@shopify/cli-kit 3.84.2 → 3.85.0

package/dist/private/node/session/schema.js

@@ -13,6 +13,7 @@ const IdentityTokenSchema = zod.object({
     expiresAt: DateSchema,
     scopes: zod.array(zod.string()),
     userId: zod.string(),
+    alias: zod.string().optional(),
 });
 /**
  * The schema represents an application token.
@@ -21,6 +22,11 @@ const ApplicationTokenSchema = zod.object({
     accessToken: zod.string(),
     expiresAt: DateSchema,
     scopes: zod.array(zod.string()),
+    storeFqdn: zod.string().optional(),
+});
+const SessionSchema = zod.object({
+    identity: IdentityTokenSchema,
+    applications: zod.object({}).catchall(ApplicationTokenSchema),
 });
 /**
  * This schema represents the format of the session
@@ -30,34 +36,27 @@ const ApplicationTokenSchema = zod.object({
  * @example
  * ```
  * {
- *    "accounts.shopify.com": {
- *      "identity": {...} // IdentityTokenSchema
- *      "applications": {
- *        "${domain}-application-id": {  // Admin APIs includes domain in the key
- *          "accessToken": "...",
- *        },
- *        "$application-id": { // ApplicationTokenSchema
- *          "accessToken": "...",
- *        },
- *      }
- *    },
- *    "identity.spin.com": {...}
+ *   "accounts.shopify.com": {
+ *     "user-123": {
+ *       "identity": { ... }, // IdentityTokenSchema
+ *       "applications": {
+ *         "mystore.myshopify.com-admin": { // ApplicationTokenSchema
+ *           "accessToken": "...",
+ *           "expiresAt": "...",
+ *           "scopes": ["..."],
+ *         },
+ *         "partners": { ... },
+ *       }
+ *     },
+ *     "8765-4321": { ... }
+ *   },
+ *   "identity.spin.com": {
+ *     "user-345": { ... }
+ *   }
  * }
  * ```
  */
-export const SessionSchema = zod.object({}).catchall(zod.object({
-    /**
-     * It contains the identity token. Before usint it, we exchange it
-     * to get a token that we can use with different applications. The exchanged
-     * tokens for the applications are stored under applications.
-     */
-    identity: IdentityTokenSchema,
-    /**
-     * It contains exchanged tokens for the applications the CLI
-     * authenticates with. Tokens are scoped under the fqdn of the applications.
-     */
-    applications: zod.object({}).catchall(ApplicationTokenSchema),
-}));
+export const SessionsSchema = zod.object({}).catchall(zod.object({}).catchall(SessionSchema));
 /**
  * Confirms that a given identity token structure matches what the schema currently defines.
  *

package/dist/private/node/session/schema.js.map

@@ -1 +1 @@
-{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/private/node/session/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,GAAG,EAAC,MAAM,gCAAgC,CAAA;AAElD,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;IACxC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,YAAY,IAAI;QAAE,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAA;IACxE,OAAO,IAAI,CAAA;AACb,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;AAEd;;GAEG;AACH,MAAM,mBAAmB,GAAG,GAAG,CAAC,MAAM,CAAC;IACrC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE;IAC1B,SAAS,EAAE,UAAU;IACrB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE;CACrB,CAAC,CAAA;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG,GAAG,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE;IACzB,SAAS,EAAE,UAAU;IACrB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;CAChC,CAAC,CAAA;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAClD,GAAG,CAAC,MAAM,CAAC;IACT;;;;OAIG;IACH,QAAQ,EAAE,mBAAmB;IAC7B;;;OAGG;IACH,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CAC9D,CAAC,CACH,CAAA;AAMD;;;;GAIG;AACH,MAAM,UAAU,oCAAoC,CAAC,aAAsB;IACzE,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAA;IAC3D,OAAO,MAAM,CAAC,OAAO,CAAA;AACvB,CAAC","sourcesContent":["import {zod} from '../../../public/node/schema.js'\n\nconst DateSchema = zod.preprocess((arg) => {\n  if (typeof arg === 'string' || arg instanceof Date) return new Date(arg)\n  return null\n}, zod.date())\n\n/**\n * The schema represents an Identity token.\n */\nconst IdentityTokenSchema = zod.object({\n  accessToken: zod.string(),\n  refreshToken: zod.string(),\n  expiresAt: DateSchema,\n  scopes: zod.array(zod.string()),\n  userId: zod.string(),\n})\n\n/**\n * The schema represents an application token.\n */\nconst ApplicationTokenSchema = zod.object({\n  accessToken: zod.string(),\n  expiresAt: DateSchema,\n  scopes: zod.array(zod.string()),\n})\n\n/**\n * This schema represents the format of the session\n * that we cache in the system to avoid unnecessary\n * token exchanges.\n *\n * @example\n * ```\n * {\n *    \"accounts.shopify.com\": {\n *      \"identity\": {...} // IdentityTokenSchema\n *      \"applications\": {\n *        \"${domain}-application-id\": {  // Admin APIs includes domain in the key\n *          \"accessToken\": \"...\",\n *        },\n *        \"$application-id\": { // ApplicationTokenSchema\n *          \"accessToken\": \"...\",\n *        },\n *      }\n *    },\n *    \"identity.spin.com\": {...}\n * }\n * ```\n */\nexport const SessionSchema = zod.object({}).catchall(\n  zod.object({\n    /**\n     * It contains the identity token. Before usint it, we exchange it\n     * to get a token that we can use with different applications. The exchanged\n     * tokens for the applications are stored under applications.\n     */\n    identity: IdentityTokenSchema,\n    /**\n     * It contains exchanged tokens for the applications the CLI\n     * authenticates with. Tokens are scoped under the fqdn of the applications.\n     */\n    applications: zod.object({}).catchall(ApplicationTokenSchema),\n  }),\n)\n\nexport type Session = zod.infer<typeof SessionSchema>\nexport type IdentityToken = zod.infer<typeof IdentityTokenSchema>\nexport type ApplicationToken = zod.infer<typeof ApplicationTokenSchema>\n\n/**\n * Confirms that a given identity token structure matches what the schema currently defines.\n *\n * A full re-auth is the expectation if this validation fails.\n */\nexport function validateCachedIdentityTokenStructure(identityToken: unknown) {\n  const parsed = IdentityTokenSchema.safeParse(identityToken)\n  return parsed.success\n}\n"]}
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/private/node/session/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,GAAG,EAAC,MAAM,gCAAgC,CAAA;AAElD,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;IACxC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,YAAY,IAAI;QAAE,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAA;IACxE,OAAO,IAAI,CAAA;AACb,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAA;AAEd;;GAEG;AACH,MAAM,mBAAmB,GAAG,GAAG,CAAC,MAAM,CAAC;IACrC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE;IAC1B,SAAS,EAAE,UAAU;IACrB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE;IACpB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAA;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG,GAAG,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE;IACzB,SAAS,EAAE,UAAU;IACrB,MAAM,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;IAC/B,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAA;AAEF,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;IAC/B,QAAQ,EAAE,mBAAmB;IAC7B,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CAC9D,CAAC,CAAA;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAA;AAO7F;;;;GAIG;AACH,MAAM,UAAU,oCAAoC,CAAC,aAAsB;IACzE,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAA;IAC3D,OAAO,MAAM,CAAC,OAAO,CAAA;AACvB,CAAC","sourcesContent":["import {zod} from '../../../public/node/schema.js'\n\nconst DateSchema = zod.preprocess((arg) => {\n  if (typeof arg === 'string' || arg instanceof Date) return new Date(arg)\n  return null\n}, zod.date())\n\n/**\n * The schema represents an Identity token.\n */\nconst IdentityTokenSchema = zod.object({\n  accessToken: zod.string(),\n  refreshToken: zod.string(),\n  expiresAt: DateSchema,\n  scopes: zod.array(zod.string()),\n  userId: zod.string(),\n  alias: zod.string().optional(),\n})\n\n/**\n * The schema represents an application token.\n */\nconst ApplicationTokenSchema = zod.object({\n  accessToken: zod.string(),\n  expiresAt: DateSchema,\n  scopes: zod.array(zod.string()),\n  storeFqdn: zod.string().optional(),\n})\n\nconst SessionSchema = zod.object({\n  identity: IdentityTokenSchema,\n  applications: zod.object({}).catchall(ApplicationTokenSchema),\n})\n\n/**\n * This schema represents the format of the session\n * that we cache in the system to avoid unnecessary\n * token exchanges.\n *\n * @example\n * ```\n * {\n *   \"accounts.shopify.com\": {\n *     \"user-123\": {\n *       \"identity\": { ... }, // IdentityTokenSchema\n *       \"applications\": {\n *         \"mystore.myshopify.com-admin\": { // ApplicationTokenSchema\n *           \"accessToken\": \"...\",\n *           \"expiresAt\": \"...\",\n *           \"scopes\": [\"...\"],\n *         },\n *         \"partners\": { ... },\n *       }\n *     },\n *     \"8765-4321\": { ... }\n *   },\n *   \"identity.spin.com\": {\n *     \"user-345\": { ... }\n *   }\n * }\n * ```\n */\nexport const SessionsSchema = zod.object({}).catchall(zod.object({}).catchall(SessionSchema))\n\nexport type Sessions = zod.infer<typeof SessionsSchema>\nexport type Session = zod.infer<typeof SessionSchema>\nexport type IdentityToken = zod.infer<typeof IdentityTokenSchema>\nexport type ApplicationToken = zod.infer<typeof ApplicationTokenSchema>\n\n/**\n * Confirms that a given identity token structure matches what the schema currently defines.\n *\n * A full re-auth is the expectation if this validation fails.\n */\nexport function validateCachedIdentityTokenStructure(identityToken: unknown) {\n  const parsed = IdentityTokenSchema.safeParse(identityToken)\n  return parsed.success\n}\n"]}

package/dist/private/node/session/store.d.ts

@@ -1,20 +1,30 @@
-import type { Session } from './schema.js';
+import type { Sessions } from './schema.js';
 /**
- * Serializes the session as a JSON and stores it securely in the system.
- * If the secure store is not available, the session is stored in the local config.
+ * Serializes the session as a JSON and stores it in the system.
  * @param session - the session to store.
  */
-export declare function store(session: Session): Promise<void>;
+export declare function store(sessions: Sessions): Promise<void>;
 /**
- * Fetches the session from the secure store and returns it.
- * If the secure store is not available, the session is fetched from the local config.
- * If the format of the session is invalid, the method will discard it.
- * In the future might add some logic for supporting migrating the schema
- * of already-persisted sessions.
- * @returns Returns a promise that resolves with the session if it exists and is valid.
+ * Fetches the sessions from the local storage and returns it.
+ * If the format of the object is invalid, the method will discard it.
+ * @returns Returns a promise that resolves with the sessions object if it exists and is valid.
  */
-export declare function fetch(): Promise<Session | undefined>;
+export declare function fetch(): Promise<Sessions | undefined>;
 /**
  * Removes a session from the system.
  */
 export declare function remove(): Promise<void>;
+/**
+ * Gets the session alias for a given user ID.
+ *
+ * @param userId - The user ID of the session to get the alias for.
+ * @returns The alias for the session if it exists, otherwise undefined.
+ */
+export declare function getSessionAlias(userId: string): Promise<string | undefined>;
+/**
+ * Finds a session by its alias.
+ *
+ * @param alias - The alias to search for
+ * @returns The user ID if found, otherwise undefined
+ */
+export declare function findSessionByAlias(alias: string): Promise<string | undefined>;

package/dist/private/node/session/store.js

@@ -1,31 +1,28 @@
-import { SessionSchema } from './schema.js';
-import { getSession, removeSession, setSession } from '../conf-store.js';
+import { SessionsSchema } from './schema.js';
+import { getSessions, removeCurrentSessionId, removeSessions, setSessions } from '../conf-store.js';
+import { identityFqdn } from '../../../public/node/context/fqdn.js';
 /**
- * Serializes the session as a JSON and stores it securely in the system.
- * If the secure store is not available, the session is stored in the local config.
+ * Serializes the session as a JSON and stores it in the system.
  * @param session - the session to store.
  */
-export async function store(session) {
-    const jsonSession = JSON.stringify(session);
-    setSession(jsonSession);
+export async function store(sessions) {
+    const jsonSessions = JSON.stringify(sessions);
+    setSessions(jsonSessions);
 }
 /**
- * Fetches the session from the secure store and returns it.
- * If the secure store is not available, the session is fetched from the local config.
- * If the format of the session is invalid, the method will discard it.
- * In the future might add some logic for supporting migrating the schema
- * of already-persisted sessions.
- * @returns Returns a promise that resolves with the session if it exists and is valid.
+ * Fetches the sessions from the local storage and returns it.
+ * If the format of the object is invalid, the method will discard it.
+ * @returns Returns a promise that resolves with the sessions object if it exists and is valid.
  */
 export async function fetch() {
-    const content = getSession();
+    const content = getSessions();
     if (!content) {
         return undefined;
     }
     const contentJson = JSON.parse(content);
-    const parsedSession = await SessionSchema.safeParseAsync(contentJson);
-    if (parsedSession.success) {
-        return parsedSession.data;
+    const parsedSessions = await SessionsSchema.safeParseAsync(contentJson);
+    if (parsedSessions.success) {
+        return parsedSessions.data;
     }
     else {
         await remove();
@@ -36,6 +33,43 @@ export async function fetch() {
  * Removes a session from the system.
  */
 export async function remove() {
-    removeSession();
+    removeSessions();
+    removeCurrentSessionId();
+}
+/**
+ * Gets the session alias for a given user ID.
+ *
+ * @param userId - The user ID of the session to get the alias for.
+ * @returns The alias for the session if it exists, otherwise undefined.
+ */
+export async function getSessionAlias(userId) {
+    const sessions = await fetch();
+    if (!sessions)
+        return undefined;
+    const fqdn = await identityFqdn();
+    if (!sessions[fqdn] || !sessions[fqdn][userId])
+        return undefined;
+    return sessions[fqdn][userId].identity.alias;
+}
+/**
+ * Finds a session by its alias.
+ *
+ * @param alias - The alias to search for
+ * @returns The user ID if found, otherwise undefined
+ */
+export async function findSessionByAlias(alias) {
+    const sessions = await fetch();
+    if (!sessions)
+        return undefined;
+    const fqdn = await identityFqdn();
+    const fqdnSessions = sessions[fqdn];
+    if (!fqdnSessions)
+        return undefined;
+    for (const [userId, session] of Object.entries(fqdnSessions)) {
+        if (session.identity.alias === alias) {
+            return userId;
+        }
+    }
+    return undefined;
 }
 //# sourceMappingURL=store.js.map

package/dist/private/node/session/store.js.map

@@ -1 +1 @@
-{"version":3,"file":"store.js","sourceRoot":"","sources":["../../../../src/private/node/session/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,aAAa,CAAA;AACzC,OAAO,EAAC,UAAU,EAAE,aAAa,EAAE,UAAU,EAAC,MAAM,kBAAkB,CAAA;AAGtE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,OAAgB;IAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAC3C,UAAU,CAAC,WAAW,CAAC,CAAA;AACzB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK;IACzB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAA;IAE5B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACvC,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAA;IACrE,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAC,IAAI,CAAA;IAC3B,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,EAAE,CAAA;QACd,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,aAAa,EAAE,CAAA;AACjB,CAAC","sourcesContent":["import {SessionSchema} from './schema.js'\nimport {getSession, removeSession, setSession} from '../conf-store.js'\nimport type {Session} from './schema.js'\n\n/**\n * Serializes the session as a JSON and stores it securely in the system.\n * If the secure store is not available, the session is stored in the local config.\n * @param session - the session to store.\n */\nexport async function store(session: Session) {\n  const jsonSession = JSON.stringify(session)\n  setSession(jsonSession)\n}\n\n/**\n * Fetches the session from the secure store and returns it.\n * If the secure store is not available, the session is fetched from the local config.\n * If the format of the session is invalid, the method will discard it.\n * In the future might add some logic for supporting migrating the schema\n * of already-persisted sessions.\n * @returns Returns a promise that resolves with the session if it exists and is valid.\n */\nexport async function fetch(): Promise<Session | undefined> {\n  const content = getSession()\n\n  if (!content) {\n    return undefined\n  }\n  const contentJson = JSON.parse(content)\n  const parsedSession = await SessionSchema.safeParseAsync(contentJson)\n  if (parsedSession.success) {\n    return parsedSession.data\n  } else {\n    await remove()\n    return undefined\n  }\n}\n\n/**\n * Removes a session from the system.\n */\nexport async function remove() {\n  removeSession()\n}\n"]}
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../../../src/private/node/session/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAC,WAAW,EAAE,sBAAsB,EAAE,cAAc,EAAE,WAAW,EAAC,MAAM,kBAAkB,CAAA;AACjG,OAAO,EAAC,YAAY,EAAC,MAAM,sCAAsC,CAAA;AAGjE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,QAAkB;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;IAC7C,WAAW,CAAC,YAAY,CAAC,CAAA;AAC3B,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK;IACzB,MAAM,OAAO,GAAG,WAAW,EAAE,CAAA;IAE7B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACvC,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,WAAW,CAAC,CAAA;IACvE,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,cAAc,CAAC,IAAI,CAAA;IAC5B,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,EAAE,CAAA;QACd,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,cAAc,EAAE,CAAA;IAChB,sBAAsB,EAAE,CAAA;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAc;IAClD,MAAM,QAAQ,GAAG,MAAM,KAAK,EAAE,CAAA;IAC9B,IAAI,CAAC,QAAQ;QAAE,OAAO,SAAS,CAAA;IAE/B,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAA;IAChE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAA;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAa;IACpD,MAAM,QAAQ,GAAG,MAAM,KAAK,EAAE,CAAA;IAC9B,IAAI,CAAC,QAAQ;QAAE,OAAO,SAAS,CAAA;IAE/B,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IACnC,IAAI,CAAC,YAAY;QAAE,OAAO,SAAS,CAAA;IAEnC,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,MAAM,CAAA;QACf,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC","sourcesContent":["import {SessionsSchema} from './schema.js'\nimport {getSessions, removeCurrentSessionId, removeSessions, setSessions} from '../conf-store.js'\nimport {identityFqdn} from '../../../public/node/context/fqdn.js'\nimport type {Sessions} from './schema.js'\n\n/**\n * Serializes the session as a JSON and stores it in the system.\n * @param session - the session to store.\n */\nexport async function store(sessions: Sessions) {\n  const jsonSessions = JSON.stringify(sessions)\n  setSessions(jsonSessions)\n}\n\n/**\n * Fetches the sessions from the local storage and returns it.\n * If the format of the object is invalid, the method will discard it.\n * @returns Returns a promise that resolves with the sessions object if it exists and is valid.\n */\nexport async function fetch(): Promise<Sessions | undefined> {\n  const content = getSessions()\n\n  if (!content) {\n    return undefined\n  }\n  const contentJson = JSON.parse(content)\n  const parsedSessions = await SessionsSchema.safeParseAsync(contentJson)\n  if (parsedSessions.success) {\n    return parsedSessions.data\n  } else {\n    await remove()\n    return undefined\n  }\n}\n\n/**\n * Removes a session from the system.\n */\nexport async function remove() {\n  removeSessions()\n  removeCurrentSessionId()\n}\n\n/**\n * Gets the session alias for a given user ID.\n *\n * @param userId - The user ID of the session to get the alias for.\n * @returns The alias for the session if it exists, otherwise undefined.\n */\nexport async function getSessionAlias(userId: string): Promise<string | undefined> {\n  const sessions = await fetch()\n  if (!sessions) return undefined\n\n  const fqdn = await identityFqdn()\n  if (!sessions[fqdn] || !sessions[fqdn][userId]) return undefined\n  return sessions[fqdn][userId].identity.alias\n}\n\n/**\n * Finds a session by its alias.\n *\n * @param alias - The alias to search for\n * @returns The user ID if found, otherwise undefined\n */\nexport async function findSessionByAlias(alias: string): Promise<string | undefined> {\n  const sessions = await fetch()\n  if (!sessions) return undefined\n\n  const fqdn = await identityFqdn()\n  const fqdnSessions = sessions[fqdn]\n  if (!fqdnSessions) return undefined\n\n  for (const [userId, session] of Object.entries(fqdnSessions)) {\n    if (session.identity.alias === alias) {\n      return userId\n    }\n  }\n\n  return undefined\n}\n"]}

package/dist/private/node/session/validate.d.ts

@@ -1,4 +1,4 @@
-import { ApplicationToken, IdentityToken } from './schema.js';
+import { Session } from './schema.js';
 import { OAuthApplications } from '../session.js';
 type ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok';
 /**
@@ -8,10 +8,5 @@ type ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok';
  * @param session - current session with identity and application tokens
  * @returns 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session
  */
-export declare function validateSession(scopes: string[], applications: OAuthApplications, session: {
-    identity: IdentityToken;
-    applications: {
-        [x: string]: ApplicationToken;
-    };
-}): Promise<ValidationResult>;
+export declare function validateSession(scopes: string[], applications: OAuthApplications, session: Session | undefined): Promise<ValidationResult>;
 export {};

package/dist/private/node/session/validate.js.map

@@ -1 +1 @@
-{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../../src/private/node/session/validate.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,OAAO,EAAC,aAAa,EAAC,MAAM,eAAe,CAAA;AAC3C,OAAO,EAAkC,oCAAoC,EAAC,MAAM,aAAa,CAAA;AACjG,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAA;AAChD,OAAO,EAAC,aAAa,EAAC,MAAM,uCAAuC,CAAA;AAEnE,OAAO,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAA;AAI1D;;GAEG;AACH,SAAS,cAAc,CAAC,eAAyB,EAAE,QAAuB;IACxE,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAA;IACrC,IAAI,aAAa,EAAE,KAAK,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAA;IACxE,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;AACxE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAgB,EAChB,YAA+B,EAC/B,OAGC;IAED,IAAI,CAAC,OAAO;QAAE,OAAO,iBAAiB,CAAA;IACtC,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC/D,IAAI,CAAC,cAAc;QAAE,OAAO,iBAAiB,CAAA;IAC7C,IAAI,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEvD,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAE,CAAA;QAC9C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,WAAW,CAAC,uCAAuC,gBAAgB,EAAE,CAAC,CAAA;IAEtE,IAAI,CAAC,oCAAoC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5D,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED,IAAI,gBAAgB;QAAE,OAAO,eAAe,CAAA;IAE5C,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,cAAc,CAAC,KAAuB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO,KAAK,CAAC,SAAS,GAAG,eAAe,EAAE,CAAA;AAC5C,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,6BAA6B,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;AAC1F,CAAC","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport {applicationId} from './identity.js'\nimport {ApplicationToken, IdentityToken, validateCachedIdentityTokenStructure} from './schema.js'\nimport {sessionConstants} from '../constants.js'\nimport {firstPartyDev} from '../../../public/node/context/local.js'\nimport {OAuthApplications} from '../session.js'\nimport {outputDebug} from '../../../public/node/output.js'\n\ntype ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok'\n\n/**\n * Validate if an identity token is valid for the requested scopes\n */\nfunction validateScopes(requestedScopes: string[], identity: IdentityToken) {\n  const currentScopes = identity.scopes\n  if (firstPartyDev() !== currentScopes.includes('employee')) return false\n  return requestedScopes.every((scope) => currentScopes.includes(scope))\n}\n\n/**\n * Validate if the current session is valid or we need to refresh/re-authenticate\n * @param scopes - requested scopes to validate\n * @param applications - requested applications\n * @param session - current session with identity and application tokens\n * @returns 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session\n */\nexport async function validateSession(\n  scopes: string[],\n  applications: OAuthApplications,\n  session: {\n    identity: IdentityToken\n    applications: {[x: string]: ApplicationToken}\n  },\n): Promise<ValidationResult> {\n  if (!session) return 'needs_full_auth'\n  const scopesAreValid = validateScopes(scopes, session.identity)\n  if (!scopesAreValid) return 'needs_full_auth'\n  let tokensAreExpired = isTokenExpired(session.identity)\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.appManagementApi) {\n    const appId = applicationId('app-management')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = session.applications[realAppId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  outputDebug(`- Token validation -> It's expired: ${tokensAreExpired}`)\n\n  if (!validateCachedIdentityTokenStructure(session.identity)) {\n    return 'needs_full_auth'\n  }\n\n  if (tokensAreExpired) return 'needs_refresh'\n\n  return 'ok'\n}\n\nfunction isTokenExpired(token: ApplicationToken): boolean {\n  if (!token) return true\n  return token.expiresAt < expireThreshold()\n}\n\nfunction expireThreshold(): Date {\n  return new Date(Date.now() + sessionConstants.expirationTimeMarginInMinutes * 60 * 1000)\n}\n"]}
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../../src/private/node/session/validate.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,OAAO,EAAC,aAAa,EAAC,MAAM,eAAe,CAAA;AAC3C,OAAO,EAA2C,oCAAoC,EAAC,MAAM,aAAa,CAAA;AAC1G,OAAO,EAAC,gBAAgB,EAAC,MAAM,iBAAiB,CAAA;AAChD,OAAO,EAAC,aAAa,EAAC,MAAM,uCAAuC,CAAA;AAEnE,OAAO,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAA;AAI1D;;GAEG;AACH,SAAS,cAAc,CAAC,eAAyB,EAAE,QAAuB;IACxE,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAA;IACrC,IAAI,aAAa,EAAE,KAAK,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAA;IACxE,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;AACxE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAgB,EAChB,YAA+B,EAC/B,OAA4B;IAE5B,IAAI,CAAC,OAAO;QAAE,OAAO,iBAAiB,CAAA;IACtC,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC/D,IAAI,CAAC,cAAc;QAAE,OAAO,iBAAiB,CAAA;IAC7C,IAAI,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAEvD,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,YAAY,CAAC,gBAAgB,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,YAAY,CAAC,qBAAqB,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAA;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAE,CAAA;QAC1C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,SAAS,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,SAAS,IAAI,KAAK,EAAE,CAAA;QAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,SAAS,CAAE,CAAA;QAC9C,gBAAgB,GAAG,gBAAgB,IAAI,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,WAAW,CAAC,uCAAuC,gBAAgB,EAAE,CAAC,CAAA;IAEtE,IAAI,CAAC,oCAAoC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5D,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED,IAAI,gBAAgB;QAAE,OAAO,eAAe,CAAA;IAE5C,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,cAAc,CAAC,KAAuB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO,KAAK,CAAC,SAAS,GAAG,eAAe,EAAE,CAAA;AAC5C,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,6BAA6B,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;AAC1F,CAAC","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport {applicationId} from './identity.js'\nimport {ApplicationToken, IdentityToken, Session, validateCachedIdentityTokenStructure} from './schema.js'\nimport {sessionConstants} from '../constants.js'\nimport {firstPartyDev} from '../../../public/node/context/local.js'\nimport {OAuthApplications} from '../session.js'\nimport {outputDebug} from '../../../public/node/output.js'\n\ntype ValidationResult = 'needs_refresh' | 'needs_full_auth' | 'ok'\n\n/**\n * Validate if an identity token is valid for the requested scopes\n */\nfunction validateScopes(requestedScopes: string[], identity: IdentityToken) {\n  const currentScopes = identity.scopes\n  if (firstPartyDev() !== currentScopes.includes('employee')) return false\n  return requestedScopes.every((scope) => currentScopes.includes(scope))\n}\n\n/**\n * Validate if the current session is valid or we need to refresh/re-authenticate\n * @param scopes - requested scopes to validate\n * @param applications - requested applications\n * @param session - current session with identity and application tokens\n * @returns 'ok' if the session is valid, 'needs_full_auth' if we need to re-authenticate, 'needs_refresh' if we need to refresh the session\n */\nexport async function validateSession(\n  scopes: string[],\n  applications: OAuthApplications,\n  session: Session | undefined,\n): Promise<ValidationResult> {\n  if (!session) return 'needs_full_auth'\n  const scopesAreValid = validateScopes(scopes, session.identity)\n  if (!scopesAreValid) return 'needs_full_auth'\n  let tokensAreExpired = isTokenExpired(session.identity)\n\n  if (applications.partnersApi) {\n    const appId = applicationId('partners')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.appManagementApi) {\n    const appId = applicationId('app-management')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.storefrontRendererApi) {\n    const appId = applicationId('storefront-renderer')\n    const token = session.applications[appId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  if (applications.adminApi) {\n    const appId = applicationId('admin')\n    const realAppId = `${applications.adminApi.storeFqdn}-${appId}`\n    const token = session.applications[realAppId]!\n    tokensAreExpired = tokensAreExpired || isTokenExpired(token)\n  }\n\n  outputDebug(`- Token validation -> It's expired: ${tokensAreExpired}`)\n\n  if (!validateCachedIdentityTokenStructure(session.identity)) {\n    return 'needs_full_auth'\n  }\n\n  if (tokensAreExpired) return 'needs_refresh'\n\n  return 'ok'\n}\n\nfunction isTokenExpired(token: ApplicationToken): boolean {\n  if (!token) return true\n  return token.expiresAt < expireThreshold()\n}\n\nfunction expireThreshold(): Date {\n  return new Date(Date.now() + sessionConstants.expirationTimeMarginInMinutes * 60 * 1000)\n}\n"]}

package/dist/private/node/session.d.ts

@@ -67,7 +67,7 @@ type AuthMethod = 'partners_token' | 'device_auth' | 'theme_access_token' | 'cus
  *
  * This function performs the following steps:
  * 1. Checks for a cached user ID in memory (obtained in the current run).
- * 2. Attempts to fetch it from the secure store (from a previous auth session).
+ * 2. Attempts to fetch it from the local storage (from a previous auth session).
  * 3. Checks if a custom token was used (either as a theme password or partners token).
  * 4. If a custom token is present in the environment, generates a UUID and uses it as userId.
  * 5. If after all this we don't have a userId, then reports as 'unknown'.
@@ -90,16 +90,18 @@ export declare function setLastSeenUserIdAfterAuth(id: string): void;
  */
 export declare function getLastSeenAuthMethod(): Promise<AuthMethod>;
 export declare function setLastSeenAuthMethod(method: AuthMethod): void;
+export interface EnsureAuthenticatedAdditionalOptions {
+    noPrompt?: boolean;
+    forceRefresh?: boolean;
+    forceNewSession?: boolean;
+}
 /**
  * This method ensures that we have a valid session to authenticate against the given applications using the provided scopes.
  *
  * @param applications - An object containing the applications we need to be authenticated with.
  * @param _env - Optional environment variables to use.
- * @param forceRefresh - Optional flag to force a refresh of the token.
+ * @param options - Optional extra options to use.
  * @returns An instance with the access tokens organized by application.
  */
-export declare function ensureAuthenticated(applications: OAuthApplications, _env?: NodeJS.ProcessEnv, { forceRefresh, noPrompt }?: {
-    forceRefresh?: boolean;
-    noPrompt?: boolean;
-}): Promise<OAuthSession>;
+export declare function ensureAuthenticated(applications: OAuthApplications, _env?: NodeJS.ProcessEnv, { forceRefresh, noPrompt, forceNewSession }?: EnsureAuthenticatedAdditionalOptions): Promise<OAuthSession>;
 export {};