@shopify/cli-kit 3.67.2 → 3.68.0

package/dist/private/node/analytics.d.ts

@@ -20,6 +20,7 @@ interface EnvironmentData {
     env_cloud: string;
     env_package_manager: string;
     env_is_global: boolean;
+    env_auth_method: string;
 }
 export declare function getEnvironmentData(config: Interfaces.Config): Promise<EnvironmentData>;
 export declare function getSensitiveEnvironmentData(config: Interfaces.Config): Promise<{

package/dist/private/node/analytics.js

@@ -1,3 +1,4 @@
+import { getLastSeenAuthMethod } from './session.js';
 import { hashString } from '../../public/node/crypto.js';
 import { getPackageManager, packageManagerFromUserAgent } from '../../public/node/node-package-manager.js';
 import * as metadata from '../../public/node/metadata.js';
@@ -46,6 +47,7 @@ export async function getEnvironmentData(config) {
         env_cloud: cloudEnvironment().platform,
         env_package_manager: await getPackageManager(cwd()),
         env_is_global: currentProcessIsGlobal(),
+        env_auth_method: await getLastSeenAuthMethod(),
     };
 }
 export async function getSensitiveEnvironmentData(config) {

package/dist/private/node/analytics.js.map

@@ -1 +1 @@
-{"version":3,"file":"analytics.js","sourceRoot":"","sources":["../../../src/private/node/analytics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,UAAU,EAAC,MAAM,6BAA6B,CAAA;AACtD,OAAO,EAAC,iBAAiB,EAAE,2BAA2B,EAAC,MAAM,2CAA2C,CAAA;AAGxG,OAAO,KAAK,QAAQ,MAAM,+BAA+B,CAAA;AACzD,OAAO,EAAC,eAAe,EAAC,MAAM,yBAAyB,CAAA;AAEvD,OAAO,EAAC,UAAU,EAAE,gBAAgB,EAAE,UAAU,EAAC,MAAM,qCAAqC,CAAA;AAC5F,OAAO,EAAC,GAAG,EAAC,MAAM,4BAA4B,CAAA;AAC9C,OAAO,EAAC,sBAAsB,EAAC,MAAM,iCAAiC,CAAA;AAStE,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EACnC,cAAc,EACd,IAAI,EACJ,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAClC,YAAY,GACC;IACb,IAAI,YAAY,GAAW,cAAc,CAAC,OAAO,CAAA;IACjD,IAAI,YAAY,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,uBAAuB,CAAC,EAAE;QAC/F,YAAY,GAAI,YAAmC,CAAC,qBAAqB,EAAE,IAAI,cAAc,CAAC,OAAO,CAAA;KACtG;IAED,IAAI,UAAU,GAAG,YAAY,EAAE,MAAM,EAAE,IAAI,CAAA;IAC3C,IAAI,YAAY,IAAI,kBAAkB,IAAI,YAAY,EAAE;QACtD,UAAU,GAAG,YAAY,CAAC,gBAA0B,CAAA;KACrD;IAED,MAAM,QAAQ,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC;QACzC,mBAAmB,EAAE;YACnB,SAAS,EAAE,WAAW;YACtB,YAAY;YACZ,SAAS,EAAE,IAAI;SAChB;KACF,CAAC,CAAC,CAAA;IAEH,MAAM,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC;QACtC,gBAAgB,EAAE,2BAA2B,EAAE;QAC/C,kBAAkB,EAAE,cAAc,CAAC,KAAK;QACxC,aAAa,EAAE,cAAc,CAAC,KAAK;QACnC,cAAc,EAAE,UAAU;QAC1B,aAAa,EAAE,YAAY,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;KAC1F,CAAC,CAAC,CAAA;AACL,CAAC;AAgBD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAyB;IAChE,MAAM,UAAU,GAAG,UAAU,EAAE,CAAA;IAE/B,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC1C,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;IAErF,MAAM,EAAC,QAAQ,EAAE,IAAI,EAAC,GAAG,eAAe,EAAE,CAAA;IAE1C,OAAO;QACL,KAAK,EAAE,GAAG,QAAQ,IAAI,IAAI,EAAE;QAC5B,MAAM,EAAE,UAAU,CAAC,IAAI;QACvB,eAAe,EAAE,UAAU,CAAC,IAAI;QAChC,+BAA+B,EAAE,WAAW,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM;QAC7E,4BAA4B,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;QAC5D,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,WAAW,EAAE,gBAAgB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAChF,aAAa,EAAE,UAAU,CAAC,MAAM,UAAU,EAAE,CAAC;QAC7C,SAAS,EAAE,gBAAgB,EAAE,CAAC,QAAQ;QACtC,mBAAmB,EAAE,MAAM,iBAAiB,CAAC,GAAG,EAAE,CAAC;QACnD,aAAa,EAAE,sBAAsB,EAAE;KACxC,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAyB;IACzE,OAAO;QACL,wBAAwB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;KACjE,CAAA;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAyB;IAC/C,MAAM,WAAW,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;IAC9C,OAAO,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;AAC7E,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,YAAiD;IACnF,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAA;IAE/B,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,IAAI,EAAE,CAAA;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AACjD,CAAC","sourcesContent":["import {hashString} from '../../public/node/crypto.js'\nimport {getPackageManager, packageManagerFromUserAgent} from '../../public/node/node-package-manager.js'\nimport BaseCommand from '../../public/node/base-command.js'\nimport {CommandContent} from '../../public/node/hooks/prerun.js'\nimport * as metadata from '../../public/node/metadata.js'\nimport {platformAndArch} from '../../public/node/os.js'\nimport {Command, Interfaces} from '@oclif/core'\nimport {ciPlatform, cloudEnvironment, macAddress} from '@shopify/cli-kit/node/context/local'\nimport {cwd} from '@shopify/cli-kit/node/path'\nimport {currentProcessIsGlobal} from '@shopify/cli-kit/node/is-global'\n\ninterface StartOptions {\n  commandContent: CommandContent\n  args: string[]\n  currentTime?: number\n  commandClass?: Command.Class | typeof BaseCommand\n}\n\nexport async function startAnalytics({\n  commandContent,\n  args,\n  currentTime = new Date().getTime(),\n  commandClass,\n}: StartOptions): Promise<void> {\n  let startCommand: string = commandContent.command\n  if (commandClass && Object.prototype.hasOwnProperty.call(commandClass, 'analyticsNameOverride')) {\n    startCommand = (commandClass as typeof BaseCommand).analyticsNameOverride() ?? commandContent.command\n  }\n\n  let pluginName = commandClass?.plugin?.name\n  if (commandClass && 'customPluginName' in commandClass) {\n    pluginName = commandClass.customPluginName as string\n  }\n\n  await metadata.addSensitiveMetadata(() => ({\n    commandStartOptions: {\n      startTime: currentTime,\n      startCommand,\n      startArgs: args,\n    },\n  }))\n\n  await metadata.addPublicMetadata(() => ({\n    cmd_all_launcher: packageManagerFromUserAgent(),\n    cmd_all_alias_used: commandContent.alias,\n    cmd_all_topic: commandContent.topic,\n    cmd_all_plugin: pluginName,\n    cmd_all_force: flagIncluded('force', commandClass) ? args.includes('--force') : undefined,\n  }))\n}\n\ninterface EnvironmentData {\n  uname: string\n  env_ci: boolean\n  env_ci_platform?: string\n  env_plugin_installed_any_custom: boolean\n  env_plugin_installed_shopify: string\n  env_shell: string\n  env_web_ide: string | undefined\n  env_device_id: string\n  env_cloud: string\n  env_package_manager: string\n  env_is_global: boolean\n}\n\nexport async function getEnvironmentData(config: Interfaces.Config): Promise<EnvironmentData> {\n  const ciplatform = ciPlatform()\n\n  const pluginNames = getPluginNames(config)\n  const shopifyPlugins = pluginNames.filter((plugin) => plugin.startsWith('@shopify/'))\n\n  const {platform, arch} = platformAndArch()\n\n  return {\n    uname: `${platform} ${arch}`,\n    env_ci: ciplatform.isCI,\n    env_ci_platform: ciplatform.name,\n    env_plugin_installed_any_custom: pluginNames.length !== shopifyPlugins.length,\n    env_plugin_installed_shopify: JSON.stringify(shopifyPlugins),\n    env_shell: config.shell,\n    env_web_ide: cloudEnvironment().editor ? cloudEnvironment().platform : undefined,\n    env_device_id: hashString(await macAddress()),\n    env_cloud: cloudEnvironment().platform,\n    env_package_manager: await getPackageManager(cwd()),\n    env_is_global: currentProcessIsGlobal(),\n  }\n}\n\nexport async function getSensitiveEnvironmentData(config: Interfaces.Config) {\n  return {\n    env_plugin_installed_all: JSON.stringify(getPluginNames(config)),\n  }\n}\n\nfunction getPluginNames(config: Interfaces.Config) {\n  const pluginNames = [...config.plugins.keys()]\n  return pluginNames.sort().filter((plugin) => !plugin.startsWith('@oclif/'))\n}\n\nfunction flagIncluded(flag: string, commandClass?: Command.Class | typeof BaseCommand) {\n  if (!commandClass) return false\n\n  const commandFlags = commandClass.flags ?? {}\n  return Object.keys(commandFlags).includes(flag)\n}\n"]}
+{"version":3,"file":"analytics.js","sourceRoot":"","sources":["../../../src/private/node/analytics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,qBAAqB,EAAC,MAAM,cAAc,CAAA;AAClD,OAAO,EAAC,UAAU,EAAC,MAAM,6BAA6B,CAAA;AACtD,OAAO,EAAC,iBAAiB,EAAE,2BAA2B,EAAC,MAAM,2CAA2C,CAAA;AAGxG,OAAO,KAAK,QAAQ,MAAM,+BAA+B,CAAA;AACzD,OAAO,EAAC,eAAe,EAAC,MAAM,yBAAyB,CAAA;AAEvD,OAAO,EAAC,UAAU,EAAE,gBAAgB,EAAE,UAAU,EAAC,MAAM,qCAAqC,CAAA;AAC5F,OAAO,EAAC,GAAG,EAAC,MAAM,4BAA4B,CAAA;AAC9C,OAAO,EAAC,sBAAsB,EAAC,MAAM,iCAAiC,CAAA;AAStE,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EACnC,cAAc,EACd,IAAI,EACJ,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAClC,YAAY,GACC;IACb,IAAI,YAAY,GAAW,cAAc,CAAC,OAAO,CAAA;IACjD,IAAI,YAAY,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,uBAAuB,CAAC,EAAE;QAC/F,YAAY,GAAI,YAAmC,CAAC,qBAAqB,EAAE,IAAI,cAAc,CAAC,OAAO,CAAA;KACtG;IAED,IAAI,UAAU,GAAG,YAAY,EAAE,MAAM,EAAE,IAAI,CAAA;IAC3C,IAAI,YAAY,IAAI,kBAAkB,IAAI,YAAY,EAAE;QACtD,UAAU,GAAG,YAAY,CAAC,gBAA0B,CAAA;KACrD;IAED,MAAM,QAAQ,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC;QACzC,mBAAmB,EAAE;YACnB,SAAS,EAAE,WAAW;YACtB,YAAY;YACZ,SAAS,EAAE,IAAI;SAChB;KACF,CAAC,CAAC,CAAA;IAEH,MAAM,QAAQ,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC;QACtC,gBAAgB,EAAE,2BAA2B,EAAE;QAC/C,kBAAkB,EAAE,cAAc,CAAC,KAAK;QACxC,aAAa,EAAE,cAAc,CAAC,KAAK;QACnC,cAAc,EAAE,UAAU;QAC1B,aAAa,EAAE,YAAY,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;KAC1F,CAAC,CAAC,CAAA;AACL,CAAC;AAiBD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAyB;IAChE,MAAM,UAAU,GAAG,UAAU,EAAE,CAAA;IAE/B,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC1C,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;IAErF,MAAM,EAAC,QAAQ,EAAE,IAAI,EAAC,GAAG,eAAe,EAAE,CAAA;IAE1C,OAAO;QACL,KAAK,EAAE,GAAG,QAAQ,IAAI,IAAI,EAAE;QAC5B,MAAM,EAAE,UAAU,CAAC,IAAI;QACvB,eAAe,EAAE,UAAU,CAAC,IAAI;QAChC,+BAA+B,EAAE,WAAW,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM;QAC7E,4BAA4B,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;QAC5D,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,WAAW,EAAE,gBAAgB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAChF,aAAa,EAAE,UAAU,CAAC,MAAM,UAAU,EAAE,CAAC;QAC7C,SAAS,EAAE,gBAAgB,EAAE,CAAC,QAAQ;QACtC,mBAAmB,EAAE,MAAM,iBAAiB,CAAC,GAAG,EAAE,CAAC;QACnD,aAAa,EAAE,sBAAsB,EAAE;QACvC,eAAe,EAAE,MAAM,qBAAqB,EAAE;KAC/C,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAyB;IACzE,OAAO;QACL,wBAAwB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;KACjE,CAAA;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAyB;IAC/C,MAAM,WAAW,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;IAC9C,OAAO,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;AAC7E,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,YAAiD;IACnF,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAA;IAE/B,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,IAAI,EAAE,CAAA;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AACjD,CAAC","sourcesContent":["import {getLastSeenAuthMethod} from './session.js'\nimport {hashString} from '../../public/node/crypto.js'\nimport {getPackageManager, packageManagerFromUserAgent} from '../../public/node/node-package-manager.js'\nimport BaseCommand from '../../public/node/base-command.js'\nimport {CommandContent} from '../../public/node/hooks/prerun.js'\nimport * as metadata from '../../public/node/metadata.js'\nimport {platformAndArch} from '../../public/node/os.js'\nimport {Command, Interfaces} from '@oclif/core'\nimport {ciPlatform, cloudEnvironment, macAddress} from '@shopify/cli-kit/node/context/local'\nimport {cwd} from '@shopify/cli-kit/node/path'\nimport {currentProcessIsGlobal} from '@shopify/cli-kit/node/is-global'\n\ninterface StartOptions {\n  commandContent: CommandContent\n  args: string[]\n  currentTime?: number\n  commandClass?: Command.Class | typeof BaseCommand\n}\n\nexport async function startAnalytics({\n  commandContent,\n  args,\n  currentTime = new Date().getTime(),\n  commandClass,\n}: StartOptions): Promise<void> {\n  let startCommand: string = commandContent.command\n  if (commandClass && Object.prototype.hasOwnProperty.call(commandClass, 'analyticsNameOverride')) {\n    startCommand = (commandClass as typeof BaseCommand).analyticsNameOverride() ?? commandContent.command\n  }\n\n  let pluginName = commandClass?.plugin?.name\n  if (commandClass && 'customPluginName' in commandClass) {\n    pluginName = commandClass.customPluginName as string\n  }\n\n  await metadata.addSensitiveMetadata(() => ({\n    commandStartOptions: {\n      startTime: currentTime,\n      startCommand,\n      startArgs: args,\n    },\n  }))\n\n  await metadata.addPublicMetadata(() => ({\n    cmd_all_launcher: packageManagerFromUserAgent(),\n    cmd_all_alias_used: commandContent.alias,\n    cmd_all_topic: commandContent.topic,\n    cmd_all_plugin: pluginName,\n    cmd_all_force: flagIncluded('force', commandClass) ? args.includes('--force') : undefined,\n  }))\n}\n\ninterface EnvironmentData {\n  uname: string\n  env_ci: boolean\n  env_ci_platform?: string\n  env_plugin_installed_any_custom: boolean\n  env_plugin_installed_shopify: string\n  env_shell: string\n  env_web_ide: string | undefined\n  env_device_id: string\n  env_cloud: string\n  env_package_manager: string\n  env_is_global: boolean\n  env_auth_method: string\n}\n\nexport async function getEnvironmentData(config: Interfaces.Config): Promise<EnvironmentData> {\n  const ciplatform = ciPlatform()\n\n  const pluginNames = getPluginNames(config)\n  const shopifyPlugins = pluginNames.filter((plugin) => plugin.startsWith('@shopify/'))\n\n  const {platform, arch} = platformAndArch()\n\n  return {\n    uname: `${platform} ${arch}`,\n    env_ci: ciplatform.isCI,\n    env_ci_platform: ciplatform.name,\n    env_plugin_installed_any_custom: pluginNames.length !== shopifyPlugins.length,\n    env_plugin_installed_shopify: JSON.stringify(shopifyPlugins),\n    env_shell: config.shell,\n    env_web_ide: cloudEnvironment().editor ? cloudEnvironment().platform : undefined,\n    env_device_id: hashString(await macAddress()),\n    env_cloud: cloudEnvironment().platform,\n    env_package_manager: await getPackageManager(cwd()),\n    env_is_global: currentProcessIsGlobal(),\n    env_auth_method: await getLastSeenAuthMethod(),\n  }\n}\n\nexport async function getSensitiveEnvironmentData(config: Interfaces.Config) {\n  return {\n    env_plugin_installed_all: JSON.stringify(getPluginNames(config)),\n  }\n}\n\nfunction getPluginNames(config: Interfaces.Config) {\n  const pluginNames = [...config.plugins.keys()]\n  return pluginNames.sort().filter((plugin) => !plugin.startsWith('@oclif/'))\n}\n\nfunction flagIncluded(flag: string, commandClass?: Command.Class | typeof BaseCommand) {\n  if (!commandClass) return false\n\n  const commandFlags = commandClass.flags ?? {}\n  return Object.keys(commandFlags).includes(flag)\n}\n"]}

package/dist/private/node/api/rest.d.ts

@@ -7,3 +7,4 @@ export declare function restRequestUrl(session: AdminSession, apiVersion: string
 export declare function restRequestHeaders(session: AdminSession): {
     [key: string]: string;
 };
+export declare function isThemeAccessSession(session: AdminSession): boolean;

package/dist/private/node/api/rest.js

@@ -24,7 +24,7 @@ export function restRequestHeaders(session) {
     }
     return headers;
 }
-function isThemeAccessSession(session) {
+export function isThemeAccessSession(session) {
     return session.token.startsWith('shptka_');
 }
 //# sourceMappingURL=rest.js.map

package/dist/private/node/api/rest.js.map

@@ -1 +1 @@
-{"version":3,"file":"rest.js","sourceRoot":"","sources":["../../../../src/private/node/api/rest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,cAAc,CAAA;AACzC,OAAO,EAAC,2BAA2B,EAAE,oBAAoB,EAAC,MAAM,iBAAiB,CAAA;AAGjF,MAAM,UAAU,eAAe,CAAI,WAAe;IAChD,IAAI,CAAC,WAAW,EAAE;QAChB,OAAM;KACP;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;AACpC,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,OAAqB,EACrB,UAAkB,EAClB,IAAY,EACZ,eAAyC,EAAE,EAC3C,GAAG,GAAG,OAAO,CAAC,GAAG;IAEjB,MAAM,oBAAoB,GAAG,GAAG,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,IAAI,2BAA2B,CAAA;IAC1G,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,oBAAoB,CAAC,OAAO,CAAC;QAC3B,CAAC,CAAC,WAAW,oBAAoB,kBAAkB,UAAU,GAAG,IAAI,OAAO;QAC3E,CAAC,CAAC,WAAW,OAAO,CAAC,SAAS,cAAc,UAAU,GAAG,IAAI,OAAO,CACvE,CAAA;IACD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAA;IAE1F,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAA;AACvB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAqB;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAA;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAA;IAC3B,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAE3C,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE;QACjC,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAA;QACjC,OAAO,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAA;KAC1C;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAqB;IACjD,OAAO,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC","sourcesContent":["import {buildHeaders} from './headers.js'\nimport {defaultThemeKitAccessDomain, environmentVariables} from '../constants.js'\nimport {AdminSession} from '@shopify/cli-kit/node/session'\n\nexport function restRequestBody<T>(requestBody?: T) {\n  if (!requestBody) {\n    return\n  }\n  return JSON.stringify(requestBody)\n}\n\nexport function restRequestUrl(\n  session: AdminSession,\n  apiVersion: string,\n  path: string,\n  searchParams: {[name: string]: string} = {},\n  env = process.env,\n) {\n  const themeKitAccessDomain = env[environmentVariables.themeKitAccessDomain] || defaultThemeKitAccessDomain\n  const url = new URL(\n    isThemeAccessSession(session)\n      ? `https://${themeKitAccessDomain}/cli/admin/api/${apiVersion}${path}.json`\n      : `https://${session.storeFqdn}/admin/api/${apiVersion}${path}.json`,\n  )\n  Object.entries(searchParams).forEach(([name, value]) => url.searchParams.set(name, value))\n\n  return url.toString()\n}\n\nexport function restRequestHeaders(session: AdminSession) {\n  const store = session.storeFqdn\n  const token = session.token\n  const headers = buildHeaders(session.token)\n\n  if (isThemeAccessSession(session)) {\n    headers['X-Shopify-Shop'] = store\n    headers['X-Shopify-Access-Token'] = token\n  }\n\n  return headers\n}\n\nfunction isThemeAccessSession(session: AdminSession) {\n  return session.token.startsWith('shptka_')\n}\n"]}
+{"version":3,"file":"rest.js","sourceRoot":"","sources":["../../../../src/private/node/api/rest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,cAAc,CAAA;AACzC,OAAO,EAAC,2BAA2B,EAAE,oBAAoB,EAAC,MAAM,iBAAiB,CAAA;AAGjF,MAAM,UAAU,eAAe,CAAI,WAAe;IAChD,IAAI,CAAC,WAAW,EAAE;QAChB,OAAM;KACP;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;AACpC,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,OAAqB,EACrB,UAAkB,EAClB,IAAY,EACZ,eAAyC,EAAE,EAC3C,GAAG,GAAG,OAAO,CAAC,GAAG;IAEjB,MAAM,oBAAoB,GAAG,GAAG,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,IAAI,2BAA2B,CAAA;IAC1G,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,oBAAoB,CAAC,OAAO,CAAC;QAC3B,CAAC,CAAC,WAAW,oBAAoB,kBAAkB,UAAU,GAAG,IAAI,OAAO;QAC3E,CAAC,CAAC,WAAW,OAAO,CAAC,SAAS,cAAc,UAAU,GAAG,IAAI,OAAO,CACvE,CAAA;IACD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAA;IAE1F,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAA;AACvB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAqB;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAA;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAA;IAC3B,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAE3C,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE;QACjC,OAAO,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAA;QACjC,OAAO,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAA;KAC1C;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAqB;IACxD,OAAO,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;AAC5C,CAAC","sourcesContent":["import {buildHeaders} from './headers.js'\nimport {defaultThemeKitAccessDomain, environmentVariables} from '../constants.js'\nimport {AdminSession} from '@shopify/cli-kit/node/session'\n\nexport function restRequestBody<T>(requestBody?: T) {\n  if (!requestBody) {\n    return\n  }\n  return JSON.stringify(requestBody)\n}\n\nexport function restRequestUrl(\n  session: AdminSession,\n  apiVersion: string,\n  path: string,\n  searchParams: {[name: string]: string} = {},\n  env = process.env,\n) {\n  const themeKitAccessDomain = env[environmentVariables.themeKitAccessDomain] || defaultThemeKitAccessDomain\n  const url = new URL(\n    isThemeAccessSession(session)\n      ? `https://${themeKitAccessDomain}/cli/admin/api/${apiVersion}${path}.json`\n      : `https://${session.storeFqdn}/admin/api/${apiVersion}${path}.json`,\n  )\n  Object.entries(searchParams).forEach(([name, value]) => url.searchParams.set(name, value))\n\n  return url.toString()\n}\n\nexport function restRequestHeaders(session: AdminSession) {\n  const store = session.storeFqdn\n  const token = session.token\n  const headers = buildHeaders(session.token)\n\n  if (isThemeAccessSession(session)) {\n    headers['X-Shopify-Shop'] = store\n    headers['X-Shopify-Access-Token'] = token\n  }\n\n  return headers\n}\n\nexport function isThemeAccessSession(session: AdminSession) {\n  return session.token.startsWith('shptka_')\n}\n"]}

package/dist/private/node/session/exchange.d.ts

@@ -39,7 +39,10 @@ export declare function refreshAccessToken(currentToken: IdentityToken): Promise
  * @param token - The CLI token passed as ENV variable
  * @returns An instance with the application access tokens.
  */
-export declare function exchangeCustomPartnerToken(token: string): Promise<ApplicationToken>;
+export declare function exchangeCustomPartnerToken(token: string): Promise<{
+    accessToken: string;
+    userId: string;
+}>;
 type IdentityDeviceError = 'authorization_pending' | 'access_denied' | 'expired_token' | 'slow_down' | 'unknown_failure';
 /**
  * Given a deviceCode obtained after starting a device identity flow, request an identity token.

package/dist/private/node/session/exchange.js

@@ -3,8 +3,10 @@ import { identityFqdn } from '../../../public/node/context/fqdn.js';
 import { shopifyFetch } from '../../../public/node/http.js';
 import { err, ok } from '../../../public/node/result.js';
 import { AbortError, BugError, ExtendableError } from '../../../public/node/error.js';
+import { setLastSeenAuthMethod, setLastSeenUserIdAfterAuth } from '../session.js';
 import { isTruthy } from '@shopify/cli-kit/node/context/utilities';
 import * as jose from 'jose';
+import { nonRandomUUID } from '@shopify/cli-kit/node/crypto';
 export class InvalidGrantError extends ExtendableError {
 }
 export class InvalidRequestError extends ExtendableError {
@@ -79,7 +81,11 @@ export async function exchangeCustomPartnerToken(token) {
     const appId = applicationId('partners');
     try {
         const newToken = await requestAppToken('partners', token, ['https://api.shopify.com/auth/partners.app.cli.access']);
-        return newToken[appId];
+        const accessToken = newToken[appId].accessToken;
+        const userId = nonRandomUUID(token);
+        setLastSeenUserIdAfterAuth(userId);
+        setLastSeenAuthMethod('partners_token');
+        return { accessToken, userId };
     }
     catch (error) {
         throw new AbortError('The custom token provided is invalid.', 'Ensure the token is correct and not expired.');

package/dist/private/node/session/exchange.js.map

@@ -1 +1 @@
-{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../../../src/private/node/session/exchange.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,aAAa,EAAE,QAAQ,IAAI,mBAAmB,EAAC,MAAM,eAAe,CAAA;AAG5E,OAAO,EAAC,YAAY,EAAC,MAAM,sCAAsC,CAAA;AACjE,OAAO,EAAC,YAAY,EAAC,MAAM,8BAA8B,CAAA;AACzD,OAAO,EAAC,GAAG,EAAE,EAAE,EAAS,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAC,UAAU,EAAE,QAAQ,EAAE,eAAe,EAAC,MAAM,+BAA+B,CAAA;AACnF,OAAO,EAAC,QAAQ,EAAC,MAAM,yCAAyC,CAAA;AAChE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,MAAM,OAAO,iBAAkB,SAAQ,eAAe;CAAG;AACzD,MAAM,OAAO,mBAAoB,SAAQ,eAAe;CAAG;AAC3D,MAAM,kBAAmB,SAAQ,UAAU;CAAG;AAS9C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,QAAwB;IACvE,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAC5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,YAAY,EAAE,uBAAuB;QACrC,SAAS,EAAE,QAAQ;QACnB,aAAa,EAAE,QAAQ,CAAC,YAAY;KACrC,CAAA;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,aAA4B,EAC5B,MAAsB,EACtB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,WAAW,CAAA;IACvC,MAAM,oBAAoB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAA;IAEzE,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,aAAa,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACvF,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC;QACnD,eAAe,CAAC,qBAAqB,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC;QAChE,eAAe,CAAC,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC,gBAAgB,CAAC;QACpE,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QACjE,oBAAoB,CAAC,CAAC,CAAC,eAAe,CAAC,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;KAC3F,CAAC,CAAA;IAEF,OAAO;QACL,GAAG,QAAQ;QACX,GAAG,UAAU;QACb,GAAG,gBAAgB;QACnB,GAAG,KAAK;QACR,GAAG,aAAa;KACjB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAA2B;IAClE,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAA;IACtC,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,eAAe;QAC3B,YAAY,EAAE,YAAY,CAAC,WAAW;QACtC,aAAa,EAAE,YAAY,CAAC,YAAY;QACxC,SAAS,EAAE,QAAQ;KACpB,CAAA;IACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,OAAO,kBAAkB,CAAC,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,CAAA;AACvD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,KAAa;IAC5D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IACvC,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,sDAAsD,CAAC,CAAC,CAAA;QACnH,OAAO,QAAQ,CAAC,KAAK,CAAE,CAAA;KACxB;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,UAAU,CAAC,uCAAuC,EAAE,8CAA8C,CAAC,CAAA;KAC9G;AACH,CAAC;AAID;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,UAAkB;IAElB,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,8CAA8C;QAC1D,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,QAAQ;KACpB,CAAA;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,IAAI,WAAW,CAAC,KAAK,EAAE,EAAE;QACvB,OAAO,GAAG,CAAC,WAAW,CAAC,KAA4B,CAAC,CAAA;KACrD;IACD,MAAM,aAAa,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;IAC3D,OAAO,EAAE,CAAC,aAAa,CAAC,CAAA;AAC1B,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,GAAQ,EACR,KAAa,EACb,SAAmB,EAAE,EACrB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IAChC,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,iDAAiD;QAC7D,oBAAoB,EAAE,+CAA+C;QACrE,kBAAkB,EAAE,+CAA+C;QACnE,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,aAAa,EAAE,KAAK;QACpB,GAAG,CAAC,GAAG,KAAK,OAAO,IAAI,EAAC,WAAW,EAAE,WAAW,KAAK,QAAQ,EAAC,CAAC;KAChE,CAAA;IAED,IAAI,UAAU,GAAG,KAAK,CAAA;IACtB,IAAI,GAAG,KAAK,OAAO,IAAI,KAAK,EAAE;QAC5B,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,EAAE,CAAA;KACjC;IACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAC7C,OAAO,EAAC,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAC,CAAA;AACjC,CAAC;AAUD,SAAS,wBAAwB,CAAC,KAAa;IAC7C,MAAM,yBAAyB,GAC7B,yEAAyE;QACzE,MAAM;QACN,6EAA6E;QAC7E,2FAA2F;QAC3F,uEAAuE;QACvE,MAAM;QACN,qFAAqF;QACrF,8DAA8D;QAC9D,oEAAoE;QACpE,gCAAgC,CAAA;IAClC,IAAI,KAAK,KAAK,eAAe,EAAE;QAC7B,6FAA6F;QAC7F,oGAAoG;QACpG,OAAO,IAAI,iBAAiB,EAAE,CAAA;KAC/B;IACD,IAAI,KAAK,KAAK,iBAAiB,EAAE;QAC/B,iGAAiG;QACjG,mGAAmG;QACnG,OAAO,IAAI,mBAAmB,EAAE,CAAA;KACjC;IACD,IAAI,KAAK,KAAK,gBAAgB,EAAE;QAC9B,OAAO,IAAI,kBAAkB,CAAC,yBAAyB,CAAC,CAAA;KACzD;IACD,mEAAmE;IACnE,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;AAC9B,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,MAA+B;IACzD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,cAAc,CAAC,CAAA;IAClD,GAAG,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACnE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,EAAC,MAAM,EAAE,MAAM,EAAC,CAAC,CAAA;IAC1D,8DAA8D;IAC9D,MAAM,OAAO,GAAQ,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;IAErC,IAAI,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC,OAAO,CAAC,CAAA;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;AAC3B,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA0B,EAAE,cAAuB;IAC7E,MAAM,MAAM,GAAG,cAAc,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;IAErG,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,QAAQ,CAAC,iFAAiF,CAAC,CAAA;KACtG;IAED,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAA0B;IACvD,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;KAChC,CAAA;AACH,CAAC","sourcesContent":["import {ApplicationToken, IdentityToken} from './schema.js'\nimport {applicationId, clientId as getIdentityClientId} from './identity.js'\nimport {CodeAuthResult} from './authorize.js'\nimport {API} from '../api.js'\nimport {identityFqdn} from '../../../public/node/context/fqdn.js'\nimport {shopifyFetch} from '../../../public/node/http.js'\nimport {err, ok, Result} from '../../../public/node/result.js'\nimport {AbortError, BugError, ExtendableError} from '../../../public/node/error.js'\nimport {isTruthy} from '@shopify/cli-kit/node/context/utilities'\nimport * as jose from 'jose'\n\nexport class InvalidGrantError extends ExtendableError {}\nexport class InvalidRequestError extends ExtendableError {}\nclass InvalidTargetError extends AbortError {}\n\nexport interface ExchangeScopes {\n  admin: string[]\n  partners: string[]\n  storefront: string[]\n  businessPlatform: string[]\n  appManagement: string[]\n}\n/**\n * Given a valid authorization code, request an identity access token.\n * This token can then be used to get API specific tokens.\n * @param codeData - code and codeVerifier from the authorize endpoint\n * @returns An instance with the identity access tokens.\n */\nexport async function exchangeCodeForAccessToken(codeData: CodeAuthResult): Promise<IdentityToken> {\n  const clientId = await getIdentityClientId()\n  const params = {\n    grant_type: 'authorization_code',\n    code: codeData.code,\n    redirect_uri: 'http://127.0.0.1:3456',\n    client_id: clientId,\n    code_verifier: codeData.codeVerifier,\n  }\n\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  return buildIdentityToken(value)\n}\n\n/**\n * Given an identity token, request an application token.\n * @param identityToken - access token obtained in a previous step\n * @param store - the store to use, only needed for admin API\n * @returns An array with the application access tokens.\n */\nexport async function exchangeAccessForApplicationTokens(\n  identityToken: IdentityToken,\n  scopes: ExchangeScopes,\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const token = identityToken.accessToken\n  const appManagementEnabled = isTruthy(process.env.USE_APP_MANAGEMENT_API)\n\n  const [partners, storefront, businessPlatform, admin, appManagement] = await Promise.all([\n    requestAppToken('partners', token, scopes.partners),\n    requestAppToken('storefront-renderer', token, scopes.storefront),\n    requestAppToken('business-platform', token, scopes.businessPlatform),\n    store ? requestAppToken('admin', token, scopes.admin, store) : {},\n    appManagementEnabled ? requestAppToken('app-management', token, scopes.appManagement) : {},\n  ])\n\n  return {\n    ...partners,\n    ...storefront,\n    ...businessPlatform,\n    ...admin,\n    ...appManagement,\n  }\n}\n\n/**\n * Given an expired access token, refresh it to get a new one.\n */\nexport async function refreshAccessToken(currentToken: IdentityToken): Promise<IdentityToken> {\n  const clientId = getIdentityClientId()\n  const params = {\n    grant_type: 'refresh_token',\n    access_token: currentToken.accessToken,\n    refresh_token: currentToken.refreshToken,\n    client_id: clientId,\n  }\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  return buildIdentityToken(value, currentToken.userId)\n}\n\n/**\n * Given a custom CLI token passed as ENV variable, request a valid partners API token\n * This token does not accept extra scopes, just the cli one.\n * @param token - The CLI token passed as ENV variable\n * @returns An instance with the application access tokens.\n */\nexport async function exchangeCustomPartnerToken(token: string): Promise<ApplicationToken> {\n  const appId = applicationId('partners')\n  try {\n    const newToken = await requestAppToken('partners', token, ['https://api.shopify.com/auth/partners.app.cli.access'])\n    return newToken[appId]!\n  } catch (error) {\n    throw new AbortError('The custom token provided is invalid.', 'Ensure the token is correct and not expired.')\n  }\n}\n\ntype IdentityDeviceError = 'authorization_pending' | 'access_denied' | 'expired_token' | 'slow_down' | 'unknown_failure'\n\n/**\n * Given a deviceCode obtained after starting a device identity flow, request an identity token.\n * @param deviceCode - The device code obtained after starting a device identity flow\n * @param scopes - The scopes to request\n * @returns An instance with the identity access tokens.\n */\nexport async function exchangeDeviceCodeForAccessToken(\n  deviceCode: string,\n): Promise<Result<IdentityToken, IdentityDeviceError>> {\n  const clientId = await getIdentityClientId()\n\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n    device_code: deviceCode,\n    client_id: clientId,\n  }\n\n  const tokenResult = await tokenRequest(params)\n  if (tokenResult.isErr()) {\n    return err(tokenResult.error as IdentityDeviceError)\n  }\n  const identityToken = buildIdentityToken(tokenResult.value)\n  return ok(identityToken)\n}\n\nasync function requestAppToken(\n  api: API,\n  token: string,\n  scopes: string[] = [],\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const appId = applicationId(api)\n  const clientId = await getIdentityClientId()\n\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',\n    requested_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    client_id: clientId,\n    audience: appId,\n    scope: scopes.join(' '),\n    subject_token: token,\n    ...(api === 'admin' && {destination: `https://${store}/admin`}),\n  }\n\n  let identifier = appId\n  if (api === 'admin' && store) {\n    identifier = `${store}-${appId}`\n  }\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  const appToken = buildApplicationToken(value)\n  return {[identifier]: appToken}\n}\n\ninterface TokenRequestResult {\n  access_token: string\n  expires_in: number\n  refresh_token: string\n  scope: string\n  id_token?: string\n}\n\nfunction tokenRequestErrorHandler(error: string) {\n  const invalidTargetErrorMessage =\n    'You are not authorized to use the CLI to develop in the provided store.' +\n    '\\n\\n' +\n    \"You can't use Shopify CLI with development stores if you only have Partner \" +\n    'staff member access. If you want to use Shopify CLI to work on a development store, then ' +\n    'you should be the store owner or create a staff account on the store.' +\n    '\\n\\n' +\n    \"If you're the store owner, then you need to log in to the store directly using the \" +\n    'store URL at least once before you log in using Shopify CLI.' +\n    'Logging in to the Shopify admin directly connects the development ' +\n    'store with your Shopify login.'\n  if (error === 'invalid_grant') {\n    // There's an scenario when Identity returns \"invalid_grant\" when trying to refresh the token\n    // using a valid refresh token. When that happens, we take the user through the authentication flow.\n    return new InvalidGrantError()\n  }\n  if (error === 'invalid_request') {\n    // There's an scenario when Identity returns \"invalid_request\" when exchanging an identity token.\n    // This means the token is invalid. We clear the session and throw an error to let the caller know.\n    return new InvalidRequestError()\n  }\n  if (error === 'invalid_target') {\n    return new InvalidTargetError(invalidTargetErrorMessage)\n  }\n  // eslint-disable-next-line @shopify/cli/no-error-factory-functions\n  return new AbortError(error)\n}\n\nasync function tokenRequest(params: {[key: string]: string}): Promise<Result<TokenRequestResult, string>> {\n  const fqdn = await identityFqdn()\n  const url = new URL(`https://${fqdn}/oauth/token`)\n  url.search = new URLSearchParams(Object.entries(params)).toString()\n  const res = await shopifyFetch(url.href, {method: 'POST'})\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const payload: any = await res.json()\n\n  if (res.ok) return ok(payload)\n  return err(payload.error)\n}\n\nfunction buildIdentityToken(result: TokenRequestResult, existingUserId?: string): IdentityToken {\n  const userId = existingUserId ?? (result.id_token ? jose.decodeJwt(result.id_token).sub! : undefined)\n\n  if (!userId) {\n    throw new BugError('Error setting userId for session. No id_token or pre-existing user ID provided.')\n  }\n\n  return {\n    accessToken: result.access_token,\n    refreshToken: result.refresh_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n    userId,\n  }\n}\n\nfunction buildApplicationToken(result: TokenRequestResult): ApplicationToken {\n  return {\n    accessToken: result.access_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n  }\n}\n"]}
+{"version":3,"file":"exchange.js","sourceRoot":"","sources":["../../../../src/private/node/session/exchange.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,aAAa,EAAE,QAAQ,IAAI,mBAAmB,EAAC,MAAM,eAAe,CAAA;AAG5E,OAAO,EAAC,YAAY,EAAC,MAAM,sCAAsC,CAAA;AACjE,OAAO,EAAC,YAAY,EAAC,MAAM,8BAA8B,CAAA;AACzD,OAAO,EAAC,GAAG,EAAE,EAAE,EAAS,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAC,UAAU,EAAE,QAAQ,EAAE,eAAe,EAAC,MAAM,+BAA+B,CAAA;AACnF,OAAO,EAAC,qBAAqB,EAAE,0BAA0B,EAAC,MAAM,eAAe,CAAA;AAC/E,OAAO,EAAC,QAAQ,EAAC,MAAM,yCAAyC,CAAA;AAChE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EAAC,aAAa,EAAC,MAAM,8BAA8B,CAAA;AAE1D,MAAM,OAAO,iBAAkB,SAAQ,eAAe;CAAG;AACzD,MAAM,OAAO,mBAAoB,SAAQ,eAAe;CAAG;AAC3D,MAAM,kBAAmB,SAAQ,UAAU;CAAG;AAS9C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,QAAwB;IACvE,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAC5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,YAAY,EAAE,uBAAuB;QACrC,SAAS,EAAE,QAAQ;QACnB,aAAa,EAAE,QAAQ,CAAC,YAAY;KACrC,CAAA;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,aAA4B,EAC5B,MAAsB,EACtB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,WAAW,CAAA;IACvC,MAAM,oBAAoB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAA;IAEzE,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,aAAa,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACvF,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC;QACnD,eAAe,CAAC,qBAAqB,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC;QAChE,eAAe,CAAC,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC,gBAAgB,CAAC;QACpE,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QACjE,oBAAoB,CAAC,CAAC,CAAC,eAAe,CAAC,gBAAgB,EAAE,KAAK,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;KAC3F,CAAC,CAAA;IAEF,OAAO;QACL,GAAG,QAAQ;QACX,GAAG,UAAU;QACb,GAAG,gBAAgB;QACnB,GAAG,KAAK;QACR,GAAG,aAAa;KACjB,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAA2B;IAClE,MAAM,QAAQ,GAAG,mBAAmB,EAAE,CAAA;IACtC,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,eAAe;QAC3B,YAAY,EAAE,YAAY,CAAC,WAAW;QACtC,aAAa,EAAE,YAAY,CAAC,YAAY;QACxC,SAAS,EAAE,QAAQ;KACpB,CAAA;IACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,OAAO,kBAAkB,CAAC,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,CAAA;AACvD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,KAAa;IAC5D,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IACvC,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,sDAAsD,CAAC,CAAC,CAAA;QACnH,MAAM,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAE,CAAC,WAAW,CAAA;QAChD,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAA;QACnC,0BAA0B,CAAC,MAAM,CAAC,CAAA;QAClC,qBAAqB,CAAC,gBAAgB,CAAC,CAAA;QACvC,OAAO,EAAC,WAAW,EAAE,MAAM,EAAC,CAAA;KAC7B;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,UAAU,CAAC,uCAAuC,EAAE,8CAA8C,CAAC,CAAA;KAC9G;AACH,CAAC;AAID;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,UAAkB;IAElB,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,8CAA8C;QAC1D,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,QAAQ;KACpB,CAAA;IAED,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,IAAI,WAAW,CAAC,KAAK,EAAE,EAAE;QACvB,OAAO,GAAG,CAAC,WAAW,CAAC,KAA4B,CAAC,CAAA;KACrD;IACD,MAAM,aAAa,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;IAC3D,OAAO,EAAE,CAAC,aAAa,CAAC,CAAA;AAC1B,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,GAAQ,EACR,KAAa,EACb,SAAmB,EAAE,EACrB,KAAc;IAEd,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IAChC,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,iDAAiD;QAC7D,oBAAoB,EAAE,+CAA+C;QACrE,kBAAkB,EAAE,+CAA+C;QACnE,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,aAAa,EAAE,KAAK;QACpB,GAAG,CAAC,GAAG,KAAK,OAAO,IAAI,EAAC,WAAW,EAAE,WAAW,KAAK,QAAQ,EAAC,CAAC;KAChE,CAAA;IAED,IAAI,UAAU,GAAG,KAAK,CAAA;IACtB,IAAI,GAAG,KAAK,OAAO,IAAI,KAAK,EAAE;QAC5B,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,EAAE,CAAA;KACjC;IACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,UAAU,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAC7C,OAAO,EAAC,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAC,CAAA;AACjC,CAAC;AAUD,SAAS,wBAAwB,CAAC,KAAa;IAC7C,MAAM,yBAAyB,GAC7B,yEAAyE;QACzE,MAAM;QACN,6EAA6E;QAC7E,2FAA2F;QAC3F,uEAAuE;QACvE,MAAM;QACN,qFAAqF;QACrF,8DAA8D;QAC9D,oEAAoE;QACpE,gCAAgC,CAAA;IAClC,IAAI,KAAK,KAAK,eAAe,EAAE;QAC7B,6FAA6F;QAC7F,oGAAoG;QACpG,OAAO,IAAI,iBAAiB,EAAE,CAAA;KAC/B;IACD,IAAI,KAAK,KAAK,iBAAiB,EAAE;QAC/B,iGAAiG;QACjG,mGAAmG;QACnG,OAAO,IAAI,mBAAmB,EAAE,CAAA;KACjC;IACD,IAAI,KAAK,KAAK,gBAAgB,EAAE;QAC9B,OAAO,IAAI,kBAAkB,CAAC,yBAAyB,CAAC,CAAA;KACzD;IACD,mEAAmE;IACnE,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;AAC9B,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,MAA+B;IACzD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,IAAI,cAAc,CAAC,CAAA;IAClD,GAAG,CAAC,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;IACnE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,EAAC,MAAM,EAAE,MAAM,EAAC,CAAC,CAAA;IAC1D,8DAA8D;IAC9D,MAAM,OAAO,GAAQ,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;IAErC,IAAI,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC,OAAO,CAAC,CAAA;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;AAC3B,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA0B,EAAE,cAAuB;IAC7E,MAAM,MAAM,GAAG,cAAc,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;IAErG,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,QAAQ,CAAC,iFAAiF,CAAC,CAAA;KACtG;IAED,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;QAC/B,MAAM;KACP,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAA0B;IACvD,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;KAChC,CAAA;AACH,CAAC","sourcesContent":["import {ApplicationToken, IdentityToken} from './schema.js'\nimport {applicationId, clientId as getIdentityClientId} from './identity.js'\nimport {CodeAuthResult} from './authorize.js'\nimport {API} from '../api.js'\nimport {identityFqdn} from '../../../public/node/context/fqdn.js'\nimport {shopifyFetch} from '../../../public/node/http.js'\nimport {err, ok, Result} from '../../../public/node/result.js'\nimport {AbortError, BugError, ExtendableError} from '../../../public/node/error.js'\nimport {setLastSeenAuthMethod, setLastSeenUserIdAfterAuth} from '../session.js'\nimport {isTruthy} from '@shopify/cli-kit/node/context/utilities'\nimport * as jose from 'jose'\nimport {nonRandomUUID} from '@shopify/cli-kit/node/crypto'\n\nexport class InvalidGrantError extends ExtendableError {}\nexport class InvalidRequestError extends ExtendableError {}\nclass InvalidTargetError extends AbortError {}\n\nexport interface ExchangeScopes {\n  admin: string[]\n  partners: string[]\n  storefront: string[]\n  businessPlatform: string[]\n  appManagement: string[]\n}\n/**\n * Given a valid authorization code, request an identity access token.\n * This token can then be used to get API specific tokens.\n * @param codeData - code and codeVerifier from the authorize endpoint\n * @returns An instance with the identity access tokens.\n */\nexport async function exchangeCodeForAccessToken(codeData: CodeAuthResult): Promise<IdentityToken> {\n  const clientId = await getIdentityClientId()\n  const params = {\n    grant_type: 'authorization_code',\n    code: codeData.code,\n    redirect_uri: 'http://127.0.0.1:3456',\n    client_id: clientId,\n    code_verifier: codeData.codeVerifier,\n  }\n\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  return buildIdentityToken(value)\n}\n\n/**\n * Given an identity token, request an application token.\n * @param identityToken - access token obtained in a previous step\n * @param store - the store to use, only needed for admin API\n * @returns An array with the application access tokens.\n */\nexport async function exchangeAccessForApplicationTokens(\n  identityToken: IdentityToken,\n  scopes: ExchangeScopes,\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const token = identityToken.accessToken\n  const appManagementEnabled = isTruthy(process.env.USE_APP_MANAGEMENT_API)\n\n  const [partners, storefront, businessPlatform, admin, appManagement] = await Promise.all([\n    requestAppToken('partners', token, scopes.partners),\n    requestAppToken('storefront-renderer', token, scopes.storefront),\n    requestAppToken('business-platform', token, scopes.businessPlatform),\n    store ? requestAppToken('admin', token, scopes.admin, store) : {},\n    appManagementEnabled ? requestAppToken('app-management', token, scopes.appManagement) : {},\n  ])\n\n  return {\n    ...partners,\n    ...storefront,\n    ...businessPlatform,\n    ...admin,\n    ...appManagement,\n  }\n}\n\n/**\n * Given an expired access token, refresh it to get a new one.\n */\nexport async function refreshAccessToken(currentToken: IdentityToken): Promise<IdentityToken> {\n  const clientId = getIdentityClientId()\n  const params = {\n    grant_type: 'refresh_token',\n    access_token: currentToken.accessToken,\n    refresh_token: currentToken.refreshToken,\n    client_id: clientId,\n  }\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  return buildIdentityToken(value, currentToken.userId)\n}\n\n/**\n * Given a custom CLI token passed as ENV variable, request a valid partners API token\n * This token does not accept extra scopes, just the cli one.\n * @param token - The CLI token passed as ENV variable\n * @returns An instance with the application access tokens.\n */\nexport async function exchangeCustomPartnerToken(token: string): Promise<{accessToken: string; userId: string}> {\n  const appId = applicationId('partners')\n  try {\n    const newToken = await requestAppToken('partners', token, ['https://api.shopify.com/auth/partners.app.cli.access'])\n    const accessToken = newToken[appId]!.accessToken\n    const userId = nonRandomUUID(token)\n    setLastSeenUserIdAfterAuth(userId)\n    setLastSeenAuthMethod('partners_token')\n    return {accessToken, userId}\n  } catch (error) {\n    throw new AbortError('The custom token provided is invalid.', 'Ensure the token is correct and not expired.')\n  }\n}\n\ntype IdentityDeviceError = 'authorization_pending' | 'access_denied' | 'expired_token' | 'slow_down' | 'unknown_failure'\n\n/**\n * Given a deviceCode obtained after starting a device identity flow, request an identity token.\n * @param deviceCode - The device code obtained after starting a device identity flow\n * @param scopes - The scopes to request\n * @returns An instance with the identity access tokens.\n */\nexport async function exchangeDeviceCodeForAccessToken(\n  deviceCode: string,\n): Promise<Result<IdentityToken, IdentityDeviceError>> {\n  const clientId = await getIdentityClientId()\n\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',\n    device_code: deviceCode,\n    client_id: clientId,\n  }\n\n  const tokenResult = await tokenRequest(params)\n  if (tokenResult.isErr()) {\n    return err(tokenResult.error as IdentityDeviceError)\n  }\n  const identityToken = buildIdentityToken(tokenResult.value)\n  return ok(identityToken)\n}\n\nasync function requestAppToken(\n  api: API,\n  token: string,\n  scopes: string[] = [],\n  store?: string,\n): Promise<{[x: string]: ApplicationToken}> {\n  const appId = applicationId(api)\n  const clientId = await getIdentityClientId()\n\n  const params = {\n    grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',\n    requested_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',\n    client_id: clientId,\n    audience: appId,\n    scope: scopes.join(' '),\n    subject_token: token,\n    ...(api === 'admin' && {destination: `https://${store}/admin`}),\n  }\n\n  let identifier = appId\n  if (api === 'admin' && store) {\n    identifier = `${store}-${appId}`\n  }\n  const tokenResult = await tokenRequest(params)\n  const value = tokenResult.mapError(tokenRequestErrorHandler).valueOrBug()\n  const appToken = buildApplicationToken(value)\n  return {[identifier]: appToken}\n}\n\ninterface TokenRequestResult {\n  access_token: string\n  expires_in: number\n  refresh_token: string\n  scope: string\n  id_token?: string\n}\n\nfunction tokenRequestErrorHandler(error: string) {\n  const invalidTargetErrorMessage =\n    'You are not authorized to use the CLI to develop in the provided store.' +\n    '\\n\\n' +\n    \"You can't use Shopify CLI with development stores if you only have Partner \" +\n    'staff member access. If you want to use Shopify CLI to work on a development store, then ' +\n    'you should be the store owner or create a staff account on the store.' +\n    '\\n\\n' +\n    \"If you're the store owner, then you need to log in to the store directly using the \" +\n    'store URL at least once before you log in using Shopify CLI.' +\n    'Logging in to the Shopify admin directly connects the development ' +\n    'store with your Shopify login.'\n  if (error === 'invalid_grant') {\n    // There's an scenario when Identity returns \"invalid_grant\" when trying to refresh the token\n    // using a valid refresh token. When that happens, we take the user through the authentication flow.\n    return new InvalidGrantError()\n  }\n  if (error === 'invalid_request') {\n    // There's an scenario when Identity returns \"invalid_request\" when exchanging an identity token.\n    // This means the token is invalid. We clear the session and throw an error to let the caller know.\n    return new InvalidRequestError()\n  }\n  if (error === 'invalid_target') {\n    return new InvalidTargetError(invalidTargetErrorMessage)\n  }\n  // eslint-disable-next-line @shopify/cli/no-error-factory-functions\n  return new AbortError(error)\n}\n\nasync function tokenRequest(params: {[key: string]: string}): Promise<Result<TokenRequestResult, string>> {\n  const fqdn = await identityFqdn()\n  const url = new URL(`https://${fqdn}/oauth/token`)\n  url.search = new URLSearchParams(Object.entries(params)).toString()\n  const res = await shopifyFetch(url.href, {method: 'POST'})\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const payload: any = await res.json()\n\n  if (res.ok) return ok(payload)\n  return err(payload.error)\n}\n\nfunction buildIdentityToken(result: TokenRequestResult, existingUserId?: string): IdentityToken {\n  const userId = existingUserId ?? (result.id_token ? jose.decodeJwt(result.id_token).sub! : undefined)\n\n  if (!userId) {\n    throw new BugError('Error setting userId for session. No id_token or pre-existing user ID provided.')\n  }\n\n  return {\n    accessToken: result.access_token,\n    refreshToken: result.refresh_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n    userId,\n  }\n}\n\nfunction buildApplicationToken(result: TokenRequestResult): ApplicationToken {\n  return {\n    accessToken: result.access_token,\n    expiresAt: new Date(Date.now() + result.expires_in * 1000),\n    scopes: result.scope.split(' '),\n  }\n}\n"]}

package/dist/private/node/session.d.ts

@@ -62,6 +62,35 @@ export interface OAuthSession {
     appManagement?: string;
     userId: string;
 }
+type AuthMethod = 'partners_token' | 'device_auth' | 'theme_access_token' | 'custom_app_token' | 'none';
+/**
+ * Retrieves the user ID from the current session or returns 'unknown' if not found.
+ *
+ * This function performs the following steps:
+ * 1. Checks for a cached user ID in memory (obtained in the current run).
+ * 2. Attempts to fetch it from the secure store (from a previous auth session).
+ * 3. Checks if a custom token was used (either as a theme password or partners token).
+ * 4. If a custom token is present in the environment, generates a UUID and uses it as userId.
+ * 5. If after all this we don't have a userId, then reports as 'unknown'.
+ *
+ * @returns A Promise that resolves to the user ID as a string.
+ */
+export declare function getLastSeenUserIdAfterAuth(): Promise<string>;
+export declare function setLastSeenUserIdAfterAuth(id: string): void;
+/**
+ * Retrieves the last seen authentication method used in the current session.
+ *
+ * This function checks for the authentication method in the following order:
+ * 1. Returns the cached auth method if it's not 'none'.
+ * 2. Checks for a cached session, which implies 'device_auth' was used.
+ * 3. Checks for a partners token in the environment.
+ * 4. Checks for a theme password in the environment.
+ * 5. If none of the above are true, returns 'none'.
+ *
+ * @returns A Promise that resolves to the last seen authentication method as an AuthMethod type.
+ */
+export declare function getLastSeenAuthMethod(): Promise<AuthMethod>;
+export declare function setLastSeenAuthMethod(method: AuthMethod): void;
 /**
  * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.
  *

package/dist/private/node/session.js

@@ -7,8 +7,9 @@ import * as secureStore from './session/store.js';
 import { pollForDeviceAuthorization, requestDeviceAuthorization } from './session/device-authorization.js';
 import { RequestClientError } from './api/headers.js';
 import { getCachedPartnerAccountStatus, setCachedPartnerAccountStatus } from './conf-store.js';
+import { isThemeAccessSession } from './api/rest.js';
 import { outputContent, outputToken, outputDebug } from '../../public/node/output.js';
-import { firstPartyDev, useDeviceAuth } from '../../public/node/context/local.js';
+import { firstPartyDev, themeToken, useDeviceAuth } from '../../public/node/context/local.js';
 import { AbortError, BugError } from '../../public/node/error.js';
 import { partnersRequest } from '../../public/node/api/partners.js';
 import { normalizeStoreFqdn, partnersFqdn, identityFqdn } from '../../public/node/context/fqdn.js';
@@ -19,6 +20,67 @@ import { gql } from 'graphql-request';
 import { outputCompleted, outputInfo, outputWarn } from '@shopify/cli-kit/node/output';
 import { isTruthy } from '@shopify/cli-kit/node/context/utilities';
 import { isSpin } from '@shopify/cli-kit/node/context/spin';
+import { nonRandomUUID } from '@shopify/cli-kit/node/crypto';
+let userId;
+let authMethod = 'none';
+/**
+ * Retrieves the user ID from the current session or returns 'unknown' if not found.
+ *
+ * This function performs the following steps:
+ * 1. Checks for a cached user ID in memory (obtained in the current run).
+ * 2. Attempts to fetch it from the secure store (from a previous auth session).
+ * 3. Checks if a custom token was used (either as a theme password or partners token).
+ * 4. If a custom token is present in the environment, generates a UUID and uses it as userId.
+ * 5. If after all this we don't have a userId, then reports as 'unknown'.
+ *
+ * @returns A Promise that resolves to the user ID as a string.
+ */
+export async function getLastSeenUserIdAfterAuth() {
+    if (userId)
+        return userId;
+    const currentSession = (await secureStore.fetch()) || {};
+    const fqdn = await identityFqdn();
+    const cachedUserId = currentSession[fqdn]?.identity.userId;
+    if (cachedUserId)
+        return cachedUserId;
+    const customToken = getPartnersToken() ?? themeToken();
+    return customToken ? nonRandomUUID(customToken) : 'unknown';
+}
+export function setLastSeenUserIdAfterAuth(id) {
+    userId = id;
+}
+/**
+ * Retrieves the last seen authentication method used in the current session.
+ *
+ * This function checks for the authentication method in the following order:
+ * 1. Returns the cached auth method if it's not 'none'.
+ * 2. Checks for a cached session, which implies 'device_auth' was used.
+ * 3. Checks for a partners token in the environment.
+ * 4. Checks for a theme password in the environment.
+ * 5. If none of the above are true, returns 'none'.
+ *
+ * @returns A Promise that resolves to the last seen authentication method as an AuthMethod type.
+ */
+export async function getLastSeenAuthMethod() {
+    if (authMethod !== 'none')
+        return authMethod;
+    const currentSession = (await secureStore.fetch()) || {};
+    const fqdn = await identityFqdn();
+    const cachedUserId = currentSession[fqdn]?.identity.userId;
+    if (cachedUserId)
+        return 'device_auth';
+    const partnersToken = getPartnersToken();
+    if (partnersToken)
+        return 'partners_token';
+    const themePassword = themeToken();
+    if (themePassword) {
+        return isThemeAccessSession({ token: themePassword, storeFqdn: '' }) ? 'theme_access_token' : 'custom_app_token';
+    }
+    return 'none';
+}
+export function setLastSeenAuthMethod(method) {
+    authMethod = method;
+}
 /**
  * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.
  *
@@ -90,6 +152,8 @@ The CLI is currently unable to prompt for reauthentication.`, 'Restart the CLI p
     if (!envToken && tokens.partners) {
         await ensureUserHasPartnerAccount(tokens.partners, tokens.userId);
     }
+    setLastSeenAuthMethod(envToken ? 'partners_token' : 'device_auth');
+    setLastSeenUserIdAfterAuth(tokens.userId);
     return tokens;
 }
 /**

package/dist/private/node/session.js.map

@@ -1 +1 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../src/private/node/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAA;AACnD,OAAO,EAAC,eAAe,EAAC,MAAM,uBAAuB,CAAA;AACrD,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,0BAA0B,EAE1B,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAA;AAEhD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAC,0BAA0B,EAAE,0BAA0B,EAAC,MAAM,mCAAmC,CAAA;AACxG,OAAO,EAAC,kBAAkB,EAAC,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAC,6BAA6B,EAAE,6BAA6B,EAAC,MAAM,iBAAiB,CAAA;AAC5F,OAAO,EAAC,aAAa,EAAE,WAAW,EAAE,WAAW,EAAC,MAAM,6BAA6B,CAAA;AACnF,OAAO,EAAC,aAAa,EAAE,aAAa,EAAC,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAC,UAAU,EAAE,QAAQ,EAAC,MAAM,4BAA4B,CAAA;AAC/D,OAAO,EAAC,eAAe,EAAC,MAAM,mCAAmC,CAAA;AACjE,OAAO,EAAC,kBAAkB,EAAE,YAAY,EAAE,YAAY,EAAC,MAAM,mCAAmC,CAAA;AAChG,OAAO,EAAC,OAAO,EAAC,MAAM,6BAA6B,CAAA;AACnD,OAAO,EAAC,QAAQ,EAAC,MAAM,yBAAyB,CAAA;AAChD,OAAO,EAAC,2BAA2B,EAAE,gBAAgB,EAAC,MAAM,kCAAkC,CAAA;AAC9F,OAAO,EAAC,GAAG,EAAC,MAAM,iBAAiB,CAAA;AAEnC,OAAO,EAAC,eAAe,EAAE,UAAU,EAAE,UAAU,EAAC,MAAM,8BAA8B,CAAA;AACpF,OAAO,EAAC,QAAQ,EAAC,MAAM,yCAAyC,CAAA;AAChE,OAAO,EAAC,MAAM,EAAC,MAAM,oCAAoC,CAAA;AAyEzD;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,YAA+B,EAC/B,IAAwB,EACxB,EAAC,YAAY,GAAG,KAAK,EAAE,QAAQ,GAAG,KAAK,KAAkD,EAAE;IAE3F,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IAEjC,MAAM,iBAAiB,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC1D,IAAI,iBAAiB,EAAE;QACrB,MAAM,mBAAmB,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CAAC,CAAA;QACvE,IAAI,iBAAiB,KAAK,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE;YAC1D,YAAY,CAAC,QAAQ,CAAC,SAAS,GAAG,mBAAmB,CAAA;SACtD;KACF;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAE,CAAA;IACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAE7C,WAAW,CAAC,aAAa,CAAA;EACzB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;;EAExB,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC;CAC/B,CAAC,CAAA;IACA,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;IAEjF,IAAI,UAAU,GAAG,EAAE,CAAA;IAEnB,SAAS,eAAe;QACtB,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAAE,OAAM;QACtD,MAAM,IAAI,UAAU,CAClB;;4DAEsD,EACtD,6NAA6N,CAC9N,CAAA;IACH,CAAC;IAED,IAAI,gBAAgB,KAAK,iBAAiB,EAAE;QAC1C,eAAe,EAAE,CAAA;QACjB,WAAW,CAAC,aAAa,CAAA,4CAA4C,CAAC,CAAA;QACtE,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;KAC3D;SAAM,IAAI,gBAAgB,KAAK,eAAe,IAAI,YAAY,EAAE;QAC/D,WAAW,CAAC,aAAa,CAAA,+DAA+D,CAAC,CAAA;QACzF,IAAI;YACF,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,CAAA;SAC3E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,iBAAiB,EAAE;gBACtC,eAAe,EAAE,CAAA;gBACjB,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;aAC3D;iBAAM,IAAI,KAAK,YAAY,mBAAmB,EAAE;gBAC/C,MAAM,WAAW,CAAC,MAAM,EAAE,CAAA;gBAC1B,MAAM,IAAI,UAAU,CAAC,iCAAiC,EAAE,qDAAqD,CAAC,CAAA;aAC/G;iBAAM;gBACL,MAAM,KAAK,CAAA;aACZ;SACF;KACF;IAED,MAAM,eAAe,GAAY,EAAC,GAAG,cAAc,EAAE,GAAG,UAAU,EAAC,CAAA;IACnE,8CAA8C;IAC9C,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IAChF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAEnE,uDAAuD;IACvD,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAA;IACnC,IAAI,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE;QACxC,MAAM,CAAC,QAAQ,GAAG,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAC3E;IACD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChC,MAAM,2BAA2B,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;KAClE;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,YAAoB;IACtF,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC9C,IAAI,aAAa,EAAE,EAAE;QACnB,WAAW,CAAC,aAAa,CAAA,uCAAuC,CAAC,CAAA;QACjE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;KACxB;IAED,IAAI,aAA4B,CAAA;IAChC,MAAM,wBAAwB,GAAG,2BAA2B,EAAE,CAAA;IAC9D,IAAI,wBAAwB,EAAE;QAC5B,aAAa,GAAG,yBAAyB,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAA;KAC5E;SAAM,IAAI,aAAa,EAAE,EAAE;QAC1B,iEAAiE;QACjE,WAAW,CAAC,aAAa,CAAA,yCAAyC,CAAC,CAAA;QACnE,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAA;QAE3D,8BAA8B;QAC9B,WAAW,CAAC,aAAa,CAAA,4CAA4C,CAAC,CAAA;QACtE,aAAa,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAA;KAC7F;SAAM;QACL,6BAA6B;QAC7B,WAAW,CAAC,aAAa,CAAA,2CAA2C,CAAC,CAAA;QACrE,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;QAEpC,mCAAmC;QACnC,WAAW,CAAC,aAAa,CAAA,+DAA+D,CAAC,CAAA;QACzF,aAAa,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,CAAA;KACvD;IAED,iDAAiD;IACjD,WAAW,CAAC,aAAa,CAAA,6DAA6D,CAAC,CAAA;IACvF,MAAM,MAAM,GAAG,MAAM,kCAAkC,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;IAE7F,MAAM,OAAO,GAAY;QACvB,CAAC,YAAY,CAAC,EAAE;YACd,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,MAAM;SACrB;KACF,CAAA;IAED,eAAe,CAAC,YAAY,CAAC,CAAA;IAE7B,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,2BAA2B,CAAC,aAAqB,EAAE,MAA0B;IAC1F,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAE,OAAM;IAExD,WAAW,CAAC,aAAa,CAAA,oDAAoD,CAAC,CAAA;IAC9E,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,EAAE;QACrD,UAAU,CAAC,yDAAyD,CAAC,CAAA;QACrE,UAAU,CAAC,gCAAgC,CAAC,CAAA;QAC5C,MAAM,QAAQ,EAAE,CAAA;QAChB,MAAM,OAAO,CAAC,WAAW,MAAM,YAAY,EAAE,SAAS,CAAC,CAAA;QACvD,UAAU,CAAC,aAAa,CAAA,kCAAkC,WAAW,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAA;QACzG,UAAU,CAAC,aAAa,CAAA,qFAAqF,CAAC,CAAA;QAC9G,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,EAAE;YACrD,MAAM,IAAI,UAAU,CAClB,kDAAkD,EAClD,gEAAgE,CACjE,CAAA;SACF;KACF;AACH,CAAC;AAED,0DAA0D;AAC1D,MAAM,oBAAoB,GAAG,GAAG,CAAA;;;;;;;;CAQ/B,CAAA;AAED;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAAC,aAAqB,EAAE,MAAe;IACrE,MAAM,QAAQ,GAAG,MAAM,IAAI,aAAa,CAAA;IACxC,MAAM,YAAY,GAAG,6BAA6B,CAAC,QAAQ,CAAC,CAAA;IAE5D,IAAI,YAAY,EAAE;QAChB,WAAW,CAAC,6CAA6C,CAAC,CAAA;QAC1D,OAAO,IAAI,CAAA;KACZ;IAED,IAAI;QACF,MAAM,eAAe,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAA;QAC1D,6BAA6B,CAAC,QAAQ,CAAC,CAAA;QACvC,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;YACnE,OAAO,KAAK,CAAA;SACb;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,aAAa,CAAC,KAAoB,EAAE,YAA+B,EAAE,IAAY;IAC9F,yBAAyB;IACzB,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;IACrD,qDAAqD;IACrD,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,iBAAiB,GAAG,MAAM,kCAAkC,CAChE,aAAa,EACb,cAAc,EACd,YAAY,CAAC,QAAQ,EAAE,SAAS,CACjC,CAAA;IAED,OAAO;QACL,CAAC,IAAI,CAAC,EAAE;YACN,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;SAChC;KACF,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,SAAS,CAAC,YAA+B,EAAE,OAAgB,EAAE,IAAY;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,QAAQ,CAAC,+CAA+C,CAAC,CAAA;KACpE;IACD,MAAM,MAAM,GAAiB;QAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;KACpC,CAAA;IACD,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,WAAW,CAAA;QAC9D,IAAI,KAAK,EAAE;YACT,MAAM,CAAC,KAAK,GAAG,EAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAC,CAAA;SACnE;KACF;IAED,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KAC/D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACjE;IAED,IAAI,YAAY,CAAC,mBAAmB,EAAE;QACpC,MAAM,KAAK,GAAG,aAAa,CAAC,mBAAmB,CAAC,CAAA;QAChD,MAAM,CAAC,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACvE;IAED,IAAI,YAAY,CAAC,gBAAgB,EAAE;QACjC,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAC7C,MAAM,CAAC,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACpE;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gBAAgB;AAChB;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC3D,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC/D,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,MAAM,IAAI,EAAE,CAAA;IACzD,MAAM,eAAe,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,EAAE,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAA;IACpG,OAAO,gBAAgB,CAAC,eAAe,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IACjE,MAAM,sBAAsB,GAAG,IAAI,CAAC,mBAAmB,EAAE,MAAM,IAAI,EAAE,CAAA;IACrE,MAAM,mBAAmB,GAAG,IAAI,CAAC,gBAAgB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC/D,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;QACrC,QAAQ,EAAE,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC;QAC7C,UAAU,EAAE,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;QAC9D,gBAAgB,EAAE,SAAS,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;QACxE,aAAa,EAAE,SAAS,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;KAChE,CAAA;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,MAAgB,EAChB,wBAAqF;IAErF,OAAO;QACL,GAAG,wBAAwB;QAC3B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC1D,MAAM;KACP,CAAA;AACH,CAAC","sourcesContent":["import {applicationId} from './session/identity.js'\nimport {validateSession} from './session/validate.js'\nimport {allDefaultScopes, apiScopes} from './session/scopes.js'\nimport {\n  exchangeAccessForApplicationTokens,\n  exchangeCodeForAccessToken,\n  exchangeCustomPartnerToken,\n  ExchangeScopes,\n  refreshAccessToken,\n  InvalidGrantError,\n  InvalidRequestError,\n} from './session/exchange.js'\nimport {authorize} from './session/authorize.js'\nimport {IdentityToken, Session} from './session/schema.js'\nimport * as secureStore from './session/store.js'\nimport {pollForDeviceAuthorization, requestDeviceAuthorization} from './session/device-authorization.js'\nimport {RequestClientError} from './api/headers.js'\nimport {getCachedPartnerAccountStatus, setCachedPartnerAccountStatus} from './conf-store.js'\nimport {outputContent, outputToken, outputDebug} from '../../public/node/output.js'\nimport {firstPartyDev, useDeviceAuth} from '../../public/node/context/local.js'\nimport {AbortError, BugError} from '../../public/node/error.js'\nimport {partnersRequest} from '../../public/node/api/partners.js'\nimport {normalizeStoreFqdn, partnersFqdn, identityFqdn} from '../../public/node/context/fqdn.js'\nimport {openURL} from '../../public/node/system.js'\nimport {keypress} from '../../public/node/ui.js'\nimport {getIdentityTokenInformation, getPartnersToken} from '../../public/node/environment.js'\nimport {gql} from 'graphql-request'\nimport {AdminSession} from '@shopify/cli-kit/node/session'\nimport {outputCompleted, outputInfo, outputWarn} from '@shopify/cli-kit/node/output'\nimport {isTruthy} from '@shopify/cli-kit/node/context/utilities'\nimport {isSpin} from '@shopify/cli-kit/node/context/spin'\n\n/**\n * A scope supported by the Shopify Admin API.\n */\ntype AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string\n\n/**\n * It represents the options to authenticate against the Shopify Admin API.\n */\n\ninterface AdminAPIOAuthOptions {\n  /** Store to request permissions for. */\n  storeFqdn: string\n  /** List of scopes to request permissions for. */\n  scopes: AdminAPIScope[]\n}\n\n/**\n * A scope supported by the Partners API.\n */\ntype PartnersAPIScope = 'cli' | string\ninterface PartnersAPIOAuthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: PartnersAPIScope[]\n}\n\n/**\n * A scope supported by the Developer Platform API.\n */\ntype AppManagementAPIScope = 'https://api.shopify.com/auth/organization.apps.manage' | string\ninterface AppManagementAPIOauthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: AppManagementAPIScope[]\n}\n\n/**\n * A scope supported by the Storefront Renderer API.\n */\ntype StorefrontRendererScope = 'devtools' | string\ninterface StorefrontRendererAPIOAuthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: StorefrontRendererScope[]\n}\n\ntype BusinessPlatformScope = 'destinations' | string\ninterface BusinessPlatformAPIOAuthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: BusinessPlatformScope[]\n}\n\n/**\n * It represents the authentication requirements and\n * is the input necessary to trigger the authentication\n * flow.\n */\nexport interface OAuthApplications {\n  adminApi?: AdminAPIOAuthOptions\n  storefrontRendererApi?: StorefrontRendererAPIOAuthOptions\n  partnersApi?: PartnersAPIOAuthOptions\n  businessPlatformApi?: BusinessPlatformAPIOAuthOptions\n  appManagementApi?: AppManagementAPIOauthOptions\n}\n\nexport interface OAuthSession {\n  admin?: AdminSession\n  partners?: string\n  storefront?: string\n  businessPlatform?: string\n  appManagement?: string\n  userId: string\n}\n\n/**\n * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.\n *\n * @param applications - An object containing the applications we need to be authenticated with.\n * @param _env - Optional environment variables to use.\n * @param forceRefresh - Optional flag to force a refresh of the token.\n * @returns An instance with the access tokens organized by application.\n */\nexport async function ensureAuthenticated(\n  applications: OAuthApplications,\n  _env?: NodeJS.ProcessEnv,\n  {forceRefresh = false, noPrompt = false}: {forceRefresh?: boolean; noPrompt?: boolean} = {},\n): Promise<OAuthSession> {\n  const fqdn = await identityFqdn()\n\n  const previousStoreFqdn = applications.adminApi?.storeFqdn\n  if (previousStoreFqdn) {\n    const normalizedStoreName = await normalizeStoreFqdn(previousStoreFqdn)\n    if (previousStoreFqdn === applications.adminApi?.storeFqdn) {\n      applications.adminApi.storeFqdn = normalizedStoreName\n    }\n  }\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdnSession = currentSession[fqdn]!\n  const scopes = getFlattenScopes(applications)\n\n  outputDebug(outputContent`Validating existing session against the scopes:\n${outputToken.json(scopes)}\nFor applications:\n${outputToken.json(applications)}\n`)\n  const validationResult = await validateSession(scopes, applications, fqdnSession)\n\n  let newSession = {}\n\n  function throwOnNoPrompt() {\n    if (!noPrompt || (isSpin() && firstPartyDev())) return\n    throw new AbortError(\n      `The currently available CLI credentials are invalid.\n\nThe CLI is currently unable to prompt for reauthentication.`,\n      'Restart the CLI process you were running. If in an interactive terminal, you will be prompted to reauthenticate. If in a non-interactive terminal, ensure the correct credentials are available in the program environment.',\n    )\n  }\n\n  if (validationResult === 'needs_full_auth') {\n    throwOnNoPrompt()\n    outputDebug(outputContent`Initiating the full authentication flow...`)\n    newSession = await executeCompleteFlow(applications, fqdn)\n  } else if (validationResult === 'needs_refresh' || forceRefresh) {\n    outputDebug(outputContent`The current session is valid but needs refresh. Refreshing...`)\n    try {\n      newSession = await refreshTokens(fqdnSession.identity, applications, fqdn)\n    } catch (error) {\n      if (error instanceof InvalidGrantError) {\n        throwOnNoPrompt()\n        newSession = await executeCompleteFlow(applications, fqdn)\n      } else if (error instanceof InvalidRequestError) {\n        await secureStore.remove()\n        throw new AbortError('\\nError validating auth session', \"We've cleared the current session, please try again\")\n      } else {\n        throw error\n      }\n    }\n  }\n\n  const completeSession: Session = {...currentSession, ...newSession}\n  // Save the new session info if it has changed\n  if (Object.keys(newSession).length > 0) await secureStore.store(completeSession)\n  const tokens = await tokensFor(applications, completeSession, fqdn)\n\n  // Overwrite partners token if using a custom CLI Token\n  const envToken = getPartnersToken()\n  if (envToken && applications.partnersApi) {\n    tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  if (!envToken && tokens.partners) {\n    await ensureUserHasPartnerAccount(tokens.partners, tokens.userId)\n  }\n\n  return tokens\n}\n\n/**\n * Execute the full authentication flow.\n *\n * @param applications - An object containing the applications we need to be authenticated with.\n * @param identityFqdn - The identity FQDN.\n */\nasync function executeCompleteFlow(applications: OAuthApplications, identityFqdn: string): Promise<Session> {\n  const scopes = getFlattenScopes(applications)\n  const exchangeScopes = getExchangeScopes(applications)\n  const store = applications.adminApi?.storeFqdn\n  if (firstPartyDev()) {\n    outputDebug(outputContent`Authenticating as Shopify Employee...`)\n    scopes.push('employee')\n  }\n\n  let identityToken: IdentityToken\n  const identityTokenInformation = getIdentityTokenInformation()\n  if (identityTokenInformation) {\n    identityToken = buildIdentityTokenFromEnv(scopes, identityTokenInformation)\n  } else if (useDeviceAuth()) {\n    // Request a device code to authorize without a browser redirect.\n    outputDebug(outputContent`Requesting device authorization code...`)\n    const deviceAuth = await requestDeviceAuthorization(scopes)\n\n    // Poll for the identity token\n    outputDebug(outputContent`Starting polling for the identity token...`)\n    identityToken = await pollForDeviceAuthorization(deviceAuth.deviceCode, deviceAuth.interval)\n  } else {\n    // Authorize user via browser\n    outputDebug(outputContent`Authorizing through Identity's website...`)\n    const code = await authorize(scopes)\n\n    // Exchange code for identity token\n    outputDebug(outputContent`Authorization code received. Exchanging it for a CLI token...`)\n    identityToken = await exchangeCodeForAccessToken(code)\n  }\n\n  // Exchange identity token for application tokens\n  outputDebug(outputContent`CLI token received. Exchanging it for application tokens...`)\n  const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store)\n\n  const session: Session = {\n    [identityFqdn]: {\n      identity: identityToken,\n      applications: result,\n    },\n  }\n\n  outputCompleted('Logged in.')\n\n  return session\n}\n\n/**\n * If the user creates an account from the Identity website, the created\n * account won't get a Partner organization created. We need to detect that\n * and take the user to create a partner organization.\n *\n * @param partnersToken - Partners token.\n */\nasync function ensureUserHasPartnerAccount(partnersToken: string, userId: string | undefined) {\n  if (isTruthy(process.env.USE_APP_MANAGEMENT_API)) return\n\n  outputDebug(outputContent`Verifying that the user has a Partner organization`)\n  if (!(await hasPartnerAccount(partnersToken, userId))) {\n    outputInfo(`\\nA Shopify Partners organization is needed to proceed.`)\n    outputInfo(`👉 Press any key to create one`)\n    await keypress()\n    await openURL(`https://${await partnersFqdn()}/signup`)\n    outputInfo(outputContent`👉 Press any key when you have ${outputToken.cyan('created the organization')}`)\n    outputWarn(outputContent`Make sure you've confirmed your Shopify and the Partner organization from the email`)\n    await keypress()\n    if (!(await hasPartnerAccount(partnersToken, userId))) {\n      throw new AbortError(\n        `Couldn't find your Shopify Partners organization`,\n        `Have you confirmed your accounts from the emails you received?`,\n      )\n    }\n  }\n}\n\n// eslint-disable-next-line @shopify/cli/no-inline-graphql\nconst getFirstOrganization = gql`\n  {\n    organizations(first: 1) {\n      nodes {\n        id\n      }\n    }\n  }\n`\n\n/**\n * Validate if the current token is valid for partners API.\n *\n * @param partnersToken - Partners token.\n * @returns A promise that resolves to true if the token is valid for partners API.\n */\nasync function hasPartnerAccount(partnersToken: string, userId?: string): Promise<boolean> {\n  const cacheKey = userId ?? partnersToken\n  const cachedStatus = getCachedPartnerAccountStatus(cacheKey)\n\n  if (cachedStatus) {\n    outputDebug(`Confirmed partner account exists from cache`)\n    return true\n  }\n\n  try {\n    await partnersRequest(getFirstOrganization, partnersToken)\n    setCachedPartnerAccountStatus(cacheKey)\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    if (error instanceof RequestClientError && error.statusCode === 404) {\n      return false\n    } else {\n      return true\n    }\n  }\n}\n\n/**\n * Refresh the tokens for a given session.\n *\n * @param token - Identity token.\n * @param applications - An object containing the applications we need to be authenticated with.\n * @param fqdn - The identity FQDN.\n */\nasync function refreshTokens(token: IdentityToken, applications: OAuthApplications, fqdn: string): Promise<Session> {\n  // Refresh Identity Token\n  const identityToken = await refreshAccessToken(token)\n  // Exchange new identity token for application tokens\n  const exchangeScopes = getExchangeScopes(applications)\n  const applicationTokens = await exchangeAccessForApplicationTokens(\n    identityToken,\n    exchangeScopes,\n    applications.adminApi?.storeFqdn,\n  )\n\n  return {\n    [fqdn]: {\n      identity: identityToken,\n      applications: applicationTokens,\n    },\n  }\n}\n\n/**\n * Get the application tokens for a given session.\n *\n * @param applications - An object containing the applications we need the tokens for.\n * @param session - The current session.\n * @param fqdn - The identity FQDN.\n */\nasync function tokensFor(applications: OAuthApplications, session: Session, fqdn: string): Promise<OAuthSession> {\n  const fqdnSession = session[fqdn]\n  if (!fqdnSession) {\n    throw new BugError('No session found after ensuring authenticated')\n  }\n  const tokens: OAuthSession = {\n    userId: fqdnSession.identity.userId,\n  }\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = fqdnSession.applications[realAppId]?.accessToken\n    if (token) {\n      tokens.admin = {token, storeFqdn: applications.adminApi.storeFqdn}\n    }\n  }\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    tokens.partners = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    tokens.storefront = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.businessPlatformApi) {\n    const appId = applicationId('business-platform')\n    tokens.businessPlatform = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.appManagementApi) {\n    const appId = applicationId('app-management')\n    tokens.appManagement = fqdnSession.applications[appId]?.accessToken\n  }\n\n  return tokens\n}\n\n// Scope Helpers\n/**\n * Get a flattened array of scopes for the given applications.\n *\n * @param apps - An object containing the applications we need the scopes for.\n * @returns A flattened array of scopes.\n */\nfunction getFlattenScopes(apps: OAuthApplications): string[] {\n  const admin = apps.adminApi?.scopes || []\n  const partner = apps.partnersApi?.scopes || []\n  const storefront = apps.storefrontRendererApi?.scopes || []\n  const businessPlatform = apps.businessPlatformApi?.scopes || []\n  const appManagement = apps.appManagementApi?.scopes || []\n  const requestedScopes = [...admin, ...partner, ...storefront, ...businessPlatform, ...appManagement]\n  return allDefaultScopes(requestedScopes)\n}\n\n/**\n * Get the scopes for the given applications.\n *\n * @param apps - An object containing the applications we need the scopes for.\n * @returns An object containing the scopes for each application.\n */\nfunction getExchangeScopes(apps: OAuthApplications): ExchangeScopes {\n  const adminScope = apps.adminApi?.scopes || []\n  const partnerScope = apps.partnersApi?.scopes || []\n  const storefrontScopes = apps.storefrontRendererApi?.scopes || []\n  const businessPlatformScopes = apps.businessPlatformApi?.scopes || []\n  const appManagementScopes = apps.appManagementApi?.scopes || []\n  return {\n    admin: apiScopes('admin', adminScope),\n    partners: apiScopes('partners', partnerScope),\n    storefront: apiScopes('storefront-renderer', storefrontScopes),\n    businessPlatform: apiScopes('business-platform', businessPlatformScopes),\n    appManagement: apiScopes('app-management', appManagementScopes),\n  }\n}\n\nfunction buildIdentityTokenFromEnv(\n  scopes: string[],\n  identityTokenInformation: {accessToken: string; refreshToken: string; userId: string},\n) {\n  return {\n    ...identityTokenInformation,\n    expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000),\n    scopes,\n  }\n}\n"]}
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../../src/private/node/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAA;AACnD,OAAO,EAAC,eAAe,EAAC,MAAM,uBAAuB,CAAA;AACrD,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EACL,kCAAkC,EAClC,0BAA0B,EAC1B,0BAA0B,EAE1B,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAA;AAEhD,OAAO,KAAK,WAAW,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAC,0BAA0B,EAAE,0BAA0B,EAAC,MAAM,mCAAmC,CAAA;AACxG,OAAO,EAAC,kBAAkB,EAAC,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAC,6BAA6B,EAAE,6BAA6B,EAAC,MAAM,iBAAiB,CAAA;AAC5F,OAAO,EAAC,oBAAoB,EAAC,MAAM,eAAe,CAAA;AAClD,OAAO,EAAC,aAAa,EAAE,WAAW,EAAE,WAAW,EAAC,MAAM,6BAA6B,CAAA;AACnF,OAAO,EAAC,aAAa,EAAE,UAAU,EAAE,aAAa,EAAC,MAAM,oCAAoC,CAAA;AAC3F,OAAO,EAAC,UAAU,EAAE,QAAQ,EAAC,MAAM,4BAA4B,CAAA;AAC/D,OAAO,EAAC,eAAe,EAAC,MAAM,mCAAmC,CAAA;AACjE,OAAO,EAAC,kBAAkB,EAAE,YAAY,EAAE,YAAY,EAAC,MAAM,mCAAmC,CAAA;AAChG,OAAO,EAAC,OAAO,EAAC,MAAM,6BAA6B,CAAA;AACnD,OAAO,EAAC,QAAQ,EAAC,MAAM,yBAAyB,CAAA;AAChD,OAAO,EAAC,2BAA2B,EAAE,gBAAgB,EAAC,MAAM,kCAAkC,CAAA;AAC9F,OAAO,EAAC,GAAG,EAAC,MAAM,iBAAiB,CAAA;AAEnC,OAAO,EAAC,eAAe,EAAE,UAAU,EAAE,UAAU,EAAC,MAAM,8BAA8B,CAAA;AACpF,OAAO,EAAC,QAAQ,EAAC,MAAM,yCAAyC,CAAA;AAChE,OAAO,EAAC,MAAM,EAAC,MAAM,oCAAoC,CAAA;AACzD,OAAO,EAAC,aAAa,EAAC,MAAM,8BAA8B,CAAA;AA2E1D,IAAI,MAA0B,CAAA;AAC9B,IAAI,UAAU,GAAe,MAAM,CAAA;AAEnC;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAA;IAC1D,IAAI,YAAY;QAAE,OAAO,YAAY,CAAA;IAErC,MAAM,WAAW,GAAG,gBAAgB,EAAE,IAAI,UAAU,EAAE,CAAA;IACtD,OAAO,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;AAC7D,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,EAAU;IACnD,MAAM,GAAG,EAAE,CAAA;AACb,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,UAAU,KAAK,MAAM;QAAE,OAAO,UAAU,CAAA;IAE5C,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAA;IAC1D,IAAI,YAAY;QAAE,OAAO,aAAa,CAAA;IAEtC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAA;IACxC,IAAI,aAAa;QAAE,OAAO,gBAAgB,CAAA;IAE1C,MAAM,aAAa,GAAG,UAAU,EAAE,CAAA;IAClC,IAAI,aAAa,EAAE;QACjB,OAAO,oBAAoB,CAAC,EAAC,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,EAAE,EAAC,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,kBAAkB,CAAA;KAC/G;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,MAAkB;IACtD,UAAU,GAAG,MAAM,CAAA;AACrB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,YAA+B,EAC/B,IAAwB,EACxB,EAAC,YAAY,GAAG,KAAK,EAAE,QAAQ,GAAG,KAAK,KAAkD,EAAE;IAE3F,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IAEjC,MAAM,iBAAiB,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC1D,IAAI,iBAAiB,EAAE;QACrB,MAAM,mBAAmB,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CAAC,CAAA;QACvE,IAAI,iBAAiB,KAAK,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE;YAC1D,YAAY,CAAC,QAAQ,CAAC,SAAS,GAAG,mBAAmB,CAAA;SACtD;KACF;IAED,MAAM,cAAc,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IACxD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAE,CAAA;IACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAE7C,WAAW,CAAC,aAAa,CAAA;EACzB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;;EAExB,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC;CAC/B,CAAC,CAAA;IACA,MAAM,gBAAgB,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;IAEjF,IAAI,UAAU,GAAG,EAAE,CAAA;IAEnB,SAAS,eAAe;QACtB,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAAE,OAAM;QACtD,MAAM,IAAI,UAAU,CAClB;;4DAEsD,EACtD,6NAA6N,CAC9N,CAAA;IACH,CAAC;IAED,IAAI,gBAAgB,KAAK,iBAAiB,EAAE;QAC1C,eAAe,EAAE,CAAA;QACjB,WAAW,CAAC,aAAa,CAAA,4CAA4C,CAAC,CAAA;QACtE,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;KAC3D;SAAM,IAAI,gBAAgB,KAAK,eAAe,IAAI,YAAY,EAAE;QAC/D,WAAW,CAAC,aAAa,CAAA,+DAA+D,CAAC,CAAA;QACzF,IAAI;YACF,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,CAAA;SAC3E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,iBAAiB,EAAE;gBACtC,eAAe,EAAE,CAAA;gBACjB,UAAU,GAAG,MAAM,mBAAmB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;aAC3D;iBAAM,IAAI,KAAK,YAAY,mBAAmB,EAAE;gBAC/C,MAAM,WAAW,CAAC,MAAM,EAAE,CAAA;gBAC1B,MAAM,IAAI,UAAU,CAAC,iCAAiC,EAAE,qDAAqD,CAAC,CAAA;aAC/G;iBAAM;gBACL,MAAM,KAAK,CAAA;aACZ;SACF;KACF;IAED,MAAM,eAAe,GAAY,EAAC,GAAG,cAAc,EAAE,GAAG,UAAU,EAAC,CAAA;IAEnE,8CAA8C;IAC9C,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;IAChF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAEnE,uDAAuD;IACvD,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAA;IACnC,IAAI,QAAQ,IAAI,YAAY,CAAC,WAAW,EAAE;QACxC,MAAM,CAAC,QAAQ,GAAG,CAAC,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAA;KAC3E;IACD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE;QAChC,MAAM,2BAA2B,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;KAClE;IAED,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAA;IAClE,0BAA0B,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACzC,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,mBAAmB,CAAC,YAA+B,EAAE,YAAoB;IACtF,MAAM,MAAM,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;IAC7C,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAA;IAC9C,IAAI,aAAa,EAAE,EAAE;QACnB,WAAW,CAAC,aAAa,CAAA,uCAAuC,CAAC,CAAA;QACjE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;KACxB;IAED,IAAI,aAA4B,CAAA;IAChC,MAAM,wBAAwB,GAAG,2BAA2B,EAAE,CAAA;IAC9D,IAAI,wBAAwB,EAAE;QAC5B,aAAa,GAAG,yBAAyB,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAA;KAC5E;SAAM,IAAI,aAAa,EAAE,EAAE;QAC1B,iEAAiE;QACjE,WAAW,CAAC,aAAa,CAAA,yCAAyC,CAAC,CAAA;QACnE,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAA;QAE3D,8BAA8B;QAC9B,WAAW,CAAC,aAAa,CAAA,4CAA4C,CAAC,CAAA;QACtE,aAAa,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAA;KAC7F;SAAM;QACL,6BAA6B;QAC7B,WAAW,CAAC,aAAa,CAAA,2CAA2C,CAAC,CAAA;QACrE,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAA;QAEpC,mCAAmC;QACnC,WAAW,CAAC,aAAa,CAAA,+DAA+D,CAAC,CAAA;QACzF,aAAa,GAAG,MAAM,0BAA0B,CAAC,IAAI,CAAC,CAAA;KACvD;IAED,iDAAiD;IACjD,WAAW,CAAC,aAAa,CAAA,6DAA6D,CAAC,CAAA;IACvF,MAAM,MAAM,GAAG,MAAM,kCAAkC,CAAC,aAAa,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;IAE7F,MAAM,OAAO,GAAY;QACvB,CAAC,YAAY,CAAC,EAAE;YACd,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,MAAM;SACrB;KACF,CAAA;IAED,eAAe,CAAC,YAAY,CAAC,CAAA;IAE7B,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,2BAA2B,CAAC,aAAqB,EAAE,MAA0B;IAC1F,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAE,OAAM;IAExD,WAAW,CAAC,aAAa,CAAA,oDAAoD,CAAC,CAAA;IAC9E,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,EAAE;QACrD,UAAU,CAAC,yDAAyD,CAAC,CAAA;QACrE,UAAU,CAAC,gCAAgC,CAAC,CAAA;QAC5C,MAAM,QAAQ,EAAE,CAAA;QAChB,MAAM,OAAO,CAAC,WAAW,MAAM,YAAY,EAAE,SAAS,CAAC,CAAA;QACvD,UAAU,CAAC,aAAa,CAAA,kCAAkC,WAAW,CAAC,IAAI,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAA;QACzG,UAAU,CAAC,aAAa,CAAA,qFAAqF,CAAC,CAAA;QAC9G,MAAM,QAAQ,EAAE,CAAA;QAChB,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,EAAE;YACrD,MAAM,IAAI,UAAU,CAClB,kDAAkD,EAClD,gEAAgE,CACjE,CAAA;SACF;KACF;AACH,CAAC;AAED,0DAA0D;AAC1D,MAAM,oBAAoB,GAAG,GAAG,CAAA;;;;;;;;CAQ/B,CAAA;AAED;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAAC,aAAqB,EAAE,MAAe;IACrE,MAAM,QAAQ,GAAG,MAAM,IAAI,aAAa,CAAA;IACxC,MAAM,YAAY,GAAG,6BAA6B,CAAC,QAAQ,CAAC,CAAA;IAE5D,IAAI,YAAY,EAAE;QAChB,WAAW,CAAC,6CAA6C,CAAC,CAAA;QAC1D,OAAO,IAAI,CAAA;KACZ;IAED,IAAI;QACF,MAAM,eAAe,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAA;QAC1D,6BAA6B,CAAC,QAAQ,CAAC,CAAA;QACvC,OAAO,IAAI,CAAA;QACX,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,KAAK,YAAY,kBAAkB,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE;YACnE,OAAO,KAAK,CAAA;SACb;aAAM;YACL,OAAO,IAAI,CAAA;SACZ;KACF;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,aAAa,CAAC,KAAoB,EAAE,YAA+B,EAAE,IAAY;IAC9F,yBAAyB;IACzB,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;IACrD,qDAAqD;IACrD,MAAM,cAAc,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;IACtD,MAAM,iBAAiB,GAAG,MAAM,kCAAkC,CAChE,aAAa,EACb,cAAc,EACd,YAAY,CAAC,QAAQ,EAAE,SAAS,CACjC,CAAA;IAED,OAAO;QACL,CAAC,IAAI,CAAC,EAAE;YACN,QAAQ,EAAE,aAAa;YACvB,YAAY,EAAE,iBAAiB;SAChC;KACF,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,SAAS,CAAC,YAA+B,EAAE,OAAgB,EAAE,IAAY;IACtF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,QAAQ,CAAC,+CAA+C,CAAC,CAAA;KACpE;IACD,MAAM,MAAM,GAAiB;QAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;KACpC,CAAA;IACD,IAAI,YAAY,CAAC,QAAQ,EAAE;QACzB,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,WAAW,CAAA;QAC9D,IAAI,KAAK,EAAE;YACT,MAAM,CAAC,KAAK,GAAG,EAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAC,CAAA;SACnE;KACF;IAED,IAAI,YAAY,CAAC,WAAW,EAAE;QAC5B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KAC/D;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE;QACtC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,CAAC,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACjE;IAED,IAAI,YAAY,CAAC,mBAAmB,EAAE;QACpC,MAAM,KAAK,GAAG,aAAa,CAAC,mBAAmB,CAAC,CAAA;QAChD,MAAM,CAAC,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACvE;IAED,IAAI,YAAY,CAAC,gBAAgB,EAAE;QACjC,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAC7C,MAAM,CAAC,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,WAAW,CAAA;KACpE;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,gBAAgB;AAChB;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC3D,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC/D,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,EAAE,MAAM,IAAI,EAAE,CAAA;IACzD,MAAM,eAAe,GAAG,CAAC,GAAG,KAAK,EAAE,GAAG,OAAO,EAAE,GAAG,UAAU,EAAE,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAA;IACpG,OAAO,gBAAgB,CAAC,eAAe,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAA;IAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,EAAE,MAAM,IAAI,EAAE,CAAA;IACjE,MAAM,sBAAsB,GAAG,IAAI,CAAC,mBAAmB,EAAE,MAAM,IAAI,EAAE,CAAA;IACrE,MAAM,mBAAmB,GAAG,IAAI,CAAC,gBAAgB,EAAE,MAAM,IAAI,EAAE,CAAA;IAC/D,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC;QACrC,QAAQ,EAAE,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC;QAC7C,UAAU,EAAE,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;QAC9D,gBAAgB,EAAE,SAAS,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;QACxE,aAAa,EAAE,SAAS,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;KAChE,CAAA;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,MAAgB,EAChB,wBAAqF;IAErF,OAAO;QACL,GAAG,wBAAwB;QAC3B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC1D,MAAM;KACP,CAAA;AACH,CAAC","sourcesContent":["import {applicationId} from './session/identity.js'\nimport {validateSession} from './session/validate.js'\nimport {allDefaultScopes, apiScopes} from './session/scopes.js'\nimport {\n  exchangeAccessForApplicationTokens,\n  exchangeCodeForAccessToken,\n  exchangeCustomPartnerToken,\n  ExchangeScopes,\n  refreshAccessToken,\n  InvalidGrantError,\n  InvalidRequestError,\n} from './session/exchange.js'\nimport {authorize} from './session/authorize.js'\nimport {IdentityToken, Session} from './session/schema.js'\nimport * as secureStore from './session/store.js'\nimport {pollForDeviceAuthorization, requestDeviceAuthorization} from './session/device-authorization.js'\nimport {RequestClientError} from './api/headers.js'\nimport {getCachedPartnerAccountStatus, setCachedPartnerAccountStatus} from './conf-store.js'\nimport {isThemeAccessSession} from './api/rest.js'\nimport {outputContent, outputToken, outputDebug} from '../../public/node/output.js'\nimport {firstPartyDev, themeToken, useDeviceAuth} from '../../public/node/context/local.js'\nimport {AbortError, BugError} from '../../public/node/error.js'\nimport {partnersRequest} from '../../public/node/api/partners.js'\nimport {normalizeStoreFqdn, partnersFqdn, identityFqdn} from '../../public/node/context/fqdn.js'\nimport {openURL} from '../../public/node/system.js'\nimport {keypress} from '../../public/node/ui.js'\nimport {getIdentityTokenInformation, getPartnersToken} from '../../public/node/environment.js'\nimport {gql} from 'graphql-request'\nimport {AdminSession} from '@shopify/cli-kit/node/session'\nimport {outputCompleted, outputInfo, outputWarn} from '@shopify/cli-kit/node/output'\nimport {isTruthy} from '@shopify/cli-kit/node/context/utilities'\nimport {isSpin} from '@shopify/cli-kit/node/context/spin'\nimport {nonRandomUUID} from '@shopify/cli-kit/node/crypto'\n\n/**\n * A scope supported by the Shopify Admin API.\n */\ntype AdminAPIScope = 'graphql' | 'themes' | 'collaborator' | string\n\n/**\n * It represents the options to authenticate against the Shopify Admin API.\n */\n\ninterface AdminAPIOAuthOptions {\n  /** Store to request permissions for. */\n  storeFqdn: string\n  /** List of scopes to request permissions for. */\n  scopes: AdminAPIScope[]\n}\n\n/**\n * A scope supported by the Partners API.\n */\ntype PartnersAPIScope = 'cli' | string\ninterface PartnersAPIOAuthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: PartnersAPIScope[]\n}\n\n/**\n * A scope supported by the Developer Platform API.\n */\ntype AppManagementAPIScope = 'https://api.shopify.com/auth/organization.apps.manage' | string\ninterface AppManagementAPIOauthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: AppManagementAPIScope[]\n}\n\n/**\n * A scope supported by the Storefront Renderer API.\n */\ntype StorefrontRendererScope = 'devtools' | string\ninterface StorefrontRendererAPIOAuthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: StorefrontRendererScope[]\n}\n\ntype BusinessPlatformScope = 'destinations' | string\ninterface BusinessPlatformAPIOAuthOptions {\n  /** List of scopes to request permissions for. */\n  scopes: BusinessPlatformScope[]\n}\n\n/**\n * It represents the authentication requirements and\n * is the input necessary to trigger the authentication\n * flow.\n */\nexport interface OAuthApplications {\n  adminApi?: AdminAPIOAuthOptions\n  storefrontRendererApi?: StorefrontRendererAPIOAuthOptions\n  partnersApi?: PartnersAPIOAuthOptions\n  businessPlatformApi?: BusinessPlatformAPIOAuthOptions\n  appManagementApi?: AppManagementAPIOauthOptions\n}\n\nexport interface OAuthSession {\n  admin?: AdminSession\n  partners?: string\n  storefront?: string\n  businessPlatform?: string\n  appManagement?: string\n  userId: string\n}\n\ntype AuthMethod = 'partners_token' | 'device_auth' | 'theme_access_token' | 'custom_app_token' | 'none'\n\nlet userId: undefined | string\nlet authMethod: AuthMethod = 'none'\n\n/**\n * Retrieves the user ID from the current session or returns 'unknown' if not found.\n *\n * This function performs the following steps:\n * 1. Checks for a cached user ID in memory (obtained in the current run).\n * 2. Attempts to fetch it from the secure store (from a previous auth session).\n * 3. Checks if a custom token was used (either as a theme password or partners token).\n * 4. If a custom token is present in the environment, generates a UUID and uses it as userId.\n * 5. If after all this we don't have a userId, then reports as 'unknown'.\n *\n * @returns A Promise that resolves to the user ID as a string.\n */\nexport async function getLastSeenUserIdAfterAuth(): Promise<string> {\n  if (userId) return userId\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdn = await identityFqdn()\n  const cachedUserId = currentSession[fqdn]?.identity.userId\n  if (cachedUserId) return cachedUserId\n\n  const customToken = getPartnersToken() ?? themeToken()\n  return customToken ? nonRandomUUID(customToken) : 'unknown'\n}\n\nexport function setLastSeenUserIdAfterAuth(id: string) {\n  userId = id\n}\n\n/**\n * Retrieves the last seen authentication method used in the current session.\n *\n * This function checks for the authentication method in the following order:\n * 1. Returns the cached auth method if it's not 'none'.\n * 2. Checks for a cached session, which implies 'device_auth' was used.\n * 3. Checks for a partners token in the environment.\n * 4. Checks for a theme password in the environment.\n * 5. If none of the above are true, returns 'none'.\n *\n * @returns A Promise that resolves to the last seen authentication method as an AuthMethod type.\n */\nexport async function getLastSeenAuthMethod(): Promise<AuthMethod> {\n  if (authMethod !== 'none') return authMethod\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdn = await identityFqdn()\n  const cachedUserId = currentSession[fqdn]?.identity.userId\n  if (cachedUserId) return 'device_auth'\n\n  const partnersToken = getPartnersToken()\n  if (partnersToken) return 'partners_token'\n\n  const themePassword = themeToken()\n  if (themePassword) {\n    return isThemeAccessSession({token: themePassword, storeFqdn: ''}) ? 'theme_access_token' : 'custom_app_token'\n  }\n\n  return 'none'\n}\n\nexport function setLastSeenAuthMethod(method: AuthMethod) {\n  authMethod = method\n}\n\n/**\n * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.\n *\n * @param applications - An object containing the applications we need to be authenticated with.\n * @param _env - Optional environment variables to use.\n * @param forceRefresh - Optional flag to force a refresh of the token.\n * @returns An instance with the access tokens organized by application.\n */\nexport async function ensureAuthenticated(\n  applications: OAuthApplications,\n  _env?: NodeJS.ProcessEnv,\n  {forceRefresh = false, noPrompt = false}: {forceRefresh?: boolean; noPrompt?: boolean} = {},\n): Promise<OAuthSession> {\n  const fqdn = await identityFqdn()\n\n  const previousStoreFqdn = applications.adminApi?.storeFqdn\n  if (previousStoreFqdn) {\n    const normalizedStoreName = await normalizeStoreFqdn(previousStoreFqdn)\n    if (previousStoreFqdn === applications.adminApi?.storeFqdn) {\n      applications.adminApi.storeFqdn = normalizedStoreName\n    }\n  }\n\n  const currentSession = (await secureStore.fetch()) || {}\n  const fqdnSession = currentSession[fqdn]!\n  const scopes = getFlattenScopes(applications)\n\n  outputDebug(outputContent`Validating existing session against the scopes:\n${outputToken.json(scopes)}\nFor applications:\n${outputToken.json(applications)}\n`)\n  const validationResult = await validateSession(scopes, applications, fqdnSession)\n\n  let newSession = {}\n\n  function throwOnNoPrompt() {\n    if (!noPrompt || (isSpin() && firstPartyDev())) return\n    throw new AbortError(\n      `The currently available CLI credentials are invalid.\n\nThe CLI is currently unable to prompt for reauthentication.`,\n      'Restart the CLI process you were running. If in an interactive terminal, you will be prompted to reauthenticate. If in a non-interactive terminal, ensure the correct credentials are available in the program environment.',\n    )\n  }\n\n  if (validationResult === 'needs_full_auth') {\n    throwOnNoPrompt()\n    outputDebug(outputContent`Initiating the full authentication flow...`)\n    newSession = await executeCompleteFlow(applications, fqdn)\n  } else if (validationResult === 'needs_refresh' || forceRefresh) {\n    outputDebug(outputContent`The current session is valid but needs refresh. Refreshing...`)\n    try {\n      newSession = await refreshTokens(fqdnSession.identity, applications, fqdn)\n    } catch (error) {\n      if (error instanceof InvalidGrantError) {\n        throwOnNoPrompt()\n        newSession = await executeCompleteFlow(applications, fqdn)\n      } else if (error instanceof InvalidRequestError) {\n        await secureStore.remove()\n        throw new AbortError('\\nError validating auth session', \"We've cleared the current session, please try again\")\n      } else {\n        throw error\n      }\n    }\n  }\n\n  const completeSession: Session = {...currentSession, ...newSession}\n\n  // Save the new session info if it has changed\n  if (Object.keys(newSession).length > 0) await secureStore.store(completeSession)\n  const tokens = await tokensFor(applications, completeSession, fqdn)\n\n  // Overwrite partners token if using a custom CLI Token\n  const envToken = getPartnersToken()\n  if (envToken && applications.partnersApi) {\n    tokens.partners = (await exchangeCustomPartnerToken(envToken)).accessToken\n  }\n  if (!envToken && tokens.partners) {\n    await ensureUserHasPartnerAccount(tokens.partners, tokens.userId)\n  }\n\n  setLastSeenAuthMethod(envToken ? 'partners_token' : 'device_auth')\n  setLastSeenUserIdAfterAuth(tokens.userId)\n  return tokens\n}\n\n/**\n * Execute the full authentication flow.\n *\n * @param applications - An object containing the applications we need to be authenticated with.\n * @param identityFqdn - The identity FQDN.\n */\nasync function executeCompleteFlow(applications: OAuthApplications, identityFqdn: string): Promise<Session> {\n  const scopes = getFlattenScopes(applications)\n  const exchangeScopes = getExchangeScopes(applications)\n  const store = applications.adminApi?.storeFqdn\n  if (firstPartyDev()) {\n    outputDebug(outputContent`Authenticating as Shopify Employee...`)\n    scopes.push('employee')\n  }\n\n  let identityToken: IdentityToken\n  const identityTokenInformation = getIdentityTokenInformation()\n  if (identityTokenInformation) {\n    identityToken = buildIdentityTokenFromEnv(scopes, identityTokenInformation)\n  } else if (useDeviceAuth()) {\n    // Request a device code to authorize without a browser redirect.\n    outputDebug(outputContent`Requesting device authorization code...`)\n    const deviceAuth = await requestDeviceAuthorization(scopes)\n\n    // Poll for the identity token\n    outputDebug(outputContent`Starting polling for the identity token...`)\n    identityToken = await pollForDeviceAuthorization(deviceAuth.deviceCode, deviceAuth.interval)\n  } else {\n    // Authorize user via browser\n    outputDebug(outputContent`Authorizing through Identity's website...`)\n    const code = await authorize(scopes)\n\n    // Exchange code for identity token\n    outputDebug(outputContent`Authorization code received. Exchanging it for a CLI token...`)\n    identityToken = await exchangeCodeForAccessToken(code)\n  }\n\n  // Exchange identity token for application tokens\n  outputDebug(outputContent`CLI token received. Exchanging it for application tokens...`)\n  const result = await exchangeAccessForApplicationTokens(identityToken, exchangeScopes, store)\n\n  const session: Session = {\n    [identityFqdn]: {\n      identity: identityToken,\n      applications: result,\n    },\n  }\n\n  outputCompleted('Logged in.')\n\n  return session\n}\n\n/**\n * If the user creates an account from the Identity website, the created\n * account won't get a Partner organization created. We need to detect that\n * and take the user to create a partner organization.\n *\n * @param partnersToken - Partners token.\n */\nasync function ensureUserHasPartnerAccount(partnersToken: string, userId: string | undefined) {\n  if (isTruthy(process.env.USE_APP_MANAGEMENT_API)) return\n\n  outputDebug(outputContent`Verifying that the user has a Partner organization`)\n  if (!(await hasPartnerAccount(partnersToken, userId))) {\n    outputInfo(`\\nA Shopify Partners organization is needed to proceed.`)\n    outputInfo(`👉 Press any key to create one`)\n    await keypress()\n    await openURL(`https://${await partnersFqdn()}/signup`)\n    outputInfo(outputContent`👉 Press any key when you have ${outputToken.cyan('created the organization')}`)\n    outputWarn(outputContent`Make sure you've confirmed your Shopify and the Partner organization from the email`)\n    await keypress()\n    if (!(await hasPartnerAccount(partnersToken, userId))) {\n      throw new AbortError(\n        `Couldn't find your Shopify Partners organization`,\n        `Have you confirmed your accounts from the emails you received?`,\n      )\n    }\n  }\n}\n\n// eslint-disable-next-line @shopify/cli/no-inline-graphql\nconst getFirstOrganization = gql`\n  {\n    organizations(first: 1) {\n      nodes {\n        id\n      }\n    }\n  }\n`\n\n/**\n * Validate if the current token is valid for partners API.\n *\n * @param partnersToken - Partners token.\n * @returns A promise that resolves to true if the token is valid for partners API.\n */\nasync function hasPartnerAccount(partnersToken: string, userId?: string): Promise<boolean> {\n  const cacheKey = userId ?? partnersToken\n  const cachedStatus = getCachedPartnerAccountStatus(cacheKey)\n\n  if (cachedStatus) {\n    outputDebug(`Confirmed partner account exists from cache`)\n    return true\n  }\n\n  try {\n    await partnersRequest(getFirstOrganization, partnersToken)\n    setCachedPartnerAccountStatus(cacheKey)\n    return true\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    if (error instanceof RequestClientError && error.statusCode === 404) {\n      return false\n    } else {\n      return true\n    }\n  }\n}\n\n/**\n * Refresh the tokens for a given session.\n *\n * @param token - Identity token.\n * @param applications - An object containing the applications we need to be authenticated with.\n * @param fqdn - The identity FQDN.\n */\nasync function refreshTokens(token: IdentityToken, applications: OAuthApplications, fqdn: string): Promise<Session> {\n  // Refresh Identity Token\n  const identityToken = await refreshAccessToken(token)\n  // Exchange new identity token for application tokens\n  const exchangeScopes = getExchangeScopes(applications)\n  const applicationTokens = await exchangeAccessForApplicationTokens(\n    identityToken,\n    exchangeScopes,\n    applications.adminApi?.storeFqdn,\n  )\n\n  return {\n    [fqdn]: {\n      identity: identityToken,\n      applications: applicationTokens,\n    },\n  }\n}\n\n/**\n * Get the application tokens for a given session.\n *\n * @param applications - An object containing the applications we need the tokens for.\n * @param session - The current session.\n * @param fqdn - The identity FQDN.\n */\nasync function tokensFor(applications: OAuthApplications, session: Session, fqdn: string): Promise<OAuthSession> {\n  const fqdnSession = session[fqdn]\n  if (!fqdnSession) {\n    throw new BugError('No session found after ensuring authenticated')\n  }\n  const tokens: OAuthSession = {\n    userId: fqdnSession.identity.userId,\n  }\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = fqdnSession.applications[realAppId]?.accessToken\n    if (token) {\n      tokens.admin = {token, storeFqdn: applications.adminApi.storeFqdn}\n    }\n  }\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    tokens.partners = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    tokens.storefront = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.businessPlatformApi) {\n    const appId = applicationId('business-platform')\n    tokens.businessPlatform = fqdnSession.applications[appId]?.accessToken\n  }\n\n  if (applications.appManagementApi) {\n    const appId = applicationId('app-management')\n    tokens.appManagement = fqdnSession.applications[appId]?.accessToken\n  }\n\n  return tokens\n}\n\n// Scope Helpers\n/**\n * Get a flattened array of scopes for the given applications.\n *\n * @param apps - An object containing the applications we need the scopes for.\n * @returns A flattened array of scopes.\n */\nfunction getFlattenScopes(apps: OAuthApplications): string[] {\n  const admin = apps.adminApi?.scopes || []\n  const partner = apps.partnersApi?.scopes || []\n  const storefront = apps.storefrontRendererApi?.scopes || []\n  const businessPlatform = apps.businessPlatformApi?.scopes || []\n  const appManagement = apps.appManagementApi?.scopes || []\n  const requestedScopes = [...admin, ...partner, ...storefront, ...businessPlatform, ...appManagement]\n  return allDefaultScopes(requestedScopes)\n}\n\n/**\n * Get the scopes for the given applications.\n *\n * @param apps - An object containing the applications we need the scopes for.\n * @returns An object containing the scopes for each application.\n */\nfunction getExchangeScopes(apps: OAuthApplications): ExchangeScopes {\n  const adminScope = apps.adminApi?.scopes || []\n  const partnerScope = apps.partnersApi?.scopes || []\n  const storefrontScopes = apps.storefrontRendererApi?.scopes || []\n  const businessPlatformScopes = apps.businessPlatformApi?.scopes || []\n  const appManagementScopes = apps.appManagementApi?.scopes || []\n  return {\n    admin: apiScopes('admin', adminScope),\n    partners: apiScopes('partners', partnerScope),\n    storefront: apiScopes('storefront-renderer', storefrontScopes),\n    businessPlatform: apiScopes('business-platform', businessPlatformScopes),\n    appManagement: apiScopes('app-management', appManagementScopes),\n  }\n}\n\nfunction buildIdentityTokenFromEnv(\n  scopes: string[],\n  identityTokenInformation: {accessToken: string; refreshToken: string; userId: string},\n) {\n  return {\n    ...identityTokenInformation,\n    expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000),\n    scopes,\n  }\n}\n"]}

package/dist/public/common/url.d.ts

@@ -6,3 +6,10 @@
  * @throws An error if URL's constructor throws an error other than `TypeError`.
  */
 export declare function isValidURL(url: string): boolean;
+/**
+ * Safely parse a string into a URL.
+ *
+ * @param url - The string to parse into a URL.
+ * @returns A URL object if the parsing is successful, undefined otherwise.
+ */
+export declare function safeParseURL(url: string): URL | undefined;

package/dist/public/common/url.js

@@ -15,4 +15,19 @@ export function isValidURL(url) {
         throw error;
     }
 }
+/**
+ * Safely parse a string into a URL.
+ *
+ * @param url - The string to parse into a URL.
+ * @returns A URL object if the parsing is successful, undefined otherwise.
+ */
+export function safeParseURL(url) {
+    try {
+        return new URL(url);
+        // eslint-disable-next-line no-catch-all/no-catch-all
+    }
+    catch (error) {
+        return undefined;
+    }
+}
 //# sourceMappingURL=url.js.map

package/dist/public/common/url.js.map

@@ -1 +1 @@
-{"version":3,"file":"url.js","sourceRoot":"","sources":["../../../src/public/common/url.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI;QACF,OAAO,OAAO,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;KAC7B;IAAC,OAAO,KAAc,EAAE;QACvB,IAAI,KAAK,YAAY,SAAS;YAAE,OAAO,KAAK,CAAA;QAC5C,MAAM,KAAK,CAAA;KACZ;AACH,CAAC","sourcesContent":["/**\n * Check if the format of a URL is valid or not.\n *\n * @param url - URL to be checked.\n * @returns True if the URL is valid, false otherwise.\n * @throws An error if URL's constructor throws an error other than `TypeError`.\n */\nexport function isValidURL(url: string): boolean {\n  try {\n    return Boolean(new URL(url))\n  } catch (error: unknown) {\n    if (error instanceof TypeError) return false\n    throw error\n  }\n}\n"]}
+{"version":3,"file":"url.js","sourceRoot":"","sources":["../../../src/public/common/url.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI;QACF,OAAO,OAAO,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;KAC7B;IAAC,OAAO,KAAc,EAAE;QACvB,IAAI,KAAK,YAAY,SAAS;YAAE,OAAO,KAAK,CAAA;QAC5C,MAAM,KAAK,CAAA;KACZ;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,IAAI;QACF,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;QACnB,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,SAAS,CAAA;KACjB;AACH,CAAC","sourcesContent":["/**\n * Check if the format of a URL is valid or not.\n *\n * @param url - URL to be checked.\n * @returns True if the URL is valid, false otherwise.\n * @throws An error if URL's constructor throws an error other than `TypeError`.\n */\nexport function isValidURL(url: string): boolean {\n  try {\n    return Boolean(new URL(url))\n  } catch (error: unknown) {\n    if (error instanceof TypeError) return false\n    throw error\n  }\n}\n\n/**\n * Safely parse a string into a URL.\n *\n * @param url - The string to parse into a URL.\n * @returns A URL object if the parsing is successful, undefined otherwise.\n */\nexport function safeParseURL(url: string): URL | undefined {\n  try {\n    return new URL(url)\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    return undefined\n  }\n}\n"]}

package/dist/public/common/version.d.ts

@@ -1 +1 @@
-export declare const CLI_KIT_VERSION = "3.67.2";
+export declare const CLI_KIT_VERSION = "3.68.0";

package/dist/public/common/version.js

@@ -1,2 +1,2 @@
-export const CLI_KIT_VERSION = '3.67.2';
+export const CLI_KIT_VERSION = '3.68.0';
 //# sourceMappingURL=version.js.map

package/dist/public/common/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/public/common/version.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAA","sourcesContent":["export const CLI_KIT_VERSION = '3.67.2'\n"]}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/public/common/version.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAA","sourcesContent":["export const CLI_KIT_VERSION = '3.68.0'\n"]}

package/dist/public/node/analytics.js

@@ -9,6 +9,7 @@ import { CLI_KIT_VERSION } from '../common/version.js';
 import { recordMetrics } from '../../private/node/otel-metrics.js';
 import { runWithRateLimit } from '../../private/node/conf-store.js';
 import { reportingRateLimit } from '../../private/node/constants.js';
+import { getLastSeenUserIdAfterAuth } from '../../private/node/session.js';
 /**
  * Report an analytics event, sending it off to Monorail -- Shopify's internal analytics service.
  *
@@ -116,6 +117,7 @@ async function buildPayload({ config, errorMessage, exitMode }) {
             ...publicMetadata,
             cmd_all_timing_active_ms: totalTimeWithoutSubtimers,
             cmd_all_exit: exitMode,
+            user_id: await getLastSeenUserIdAfterAuth(),
         },
         sensitive: {
             args: startArgs.join(' '),

package/dist/public/node/analytics.js.map

@@ -1 +1 @@
-{"version":3,"file":"analytics.js","sourceRoot":"","sources":["../../../src/public/node/analytics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,OAAO,IAAI,WAAW,EAAC,MAAM,WAAW,CAAA;AAChD,OAAO,EAAC,kBAAkB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,SAAS,EAAC,MAAM,oBAAoB,CAAA;AACrG,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAA;AACzC,OAAO,EAAC,oBAAoB,EAAE,sBAAsB,EAAC,MAAM,eAAe,CAAA;AAC1E,OAAO,EAAC,WAAW,EAAC,MAAM,cAAc,CAAA;AAExC,OAAO,EAAC,aAAa,EAAE,WAAW,EAAE,WAAW,EAAC,MAAM,6BAA6B,CAAA;AACnF,OAAO,EAAC,kBAAkB,EAAE,2BAA2B,EAAC,MAAM,iCAAiC,CAAA;AAC/F,OAAO,EAAC,eAAe,EAAC,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAC,aAAa,EAAC,MAAM,oCAAoC,CAAA;AAChE,OAAO,EAAC,gBAAgB,EAAC,MAAM,kCAAkC,CAAA;AACjE,OAAO,EAAC,kBAAkB,EAAC,MAAM,iCAAiC,CAAA;AAiBlE;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAoC;IAC7E,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;QAC3C,IAAI,OAAO,KAAK,SAAS,EAAE;YACzB,iBAAiB;YACjB,OAAM;SACP;QAED,IAAI,eAAe,GAAG,KAAK,CAAA;QAC3B,MAAM,gBAAgB,CAAC;YACrB,GAAG,EAAE,wBAAwB;YAC7B,GAAG,kBAAkB;YACrB,IAAI,EAAE,KAAK,IAAI,EAAE;gBACf,eAAe,GAAG,IAAI,CAAA;YACxB,CAAC;SACF,CAAC,CAAA;QACF,IAAI,CAAC,eAAe,EAAE;YACpB,WAAW,CAAC,aAAa,CAAA,6DAA6D,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAClH,OAAM;SACP;QAED,MAAM,qBAAqB,GAAG,CAAC,kBAAkB,EAAE,IAAI,iBAAiB,EAAE,CAAA;QAC1E,MAAM,mBAAmB,GAAG,CAAC,gBAAgB,EAAE,IAAI,iBAAiB,EAAE,CAAA;QACtE,IAAI,qBAAqB,IAAI,mBAAmB,EAAE;YAChD,WAAW,CAAC,aAAa,CAAA,wCAAwC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;SAC9F;QAED,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC5B,IAAI,qBAAqB,EAAE;gBACzB,OAAM;aACP;YACD,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,sBAAsB,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;YACtG,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE;gBAC7B,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;aAC9B;QACH,CAAC,CAAA;QACD,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;YACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,wBAAwB,IAAI,CAAC,CAAA;YAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,yBAAyB,IAAI,CAAC,CAAA;YAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,yBAAyB,IAAI,CAAC,CAAA;YAE5D,OAAO,aAAa,CAClB;gBACE,mBAAmB;gBACnB,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;gBACtC,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,cAAc,IAAI,cAAc;gBAC7D,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;gBAC/B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,EACD;gBACE,MAAM;gBACN,OAAO;gBACP,MAAM;aACP,CACF,CAAA;QACH,CAAC,CAAA;QACD,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC,CAAA;QAEpD,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,OAAO,GAAG,kCAAkC,CAAA;QAChD,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SAC/C;QACD,WAAW,CAAC,OAAO,CAAC,CAAA;KACrB;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,EAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAA8B;IACvF,MAAM,EAAC,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,EAAC,GAAG,QAAQ,CAAC,uBAAuB,EAAE,CAAA;IACxG,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,WAAW,CAAC,oEAAoE,CAAC,CAAA;QACjF,OAAM;KACP;IACD,MAAM,EAAC,YAAY,EAAE,SAAS,EAAE,SAAS,EAAC,GAAG,mBAAmB,CAAA;IAChE,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAA;IAExC,8DAA8D;IAC9D,MAAM,EAAC,cAAc,EAAE,qBAAqB,EAAE,GAAG,qBAAqB,EAAC,GAAG,MAAM,WAAW,CACzF,MAAM,EACN,yBAAyB,EACzB,EAAE,CACH,CAAA;IACD,MAAM,EAAC,cAAc,EAAE,wBAAwB,EAAE,GAAG,wBAAwB,EAAC,GAAG,MAAM,WAAW,CAC/F,MAAM,EACN,4BAA4B,EAC5B,EAAE,CACH,CAAA;IAED,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAA;IACxD,MAAM,wBAAwB,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,CAAA;IAC1E,MAAM,cAAc,GAAG,QAAQ,CAAC,oBAAoB,EAAE,CAAA;IAEtD,kGAAkG;IAClG,MAAM,SAAS,GAAG,CAAC,2BAA2B,EAAE,2BAA2B,CAAU,CAAA;IACrF,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAC/D,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAA;QACnC,IAAI,KAAK,KAAK,SAAS,EAAE;YACvB,OAAO,KAAK,GAAG,KAAK,CAAA;SACrB;QACD,OAAO,KAAK,CAAA;IACd,CAAC,EAAE,CAAC,CAAC,CAAA;IACL,MAAM,gBAAgB,GAAG,WAAW,GAAG,SAAS,CAAA;IAChD,MAAM,yBAAyB,GAAG,gBAAgB,GAAG,sBAAsB,CAAA;IAE3E,IAAI,OAAO,GAAG;QACZ,MAAM,EAAE;YACN,OAAO,EAAE,YAAY;YACrB,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,WAAW;YACrB,UAAU,EAAE,gBAAgB;YAC5B,OAAO,EAAE,QAAQ,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS;YACxD,WAAW,EAAE,eAAe;YAC5B,YAAY,EAAE,CAAC,MAAM,WAAW,EAAE,CAAC,IAAI,EAAE;YACzC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9C,WAAW,EAAE,MAAM,SAAS,EAAE;YAC9B,GAAG,eAAe;YAClB,GAAG,qBAAqB;YACxB,GAAG,cAAc;YACjB,wBAAwB,EAAE,yBAAyB;YACnD,YAAY,EAAE,QAAQ;SACvB;QACD,SAAS,EAAE;YACT,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC;YACzB,yBAAyB,EAAE,gBAAgB;YAC3C,aAAa,EAAE,YAAY;YAC3B,GAAG,wBAAwB;YAC3B,GAAG,wBAAwB;YAC3B,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;gBACvB,GAAG,iBAAiB;gBACpB,WAAW,EAAE;oBACX,GAAG,qBAAqB;iBACzB;gBACD,cAAc,EAAE,EAAC,GAAG,wBAAwB,EAAC;aAC9C,CAAC;SACH;KACF,CAAA;IAED,4BAA4B;IAC5B,MAAM,aAAa,GAAG,CAAC,0BAA0B,EAAE,2BAA2B,EAAE,2BAA2B,CAAU,CAAA;IACrH,aAAa,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtC,IAAI,OAAO,KAAK,SAAS,EAAE;YACzB,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;SAC7C;IACH,CAAC,CAAC,CAAA;IAEF,kGAAkG;IAClG,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;IAE7C,OAAO,eAAe,CAAC,OAAO,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,eAAe,CAAI,OAAU;IACpC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAC7C,iDAAiD;IACjD,MAAM,sBAAsB,GAAG,aAAa,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;IAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAA;AAC3C,CAAC","sourcesContent":["import {version as rubyVersion} from './ruby.js'\nimport {alwaysLogAnalytics, alwaysLogMetrics, analyticsDisabled, isShopify} from './context/local.js'\nimport * as metadata from './metadata.js'\nimport {publishMonorailEvent, MONORAIL_COMMAND_TOPIC} from './monorail.js'\nimport {fanoutHooks} from './plugins.js'\n\nimport {outputContent, outputDebug, outputToken} from '../../public/node/output.js'\nimport {getEnvironmentData, getSensitiveEnvironmentData} from '../../private/node/analytics.js'\nimport {CLI_KIT_VERSION} from '../common/version.js'\nimport {recordMetrics} from '../../private/node/otel-metrics.js'\nimport {runWithRateLimit} from '../../private/node/conf-store.js'\nimport {reportingRateLimit} from '../../private/node/constants.js'\nimport {Interfaces} from '@oclif/core'\n\nexport type CommandExitMode =\n  // The command completed successfully\n  | 'ok'\n  // The command exited for some unexpected reason -- i.e. a bug\n  | 'unexpected_error'\n  // The command exited with an error, but its one we expect and doesn't point to a bug -- i.e. malformed config files\n  | 'expected_error'\n\ninterface ReportAnalyticsEventOptions {\n  config: Interfaces.Config\n  errorMessage?: string\n  exitMode: CommandExitMode\n}\n\n/**\n * Report an analytics event, sending it off to Monorail -- Shopify's internal analytics service.\n *\n * The payload for an event includes both generic data, and data gathered from installed plug-ins.\n *\n */\nexport async function reportAnalyticsEvent(options: ReportAnalyticsEventOptions): Promise<void> {\n  try {\n    const payload = await buildPayload(options)\n    if (payload === undefined) {\n      // Nothing to log\n      return\n    }\n\n    let withinRateLimit = false\n    await runWithRateLimit({\n      key: 'report-analytics-event',\n      ...reportingRateLimit,\n      task: async () => {\n        withinRateLimit = true\n      },\n    })\n    if (!withinRateLimit) {\n      outputDebug(outputContent`Skipping command analytics due to rate limiting, payload: ${outputToken.json(payload)}`)\n      return\n    }\n\n    const skipMonorailAnalytics = !alwaysLogAnalytics() && analyticsDisabled()\n    const skipMetricAnalytics = !alwaysLogMetrics() && analyticsDisabled()\n    if (skipMonorailAnalytics || skipMetricAnalytics) {\n      outputDebug(outputContent`Skipping command analytics, payload: ${outputToken.json(payload)}`)\n    }\n\n    const doMonorail = async () => {\n      if (skipMonorailAnalytics) {\n        return\n      }\n      const response = await publishMonorailEvent(MONORAIL_COMMAND_TOPIC, payload.public, payload.sensitive)\n      if (response.type === 'error') {\n        outputDebug(response.message)\n      }\n    }\n    const doOpenTelemetry = async () => {\n      const active = payload.public.cmd_all_timing_active_ms || 0\n      const network = payload.public.cmd_all_timing_network_ms || 0\n      const prompt = payload.public.cmd_all_timing_prompts_ms || 0\n\n      return recordMetrics(\n        {\n          skipMetricAnalytics,\n          cliVersion: payload.public.cli_version,\n          owningPlugin: payload.public.cmd_all_plugin || '@shopify/cli',\n          command: payload.public.command,\n          exitMode: options.exitMode,\n        },\n        {\n          active,\n          network,\n          prompt,\n        },\n      )\n    }\n    await Promise.all([doMonorail(), doOpenTelemetry()])\n\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    let message = 'Failed to report usage analytics'\n    if (error instanceof Error) {\n      message = message.concat(`: ${error.message}`)\n    }\n    outputDebug(message)\n  }\n}\n\nasync function buildPayload({config, errorMessage, exitMode}: ReportAnalyticsEventOptions) {\n  const {commandStartOptions, environmentFlags, ...sensitiveMetadata} = metadata.getAllSensitiveMetadata()\n  if (commandStartOptions === undefined) {\n    outputDebug('Unable to log analytics event - no information on executed command')\n    return\n  }\n  const {startCommand, startArgs, startTime} = commandStartOptions\n  const currentTime = new Date().getTime()\n\n  // All bundled plugins appear as `@shopify/cli` in the payload\n  const {'@shopify/cli': internalPluginsPublic, ...externalPluginsPublic} = await fanoutHooks(\n    config,\n    'public_command_metadata',\n    {},\n  )\n  const {'@shopify/cli': internalPluginsSensitive, ...externalPluginsSensitive} = await fanoutHooks(\n    config,\n    'sensitive_command_metadata',\n    {},\n  )\n\n  const environmentData = await getEnvironmentData(config)\n  const sensitiveEnvironmentData = await getSensitiveEnvironmentData(config)\n  const publicMetadata = metadata.getAllPublicMetadata()\n\n  // Automatically calculate the total time spent in the command, excluding time spent in subtimers.\n  const subTimers = ['cmd_all_timing_network_ms', 'cmd_all_timing_prompts_ms'] as const\n  const totalTimeFromSubtimers = subTimers.reduce((total, timer) => {\n    const value = publicMetadata[timer]\n    if (value !== undefined) {\n      return total + value\n    }\n    return total\n  }, 0)\n  const wallClockElapsed = currentTime - startTime\n  const totalTimeWithoutSubtimers = wallClockElapsed - totalTimeFromSubtimers\n\n  let payload = {\n    public: {\n      command: startCommand,\n      time_start: startTime,\n      time_end: currentTime,\n      total_time: wallClockElapsed,\n      success: exitMode === 'ok' && errorMessage === undefined,\n      cli_version: CLI_KIT_VERSION,\n      ruby_version: (await rubyVersion()) || '',\n      node_version: process.version.replace('v', ''),\n      is_employee: await isShopify(),\n      ...environmentData,\n      ...internalPluginsPublic,\n      ...publicMetadata,\n      cmd_all_timing_active_ms: totalTimeWithoutSubtimers,\n      cmd_all_exit: exitMode,\n    },\n    sensitive: {\n      args: startArgs.join(' '),\n      cmd_all_environment_flags: environmentFlags,\n      error_message: errorMessage,\n      ...internalPluginsSensitive,\n      ...sensitiveEnvironmentData,\n      metadata: JSON.stringify({\n        ...sensitiveMetadata,\n        extraPublic: {\n          ...externalPluginsPublic,\n        },\n        extraSensitive: {...externalPluginsSensitive},\n      }),\n    },\n  }\n\n  // round down timing metrics\n  const timingMetrics = ['cmd_all_timing_active_ms', 'cmd_all_timing_network_ms', 'cmd_all_timing_prompts_ms'] as const\n  timingMetrics.forEach((metric) => {\n    const current = payload.public[metric]\n    if (current !== undefined) {\n      payload.public[metric] = Math.floor(current)\n    }\n  })\n\n  // strip undefined fields -- they make up the majority of payloads due to wide metadata structure.\n  payload = JSON.parse(JSON.stringify(payload))\n\n  return sanitizePayload(payload)\n}\n\nfunction sanitizePayload<T>(payload: T): T {\n  const payloadString = JSON.stringify(payload)\n  // Remove Theme Access passwords from the payload\n  const sanitizedPayloadString = payloadString.replace(/shptka_\\w*/g, '*****')\n  return JSON.parse(sanitizedPayloadString)\n}\n"]}
+{"version":3,"file":"analytics.js","sourceRoot":"","sources":["../../../src/public/node/analytics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,OAAO,IAAI,WAAW,EAAC,MAAM,WAAW,CAAA;AAChD,OAAO,EAAC,kBAAkB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,SAAS,EAAC,MAAM,oBAAoB,CAAA;AACrG,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAA;AACzC,OAAO,EAAC,oBAAoB,EAAE,sBAAsB,EAAC,MAAM,eAAe,CAAA;AAC1E,OAAO,EAAC,WAAW,EAAC,MAAM,cAAc,CAAA;AAExC,OAAO,EAAC,aAAa,EAAE,WAAW,EAAE,WAAW,EAAC,MAAM,6BAA6B,CAAA;AACnF,OAAO,EAAC,kBAAkB,EAAE,2BAA2B,EAAC,MAAM,iCAAiC,CAAA;AAC/F,OAAO,EAAC,eAAe,EAAC,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAC,aAAa,EAAC,MAAM,oCAAoC,CAAA;AAChE,OAAO,EAAC,gBAAgB,EAAC,MAAM,kCAAkC,CAAA;AACjE,OAAO,EAAC,kBAAkB,EAAC,MAAM,iCAAiC,CAAA;AAClE,OAAO,EAAC,0BAA0B,EAAC,MAAM,+BAA+B,CAAA;AAiBxE;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAoC;IAC7E,IAAI;QACF,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAA;QAC3C,IAAI,OAAO,KAAK,SAAS,EAAE;YACzB,iBAAiB;YACjB,OAAM;SACP;QAED,IAAI,eAAe,GAAG,KAAK,CAAA;QAC3B,MAAM,gBAAgB,CAAC;YACrB,GAAG,EAAE,wBAAwB;YAC7B,GAAG,kBAAkB;YACrB,IAAI,EAAE,KAAK,IAAI,EAAE;gBACf,eAAe,GAAG,IAAI,CAAA;YACxB,CAAC;SACF,CAAC,CAAA;QACF,IAAI,CAAC,eAAe,EAAE;YACpB,WAAW,CAAC,aAAa,CAAA,6DAA6D,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;YAClH,OAAM;SACP;QAED,MAAM,qBAAqB,GAAG,CAAC,kBAAkB,EAAE,IAAI,iBAAiB,EAAE,CAAA;QAC1E,MAAM,mBAAmB,GAAG,CAAC,gBAAgB,EAAE,IAAI,iBAAiB,EAAE,CAAA;QACtE,IAAI,qBAAqB,IAAI,mBAAmB,EAAE;YAChD,WAAW,CAAC,aAAa,CAAA,wCAAwC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;SAC9F;QAED,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC5B,IAAI,qBAAqB,EAAE;gBACzB,OAAM;aACP;YACD,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,sBAAsB,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;YACtG,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE;gBAC7B,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;aAC9B;QACH,CAAC,CAAA;QACD,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;YACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,wBAAwB,IAAI,CAAC,CAAA;YAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,yBAAyB,IAAI,CAAC,CAAA;YAC7D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,yBAAyB,IAAI,CAAC,CAAA;YAE5D,OAAO,aAAa,CAClB;gBACE,mBAAmB;gBACnB,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW;gBACtC,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,cAAc,IAAI,cAAc;gBAC7D,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;gBAC/B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,EACD;gBACE,MAAM;gBACN,OAAO;gBACP,MAAM;aACP,CACF,CAAA;QACH,CAAC,CAAA;QACD,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,eAAe,EAAE,CAAC,CAAC,CAAA;QAEpD,qDAAqD;KACtD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,OAAO,GAAG,kCAAkC,CAAA;QAChD,IAAI,KAAK,YAAY,KAAK,EAAE;YAC1B,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;SAC/C;QACD,WAAW,CAAC,OAAO,CAAC,CAAA;KACrB;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,EAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAA8B;IACvF,MAAM,EAAC,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,EAAC,GAAG,QAAQ,CAAC,uBAAuB,EAAE,CAAA;IACxG,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,WAAW,CAAC,oEAAoE,CAAC,CAAA;QACjF,OAAM;KACP;IACD,MAAM,EAAC,YAAY,EAAE,SAAS,EAAE,SAAS,EAAC,GAAG,mBAAmB,CAAA;IAChE,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAA;IAExC,8DAA8D;IAC9D,MAAM,EAAC,cAAc,EAAE,qBAAqB,EAAE,GAAG,qBAAqB,EAAC,GAAG,MAAM,WAAW,CACzF,MAAM,EACN,yBAAyB,EACzB,EAAE,CACH,CAAA;IACD,MAAM,EAAC,cAAc,EAAE,wBAAwB,EAAE,GAAG,wBAAwB,EAAC,GAAG,MAAM,WAAW,CAC/F,MAAM,EACN,4BAA4B,EAC5B,EAAE,CACH,CAAA;IAED,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAA;IACxD,MAAM,wBAAwB,GAAG,MAAM,2BAA2B,CAAC,MAAM,CAAC,CAAA;IAC1E,MAAM,cAAc,GAAG,QAAQ,CAAC,oBAAoB,EAAE,CAAA;IAEtD,kGAAkG;IAClG,MAAM,SAAS,GAAG,CAAC,2BAA2B,EAAE,2BAA2B,CAAU,CAAA;IACrF,MAAM,sBAAsB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QAC/D,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAA;QACnC,IAAI,KAAK,KAAK,SAAS,EAAE;YACvB,OAAO,KAAK,GAAG,KAAK,CAAA;SACrB;QACD,OAAO,KAAK,CAAA;IACd,CAAC,EAAE,CAAC,CAAC,CAAA;IACL,MAAM,gBAAgB,GAAG,WAAW,GAAG,SAAS,CAAA;IAChD,MAAM,yBAAyB,GAAG,gBAAgB,GAAG,sBAAsB,CAAA;IAE3E,IAAI,OAAO,GAAG;QACZ,MAAM,EAAE;YACN,OAAO,EAAE,YAAY;YACrB,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,WAAW;YACrB,UAAU,EAAE,gBAAgB;YAC5B,OAAO,EAAE,QAAQ,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS;YACxD,WAAW,EAAE,eAAe;YAC5B,YAAY,EAAE,CAAC,MAAM,WAAW,EAAE,CAAC,IAAI,EAAE;YACzC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9C,WAAW,EAAE,MAAM,SAAS,EAAE;YAC9B,GAAG,eAAe;YAClB,GAAG,qBAAqB;YACxB,GAAG,cAAc;YACjB,wBAAwB,EAAE,yBAAyB;YACnD,YAAY,EAAE,QAAQ;YACtB,OAAO,EAAE,MAAM,0BAA0B,EAAE;SAC5C;QACD,SAAS,EAAE;YACT,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC;YACzB,yBAAyB,EAAE,gBAAgB;YAC3C,aAAa,EAAE,YAAY;YAC3B,GAAG,wBAAwB;YAC3B,GAAG,wBAAwB;YAC3B,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;gBACvB,GAAG,iBAAiB;gBACpB,WAAW,EAAE;oBACX,GAAG,qBAAqB;iBACzB;gBACD,cAAc,EAAE,EAAC,GAAG,wBAAwB,EAAC;aAC9C,CAAC;SACH;KACF,CAAA;IAED,4BAA4B;IAC5B,MAAM,aAAa,GAAG,CAAC,0BAA0B,EAAE,2BAA2B,EAAE,2BAA2B,CAAU,CAAA;IACrH,aAAa,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;QAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtC,IAAI,OAAO,KAAK,SAAS,EAAE;YACzB,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;SAC7C;IACH,CAAC,CAAC,CAAA;IAEF,kGAAkG;IAClG,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;IAE7C,OAAO,eAAe,CAAC,OAAO,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,eAAe,CAAI,OAAU;IACpC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAC7C,iDAAiD;IACjD,MAAM,sBAAsB,GAAG,aAAa,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;IAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAA;AAC3C,CAAC","sourcesContent":["import {version as rubyVersion} from './ruby.js'\nimport {alwaysLogAnalytics, alwaysLogMetrics, analyticsDisabled, isShopify} from './context/local.js'\nimport * as metadata from './metadata.js'\nimport {publishMonorailEvent, MONORAIL_COMMAND_TOPIC} from './monorail.js'\nimport {fanoutHooks} from './plugins.js'\n\nimport {outputContent, outputDebug, outputToken} from '../../public/node/output.js'\nimport {getEnvironmentData, getSensitiveEnvironmentData} from '../../private/node/analytics.js'\nimport {CLI_KIT_VERSION} from '../common/version.js'\nimport {recordMetrics} from '../../private/node/otel-metrics.js'\nimport {runWithRateLimit} from '../../private/node/conf-store.js'\nimport {reportingRateLimit} from '../../private/node/constants.js'\nimport {getLastSeenUserIdAfterAuth} from '../../private/node/session.js'\nimport {Interfaces} from '@oclif/core'\n\nexport type CommandExitMode =\n  // The command completed successfully\n  | 'ok'\n  // The command exited for some unexpected reason -- i.e. a bug\n  | 'unexpected_error'\n  // The command exited with an error, but its one we expect and doesn't point to a bug -- i.e. malformed config files\n  | 'expected_error'\n\ninterface ReportAnalyticsEventOptions {\n  config: Interfaces.Config\n  errorMessage?: string\n  exitMode: CommandExitMode\n}\n\n/**\n * Report an analytics event, sending it off to Monorail -- Shopify's internal analytics service.\n *\n * The payload for an event includes both generic data, and data gathered from installed plug-ins.\n *\n */\nexport async function reportAnalyticsEvent(options: ReportAnalyticsEventOptions): Promise<void> {\n  try {\n    const payload = await buildPayload(options)\n    if (payload === undefined) {\n      // Nothing to log\n      return\n    }\n\n    let withinRateLimit = false\n    await runWithRateLimit({\n      key: 'report-analytics-event',\n      ...reportingRateLimit,\n      task: async () => {\n        withinRateLimit = true\n      },\n    })\n    if (!withinRateLimit) {\n      outputDebug(outputContent`Skipping command analytics due to rate limiting, payload: ${outputToken.json(payload)}`)\n      return\n    }\n\n    const skipMonorailAnalytics = !alwaysLogAnalytics() && analyticsDisabled()\n    const skipMetricAnalytics = !alwaysLogMetrics() && analyticsDisabled()\n    if (skipMonorailAnalytics || skipMetricAnalytics) {\n      outputDebug(outputContent`Skipping command analytics, payload: ${outputToken.json(payload)}`)\n    }\n\n    const doMonorail = async () => {\n      if (skipMonorailAnalytics) {\n        return\n      }\n      const response = await publishMonorailEvent(MONORAIL_COMMAND_TOPIC, payload.public, payload.sensitive)\n      if (response.type === 'error') {\n        outputDebug(response.message)\n      }\n    }\n    const doOpenTelemetry = async () => {\n      const active = payload.public.cmd_all_timing_active_ms || 0\n      const network = payload.public.cmd_all_timing_network_ms || 0\n      const prompt = payload.public.cmd_all_timing_prompts_ms || 0\n\n      return recordMetrics(\n        {\n          skipMetricAnalytics,\n          cliVersion: payload.public.cli_version,\n          owningPlugin: payload.public.cmd_all_plugin || '@shopify/cli',\n          command: payload.public.command,\n          exitMode: options.exitMode,\n        },\n        {\n          active,\n          network,\n          prompt,\n        },\n      )\n    }\n    await Promise.all([doMonorail(), doOpenTelemetry()])\n\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    let message = 'Failed to report usage analytics'\n    if (error instanceof Error) {\n      message = message.concat(`: ${error.message}`)\n    }\n    outputDebug(message)\n  }\n}\n\nasync function buildPayload({config, errorMessage, exitMode}: ReportAnalyticsEventOptions) {\n  const {commandStartOptions, environmentFlags, ...sensitiveMetadata} = metadata.getAllSensitiveMetadata()\n  if (commandStartOptions === undefined) {\n    outputDebug('Unable to log analytics event - no information on executed command')\n    return\n  }\n  const {startCommand, startArgs, startTime} = commandStartOptions\n  const currentTime = new Date().getTime()\n\n  // All bundled plugins appear as `@shopify/cli` in the payload\n  const {'@shopify/cli': internalPluginsPublic, ...externalPluginsPublic} = await fanoutHooks(\n    config,\n    'public_command_metadata',\n    {},\n  )\n  const {'@shopify/cli': internalPluginsSensitive, ...externalPluginsSensitive} = await fanoutHooks(\n    config,\n    'sensitive_command_metadata',\n    {},\n  )\n\n  const environmentData = await getEnvironmentData(config)\n  const sensitiveEnvironmentData = await getSensitiveEnvironmentData(config)\n  const publicMetadata = metadata.getAllPublicMetadata()\n\n  // Automatically calculate the total time spent in the command, excluding time spent in subtimers.\n  const subTimers = ['cmd_all_timing_network_ms', 'cmd_all_timing_prompts_ms'] as const\n  const totalTimeFromSubtimers = subTimers.reduce((total, timer) => {\n    const value = publicMetadata[timer]\n    if (value !== undefined) {\n      return total + value\n    }\n    return total\n  }, 0)\n  const wallClockElapsed = currentTime - startTime\n  const totalTimeWithoutSubtimers = wallClockElapsed - totalTimeFromSubtimers\n\n  let payload = {\n    public: {\n      command: startCommand,\n      time_start: startTime,\n      time_end: currentTime,\n      total_time: wallClockElapsed,\n      success: exitMode === 'ok' && errorMessage === undefined,\n      cli_version: CLI_KIT_VERSION,\n      ruby_version: (await rubyVersion()) || '',\n      node_version: process.version.replace('v', ''),\n      is_employee: await isShopify(),\n      ...environmentData,\n      ...internalPluginsPublic,\n      ...publicMetadata,\n      cmd_all_timing_active_ms: totalTimeWithoutSubtimers,\n      cmd_all_exit: exitMode,\n      user_id: await getLastSeenUserIdAfterAuth(),\n    },\n    sensitive: {\n      args: startArgs.join(' '),\n      cmd_all_environment_flags: environmentFlags,\n      error_message: errorMessage,\n      ...internalPluginsSensitive,\n      ...sensitiveEnvironmentData,\n      metadata: JSON.stringify({\n        ...sensitiveMetadata,\n        extraPublic: {\n          ...externalPluginsPublic,\n        },\n        extraSensitive: {...externalPluginsSensitive},\n      }),\n    },\n  }\n\n  // round down timing metrics\n  const timingMetrics = ['cmd_all_timing_active_ms', 'cmd_all_timing_network_ms', 'cmd_all_timing_prompts_ms'] as const\n  timingMetrics.forEach((metric) => {\n    const current = payload.public[metric]\n    if (current !== undefined) {\n      payload.public[metric] = Math.floor(current)\n    }\n  })\n\n  // strip undefined fields -- they make up the majority of payloads due to wide metadata structure.\n  payload = JSON.parse(JSON.stringify(payload))\n\n  return sanitizePayload(payload)\n}\n\nfunction sanitizePayload<T>(payload: T): T {\n  const payloadString = JSON.stringify(payload)\n  // Remove Theme Access passwords from the payload\n  const sanitizedPayloadString = payloadString.replace(/shptka_\\w*/g, '*****')\n  return JSON.parse(sanitizedPayloadString)\n}\n"]}