@shopify/cli-kit 3.75.4 → 3.76.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shopify/cli-kit",
-  "version": "3.75.4",
+  "version": "3.76.1",
   "packageManager": "pnpm@8.15.7",
   "private": false,
   "description": "A set of utilities, interfaces, and models that are common across all the platform features",
@@ -184,7 +184,6 @@
     "lint": "nx lint",
     "lint:fix": "nx lint:fix",
     "test": "nx test",
-    "test:js": "nx test:js",
     "test:coverage": "nx test:coverage",
     "test:watch": "nx test:watch",
     "type-check": "nx type-check",

package/dist/private/node/session/identity-token-validation.d.ts

@@ -1 +0,0 @@
-export declare function validateIdentityToken(token: string): Promise<boolean>;

package/dist/private/node/session/identity-token-validation.js

@@ -1,70 +0,0 @@
-import { identityFqdn } from '../../../public/node/context/fqdn.js';
-import { outputDebug } from '../../../public/node/output.js';
-import { shopifyFetch } from '../../../public/node/http.js';
-import { cacheRetrieveOrRepopulate } from '../conf-store.js';
-import { err, ok } from '../../../public/node/result.js';
-import { AbortError } from '../../../public/node/error.js';
-import { firstPartyDev } from '@shopify/cli-kit/node/context/local';
-import { isSpin } from '@shopify/cli-kit/node/context/spin';
-export async function validateIdentityToken(token) {
-    if (isSpin() && firstPartyDev())
-        return true;
-    try {
-        return withIntrospectionURL(async (introspectionURL) => {
-            const options = {
-                method: 'POST',
-                headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-                body: JSON.stringify({ token }),
-            };
-            outputDebug(`Sending Identity Introspection request to URL: ${introspectionURL}`);
-            const response = await shopifyFetch(introspectionURL, options);
-            if (response.ok && response.headers.get('content-type')?.includes('json')) {
-                // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                const json = await response.json();
-                outputDebug(`The identity token is valid: ${json.valid}`);
-                return ok(json.valid);
-            }
-            else if (response.status === 404 || response.status > 500) {
-                // If the status is 404 or 5xx, most likely the introspection endpoint
-                // has changed. We should invalidate the cache and try again.
-                return err(new AbortError(`The introspection endpoint returned a ${response.status}: ${introspectionURL}`));
-            }
-            else {
-                const text = await response.text();
-                outputDebug(`The Introspection request failed with:
- - status: ${response.status}
- - www-authenticate header: ${JSON.stringify(response.headers.get('www-authenticate'))}
- - body: ${JSON.stringify(text)}`);
-                return ok(false);
-            }
-        });
-        // eslint-disable-next-line no-catch-all/no-catch-all
-    }
-    catch (error) {
-        outputDebug(`The identity token is invalid: ${error}`);
-        return false;
-    }
-}
-async function withIntrospectionURL(fn) {
-    const week = 7 * 24 * 60 * 60 * 1000;
-    const cacheKey = `identity-introspection-url-${await identityFqdn()}`;
-    let introspectionURL = await cacheRetrieveOrRepopulate(cacheKey, getIntrospectionURL, week);
-    let result = await fn(introspectionURL);
-    if (result.isErr()) {
-        introspectionURL = await cacheRetrieveOrRepopulate(cacheKey, getIntrospectionURL, 0);
-        result = await fn(introspectionURL);
-    }
-    if (result.isErr()) {
-        throw result.error;
-    }
-    else {
-        return result.value;
-    }
-}
-async function getIntrospectionURL() {
-    const response = await shopifyFetch(`https://${await identityFqdn()}/.well-known/openid-configuration.json`);
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const json = await response.json();
-    return json.introspection_endpoint;
-}
-//# sourceMappingURL=identity-token-validation.js.map

package/dist/private/node/session/identity-token-validation.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"identity-token-validation.js","sourceRoot":"","sources":["../../../../src/private/node/session/identity-token-validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,sCAAsC,CAAA;AACjE,OAAO,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAA;AAC1D,OAAO,EAAC,YAAY,EAAC,MAAM,8BAA8B,CAAA;AACzD,OAAO,EAAC,yBAAyB,EAAsB,MAAM,kBAAkB,CAAA;AAC/E,OAAO,EAAC,GAAG,EAAE,EAAE,EAAS,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAC,UAAU,EAAC,MAAM,+BAA+B,CAAA;AACxD,OAAO,EAAC,aAAa,EAAC,MAAM,qCAAqC,CAAA;AACjE,OAAO,EAAC,MAAM,EAAC,MAAM,oCAAoC,CAAA;AAEzD,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,KAAa;IACvD,IAAI,MAAM,EAAE,IAAI,aAAa,EAAE;QAAE,OAAO,IAAI,CAAA;IAE5C,IAAI,CAAC;QACH,OAAO,oBAAoB,CAAU,KAAK,EAAE,gBAAwB,EAAE,EAAE;YACtE,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAC,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAC;gBAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAC,KAAK,EAAC,CAAC;aAC9B,CAAA;YACD,WAAW,CAAC,kDAAkD,gBAAgB,EAAE,CAAC,CAAA;YAEjF,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAA;YAE9D,IAAI,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1E,8DAA8D;gBAC9D,MAAM,IAAI,GAAQ,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACvC,WAAW,CAAC,gCAAgC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;gBACzD,OAAO,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YACvB,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC5D,sEAAsE;gBACtE,6DAA6D;gBAC7D,OAAO,GAAG,CAAC,IAAI,UAAU,CAAC,yCAAyC,QAAQ,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC,CAAC,CAAA;YAC7G,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;gBAClC,WAAW,CAAC;aACP,QAAQ,CAAC,MAAM;8BACE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;WAC3E,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAC1B,OAAO,EAAE,CAAC,KAAK,CAAC,CAAA;YAClB,CAAC;QACH,CAAC,CAAC,CAAA;QACF,qDAAqD;IACvD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,WAAW,CAAC,kCAAkC,KAAK,EAAE,CAAC,CAAA;QACtD,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAI,EAAgE;IACrG,MAAM,IAAI,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;IACpC,MAAM,QAAQ,GAAwB,8BAA8B,MAAM,YAAY,EAAE,EAAE,CAAA;IAC1F,IAAI,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,QAAQ,EAAE,mBAAmB,EAAE,IAAI,CAAC,CAAA;IAC3F,IAAI,MAAM,GAA0B,MAAM,EAAE,CAAC,gBAAgB,CAAC,CAAA;IAC9D,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QACnB,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,QAAQ,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAA;QACpF,MAAM,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,CAAA;IACrC,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;QACnB,MAAM,MAAM,CAAC,KAAK,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,CAAC,KAAK,CAAA;IACrB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB;IAChC,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,WAAW,MAAM,YAAY,EAAE,wCAAwC,CAAC,CAAA;IAC5G,8DAA8D;IAC9D,MAAM,IAAI,GAAQ,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;IACvC,OAAO,IAAI,CAAC,sBAAsB,CAAA;AACpC,CAAC","sourcesContent":["import {identityFqdn} from '../../../public/node/context/fqdn.js'\nimport {outputDebug} from '../../../public/node/output.js'\nimport {shopifyFetch} from '../../../public/node/http.js'\nimport {cacheRetrieveOrRepopulate, IntrospectionUrlKey} from '../conf-store.js'\nimport {err, ok, Result} from '../../../public/node/result.js'\nimport {AbortError} from '../../../public/node/error.js'\nimport {firstPartyDev} from '@shopify/cli-kit/node/context/local'\nimport {isSpin} from '@shopify/cli-kit/node/context/spin'\n\nexport async function validateIdentityToken(token: string): Promise<boolean> {\n  if (isSpin() && firstPartyDev()) return true\n\n  try {\n    return withIntrospectionURL<boolean>(async (introspectionURL: string) => {\n      const options = {\n        method: 'POST',\n        headers: {Authorization: `Bearer ${token}`, 'Content-Type': 'application/json'},\n        body: JSON.stringify({token}),\n      }\n      outputDebug(`Sending Identity Introspection request to URL: ${introspectionURL}`)\n\n      const response = await shopifyFetch(introspectionURL, options)\n\n      if (response.ok && response.headers.get('content-type')?.includes('json')) {\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        const json: any = await response.json()\n        outputDebug(`The identity token is valid: ${json.valid}`)\n        return ok(json.valid)\n      } else if (response.status === 404 || response.status > 500) {\n        // If the status is 404 or 5xx, most likely the introspection endpoint\n        // has changed. We should invalidate the cache and try again.\n        return err(new AbortError(`The introspection endpoint returned a ${response.status}: ${introspectionURL}`))\n      } else {\n        const text = await response.text()\n        outputDebug(`The Introspection request failed with:\n - status: ${response.status}\n - www-authenticate header: ${JSON.stringify(response.headers.get('www-authenticate'))}\n - body: ${JSON.stringify(text)}`)\n        return ok(false)\n      }\n    })\n    // eslint-disable-next-line no-catch-all/no-catch-all\n  } catch (error) {\n    outputDebug(`The identity token is invalid: ${error}`)\n    return false\n  }\n}\n\nasync function withIntrospectionURL<T>(fn: (introspectionUrl: string) => Promise<Result<T, AbortError>>): Promise<T> {\n  const week = 7 * 24 * 60 * 60 * 1000\n  const cacheKey: IntrospectionUrlKey = `identity-introspection-url-${await identityFqdn()}`\n  let introspectionURL = await cacheRetrieveOrRepopulate(cacheKey, getIntrospectionURL, week)\n  let result: Result<T, AbortError> = await fn(introspectionURL)\n  if (result.isErr()) {\n    introspectionURL = await cacheRetrieveOrRepopulate(cacheKey, getIntrospectionURL, 0)\n    result = await fn(introspectionURL)\n  }\n  if (result.isErr()) {\n    throw result.error\n  } else {\n    return result.value\n  }\n}\n\nasync function getIntrospectionURL(): Promise<string> {\n  const response = await shopifyFetch(`https://${await identityFqdn()}/.well-known/openid-configuration.json`)\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const json: any = await response.json()\n  return json.introspection_endpoint\n}\n"]}