C,OAAO,KAAK,SAAS,MAAM,4BAA4B,CAAA;AACvD,OAAO,KAAK,IAAI,MAAM,uBAAuB,CAAA;AAC7C,OAAO,KAAK,OAAO,MAAM,sBAAsB,CAAA;AAE/C,OAAO,EAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAC,CAAA","sourcesContent":["import * as local from './environment/local.js'\nimport * as service from './environment/service.js'\nimport * as fqdn from './environment/fqdn.js'\nimport * as utilities from './environment/utilities.js'\nimport * as spin from './environment/spin.js'\nimport * as network from './network/service.js'\n\nexport {local, service, fqdn, utilities, spin, network}\n"]}

package/dist/network/service.d.ts

@@ -1,14 +0,0 @@
-/**
- * Enum for the differnet APIs the CLI can interact with.
- * @readonly
- */
-export declare type Service = 'shopify' | 'partners' | 'identity';
-/**
- * Enum that represents the environment to use for a given service.
- * @readonly
- */
-export declare enum Environment {
-    Local = "local",
-    Production = "production",
-    Spin = "spin"
-}

package/dist/network/service.js

@@ -1,11 +0,0 @@
-/**
- * Enum that represents the environment to use for a given service.
- * @readonly
- */
-export var Environment;
-(function (Environment) {
-    Environment["Local"] = "local";
-    Environment["Production"] = "production";
-    Environment["Spin"] = "spin";
-})(Environment || (Environment = {}));
-//# sourceMappingURL=service.js.map

package/dist/network/service.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"service.js","sourceRoot":"","sources":["../../src/network/service.ts"],"names":[],"mappings":"AAMA;;;GAGG;AACH,MAAM,CAAN,IAAY,WAIX;AAJD,WAAY,WAAW;IACrB,8BAAe,CAAA;IACf,wCAAyB,CAAA;IACzB,4BAAa,CAAA;AACf,CAAC,EAJW,WAAW,KAAX,WAAW,QAItB","sourcesContent":["/**\n * Enum for the differnet APIs the CLI can interact with.\n * @readonly\n */\nexport type Service = 'shopify' | 'partners' | 'identity'\n\n/**\n * Enum that represents the environment to use for a given service.\n * @readonly\n */\nexport enum Environment {\n  Local = 'local',\n  Production = 'production',\n  Spin = 'spin',\n}\n"]}

package/dist/public/node/checksum.d.ts

@@ -1,20 +0,0 @@
-import { AbortError } from './error.js';
-/**
- * An error that's thrown when a file's MD5 doesn't match the expected value.
- * @param options - An options object that includes the file path, and the expected and actual MD5.
- * @returns An instance of Abort.
- */
-export declare const InvalidChecksumError: ({ file, expected, got, }: {
-    file: string;
-    expected: string;
-    got: string;
-}) => AbortError;
-/**
- * Given a local file and a URL pointing to a remote file representing the MD5 of a local file,
- * it validates the authenticity of the binary using an MD5 checksum.
- * @param options - The file to validate and the URL that points to the file containing the MD5.
- */
-export declare function validateMD5({ file, md5FileURL }: {
-    file: string;
-    md5FileURL: string;
-}): Promise<void>;

package/dist/public/node/checksum.js

@@ -1,32 +0,0 @@
-import { AbortError } from './error.js';
-import { fetch } from '../../http.js';
-import { debug, token } from '../../output.js';
-import md5File from 'md5-file';
-/**
- * An error that's thrown when a file's MD5 doesn't match the expected value.
- * @param options - An options object that includes the file path, and the expected and actual MD5.
- * @returns An instance of Abort.
- */
-export const InvalidChecksumError = ({ file, expected, got, }) => {
-    return new AbortError(`The validation of ${file} failed. We expected the checksum ${expected}, but got ${got})`);
-};
-/**
- * Given a local file and a URL pointing to a remote file representing the MD5 of a local file,
- * it validates the authenticity of the binary using an MD5 checksum.
- * @param options - The file to validate and the URL that points to the file containing the MD5.
- */
-export async function validateMD5({ file, md5FileURL }) {
-    debug(`Checking MD5 of file ${token.path(file)} against the MD5 in ${token.link('URL', md5FileURL)}`);
-    const md5Digest = await md5File(file);
-    const md5Response = await fetch(md5FileURL);
-    const md5Contents = await md5Response.text();
-    const canonicalMD5 = md5Contents.split(' ')[0];
-    if (!(canonicalMD5 === md5Digest)) {
-        throw InvalidChecksumError({
-            file,
-            got: md5Digest,
-            expected: canonicalMD5,
-        });
-    }
-}
-//# sourceMappingURL=checksum.js.map

package/dist/public/node/checksum.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"checksum.js","sourceRoot":"","sources":["../../../src/public/node/checksum.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,UAAU,EAAC,MAAM,YAAY,CAAA;AACrC,OAAO,EAAC,KAAK,EAAC,MAAM,eAAe,CAAA;AACnC,OAAO,EAAC,KAAK,EAAE,KAAK,EAAC,MAAM,iBAAiB,CAAA;AAC5C,OAAO,OAAO,MAAM,UAAU,CAAA;AAE9B;;;;GAIG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,EACnC,IAAI,EACJ,QAAQ,EACR,GAAG,GAKJ,EAAc,EAAE;IACf,OAAO,IAAI,UAAU,CAAC,qBAAqB,IAAI,qCAAqC,QAAQ,aAAa,GAAG,GAAG,CAAC,CAAA;AAClH,CAAC,CAAA;AACD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,EAAC,IAAI,EAAE,UAAU,EAAqC;IACtF,KAAK,CAAC,wBAAwB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC,CAAA;IACrG,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IACrC,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,CAAA;IAC3C,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAA;IAC5C,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAA;IAC/C,IAAI,CAAC,CAAC,YAAY,KAAK,SAAS,CAAC,EAAE;QACjC,MAAM,oBAAoB,CAAC;YACzB,IAAI;YACJ,GAAG,EAAE,SAAS;YACd,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAA;KACH;AACH,CAAC","sourcesContent":["import {AbortError} from './error.js'\nimport {fetch} from '../../http.js'\nimport {debug, token} from '../../output.js'\nimport md5File from 'md5-file'\n\n/**\n * An error that's thrown when a file's MD5 doesn't match the expected value.\n * @param options - An options object that includes the file path, and the expected and actual MD5.\n * @returns An instance of Abort.\n */\nexport const InvalidChecksumError = ({\n  file,\n  expected,\n  got,\n}: {\n  file: string\n  expected: string\n  got: string\n}): AbortError => {\n  return new AbortError(`The validation of ${file} failed. We expected the checksum ${expected}, but got ${got})`)\n}\n/**\n * Given a local file and a URL pointing to a remote file representing the MD5 of a local file,\n * it validates the authenticity of the binary using an MD5 checksum.\n * @param options - The file to validate and the URL that points to the file containing the MD5.\n */\nexport async function validateMD5({file, md5FileURL}: {file: string; md5FileURL: string}): Promise<void> {\n  debug(`Checking MD5 of file ${token.path(file)} against the MD5 in ${token.link('URL', md5FileURL)}`)\n  const md5Digest = await md5File(file)\n  const md5Response = await fetch(md5FileURL)\n  const md5Contents = await md5Response.text()\n  const canonicalMD5 = md5Contents.split(' ')[0]!\n  if (!(canonicalMD5 === md5Digest)) {\n    throw InvalidChecksumError({\n      file,\n      got: md5Digest,\n      expected: canonicalMD5,\n    })\n  }\n}\n"]}

package/dist/session/authorize.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../src/session/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,wBAAwB,CAAA;AACrD,OAAO,EAAC,QAAQ,EAAC,MAAM,eAAe,CAAA;AACtC,OAAO,EAAC,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAC,MAAM,0BAA0B,CAAA;AACxF,OAAO,EAAC,IAAI,EAAC,MAAM,cAAc,CAAA;AACjC,OAAO,EAAC,KAAK,EAAE,eAAe,EAAC,MAAM,aAAa,CAAA;AAClD,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,wBAAwB,CAAA;AAC/D,OAAO,KAAK,MAAM,MAAM,cAAc,CAAA;AACtC,OAAO,EAAC,QAAQ,EAAE,kCAAkC,EAAC,MAAM,UAAU,CAAA;AACrE,OAAO,EAAC,SAAS,IAAI,eAAe,EAAC,MAAM,iBAAiB,CAAA;AAE5D,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,KAAK,CACzC,6GAA6G,CAC9G,CAAA;AAOD,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAgB,EAAE,QAAgB,SAAS,CAAC,EAAE,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAA;IACjB,MAAM,IAAI,GAAG,WAAW,CAAA;IACxB,MAAM,WAAW,GAAG,UAAU,IAAI,IAAI,IAAI,EAAE,CAAA;IAC5C,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,gBAAgB,GAAG,QAAQ,EAAE,CAAA;IAEnC,MAAM,mCAAmC,CAAC,IAAI,CAAC,CAAA;IAE/C,IAAI,GAAG,GAAG,UAAU,IAAI,kBAAkB,CAAA;IAE1C,MAAM,EAAC,YAAY,EAAE,aAAa,EAAC,GAAG,2BAA2B,EAAE,CAAA;IAEnE,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,gBAAgB;QAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,YAAY,EAAE,WAAW;QACzB,KAAK;QACL,aAAa,EAAE,MAAM;QACrB,qBAAqB,EAAE,MAAM;QAC7B,cAAc,EAAE,aAAa;KAC9B,CAAA;IAED,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAA;IACjE,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAA;IACtE,MAAM,QAAQ,EAAE,CAAA;IAEhB,GAAG,GAAG,GAAG,GAAG,IAAI,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAA;IACxD,MAAM,IAAI,CAAC,GAAG,CAAC,CAAA;IAEf,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,CAAA;IAEpD,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE;QAC1B,MAAM,kBAAkB,CAAA;KACzB;IAED,OAAO,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,YAAY,EAAC,CAAA;AAC1C,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;IACrD,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IAC3D,OAAO,EAAC,YAAY,EAAE,aAAa,EAAC,CAAA;AACtC,CAAC;AAED,KAAK,UAAU,mCAAmC,CAAC,IAAY;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAA;IAE3D,IAAI,MAAM,eAAe,CAAC,IAAI,CAAC,EAAE;QAC/B,OAAM;KACP;IAED,IAAI,MAAM,kCAAkC,CAAC,IAAI,EAAE,gBAAgB,CAAC,EAAE;QACpE,MAAM,eAAe,CAAC,IAAI,CAAC,CAAA;KAC5B;SAAM;QACL,MAAM,IAAI,eAAe,EAAE,CAAA;KAC5B;AACH,CAAC","sourcesContent":["import {listenRedirect} from './redirect-listener.js'\nimport {clientId} from './identity.js'\nimport {base64URLEncode, randomBytes, randomHex, sha256} from '../public/node/crypto.js'\nimport {open} from '../system.js'\nimport {Abort, CancelExecution} from '../error.js'\nimport {identity as identityFqdn} from '../environment/fqdn.js'\nimport * as output from '../output.js'\nimport {keypress, terminateBlockingPortProcessPrompt} from '../ui.js'\nimport {checkPort as isPortAvailable} from 'get-port-please'\n\nexport const MismatchStateError = new Abort(\n  \"The state received from the authentication doesn't match the one that initiated the authentication process.\",\n)\n\nexport interface CodeAuthResult {\n  code: string\n  codeVerifier: string\n}\n\nexport async function authorize(scopes: string[], state: string = randomHex(30)): Promise<CodeAuthResult> {\n  const port = 3456\n  const host = '127.0.0.1'\n  const redirectUri = `http://${host}:${port}`\n  const fqdn = await identityFqdn()\n  const identityClientId = clientId()\n\n  await validateRedirectionPortAvailability(port)\n\n  let url = `http://${fqdn}/oauth/authorize`\n\n  const {codeVerifier, codeChallenge} = generateRandomChallengePair()\n\n  const params = {\n    client_id: identityClientId,\n    scope: scopes.join(' '),\n    redirect_uri: redirectUri,\n    state,\n    response_type: 'code',\n    code_challenge_method: 'S256',\n    code_challenge: codeChallenge,\n  }\n\n  output.info('\\nTo run this command, log in to Shopify Partners.')\n  output.info('👉 Press any key to open the login page on your browser')\n  await keypress()\n\n  url = `${url}?${new URLSearchParams(params).toString()}`\n  await open(url)\n\n  const result = await listenRedirect(host, port, url)\n\n  if (result.state !== state) {\n    throw MismatchStateError\n  }\n\n  return {code: result.code, codeVerifier}\n}\n\nexport function generateRandomChallengePair() {\n  const codeVerifier = base64URLEncode(randomBytes(32))\n  const codeChallenge = base64URLEncode(sha256(codeVerifier))\n  return {codeVerifier, codeChallenge}\n}\n\nasync function validateRedirectionPortAvailability(port: number) {\n  const {killPortProcess} = await import('kill-port-process')\n\n  if (await isPortAvailable(port)) {\n    return\n  }\n\n  if (await terminateBlockingPortProcessPrompt(port, 'Authentication')) {\n    await killPortProcess(port)\n  } else {\n    throw new CancelExecution()\n  }\n}\n"]}

package/dist/session/device-authorization.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"device-authorization.js","sourceRoot":"","sources":["../../src/session/device-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,QAAQ,EAAC,MAAM,eAAe,CAAA;AACtC,OAAO,EAAC,gCAAgC,EAAC,MAAM,eAAe,CAAA;AAE9D,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,wBAAwB,CAAA;AAC/D,OAAO,EAAC,YAAY,EAAC,MAAM,YAAY,CAAA;AACvC,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAC,MAAM,cAAc,CAAA;AACxD,OAAO,EAAC,GAAG,EAAC,MAAM,aAAa,CAAA;AAW/B,MAAM,eAAe,GAAG,GAAG,EAAE;IAC3B,OAAO,IAAI,GAAG,CAAC,uCAAuC,CAAC,CAAA;AACzD,CAAC,CAAA;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,MAAgB;IAC/D,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,gBAAgB,GAAG,MAAM,QAAQ,EAAE,CAAA;IACzC,MAAM,WAAW,GAAG,EAAC,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAC,CAAA;IAC1E,MAAM,GAAG,GAAG,WAAW,IAAI,6BAA6B,CAAA;IAExD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE;QACvC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAC,cAAc,EAAE,mCAAmC,EAAC;QAC9D,IAAI,EAAE,sBAAsB,CAAC,WAAW,CAAC;KAC1C,CAAC,CAAA;IAEF,8DAA8D;IAC9D,MAAM,UAAU,GAAQ,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;IAE7C,KAAK,CAAC,OAAO,CAAA,uCAAuC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;IAC7E,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,CAAC,UAAU,CAAC,yBAAyB;QAAE,MAAM,eAAe,EAAE,CAAA;IAE7F,IAAI,CAAC,oDAAoD,CAAC,CAAA;IAC1D,IAAI,CAAC,OAAO,CAAA,2BAA2B,UAAU,CAAC,SAAS,EAAE,CAAC,CAAA;IAC9D,IAAI,CAAC,OAAO,CAAA,gDAAgD,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAA;IAEhH,OAAO;QACL,UAAU,EAAE,UAAU,CAAC,WAAW;QAClC,QAAQ,EAAE,UAAU,CAAC,SAAS;QAC9B,eAAe,EAAE,UAAU,CAAC,gBAAgB;QAC5C,SAAS,EAAE,UAAU,CAAC,UAAU;QAChC,uBAAuB,EAAE,UAAU,CAAC,yBAAyB;QAC7D,QAAQ,EAAE,UAAU,CAAC,QAAQ;KAC9B,CAAA;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,IAAY,EAAE,QAAQ,GAAG,CAAC;IACzE,IAAI,wBAAwB,GAAG,QAAQ,CAAA;IAEvC,OAAO,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACpD,MAAM,MAAM,GAAG,KAAK,IAAI,EAAE;YACxB,MAAM,MAAM,GAAG,MAAM,gCAAgC,CAAC,IAAI,CAAC,CAAA;YAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;gBAAE,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAEjD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,iBAAiB,CAAA;YAE/C,KAAK,CAAC,OAAO,CAAA,+CAA+C,KAAK,EAAE,CAAC,CAAA;YACpE,QAAQ,KAAK,EAAE;gBACb,KAAK,uBAAuB;oBAC1B,OAAO,YAAY,EAAE,CAAA;gBACvB,KAAK,WAAW;oBACd,wBAAwB,IAAI,CAAC,CAAA;oBAC7B,OAAO,YAAY,EAAE,CAAA;gBACvB,KAAK,eAAe,CAAC;gBACrB,KAAK,eAAe,CAAC;gBACrB,KAAK,iBAAiB;oBACpB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAA;aACxB;QACH,CAAC,CAAA;QAED,MAAM,YAAY,GAAG,GAAG,EAAE;YACxB,kEAAkE;YAClE,UAAU,CAAC,MAAM,EAAE,wBAAwB,GAAG,IAAI,CAAC,CAAA;QACrD,CAAC,CAAA;QAED,YAAY,EAAE,CAAA;IAChB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,WAA+C;IAC7E,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC;SAC/B,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,IAAI,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACjD,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;SACvC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC","sourcesContent":["import {clientId} from './identity.js'\nimport {exchangeDeviceCodeForAccessToken} from './exchange.js'\nimport {IdentityToken} from './schema.js'\nimport {identity as identityFqdn} from '../environment/fqdn.js'\nimport {shopifyFetch} from '../http.js'\nimport {content, debug, info, token} from '../output.js'\nimport {Bug} from '../error.js'\n\nexport interface DeviceAuthorizationResponse {\n  deviceCode: string\n  userCode: string\n  verificationUri: string\n  expiresIn: number\n  verificationUriComplete?: string\n  interval?: number\n}\n\nconst DeviceAuthError = () => {\n  return new Bug('Failed to start authorization process')\n}\n\n/**\n * Initiate a device authorization flow.\n * This will return a DeviceAuthorizationResponse containing the URL where user\n * should go to authorize the device without the need of a callback to the CLI.\n *\n * Also returns a `deviceCode` used for polling the token endpoint in the next step.\n *\n * @param scopes - The scopes to request\n * @returns An object with the device authorization response.\n */\nexport async function requestDeviceAuthorization(scopes: string[]): Promise<DeviceAuthorizationResponse> {\n  const fqdn = await identityFqdn()\n  const identityClientId = await clientId()\n  const queryParams = {client_id: identityClientId, scope: scopes.join(' ')}\n  const url = `https://${fqdn}/oauth/device_authorization`\n\n  const response = await shopifyFetch(url, {\n    method: 'POST',\n    headers: {'Content-type': 'application/x-www-form-urlencoded'},\n    body: convertRequestToParams(queryParams),\n  })\n\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const jsonResult: any = await response.json()\n\n  debug(content`Received device authorization code: ${token.json(jsonResult)}`)\n  if (!jsonResult.device_code || !jsonResult.verification_uri_complete) throw DeviceAuthError()\n\n  info('\\nTo run this command, log in to Shopify Partners.')\n  info(content`User verification code: ${jsonResult.user_code}`)\n  info(content`👉 Open this link to start the auth process: ${token.green(jsonResult.verification_uri_complete)}`)\n\n  return {\n    deviceCode: jsonResult.device_code,\n    userCode: jsonResult.user_code,\n    verificationUri: jsonResult.verification_uri,\n    expiresIn: jsonResult.expires_in,\n    verificationUriComplete: jsonResult.verification_uri_complete,\n    interval: jsonResult.interval,\n  }\n}\n\n/**\n * Poll the Oauth token endpoint with the device code obtained from a DeviceAuthorizationResponse.\n * The endpoint will return `authorization_pending` until the user completes the auth flow in the browser.\n * Once the user completes the auth flow, the endpoint will return the identity token.\n *\n * Timeout for the polling is defined by the server and is around 600 seconds.\n *\n * @param code - The device code obtained after starting a device identity flow\n * @param interval - The interval to poll the token endpoint\n * @returns The identity token\n */\nexport async function pollForDeviceAuthorization(code: string, interval = 5): Promise<IdentityToken> {\n  let currentIntervalInSeconds = interval\n\n  return new Promise<IdentityToken>((resolve, reject) => {\n    const onPoll = async () => {\n      const result = await exchangeDeviceCodeForAccessToken(code)\n      if (!result.isErr()) return resolve(result.value)\n\n      const error = result.error ?? 'unknown_failure'\n\n      debug(content`Polling for device authorization... status: ${error}`)\n      switch (error) {\n        case 'authorization_pending':\n          return startPolling()\n        case 'slow_down':\n          currentIntervalInSeconds += 5\n          return startPolling()\n        case 'access_denied':\n        case 'expired_token':\n        case 'unknown_failure':\n          return reject(result)\n      }\n    }\n\n    const startPolling = () => {\n      // eslint-disable-next-line @typescript-eslint/no-misused-promises\n      setTimeout(onPoll, currentIntervalInSeconds * 1000)\n    }\n\n    startPolling()\n  })\n}\n\nfunction convertRequestToParams(queryParams: {client_id: string; scope: string}): string {\n  return Object.entries(queryParams)\n    .map(([key, value]) => value && `${key}=${value}`)\n    .filter((hasValue) => Boolean(hasValue))\n    .join('&')\n}\n"]}

package/dist/session/exchange.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../src/session/exchange.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,aAAa,EAAE,QAAQ,IAAI,mBAAmB,EAAC,MAAM,eAAe,CAAA;AAG5E,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAC,MAAM,wBAAwB,CAAA;AAC/D,OAAO,EAAC,YAAY,EAAC,MAAM,YAAY,CAAA;AACvC,OAAO,EAAC,GAAG,EAAE,EAAE,EAAS,MAAM,0BAA0B,CAAA;AACxD,OAAO,EAAC,UAAU,EAAC,MAAM,yBAAyB,CAAA;AAClD,OAAO,EAAC,eAAe,EAAC,MAAM,aAAa,CAAA;AAE3C,MAAM,OAAO,iBAAkB,SAAQ,eAAe;CAAG;AACzD,MAAM,OAAO,mBAAoB,SAAQ,eAAe;CAAG;AAO3D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,QAAwB;IACvE,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAC5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,YAAY,EAAE,uBAAuB;QACrC,SAAS,EAAE,QAAQ;QACnB,aAAa,EAAE,QAAQ,CAAC,YAAY;KACrC,CAAA;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,aAA4B,EAC5B,MAAsB,EACtB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,WAAW,CAAA;IAEvC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/C,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC;QACnD,eAAe,CAAC,qBAAqB,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC;KACjE,CAAC,CAAA;IAEF,MAAM,MAAM,GAAG;QACb,GAAG,QAAQ;QACX,GAAG,UAAU;KACd,CAAA;IAED,IAAI,KAAK,EAAE;QACT,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACxE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;KAC7B;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAA2B;IAClE,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAA;IACtC,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,eAAe;QAC3B,YAAY,EAAE,YAAY,CAAC,WAAW;QACtC,aAAa,EAAE,YAAY,CAAC,YAAY;QACxC,SAAS,EAAE,QAAQ;KACpB,CAAA;IACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,KAAa;IAC5D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IACvC,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,sDAAsD,CAAC,CAAC,CAAA;IACnH,OAAO,QAAQ,CAAC,KAAK,CAAE,CAAA;AACzB,CAAC;AASD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,UAAkB;IAElB,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,8CAA8C;QAC1D,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,QAAQ;KACpB,CAAA;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,IAAI,WAAW,CAAC,KAAK,EAAE,EAAE;QACvB,OAAO,GAAG,CAAC,WAAW,CAAC,KAA4B,CAAC,CAAA;KACrD;IACD,MAAM,aAAa,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;IAC3D,OAAO,EAAE,CAAC,aAAa,CAAC,CAAA;AAC1B,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,GAAQ,EACR,KAAa,EACb,SAAmB,EAAE,EACrB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IAChC,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,iDAAiD;QAC7D,oBAAoB,EAAE,+CAA+C;QACrE,kBAAkB,EAAE,+CAA+C;QACnE,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,aAAa,EAAE,KAAK;QACpB,GAAG,CAAC,GAAG,KAAK,OAAO,IAAI,EAAC,WAAW,EAAE,WAAW,KAAK,QAAQ,EAAC,CAAC;KAChE,CAAA;IAED,IAAI,UAAU,GAAG,KAAK,CAAA;IACtB,IAAI,GAAG,KAAK,OAAO,IAAI,KAAK,EAAE;QAC5B,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,EAAE,CAAA;KACjC;IACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAA;IACnD,OAAO,EAAC,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAC,CAAA;AACjC,CAAC;AASD,SAAS,wBAAwB,CAAC,KAAa;IAC7C,IAAI,KAAK,KAAK,eAAe,EAAE;QAC7B,6FAA6F;QAC7F,oGAAoG;QACpG,OAAO,IAAI,iBAAiB,EAAE,CAAA;KAC/B;IACD,IAAI,KAAK,KAAK,iBAAiB,EAAE;QAC/B,iGAAiG;QACjG,mGAAmG;QACnG,OAAO,IAAI,mBAAmB,EAAE,CAAA;KACjC;IACD,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;AAC9B,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,MAA+B;IACzD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,cAAc,CAAC,CAAA;IAClD,GAAG,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACnE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,EAAC,MAAM,EAAE,MAAM,EAAC,CAAC,CAAA;IAC1D,8DAA8D;IAC9D,MAAM,OAAO,GAAQ,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;IAErC,IAAI,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC,OAAO,CAAC,CAAA;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;AAC3B,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA0B;IACpD,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;KAChC,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAA0B;IACvD,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;KAChC,CAAA;AACH,CAAC","sourcesContent":["import {ApplicationToken, IdentityToken} from './schema.js'\nimport {applicationId, clientId as getIdentityClientId} from './identity.js'\nimport {CodeAuthResult} from './authorize.js'\nimport {API} from '../network/api.js'\nimport {identity as identityFqdn} from '../environment/fqdn.js'\nimport {shopifyFetch} from '../http.js'\nimport {err, ok, Result} from '../public/node/result.js'\nimport {AbortError} from '../public/node/error.js'\nimport {ExtendableError} from '../error.js'\n\nexport class InvalidGrantError extends ExtendableError {}\nexport class InvalidRequestError extends ExtendableError {}\n\nexport interface ExchangeScopes {\n  admin: string[]\n  partners: string[]\n  storefront: string[]\n}\n/**\n * Given a valid authorization code, request an identity access token.\n * This token can then be used to get API specific tokens.\n * @param codeData - code and codeVerifier from the authorize endpoint\n * @returns An instance with the identity access tokens.\n */\nexport async function exchangeCodeForAccessToken(codeData: CodeAuthResult): Promise<IdentityToken> {\n  const clientId = await getIdentityClientId()\n  const params = {\n    grant_type: 'authorization_code',\n    code: codeData.code,\n    redirect_uri: 'http://127.0.0.1:3456',\n    client_id: clientId,\n    code_verifier: codeData.codeVerifier,\n  }\n\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  return buildIdentityToken(value)\n}\n\n/**\n * Given an identity token, request an application token.\n * @param identityToken - access token obtained in a previous step\n * @param store - the store to use, only needed for admin API\n * @returns An array with the application access tokens.\n */\nexport async function exchangeAccessForApplicationTokens(\n  identityToken: IdentityToken,\n  scopes: ExchangeScopes,\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const token = identityToken.accessToken\n\n  const [partners, storefront] = await Promise.all([\n    requestAppToken('partners', token, scopes.partners),\n    requestAppToken('storefront-renderer', token, scopes.storefront),\n  ])\n\n  const result = {\n    ...partners,\n    ...storefront,\n  }\n\n  if (store) {\n    const admin = await requestAppToken('admin', token, scopes.admin, store)\n    Object.assign(result, admin)\n  }\n  return result\n}\n\n/**\n * Given an expired access token, refresh it to get a new one.\n */\nexport async function refreshAccessToken(currentToken: IdentityToken): Promise<IdentityToken> {\n  const clientId = getIdentityClientId()\n  const params = {\n    grant_type: 'refresh_token',\n    access_token: currentToken.accessToken,\n    refresh_token: currentToken.refreshToken,\n    client_id: clientId,\n  }\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  return buildIdentityToken(value)\n}\n\n/**\n * Given a custom CLI token passed as ENV variable, request a valid partners API token\n * This token does not accept extra scopes, just the cli one.\n * @param token - The CLI token passed as ENV variable\n * @returns An instance with the application access tokens.\n */\nexport async function exchangeCustomPartnerToken(token: string): Promise<ApplicationToken> {\n  const appId = applicationId('partners')\n  const newToken = await requestAppToken('partners', token, ['https://api.shopify.com/auth/partners.app.cli.access'])\n  return newToken[appId]!\n}\n\nexport type IdentityDeviceError =\n  | 'authorization_pending'\n  | 'access_denied'\n  | 'expired_token'\n  | 'slow_down'\n  | 'unknown_failure'\n\n/**\n * Given a deviceCode obtained after starting a device identity flow, request an identity token.\n * @param deviceCode - The device code obtained after starting a device identity flow\n * @param scopes - The scopes to request\n * @returns An instance with the identity access tokens.\n */\nexport async function exchangeDeviceCodeForAccessToken(\n  deviceCode: string,\n): Promise<Result<IdentityToken, IdentityDeviceError>> {\n  const clientId = await getIdentityClientId()\n\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n    device_code: deviceCode,\n    client_id: clientId,\n  }\n\n  const tokenResult = await tokenRequest(params)\n  if (tokenResult.isErr()) {\n    return err(tokenResult.error as IdentityDeviceError)\n  }\n  const identityToken = buildIdentityToken(tokenResult.value)\n  return ok(identityToken)\n}\n\nasync function requestAppToken(\n  api: API,\n  token: string,\n  scopes: string[] = [],\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const appId = applicationId(api)\n  const clientId = await getIdentityClientId()\n\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',\n    requested_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    client_id: clientId,\n    audience: appId,\n    scope: scopes.join(' '),\n    subject_token: token,\n    ...(api === 'admin' && {destination: `https://${store}/admin`}),\n  }\n\n  let identifier = appId\n  if (api === 'admin' && store) {\n    identifier = `${store}-${appId}`\n  }\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  const appToken = await buildApplicationToken(value)\n  return {[identifier]: appToken}\n}\n\ninterface TokenRequestResult {\n  access_token: string\n  expires_in: number\n  refresh_token: string\n  scope: string\n}\n\nfunction tokenRequestErrorHandler(error: string) {\n  if (error === 'invalid_grant') {\n    // There's an scenario when Identity returns \"invalid_grant\" when trying to refresh the token\n    // using a valid refresh token. When that happens, we take the user through the authentication flow.\n    return new InvalidGrantError()\n  }\n  if (error === 'invalid_request') {\n    // There's an scenario when Identity returns \"invalid_request\" when exchanging an identity token.\n    // This means the token is invalid. We clear the session and throw an error to let the caller know.\n    return new InvalidRequestError()\n  }\n  return new AbortError(error)\n}\n\nasync function tokenRequest(params: {[key: string]: string}): Promise<Result<TokenRequestResult, string>> {\n  const fqdn = await identityFqdn()\n  const url = new URL(`https://${fqdn}/oauth/token`)\n  url.search = new URLSearchParams(Object.entries(params)).toString()\n  const res = await shopifyFetch(url.href, {method: 'POST'})\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const payload: any = await res.json()\n\n  if (res.ok) return ok(payload)\n  return err(payload.error)\n}\n\nfunction buildIdentityToken(result: TokenRequestResult): IdentityToken {\n  return {\n    accessToken: result.access_token,\n    refreshToken: result.refresh_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n  }\n}\n\nfunction buildApplicationToken(result: TokenRequestResult): ApplicationToken {\n  return {\n    accessToken: result.access_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n  }\n}\n"]}

package/dist/session/identity-token-validation.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity-token-validation.js","sourceRoot":"","sources":["../../src/session/identity-token-validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,QAAQ,EAAC,MAAM,wBAAwB,CAAA;AAC/C,OAAO,EAAC,KAAK,EAAC,MAAM,cAAc,CAAA;AAClC,OAAO,EAAC,YAAY,EAAC,MAAM,YAAY,CAAA;AAEvC,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,KAAa;IACvD,IAAI;QACF,MAAM,iBAAiB,GAAG,MAAM,yBAAyB,EAAE,CAAA;QAC3D,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAC,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAC;YAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAC,KAAK,EAAC,CAAC;SAC9B,CAAA;QACD,KAAK,CAAC,kDAAkD,iBAAiB,EAAE,CAAC,CAAA;QAE5E,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAA;QAE/D,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE;YACzE,8DAA8D;YAC9D,MAAM,IAAI,GAAQ,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;YACvC,KAAK,CAAC,gCAAgC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;YACnD,OAAO,IAAI,CAAC,KAAK,CAAA;SAClB;aAAM;YACL,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;YAClC,KAAK,CAAC;aACC,QAAQ,CAAC,MAAM;8BACE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;WAC3E,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC5B,OAAO,KAAK,CAAA;SACb;QACD,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,KAAK,CAAC,kCAAkC,KAAK,EAAE,CAAC,CAAA;QAChD,OAAO,KAAK,CAAA;KACb;AACH,CAAC;AAED,KAAK,UAAU,yBAAyB;IACtC,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,WAAW,MAAM,QAAQ,EAAE,wCAAwC,CAAC,CAAA;IACxG,8DAA8D;IAC9D,MAAM,IAAI,GAAQ,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;IACvC,OAAO,IAAI,CAAC,sBAAsB,CAAA;AACpC,CAAC","sourcesContent":["import {identity} from '../environment/fqdn.js'\nimport {debug} from '../output.js'\nimport {shopifyFetch} from '../http.js'\n\nexport async function validateIdentityToken(token: string) {\n  try {\n    const instrospectionURL = await getInstrospectionEndpoint()\n    const options = {\n      method: 'POST',\n      headers: {Authorization: `Bearer ${token}`, 'Content-Type': 'application/json'},\n      body: JSON.stringify({token}),\n    }\n    debug(`Sending Identity Introspection request to URL: ${instrospectionURL}`)\n\n    const response = await shopifyFetch(instrospectionURL, options)\n\n    if (response.ok && response.headers.get('content-type')?.includes('json')) {\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      const json: any = await response.json()\n      debug(`The identity token is valid: ${json.valid}`)\n      return json.valid\n    } else {\n      const text = await response.text()\n      debug(`The Introspection request failed with:\n - status: ${response.status}\n - www-authenticate header: ${JSON.stringify(response.headers.get('www-authenticate'))}\n - body: ${JSON.stringify(text)}`)\n      return false\n    }\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    debug(`The identity token is invalid: ${error}`)\n    return false\n  }\n}\n\nasync function getInstrospectionEndpoint(): Promise<string> {\n  const response = await shopifyFetch(`https://${await identity()}/.well-known/openid-configuration.json`)\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const json: any = await response.json()\n  return json.introspection_endpoint\n}\n"]}

package/dist/session/identity.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/session/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,GAAG,EAAC,MAAM,aAAa,CAAA;AAC/B,OAAO,EAAC,WAAW,EAAC,MAAM,uBAAuB,CAAA;AAEjD,OAAO,EAAC,kBAAkB,EAAC,MAAM,2BAA2B,CAAA;AAE5D,MAAM,UAAU,QAAQ;IACtB,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAA;IACxC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;QACrC,OAAO,sCAAsC,CAAA;KAC9C;SAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;QACjD,OAAO,sCAAsC,CAAA;KAC9C;SAAM;QACL,OAAO,sCAAsC,CAAA;KAC9C;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAQ;IACpC,QAAQ,GAAG,EAAE;QACX,KAAK,OAAO,CAAC,CAAC;YACZ,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAA;YACxC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;gBACrC,OAAO,kEAAkE,CAAA;aAC1E;iBAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;gBACjD,OAAO,kEAAkE,CAAA;aAC1E;iBAAM;gBACL,OAAO,kEAAkE,CAAA;aAC1E;SACF;QACD,KAAK,UAAU,CAAC,CAAC;YACf,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAA;YACxC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;gBACrC,OAAO,kEAAkE,CAAA;aAC1E;iBAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;gBACjD,OAAO,kEAAkE,CAAA;aAC1E;iBAAM;gBACL,OAAO,kEAAkE,CAAA;aAC1E;SACF;QACD,KAAK,qBAAqB,CAAC,CAAC;YAC1B,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAA;YACxC,IAAI,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;gBACrC,OAAO,sCAAsC,CAAA;aAC9C;iBAAM,IAAI,WAAW,KAAK,WAAW,CAAC,UAAU,EAAE;gBACjD,OAAO,sCAAsC,CAAA;aAC9C;iBAAM;gBACL,OAAO,sCAAsC,CAAA;aAC9C;SACF;QACD;YACE,MAAM,IAAI,GAAG,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAA;KAC1D;AACH,CAAC","sourcesContent":["import {Bug} from '../error.js'\nimport {Environment} from '../network/service.js'\nimport {API} from '../network/api.js'\nimport {serviceEnvironment} from '../environment/service.js'\n\nexport function clientId(): string {\n  const environment = serviceEnvironment()\n  if (environment === Environment.Local) {\n    return 'e5380e02-312a-7408-5718-e07017e9cf52'\n  } else if (environment === Environment.Production) {\n    return 'fbdb2649-e327-4907-8f67-908d24cfd7e3'\n  } else {\n    return 'e5380e02-312a-7408-5718-e07017e9cf52'\n  }\n}\n\nexport function applicationId(api: API): string {\n  switch (api) {\n    case 'admin': {\n      const environment = serviceEnvironment()\n      if (environment === Environment.Local) {\n        return 'e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52'\n      } else if (environment === Environment.Production) {\n        return '7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c'\n      } else {\n        return 'e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52'\n      }\n    }\n    case 'partners': {\n      const environment = serviceEnvironment()\n      if (environment === Environment.Local) {\n        return 'df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978'\n      } else if (environment === Environment.Production) {\n        return '271e16d403dfa18082ffb3d197bd2b5f4479c3fc32736d69296829cbb28d41a6'\n      } else {\n        return 'df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978'\n      }\n    }\n    case 'storefront-renderer': {\n      const environment = serviceEnvironment()\n      if (environment === Environment.Local) {\n        return '46f603de-894f-488d-9471-5b721280ff49'\n      } else if (environment === Environment.Production) {\n        return 'ee139b3d-5861-4d45-b387-1bc3ada7811c'\n      } else {\n        return '46f603de-894f-488d-9471-5b721280ff49'\n      }\n    }\n    default:\n      throw new Bug(`Application id for API of type: ${api}`)\n  }\n}\n"]}

package/dist/session/post-auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"post-auth.js","sourceRoot":"","sources":["../../src/session/post-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,MAAM,EAAE,eAAe,EAAC,MAAM,YAAY,CAAA;AAClD,OAAO,EAAC,IAAI,EAAC,MAAM,YAAY,CAAA;AAC/B,OAAO,EAAC,GAAG,EAAC,MAAM,aAAa,CAAA;AAE/B,MAAM,aAAa,GAAG;IACpB,gBAAgB;IAChB,iBAAiB;IACjB,mBAAmB;IACnB,oBAAoB;IACpB,cAAc;CACN,CAAA;AACV,MAAM,kBAAkB,GAAG,WAAW,CAAA;AACtC,MAAM,eAAe,GAAG,aAAa,CAAA;AAErC;;;;;GAKG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,QAAgB,EAAmB,EAAE;IAC9D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,QAAQ,EAAE,EAAE;QAClD,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KACtC,CAAC,CAAA;IACF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,8BAA8B,EAAE,CAAA;KACvC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,IAAqB,EAAE;IACzD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,IAAqB,EAAE;IAC1D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,IAAqB,EAAE;IAC5D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,IAAqB,EAAE;IAC7D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,IAAqB,EAAE;IACxD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,IAAqB,EAAE;IACvD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,kBAAkB,CAAC,CAAA;IACtD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,IAAqB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,CAAA;IACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAA;AACvB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,+DAA+D,CAAA;AAE7F,MAAM,CAAC,MAAM,eAAe,GAAG,kDAAkD,CAAA;AAEjF,MAAM,CAAC,MAAM,iBAAiB,GAAG,kFAAkF,CAAA;AAEnH,MAAM,CAAC,MAAM,kBAAkB,GAAG,mFAAmF,CAAA;AAErH,MAAM,CAAC,MAAM,8BAA8B,GAAG,GAAG,EAAE,CAAC,IAAI,GAAG,CAAC,+BAA+B,CAAC,CAAA","sourcesContent":["import {findUp, moduleDirectory} from '../path.js'\nimport {read} from '../file.js'\nimport {Bug} from '../error.js'\n\nconst HTMLFileNames = [\n  'empty-url.html',\n  'auth-error.html',\n  'missing-code.html',\n  'missing-state.html',\n  'success.html',\n] as const\nconst StylesheetFilename = 'style.css'\nconst FaviconFileName = 'favicon.svg'\n\n/**\n * Finds the full path of the given file-name from the assets folder.\n *\n * @param fileName - The name of the file to look for.\n * @returns The full path of the file, or null if not found.\n */\nconst getFilePath = async (fileName: string): Promise<string> => {\n  const filePath = await findUp(`assets/${fileName}`, {\n    type: 'file',\n    cwd: moduleDirectory(import.meta.url),\n  })\n  if (!filePath) {\n    throw RedirectPageAssetNotFoundError()\n  }\n  return filePath\n}\n\nexport const getEmptyUrlHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[0])\n  return read(filePath)\n}\n\nexport const getAuthErrorHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[1])\n  return read(filePath)\n}\n\nexport const getMissingCodeHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[2])\n  return read(filePath)\n}\n\nexport const getMissingStateHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[3])\n  return read(filePath)\n}\n\nexport const getSuccessHTML = async (): Promise<string> => {\n  const filePath = await getFilePath(HTMLFileNames[4])\n  return read(filePath)\n}\n\nexport const getStylesheet = async (): Promise<string> => {\n  const filePath = await getFilePath(StylesheetFilename)\n  return read(filePath)\n}\n\nexport const getFavicon = async (): Promise<string> => {\n  const filePath = await getFilePath(FaviconFileName)\n  return read(filePath)\n}\n\nexport const EmptyUrlString = 'We received the authentication redirect but the URL is empty.'\n\nexport const AuthErrorString = 'There was an issue while trying to authenticate.'\n\nexport const MissingCodeString = \"The authentication can't continue because the redirect doesn't include the code.\"\n\nexport const MissingStateString = \"The authentication can't continue because the redirect doesn't include the state.\"\n\nexport const RedirectPageAssetNotFoundError = () => new Bug(`Redirect page asset not found`)\n"]}

package/dist/session/redirect-listener.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"redirect-listener.js","sourceRoot":"","sources":["../../src/session/redirect-listener.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,aAAa,EACb,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAC,KAAK,EAAE,GAAG,EAAC,MAAM,aAAa,CAAA;AACtC,OAAO,EAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAC,MAAM,cAAc,CAAA;AACjD,OAAO,EAAC,SAAS,EAAkC,MAAM,IAAI,CAAA;AAC7D,OAAO,GAAG,MAAM,KAAK,CAAA;AACrB,OAAO,EAAC,YAAY,EAAS,MAAM,MAAM,CAAA;AAEzC,MAAM,sBAAsB,GAAG,EAAE,CAAA;AACjC,MAAM,sBAAsB,GAAG,GAAG,CAAA;AAgBlC;;;;;;GAMG;AACH,MAAM,OAAO,gBAAgB;IAmE3B,YAAY,OAAgC;QAC1C,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAA;QACxB,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAA;QACxB,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC/D,CAAC;IAtEO,MAAM,CAAC,YAAY,CAAC,QAA0B;QACpD,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,OAAwB,EAAE,QAAwB,EAAE,EAAE;YAC5F,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAA;YAC9B,IAAI,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE;gBACnC,MAAM,WAAW,GAAG,MAAM,UAAU,EAAE,CAAA;gBACtC,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,eAAe,CAAC,CAAA;gBACnD,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;gBAC3B,QAAQ,CAAC,GAAG,EAAE,CAAA;gBACd,OAAO,EAAE,CAAA;aACV;iBAAM,IAAI,UAAU,KAAK,YAAY,EAAE;gBACtC,MAAM,cAAc,GAAG,MAAM,aAAa,EAAE,CAAA;gBAC5C,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,UAAU,CAAC,CAAA;gBAC9C,QAAQ,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;gBAC9B,QAAQ,CAAC,GAAG,EAAE,CAAA;gBACd,OAAO,EAAE,CAAA;aACV;YAED,MAAM,OAAO,GAAG,KAAK,EAAE,QAAgB,EAAE,KAAa,EAAE,KAAc,EAAE,IAAa,EAAE,EAAE;gBACvF,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAA;gBAC/C,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;gBACxB,QAAQ,CAAC,GAAG,EAAE,CAAA;gBACd,QAAQ,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,CAAA;gBAC5B,OAAO,EAAE,CAAA;YACX,CAAC,CAAA;YAED,iDAAiD;YACjD,IAAI,CAAC,UAAU,EAAE;gBACf,MAAM,IAAI,GAAG,MAAM,eAAe,EAAE,CAAA;gBACpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAA;gBACnC,OAAO,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;aAChD;YAED,mDAAmD;YACnD,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,KAAK,CAAA;YACrD,IAAI,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,iBAAiB,EAAE;gBACtD,MAAM,IAAI,GAAG,MAAM,gBAAgB,EAAE,CAAA;gBACrC,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,GAAG,WAAW,CAAC,iBAAiB,EAAE,CAAC,CAAA;gBACzD,OAAO,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;aAChD;YAED,wCAAwC;YACxC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE;gBACrB,MAAM,IAAI,GAAG,MAAM,kBAAkB,EAAE,CAAA;gBACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAA;gBACtC,OAAO,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;aAChD;YAED,yCAAyC;YACzC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE;gBACtB,MAAM,IAAI,GAAG,MAAM,mBAAmB,EAAE,CAAA;gBACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAA;gBACvC,OAAO,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;aAChD;YAED,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAA;YACnC,OAAO,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC,IAAI,EAAE,EAAE,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QAChF,CAAC,CAAC,CAAA;QAEF,kEAAkE;QAClE,OAAO,YAAY,CAAC,GAAG,CAAC,CAAA;IAC1B,CAAC;IAYD,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAC,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAA;IAC3B,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,IAAY,EAAE,GAAW;IAC1E,MAAM,MAAM,GAAG,MAAM,IAAI,OAAO,CAAgC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClF,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,MAAM,OAAO,GAAG,8CAA8C,CAAA;YAC9D,IAAI,CAAC,OAAO,CAAA,GAAG,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,4BAA4B,EAAE,GAAG,CAAC,IAAI,CAAC,CAAA;QAC7E,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAC,CAAA;QAEjC,MAAM,QAAQ,GAAqB,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE;YACxD,YAAY,CAAC,OAAO,CAAC,CAAA;YACrB,UAAU,CAAC,GAAG,EAAE;gBACd,mEAAmE;gBACnE,gBAAgB,CAAC,IAAI,EAAE,CAAA;gBACvB,IAAI,KAAK;oBAAE,MAAM,CAAC,KAAK,CAAC,CAAA;;oBACnB,OAAO,CAAC,EAAC,IAAI,EAAE,IAAc,EAAE,KAAK,EAAE,KAAe,EAAC,CAAC,CAAA;YAC9D,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAC,CAAA;QACnC,CAAC,CAAA;QAED,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,CAAC,EAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAC,CAAC,CAAA;QACrE,gBAAgB,CAAC,KAAK,EAAE,CAAA;IAC1B,CAAC,CAAC,CAAA;IACF,OAAO,MAAM,CAAA;AACf,CAAC","sourcesContent":["import {\n  getFavicon,\n  getStylesheet,\n  getEmptyUrlHTML,\n  getAuthErrorHTML,\n  getMissingCodeHTML,\n  getMissingStateHTML,\n  getSuccessHTML,\n  EmptyUrlString,\n  MissingCodeString,\n  MissingStateString,\n} from './post-auth.js'\nimport {Abort, Bug} from '../error.js'\nimport {content, info, token} from '../output.js'\nimport {createApp, IncomingMessage, ServerResponse} from 'h3'\nimport url from 'url'\nimport {createServer, Server} from 'http'\n\nconst ResponseTimeoutSeconds = 10\nconst ServerStopDelaySeconds = 0.5\n\n/**\n * It represents the result of a redirect.\n */\ntype RedirectCallback = (error: Error | undefined, state: string | undefined, code: string | undefined) => void\n\n/**\n * Defines the interface of the options that\n * are used to instantiate a redirect listener.\n */\ninterface RedirectListenerOptions {\n  host: string\n  port: number\n  callback: RedirectCallback\n}\n/**\n * When the authentication completes, Identity redirects\n * the user to a URL. In the case of the CLI, the redirect\n * is to localhost passing some parameters that are necessary\n * to continue the authentication. Because of that, we need\n * an HTTP server that runs and listens to the request.\n */\nexport class RedirectListener {\n  private static createServer(callback: RedirectCallback): Server {\n    const app = createApp().use('*', async (request: IncomingMessage, response: ServerResponse) => {\n      const requestUrl = request.url\n      if (requestUrl?.includes('favicon')) {\n        const faviconFile = await getFavicon()\n        response.setHeader('Content-Type', 'image/svg+xml')\n        response.write(faviconFile)\n        response.end()\n        return {}\n      } else if (requestUrl === '/style.css') {\n        const stylesheetFile = await getStylesheet()\n        response.setHeader('Content-Type', 'text/css')\n        response.write(stylesheetFile)\n        response.end()\n        return {}\n      }\n\n      const respond = async (contents: string, error?: Error, state?: string, code?: string) => {\n        response.setHeader('Content-Type', 'text/html')\n        response.write(contents)\n        response.end()\n        callback(error, state, code)\n        return {}\n      }\n\n      // If there was an empty/malformed URL sent back.\n      if (!requestUrl) {\n        const file = await getEmptyUrlHTML()\n        const err = new Bug(EmptyUrlString)\n        return respond(file, err, undefined, undefined)\n      }\n\n      // If an error was returned by the Identity server.\n      const queryObject = url.parse(requestUrl, true).query\n      if (queryObject.error && queryObject.error_description) {\n        const file = await getAuthErrorHTML()\n        const err = new Abort(`${queryObject.error_description}`)\n        return respond(file, err, undefined, undefined)\n      }\n\n      // If the code isn't present in the URL.\n      if (!queryObject.code) {\n        const file = await getMissingCodeHTML()\n        const err = new Bug(MissingCodeString)\n        return respond(file, err, undefined, undefined)\n      }\n\n      // If the state isn't present in the URL.\n      if (!queryObject.state) {\n        const file = await getMissingStateHTML()\n        const err = new Bug(MissingStateString)\n        return respond(file, err, undefined, undefined)\n      }\n\n      const file = await getSuccessHTML()\n      return respond(file, undefined, `${queryObject.code}`, `${queryObject.state}`)\n    })\n\n    // eslint-disable-next-line @typescript-eslint/no-misused-promises\n    return createServer(app)\n  }\n\n  port: number\n  host: string\n  server: ReturnType<typeof RedirectListener.createServer>\n\n  constructor(options: RedirectListenerOptions) {\n    this.port = options.port\n    this.host = options.host\n    this.server = RedirectListener.createServer(options.callback)\n  }\n\n  start(): void {\n    this.server.listen({port: this.port, host: this.host}, () => {})\n  }\n\n  async stop(): Promise<void> {\n    await this.server.close()\n  }\n}\n\nexport async function listenRedirect(host: string, port: number, url: string): Promise<{code: string; state: string}> {\n  const result = await new Promise<{code: string; state: string}>((resolve, reject) => {\n    const timeout = setTimeout(() => {\n      const message = '\\nAuto-open timed out. Open the login page: '\n      info(content`${message}${token.link('Log in to Shopify Partners', url)}\\n`)\n    }, ResponseTimeoutSeconds * 1000)\n\n    const callback: RedirectCallback = (error, code, state) => {\n      clearTimeout(timeout)\n      setTimeout(() => {\n        // eslint-disable-next-line @typescript-eslint/no-floating-promises\n        redirectListener.stop()\n        if (error) reject(error)\n        else resolve({code: code as string, state: state as string})\n      }, ServerStopDelaySeconds * 1000)\n    }\n\n    const redirectListener = new RedirectListener({host, port, callback})\n    redirectListener.start()\n  })\n  return result\n}\n"]}

package/dist/session/schema.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/session/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,MAAM,EAAC,MAAM,cAAc,CAAA;AAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;IAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,YAAY,IAAI;QAAE,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAA;IACxE,OAAO,IAAI,CAAA;AACb,CAAC,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;AAEjB;;GAEG;AACH,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE;IAC5B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE;IAC7B,SAAS,EAAE,UAAU;IACrB,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;CACtC,CAAC,CAAA;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC3C,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE;IAC5B,SAAS,EAAE,UAAU;IACrB,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;CACtC,CAAC,CAAA;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CACrD,MAAM,CAAC,MAAM,CAAC;IACZ;;;;OAIG;IACH,QAAQ,EAAE,mBAAmB;IAC7B;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACjE,CAAC,CACH,CAAA","sourcesContent":["import {define} from '../schema.js'\n\nconst DateSchema = define.preprocess((arg) => {\n  if (typeof arg === 'string' || arg instanceof Date) return new Date(arg)\n  return null\n}, define.date())\n\n/**\n * The schema represents an Identity token.\n */\nconst IdentityTokenSchema = define.object({\n  accessToken: define.string(),\n  refreshToken: define.string(),\n  expiresAt: DateSchema,\n  scopes: define.array(define.string()),\n})\n\n/**\n * The schema represents an application token.\n */\nconst ApplicationTokenSchema = define.object({\n  accessToken: define.string(),\n  expiresAt: DateSchema,\n  scopes: define.array(define.string()),\n})\n\n/**\n * This schema represents the format of the session\n * that we cache in the system to avoid unnecessary\n * token exchanges.\n *\n * @example\n * ```\n * {\n *    \"accounts.shopify.com\": {\n *      \"identity\": {...} // IdentityTokenSchema\n *      \"applications\": {\n *        \"${domain}-application-id\": {  // Admin APIs includes domain in the key\n *          \"accessToken\": \"...\",\n *        },\n *        \"$application-id\": { // ApplicationTokenSchema\n *          \"accessToken\": \"...\",\n *        },\n *      }\n *    },\n *    \"identity.spin.com\": {...}\n * }\n * ```\n */\nexport const SessionSchema = define.object({}).catchall(\n  define.object({\n    /**\n     * It contains the identity token. Before usint it, we exchange it\n     * to get a token that we can use with different applications. The exchanged\n     * tokens for the applications are stored under applications.\n     */\n    identity: IdentityTokenSchema,\n    /**\n     * It contains exchanged tokens for the applications the CLI\n     * authenticates with. Tokens are scoped under the fqdn of the applications.\n     */\n    applications: define.object({}).catchall(ApplicationTokenSchema),\n  }),\n)\n\nexport type Session = define.infer<typeof SessionSchema>\nexport type IdentityToken = define.infer<typeof IdentityTokenSchema>\nexport type ApplicationToken = define.infer<typeof ApplicationTokenSchema>\n"]}

package/dist/session/scopes.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"scopes.js","sourceRoot":"","sources":["../../src/session/scopes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,GAAG,EAAC,MAAM,aAAa,CAAA;AAC/B,OAAO,EAAC,OAAO,EAAM,MAAM,mBAAmB,CAAA;AAE9C;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,cAAwB,EAAE;IACzD,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAA;IACjD,MAAM,GAAG,CAAC,QAAQ,EAAE,GAAG,MAAM,EAAE,GAAG,WAAW,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;AACpC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,GAAQ,EAAE,cAAwB,EAAE;IAC5D,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;IAC3G,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;AACpC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAQ;IAChC,QAAQ,GAAG,EAAE;QACX,KAAK,OAAO;YACV,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;QAC9C,KAAK,qBAAqB;YACxB,OAAO,CAAC,UAAU,CAAC,CAAA;QACrB,KAAK,UAAU;YACb,OAAO,CAAC,KAAK,CAAC,CAAA;QAChB;YACE,MAAM,IAAI,GAAG,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAA;KACvC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,QAAQ,KAAK,EAAE;QACb,KAAK,SAAS;YACZ,OAAO,iDAAiD,CAAA;QAC1D,KAAK,QAAQ;YACX,OAAO,gDAAgD,CAAA;QACzD,KAAK,cAAc;YACjB,OAAO,2EAA2E,CAAA;QACpF,KAAK,KAAK;YACR,OAAO,sDAAsD,CAAA;QAC/D,KAAK,UAAU;YACb,OAAO,gEAAgE,CAAA;QACzE;YACE,OAAO,KAAK,CAAA;KACf;AACH,CAAC","sourcesContent":["import {Bug} from '../error.js'\nimport {allAPIs, API} from '../network/api.js'\n\n/**\n * Generate a flat array with all the default scopes for all the APIs plus\n * any custom scope defined by the user.\n * @param extraScopes - custom user-defined scopes\n * @returns Array of scopes\n */\nexport function allDefaultScopes(extraScopes: string[] = []): string[] {\n  let scopes = allAPIs.map(defaultApiScopes).flat()\n  scopes = ['openid', ...scopes, ...extraScopes].map(scopeTransform)\n  return Array.from(new Set(scopes))\n}\n\n/**\n * Generate a flat array with the default scopes for the given API plus\n * any custom scope defined by the user\n * @param api - API to get the scopes for\n * @param extraScopes - custom user-defined scopes\n * @returns Array of scopes\n */\nexport function apiScopes(api: API, extraScopes: string[] = []): string[] {\n  const scopes = ['openid', ...defaultApiScopes(api), ...extraScopes.map(scopeTransform)].map(scopeTransform)\n  return Array.from(new Set(scopes))\n}\n\nfunction defaultApiScopes(api: API): string[] {\n  switch (api) {\n    case 'admin':\n      return ['graphql', 'themes', 'collaborator']\n    case 'storefront-renderer':\n      return ['devtools']\n    case 'partners':\n      return ['cli']\n    default:\n      throw new Bug(`Unknown API: ${api}`)\n  }\n}\n\nfunction scopeTransform(scope: string): string {\n  switch (scope) {\n    case 'graphql':\n      return 'https://api.shopify.com/auth/shop.admin.graphql'\n    case 'themes':\n      return 'https://api.shopify.com/auth/shop.admin.themes'\n    case 'collaborator':\n      return 'https://api.shopify.com/auth/partners.collaborator-relationships.readonly'\n    case 'cli':\n      return 'https://api.shopify.com/auth/partners.app.cli.access'\n    case 'devtools':\n      return 'https://api.shopify.com/auth/shop.storefront-renderer.devtools'\n    default:\n      return scope\n  }\n}\n"]}

package/dist/session/store.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/session/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,aAAa,CAAA;AACzC,OAAO,SAAS,MAAM,iBAAiB,CAAA;AACvC,OAAO,EAAC,eAAe,EAAC,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAC,KAAK,IAAI,WAAW,EAAE,KAAK,IAAI,WAAW,EAAE,MAAM,IAAI,YAAY,EAAC,MAAM,oBAAoB,CAAA;AACrG,OAAO,EAAC,OAAO,EAAE,KAAK,EAAC,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAC,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAC,MAAM,aAAa,CAAA;AAGlF;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,SAAS,CAAA;AAEnC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,OAAgB;IAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAC3C,IAAI,MAAM,oBAAoB,EAAE,EAAE;QAChC,MAAM,WAAW,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;KAC3C;SAAM;QACL,MAAM,UAAU,CAAC,WAAW,CAAC,CAAA;KAC9B;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK;IACzB,IAAI,OAAO,CAAA;IACX,IAAI,MAAM,oBAAoB,EAAE,EAAE;QAChC,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAA;KACxC;SAAM;QACL,OAAO,GAAG,MAAM,UAAU,EAAE,CAAA;KAC7B;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,SAAS,CAAA;KACjB;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACvC,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAA;IACrE,IAAI,aAAa,CAAC,OAAO,EAAE;QACzB,OAAO,aAAa,CAAC,IAAI,CAAA;KAC1B;SAAM;QACL,MAAM,MAAM,EAAE,CAAA;QACd,OAAO,SAAS,CAAA;KACjB;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,IAAI,MAAM,oBAAoB,EAAE,EAAE;QAChC,MAAM,YAAY,CAAC,UAAU,CAAC,CAAA;KAC/B;SAAM;QACL,MAAM,aAAa,EAAE,CAAA;KACtB;IAED,MAAM,eAAe,EAAE,CAAA;AACzB,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB;IACjC,IAAI;QACF,IAAI,eAAe,EAAE,CAAC,QAAQ,KAAK,SAAS,EAAE;YAC5C,KAAK,CAAC,OAAO,CAAA,uCAAuC,CAAC,CAAA;YACrD,OAAO,KAAK,CAAA;SACb;QACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAA;QACrC,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QAChE,KAAK,CAAC,OAAO,CAAA,2BAA2B,CAAC,CAAA;QACzC,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,MAAM,EAAE;QACf,KAAK,CAAC,OAAO,CAAA,6BAA6B,CAAC,CAAA;QAC3C,OAAO,KAAK,CAAA;KACb;AACH,CAAC","sourcesContent":["import {SessionSchema} from './schema.js'\nimport constants from '../constants.js'\nimport {platformAndArch} from '../public/node/os.js'\nimport {store as secureStore, fetch as secureFetch, remove as secureRemove} from '../secure-store.js'\nimport {content, debug} from '../output.js'\nimport {getSession, removeSession, setSession, clearAllAppInfo} from '../store.js'\nimport type {Session} from './schema.js'\n\n/**\n * The identifier of the session in the secure store.\n */\nexport const identifier = 'session'\n\n/**\n * Serializes the session as a JSON and stores it securely in the system.\n * If the secure store is not available, the session is stored in the local config.\n * @param session - the session to store.\n */\nexport async function store(session: Session) {\n  const jsonSession = JSON.stringify(session)\n  if (await secureStoreAvailable()) {\n    await secureStore(identifier, jsonSession)\n  } else {\n    await setSession(jsonSession)\n  }\n}\n\n/**\n * Fetches the session from the secure store and returns it.\n * If the secure store is not available, the session is fetched from the local config.\n * If the format of the session is invalid, the method will discard it.\n * In the future might add some logic for supporting migrating the schema\n * of already-persisted sessions.\n * @returns Returns a promise that resolves with the session if it exists and is valid.\n */\nexport async function fetch(): Promise<Session | undefined> {\n  let content\n  if (await secureStoreAvailable()) {\n    content = await secureFetch(identifier)\n  } else {\n    content = await getSession()\n  }\n\n  if (!content) {\n    return undefined\n  }\n  const contentJson = JSON.parse(content)\n  const parsedSession = await SessionSchema.safeParseAsync(contentJson)\n  if (parsedSession.success) {\n    return parsedSession.data\n  } else {\n    await remove()\n    return undefined\n  }\n}\n\n/**\n * Removes a session from the system.\n */\nexport async function remove() {\n  if (await secureStoreAvailable()) {\n    await secureRemove(identifier)\n  } else {\n    await removeSession()\n  }\n\n  await clearAllAppInfo()\n}\n\n/**\n * Returns true if the secure store is available on the system.\n * Keytar it's not supported on some Linux environments or Windows.\n * More details: https://github.com/Shopify/shopify-cli-planning/issues/261\n * @returns a boolean indicating if the secure store is available.\n */\nasync function secureStoreAvailable(): Promise<boolean> {\n  try {\n    if (platformAndArch().platform === 'windows') {\n      debug(content`Secure store not supported on Windows`)\n      return false\n    }\n    const keytar = await import('keytar')\n    await keytar.default.findCredentials(constants.keychain.service)\n    debug(content`Secure store is available`)\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (_error) {\n    debug(content`Failed to load secure store`)\n    return false\n  }\n}\n"]}

package/dist/session/token.d.ts

@@ -1,40 +0,0 @@
-/**
- * It represents a temporary token that can be
- * used to send authenticated HTTP requests.
- */
-declare class Token {
-    /**
-     * A fully-qualified domain name of the service
-     * this token is for.
-     */
-    fqdn: string;
-    /**
-     * Access token
-     */
-    accessToken: string;
-    /**
-     * Token to refresh the access token if it has expired.
-     */
-    refreshToken?: string;
-    /**
-     * The expiration date of the session
-     */
-    expiresAt: Date;
-    /**
-     * The list of scopes the token has access to.
-     */
-    scopes: string[];
-    constructor(options: {
-        fqdn: string;
-        accessToken: string;
-        refreshToken?: string;
-        expiresAt: Date;
-        scopes: string[];
-    });
-    /**
-     * Returns true if the session is expired.
-     * @returns True if the session is expired.
-     */
-    get isExpired(): boolean;
-}
-export default Token;

package/dist/session/token.js

@@ -1,22 +0,0 @@
-/**
- * It represents a temporary token that can be
- * used to send authenticated HTTP requests.
- */
-class Token {
-    constructor(options) {
-        this.fqdn = options.fqdn;
-        this.accessToken = options.accessToken;
-        this.refreshToken = options.refreshToken;
-        this.expiresAt = options.expiresAt;
-        this.scopes = options.scopes;
-    }
-    /**
-     * Returns true if the session is expired.
-     * @returns True if the session is expired.
-     */
-    get isExpired() {
-        return new Date() > this.expiresAt;
-    }
-}
-export default Token;
-//# sourceMappingURL=token.js.map

package/dist/session/token.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/session/token.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,KAAK;IA2BT,YAAY,OAAsG;QAChH,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAA;QACxB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;QACtC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAA;QACxC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;QAClC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC9B,CAAC;IAED;;;OAGG;IACH,IAAI,SAAS;QACX,OAAO,IAAI,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAA;IACpC,CAAC;CACF;AAED,eAAe,KAAK,CAAA","sourcesContent":["/**\n * It represents a temporary token that can be\n * used to send authenticated HTTP requests.\n */\nclass Token {\n  /**\n   * A fully-qualified domain name of the service\n   * this token is for.\n   */\n  fqdn: string\n\n  /**\n   * Access token\n   */\n  accessToken: string\n\n  /**\n   * Token to refresh the access token if it has expired.\n   */\n  refreshToken?: string\n\n  /**\n   * The expiration date of the session\n   */\n  expiresAt: Date\n\n  /**\n   * The list of scopes the token has access to.\n   */\n  scopes: string[]\n\n  constructor(options: {fqdn: string; accessToken: string; refreshToken?: string; expiresAt: Date; scopes: string[]}) {\n    this.fqdn = options.fqdn\n    this.accessToken = options.accessToken\n    this.refreshToken = options.refreshToken\n    this.expiresAt = options.expiresAt\n    this.scopes = options.scopes\n  }\n\n  /**\n   * Returns true if the session is expired.\n   * @returns True if the session is expired.\n   */\n  get isExpired(): boolean {\n    return new Date() > this.expiresAt\n  }\n}\n\nexport default Token\n"]}

package/dist/session/validate.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/session/validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,eAAe,CAAA;AAE3C,OAAO,SAAS,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAC,QAAQ,EAAC,MAAM,WAAW,CAAA;AAClC,OAAO,EAAC,KAAK,EAAC,MAAM,cAAc,CAAA;AAClC,OAAO,EAAC,aAAa,EAAC,MAAM,yBAAyB,CAAA;AAIrD;;GAEG;AACH,SAAS,cAAc,CAAC,eAAyB,EAAE,QAAuB;IACxE,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAA;IACrC,IAAI,aAAa,EAAE,KAAK,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAA;IACxE,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;AACxE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAgB,EAChB,YAA+B,EAC/B,OAGC;IAED,IAAI,CAAC,OAAO;QAAE,OAAO,iBAAiB,CAAA;IACtC,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC/D,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,qBAAqB,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IAC1F,IAAI,CAAC,cAAc;QAAE,OAAO,iBAAiB,CAAA;IAC7C,IAAI,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEvD,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;KAC7D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;KAC7D;IAED,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAE,CAAA;QAC9C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;KAC7D;IAED,KAAK,CAAC;;kBAEU,gBAAgB;8BACJ,CAAC,eAAe;GAC3C,CAAC,CAAA;IAEF,IAAI,gBAAgB;QAAE,OAAO,eAAe,CAAA;IAC5C,IAAI,CAAC,eAAe;QAAE,OAAO,iBAAiB,CAAA;IAC9C,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,cAAc,CAAC,KAAuB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO,KAAK,CAAC,SAAS,GAAG,eAAe,EAAE,CAAA;AAC5C,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,6BAA6B,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;AAC3F,CAAC","sourcesContent":["import {applicationId} from './identity.js'\nimport {ApplicationToken, IdentityToken} from './schema.js'\nimport constants from '../constants.js'\nimport {OAuthApplications} from '../session.js'\nimport {identity} from '../api.js'\nimport {debug} from '../output.js'\nimport {firstPartyDev} from '../environment/local.js'\n\ntype ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok'\n\n/**\n * Validate if an identity token is valid for the requested scopes\n */\nfunction validateScopes(requestedScopes: string[], identity: IdentityToken) {\n  const currentScopes = identity.scopes\n  if (firstPartyDev() !== currentScopes.includes('employee')) return false\n  return requestedScopes.every((scope) => currentScopes.includes(scope))\n}\n\n/**\n * Validate if the current session is valid or we need to refresh/re-authenticate\n * @param scopes - requested scopes to validate\n * @param applications - requested applications\n * @param session - current session with identity and application tokens\n * @returns 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session\n */\nexport async function validateSession(\n  scopes: string[],\n  applications: OAuthApplications,\n  session: {\n    identity: IdentityToken\n    applications: {[x: string]: ApplicationToken}\n  },\n): Promise<ValidationResult> {\n  if (!session) return 'needs_full_auth'\n  const scopesAreValid = validateScopes(scopes, session.identity)\n  const identityIsValid = await identity.validateIdentityToken(session.identity.accessToken)\n  if (!scopesAreValid) return 'needs_full_auth'\n  let tokensAreExpired = isTokenExpired(session.identity)\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = session.applications[realAppId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  debug(`\nThe validation of the token for application/identity completed with the following results:\n- It's expired: ${tokensAreExpired}\n- It's invalid in identity: ${!identityIsValid}\n  `)\n\n  if (tokensAreExpired) return 'needs_refresh'\n  if (!identityIsValid) return 'needs_full_auth'\n  return 'ok'\n}\n\nfunction isTokenExpired(token: ApplicationToken): boolean {\n  if (!token) return true\n  return token.expiresAt < expireThreshold()\n}\n\nfunction expireThreshold(): Date {\n  return new Date(Date.now() + constants.session.expirationTimeMarginInMinutes * 60 * 1000)\n}\n"]}

package/dist/session.d.ts

@@ -1,96 +0,0 @@
-/// <reference types="node" />
-/**
- * A scope supported by the Shopify Admin API.
- */
-declare type AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string;
-/**
- * It represents the options to authenticate against the Shopify Admin API.
- */
-interface AdminAPIOAuthOptions {
-    /** Store to request permissions for */
-    storeFqdn: string;
-    /** List of scopes to request permissions for */
-    scopes: AdminAPIScope[];
-}
-/**
- * A scope supported by the Partners API.
- */
-declare type PartnersAPIScope = 'cli' | string;
-interface PartnersAPIOAuthOptions {
-    /** List of scopes to request permissions for */
-    scopes: PartnersAPIScope[];
-}
-/**
- * A scope supported by the Storefront Renderer API.
- */
-declare type StorefrontRendererScope = 'devtools' | string;
-interface StorefrontRendererAPIOAuthOptions {
-    /** List of scopes to request permissions for */
-    scopes: StorefrontRendererScope[];
-}
-/**
- * It represents the authentication requirements and
- * is the input necessary to trigger the authentication
- * flow.
- */
-export interface OAuthApplications {
-    adminApi?: AdminAPIOAuthOptions;
-    storefrontRendererApi?: StorefrontRendererAPIOAuthOptions;
-    partnersApi?: PartnersAPIOAuthOptions;
-}
-export interface AdminSession {
-    token: string;
-    storeFqdn: string;
-}
-export interface OAuthSession {
-    admin?: AdminSession;
-    partners?: string;
-    storefront?: string;
-}
-/**
- * Ensure that we have a valid session to access the Partners API.
- * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token
- * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored
- * @param scopes - Optional array of extra scopes to authenticate with.
- * @returns The access token for the Partners API.
- */
-export declare function ensureAuthenticatedPartners(scopes?: string[], env?: NodeJS.ProcessEnv): Promise<string>;
-/**
- * Ensure that we have a valid session to access the Storefront API.
- * @param scopes - Optional array of extra scopes to authenticate with.
- * @returns The access token for the Storefront API.
- */
-export declare function ensureAuthenticatedStorefront(scopes?: string[], password?: string | undefined): Promise<string>;
-/**
- * Ensure that we have a valid Admin session for the given store.
- * @param store - Store fqdn to request auth for
- * @param scopes - Optional array of extra scopes to authenticate with.
- * @returns The access token for the Admin API
- */
-export declare function ensureAuthenticatedAdmin(store: string, scopes?: string[], forceRefresh?: boolean): Promise<AdminSession>;
-/**
- * Ensure that we have a valid session to access the Theme API.
- * If a password is provided, that token will be used against Theme Access API.
- * Otherwise, it will ensure that the user is authenticated with the Admin API.
- * @param store - Store fqdn to request auth for
- * @param password - Password generated from Theme Access app
- * @param scopes - Optional array of extra scopes to authenticate with.
- * @returns The access token and store
- */
-export declare function ensureAuthenticatedThemes(store: string, password: string | undefined, scopes?: string[], forceRefresh?: boolean): Promise<AdminSession>;
-/**
- * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.
- * @param applications - An object containing the applications we need to be authenticated with.
- * @returns An instance with the access tokens organized by application.
- */
-export declare function ensureAuthenticated(applications: OAuthApplications, env?: NodeJS.ProcessEnv, forceRefresh?: boolean): Promise<OAuthSession>;
-export declare function hasPartnerAccount(partnersToken: string): Promise<boolean>;
-/**
- * If the user creates an account from the Identity website, the created
- * account won't get a Partner organization created. We need to detect that
- * and take the user to create a partner organization.
- * @param partnersToken - Partners token
- */
-export declare function ensureUserHasPartnerAccount(partnersToken: string): Promise<void>;
-export declare function logout(): Promise<void>;
-export {};

package/dist/session.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAA;AACnD,OAAO,EAAC,KAAK,EAAE,GAAG,EAAC,MAAM,YAAY,CAAA;AACrC,OAAO,EAAC,eAAe,EAAC,MAAM,uBAAuB,CAAA;AACrD,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAC,QAAQ,IAAI,YAAY,EAAE,kBAAkB,EAAE,QAAQ,IAAI,YAAY,EAAC,MAAM,uBAAuB,CAAA;AAC5G,OAAO,EAAC,IAAI,EAAC,MAAM,aAAa,CAAA;AAChC,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,0BAA0B,EAE1B,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,uBAAuB,CAAA;AAE9B,OAAO,EAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAC,MAAM,aAAa,CAAA;AACjD,OAAO,EAAC,QAAQ,EAAC,MAAM,SAAS,CAAA;AAEhC,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAA;AAEhD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,SAAS,MAAM,gBAAgB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AACrC,OAAO,EAAC,aAAa,EAAE,aAAa,EAAC,MAAM,wBAAwB,CAAA;AACnE,OAAO,EAAC,0BAA0B,EAAE,0BAA0B,EAAC,MAAM,mCAAmC,CAAA;AACxG,OAAO,EAAC,UAAU,EAAC,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAC,eAAe,EAAC,MAAM,+BAA+B,CAAA;AAC7D,OAAO,EAAC,kBAAkB,EAAC,MAAM,+BAA+B,CAAA;AAChE,OAAO,EAAC,GAAG,EAAC,MAAM,iBAAiB,CAAA;AAEnC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,+CAA+C,CAAC,CAAA;AAC/E,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,sDAAsD,CAAC,CAAA;AAChG,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,mDAAmD,CAAC,CAAA;AAC3F,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC,wDAAwD,CAAC,CAAA;AAyDrG;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,SAAmB,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG;IACxF,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,EAAE;QACZ,OAAO,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAChE;IACD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,WAAW,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IACjE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,MAAM,wBAAwB,CAAA;KAC/B;IACD,OAAO,MAAM,CAAC,QAAQ,CAAA;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,SAAmB,EAAE,EACrB,WAA+B,SAAS;IAExC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAE7B,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,qBAAqB,EAAE,EAAC,MAAM,EAAC,EAAC,CAAC,CAAA;IAC3E,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE;QACtB,MAAM,2BAA2B,CAAA;KAClC;IACD,OAAO,MAAM,CAAC,UAAU,CAAA;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAa,EACb,SAAmB,EAAE,EACrB,YAAY,GAAG,KAAK;IAEpB,KAAK,CAAC,OAAO,CAAA,sGAAsG,KAAK,CAAC,GAAG,CAC1H,KAAK,CACN;EACD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAC,QAAQ,EAAE,EAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAC,EAAC,EAAE,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;IAC3G,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;QACjB,MAAM,sBAAsB,CAAA;KAC7B;IACD,OAAO,MAAM,CAAC,KAAK,CAAA;AACrB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAAa,EACb,QAA4B,EAC5B,SAAmB,EAAE,EACrB,YAAY,GAAG,KAAK;IAEpB,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;CACnB,CAAC,CAAA;IACA,IAAI,QAAQ;QAAE,OAAO,EAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC,KAAK,CAAC,EAAC,CAAA;IAClF,OAAO,wBAAwB,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,CAAA;AAC9D,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,YAA+B,EAC/B,GAAG,GAAG,OAAO,CAAC,GAAG,EACjB,YAAY,GAAG,KAAK;IAEpB,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IAEjC,MAAM,iBAAiB,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC1D,IAAI,iBAAiB,EAAE;QACrB,MAAM,mBAAmB,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CAAC,CAAA;QACvE,IAAI,iBAAiB,KAAK,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE;YAC1D,YAAY,CAAC,QAAQ,CAAC,SAAS,GAAG,mBAAmB,CAAA;SACtD;KACF;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAE,CAAA;IACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAE7C,KAAK,CAAC,OAAO,CAAA;EACb,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;;EAElB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC;CACzB,CAAC,CAAA;IACA,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;IAEjF,IAAI,UAAU,GAAG,EAAE,CAAA;IAEnB,IAAI,gBAAgB,KAAK,iBAAiB,EAAE;QAC1C,KAAK,CAAC,OAAO,CAAA,4CAA4C,CAAC,CAAA;QAC1D,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;KAC3D;SAAM,IAAI,gBAAgB,KAAK,eAAe,IAAI,YAAY,EAAE;QAC/D,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;QAC7E,IAAI;YACF,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,CAAA;SAC3E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,iBAAiB,EAAE;gBACtC,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;aAC3D;iBAAM,IAAI,KAAK,YAAY,mBAAmB,EAAE;gBAC/C,MAAM,WAAW,CAAC,MAAM,EAAE,CAAA;gBAC1B,MAAM,IAAI,UAAU,CAAC,iCAAiC,EAAE,qDAAqD,CAAC,CAAA;aAC/G;iBAAM;gBACL,MAAM,KAAK,CAAA;aACZ;SACF;KACF;IAED,MAAM,eAAe,GAAY,EAAC,GAAG,cAAc,EAAE,GAAG,UAAU,EAAC,CAAA;IACnE,MAAM,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAEnE,uDAAuD;IACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAA;IAClE,IAAI,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE;QACxC,MAAM,CAAC,QAAQ,GAAG,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAC3E;IACD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChC,MAAM,2BAA2B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;KACnD;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,aAAqB;IAC3D,IAAI;QACF,MAAM,eAAe,CACnB,GAAG,CAAA;;;;;;;;OAQF,EACD,aAAa,CACd,CAAA;QACD,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;YACnE,OAAO,KAAK,CAAA;SACb;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,aAAqB;IACrE,KAAK,CAAC,OAAO,CAAA,oDAAoD,CAAC,CAAA;IAClE,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;QAC7C,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAA;QACtE,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;QAC7C,MAAM,QAAQ,EAAE,CAAA;QAChB,MAAM,IAAI,CAAC,WAAW,MAAM,YAAY,EAAE,SAAS,CAAC,CAAA;QACpD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,kCAAkC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAA;QAC5G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAA,qFAAqF,CAAC,CAAA;QAChH,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CAAC,EAAE;YAC7C,MAAM,IAAI,KAAK,CACb,kDAAkD,EAClD,gEAAgE,CACjE,CAAA;SACF;KACF;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,YAAoB;IACtF,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC9C,IAAI,aAAa,EAAE,EAAE;QACnB,KAAK,CAAC,OAAO,CAAA,uCAAuC,CAAC,CAAA;QACrD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;KACxB;IAED,IAAI,aAA4B,CAAA;IAChC,IAAI,aAAa,EAAE,EAAE;QACnB,iEAAiE;QACjE,KAAK,CAAC,OAAO,CAAA,yCAAyC,CAAC,CAAA;QACvD,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAA;QAE3D,8BAA8B;QAC9B,KAAK,CAAC,OAAO,CAAA,4CAA4C,CAAC,CAAA;QAC1D,aAAa,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAA;KAC7F;SAAM;QACL,6BAA6B;QAC7B,KAAK,CAAC,OAAO,CAAA,2CAA2C,CAAC,CAAA;QACzD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;QAEpC,mCAAmC;QACnC,KAAK,CAAC,OAAO,CAAA,+DAA+D,CAAC,CAAA;QAC7E,aAAa,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,CAAA;KACvD;IAED,iDAAiD;IACjD,KAAK,CAAC,OAAO,CAAA,6DAA6D,CAAC,CAAA;IAC3E,MAAM,MAAM,GAAG,MAAM,kCAAkC,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;IAE7F,MAAM,OAAO,GAAY;QACvB,CAAC,YAAY,CAAC,EAAE;YACd,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,MAAM;SACrB;KACF,CAAA;IAED,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;IAE9B,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,KAAoB,EAAE,YAA+B,EAAE,IAAY;IAC9F,yBAAyB;IACzB,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;IACrD,qDAAqD;IACrD,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,iBAAiB,GAAG,MAAM,kCAAkC,CAChE,aAAa,EACb,cAAc,EACd,YAAY,CAAC,QAAQ,EAAE,SAAS,CACjC,CAAA;IAED,OAAO;QACL,CAAC,IAAI,CAAC,EAAE;YACN,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;SAChC;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAA+B,EAAE,OAAgB,EAAE,IAAY;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,cAAc,CAAA;KACrB;IACD,MAAM,MAAM,GAAiB,EAAE,CAAA;IAC/B,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,WAAW,CAAA;QAC9D,IAAI,KAAK,EAAE;YACT,MAAM,CAAC,KAAK,GAAG,EAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAC,CAAA;SACnE;KACF;IAED,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KAC/D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACjE;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gBAAgB;AAChB,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC3D,MAAM,eAAe,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,CAAC,CAAA;IAC7D,OAAO,gBAAgB,CAAC,eAAe,CAAC,CAAA;AAC1C,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IACjE,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;QACrC,QAAQ,EAAE,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC;QAC7C,UAAU,EAAE,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;KAC/D,CAAA;AACH,CAAC;AAED,MAAM,UAAU,MAAM;IACpB,OAAO,WAAW,CAAC,MAAM,EAAE,CAAA;AAC7B,CAAC","sourcesContent":["import {applicationId} from './session/identity.js'\nimport {Abort, Bug} from './error.js'\nimport {validateSession} from './session/validate.js'\nimport {allDefaultScopes, apiScopes} from './session/scopes.js'\nimport {identity as identityFqdn, normalizeStoreName, partners as partnersFqdn} from './environment/fqdn.js'\nimport {open} from './system.js'\nimport {\n  exchangeAccessForApplicationTokens,\n  exchangeCodeForAccessToken,\n  exchangeCustomPartnerToken,\n  ExchangeScopes,\n  refreshAccessToken,\n  InvalidGrantError,\n  InvalidRequestError,\n} from './session/exchange.js'\n\nimport {content, token, debug} from './output.js'\nimport {keypress} from './ui.js'\n\nimport {authorize} from './session/authorize.js'\nimport {IdentityToken, Session} from './session/schema.js'\nimport * as secureStore from './session/store.js'\nimport constants from './constants.js'\nimport * as output from './output.js'\nimport {firstPartyDev, useDeviceAuth} from './environment/local.js'\nimport {pollForDeviceAuthorization, requestDeviceAuthorization} from './session/device-authorization.js'\nimport {AbortError} from './public/node/error.js'\nimport {partnersRequest} from './public/node/api/partners.js'\nimport {RequestClientError} from './private/node/api/headers.js'\nimport {gql} from 'graphql-request'\n\nconst NoSessionError = new Bug('No session found after ensuring authenticated')\nconst MissingPartnerTokenError = new Bug('No partners token found after ensuring authenticated')\nconst MissingAdminTokenError = new Bug('No admin token found after ensuring authenticated')\nconst MissingStorefrontTokenError = new Bug('No storefront token found after ensuring authenticated')\n\n/**\n * A scope supported by the Shopify Admin API.\n */\ntype AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string\n\n/**\n * It represents the options to authenticate against the Shopify Admin API.\n */\ninterface AdminAPIOAuthOptions {\n  /** Store to request permissions for */\n  storeFqdn: string\n  /** List of scopes to request permissions for */\n  scopes: AdminAPIScope[]\n}\n\n/**\n * A scope supported by the Partners API.\n */\ntype PartnersAPIScope = 'cli' | string\ninterface PartnersAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: PartnersAPIScope[]\n}\n\n/**\n * A scope supported by the Storefront Renderer API.\n */\ntype StorefrontRendererScope = 'devtools' | string\ninterface StorefrontRendererAPIOAuthOptions {\n  /** List of scopes to request permissions for */\n  scopes: StorefrontRendererScope[]\n}\n\n/**\n * It represents the authentication requirements and\n * is the input necessary to trigger the authentication\n * flow.\n */\nexport interface OAuthApplications {\n  adminApi?: AdminAPIOAuthOptions\n  storefrontRendererApi?: StorefrontRendererAPIOAuthOptions\n  partnersApi?: PartnersAPIOAuthOptions\n}\n\nexport interface AdminSession {\n  token: string\n  storeFqdn: string\n}\n\nexport interface OAuthSession {\n  admin?: AdminSession\n  partners?: string\n  storefront?: string\n}\n\n/**\n * Ensure that we have a valid session to access the Partners API.\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, that token will be used to obtain a valid Partners Token\n * If SHOPIFY_CLI_PARTNERS_TOKEN exists, scopes will be ignored\n * @param scopes - Optional array of extra scopes to authenticate with.\n * @returns The access token for the Partners API.\n */\nexport async function ensureAuthenticatedPartners(scopes: string[] = [], env = process.env): Promise<string> {\n  debug(content`Ensuring that the user is authenticated with the Partners API with the following scopes:\n${token.json(scopes)}\n`)\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken) {\n    return (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  const tokens = await ensureAuthenticated({partnersApi: {scopes}})\n  if (!tokens.partners) {\n    throw MissingPartnerTokenError\n  }\n  return tokens.partners\n}\n\n/**\n * Ensure that we have a valid session to access the Storefront API.\n * @param scopes - Optional array of extra scopes to authenticate with.\n * @returns The access token for the Storefront API.\n */\nexport async function ensureAuthenticatedStorefront(\n  scopes: string[] = [],\n  password: string | undefined = undefined,\n): Promise<string> {\n  if (password) return password\n\n  debug(content`Ensuring that the user is authenticated with the Storefront API with the following scopes:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({storefrontRendererApi: {scopes}})\n  if (!tokens.storefront) {\n    throw MissingStorefrontTokenError\n  }\n  return tokens.storefront\n}\n\n/**\n * Ensure that we have a valid Admin session for the given store.\n * @param store - Store fqdn to request auth for\n * @param scopes - Optional array of extra scopes to authenticate with.\n * @returns The access token for the Admin API\n */\nexport async function ensureAuthenticatedAdmin(\n  store: string,\n  scopes: string[] = [],\n  forceRefresh = false,\n): Promise<AdminSession> {\n  debug(content`Ensuring that the user is authenticated with the Admin API with the following scopes for the store ${token.raw(\n    store,\n  )}:\n${token.json(scopes)}\n`)\n  const tokens = await ensureAuthenticated({adminApi: {scopes, storeFqdn: store}}, process.env, forceRefresh)\n  if (!tokens.admin) {\n    throw MissingAdminTokenError\n  }\n  return tokens.admin\n}\n\n/**\n * Ensure that we have a valid session to access the Theme API.\n * If a password is provided, that token will be used against Theme Access API.\n * Otherwise, it will ensure that the user is authenticated with the Admin API.\n * @param store - Store fqdn to request auth for\n * @param password - Password generated from Theme Access app\n * @param scopes - Optional array of extra scopes to authenticate with.\n * @returns The access token and store\n */\nexport async function ensureAuthenticatedThemes(\n  store: string,\n  password: string | undefined,\n  scopes: string[] = [],\n  forceRefresh = false,\n): Promise<AdminSession> {\n  debug(content`Ensuring that the user is authenticated with the Theme API with the following scopes:\n${token.json(scopes)}\n`)\n  if (password) return {token: password, storeFqdn: await normalizeStoreName(store)}\n  return ensureAuthenticatedAdmin(store, scopes, forceRefresh)\n}\n\n/**\n * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.\n * @param applications - An object containing the applications we need to be authenticated with.\n * @returns An instance with the access tokens organized by application.\n */\nexport async function ensureAuthenticated(\n  applications: OAuthApplications,\n  env = process.env,\n  forceRefresh = false,\n): Promise<OAuthSession> {\n  const fqdn = await identityFqdn()\n\n  const previousStoreFqdn = applications.adminApi?.storeFqdn\n  if (previousStoreFqdn) {\n    const normalizedStoreName = await normalizeStoreName(previousStoreFqdn)\n    if (previousStoreFqdn === applications.adminApi?.storeFqdn) {\n      applications.adminApi.storeFqdn = normalizedStoreName\n    }\n  }\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdnSession = currentSession[fqdn]!\n  const scopes = getFlattenScopes(applications)\n\n  debug(content`Validating existing session against the scopes:\n${token.json(scopes)}\nFor applications:\n${token.json(applications)}\n`)\n  const validationResult = await validateSession(scopes, applications, fqdnSession)\n\n  let newSession = {}\n\n  if (validationResult === 'needs_full_auth') {\n    debug(content`Initiating the full authentication flow...`)\n    newSession = await executeCompleteFlow(applications, fqdn)\n  } else if (validationResult === 'needs_refresh' || forceRefresh) {\n    debug(content`The current session is valid but needs refresh. Refreshing...`)\n    try {\n      newSession = await refreshTokens(fqdnSession.identity, applications, fqdn)\n    } catch (error) {\n      if (error instanceof InvalidGrantError) {\n        newSession = await executeCompleteFlow(applications, fqdn)\n      } else if (error instanceof InvalidRequestError) {\n        await secureStore.remove()\n        throw new AbortError('\\nError validating auth session', \"We've cleared the current session, please try again\")\n      } else {\n        throw error\n      }\n    }\n  }\n\n  const completeSession: Session = {...currentSession, ...newSession}\n  await secureStore.store(completeSession)\n  const tokens = await tokensFor(applications, completeSession, fqdn)\n\n  // Overwrite partners token if using a custom CLI Token\n  const envToken = env[constants.environmentVariables.partnersToken]\n  if (envToken && applications.partnersApi) {\n    tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  if (!envToken && tokens.partners) {\n    await ensureUserHasPartnerAccount(tokens.partners)\n  }\n\n  return tokens\n}\n\nexport async function hasPartnerAccount(partnersToken: string): Promise<boolean> {\n  try {\n    await partnersRequest(\n      gql`\n        {\n          organizations(first: 1) {\n            nodes {\n              id\n            }\n          }\n        }\n      `,\n      partnersToken,\n    )\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    if (error instanceof RequestClientError && error.statusCode === 404) {\n      return false\n    } else {\n      return true\n    }\n  }\n}\n\n/**\n * If the user creates an account from the Identity website, the created\n * account won't get a Partner organization created. We need to detect that\n * and take the user to create a partner organization.\n * @param partnersToken - Partners token\n */\nexport async function ensureUserHasPartnerAccount(partnersToken: string) {\n  debug(content`Verifying that the user has a Partner organization`)\n  if (!(await hasPartnerAccount(partnersToken))) {\n    output.info(`\\nA Shopify Partners organization is needed to proceed.`)\n    output.info(`👉 Press any key to create one`)\n    await keypress()\n    await open(`https://${await partnersFqdn()}/signup`)\n    output.info(output.content`👉 Press any key when you have ${output.token.cyan('created the organization')}`)\n    output.warn(output.content`Make sure you've confirmed your Shopify and the Partner organization from the email`)\n    await keypress()\n    if (!(await hasPartnerAccount(partnersToken))) {\n      throw new Abort(\n        `Couldn't find your Shopify Partners organization`,\n        `Have you confirmed your accounts from the emails you received?`,\n      )\n    }\n  }\n}\n\nasync function executeCompleteFlow(applications: OAuthApplications, identityFqdn: string): Promise<Session> {\n  const scopes = getFlattenScopes(applications)\n  const exchangeScopes = getExchangeScopes(applications)\n  const store = applications.adminApi?.storeFqdn\n  if (firstPartyDev()) {\n    debug(content`Authenticating as Shopify Employee...`)\n    scopes.push('employee')\n  }\n\n  let identityToken: IdentityToken\n  if (useDeviceAuth()) {\n    // Request a device code to authorize without a browser redirect.\n    debug(content`Requesting device authorization code...`)\n    const deviceAuth = await requestDeviceAuthorization(scopes)\n\n    // Poll for the identity token\n    debug(content`Starting polling for the identity token...`)\n    identityToken = await pollForDeviceAuthorization(deviceAuth.deviceCode, deviceAuth.interval)\n  } else {\n    // Authorize user via browser\n    debug(content`Authorizing through Identity's website...`)\n    const code = await authorize(scopes)\n\n    // Exchange code for identity token\n    debug(content`Authorization code received. Exchanging it for a CLI token...`)\n    identityToken = await exchangeCodeForAccessToken(code)\n  }\n\n  // Exchange identity token for application tokens\n  debug(content`CLI token received. Exchanging it for application tokens...`)\n  const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store)\n\n  const session: Session = {\n    [identityFqdn]: {\n      identity: identityToken,\n      applications: result,\n    },\n  }\n\n  output.completed('Logged in.')\n\n  return session\n}\n\nasync function refreshTokens(token: IdentityToken, applications: OAuthApplications, fqdn: string): Promise<Session> {\n  // Refresh Identity Token\n  const identityToken = await refreshAccessToken(token)\n  // Exchange new identity token for application tokens\n  const exchangeScopes = getExchangeScopes(applications)\n  const applicationTokens = await exchangeAccessForApplicationTokens(\n    identityToken,\n    exchangeScopes,\n    applications.adminApi?.storeFqdn,\n  )\n\n  return {\n    [fqdn]: {\n      identity: identityToken,\n      applications: applicationTokens,\n    },\n  }\n}\n\nasync function tokensFor(applications: OAuthApplications, session: Session, fqdn: string): Promise<OAuthSession> {\n  const fqdnSession = session[fqdn]\n  if (!fqdnSession) {\n    throw NoSessionError\n  }\n  const tokens: OAuthSession = {}\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = fqdnSession.applications[realAppId]?.accessToken\n    if (token) {\n      tokens.admin = {token, storeFqdn: applications.adminApi.storeFqdn}\n    }\n  }\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    tokens.partners = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    tokens.storefront = fqdnSession.applications[appId]?.accessToken\n  }\n  return tokens\n}\n\n// Scope Helpers\nfunction getFlattenScopes(apps: OAuthApplications): string[] {\n  const admin = apps.adminApi?.scopes || []\n  const partner = apps.partnersApi?.scopes || []\n  const storefront = apps.storefrontRendererApi?.scopes || []\n  const requestedScopes = [...admin, ...partner, ...storefront]\n  return allDefaultScopes(requestedScopes)\n}\n\nfunction getExchangeScopes(apps: OAuthApplications): ExchangeScopes {\n  const adminScope = apps.adminApi?.scopes || []\n  const partnerScope = apps.partnersApi?.scopes || []\n  const storefrontScopes = apps.storefrontRendererApi?.scopes || []\n  return {\n    admin: apiScopes('admin', adminScope),\n    partners: apiScopes('partners', partnerScope),\n    storefront: apiScopes('storefront-renderer', storefrontScopes),\n  }\n}\n\nexport function logout() {\n  return secureStore.remove()\n}\n"]}