@uns-kit/core 0.0.37 → 0.0.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -3,11 +3,9 @@ import path from "node:path";
|
|
|
3
3
|
import { pathToFileURL } from "node:url";
|
|
4
4
|
import { zodToJsonSchema } from "zod-to-json-schema";
|
|
5
5
|
import { zodToTs, printNode, withGetType } from "zod-to-ts";
|
|
6
|
-
import { composeConfigSchema } from "../uns-config/schema-tools.js";
|
|
7
|
-
import { unsCoreSchema } from "../uns-config/uns-core-schema.js";
|
|
8
|
-
import { projectExtrasSchema as coreProjectExtrasSchema } from "../config/project.config.extension.js";
|
|
9
6
|
import { hostValueSchema } from "../uns-config/host-placeholders.js";
|
|
10
7
|
import { secretValueSchema } from "../uns-config/secret-placeholders.js";
|
|
8
|
+
import { composeConfigSchema } from "../uns-config/schema-tools.js";
|
|
11
9
|
function write(filePath, data) {
|
|
12
10
|
fs.mkdirSync(path.dirname(filePath), { recursive: true });
|
|
13
11
|
fs.writeFileSync(filePath, data);
|
|
@@ -49,20 +47,22 @@ async function loadProjectExtrasSchema() {
|
|
|
49
47
|
throw new Error(`Failed to load project config extension at '${candidate}': ${reason}`);
|
|
50
48
|
}
|
|
51
49
|
}
|
|
52
|
-
|
|
50
|
+
const coreModule = await import("../config/project.config.extension.js");
|
|
51
|
+
return coreModule.projectExtrasSchema;
|
|
53
52
|
}
|
|
54
|
-
const projectExtrasSchema = await loadProjectExtrasSchema();
|
|
55
|
-
const baseSchema = composeConfigSchema(unsCoreSchema, projectExtrasSchema).strict();
|
|
56
|
-
// 1) JSON Schema for VS Code $schema
|
|
57
|
-
const jsonSchema = zodToJsonSchema(baseSchema, "AppConfig");
|
|
58
|
-
write(path.resolve("config.schema.json"), JSON.stringify(jsonSchema, null, 2));
|
|
59
|
-
// 2) TypeScript `export type AppConfig = {...}`
|
|
60
53
|
// Keep placeholder-backed values as plain strings in the generated TypeScript typings so
|
|
61
54
|
// consuming code reflects the resolved shapes while the JSON schema still exposes full unions.
|
|
62
55
|
const renderAsString = (typescript) => typescript.factory.createKeywordTypeNode(typescript.SyntaxKind.StringKeyword);
|
|
63
56
|
for (const schema of [hostValueSchema, secretValueSchema]) {
|
|
64
57
|
withGetType(schema, renderAsString);
|
|
65
58
|
}
|
|
59
|
+
const { unsCoreSchema } = await import("../uns-config/uns-core-schema.js");
|
|
60
|
+
const projectExtrasSchema = await loadProjectExtrasSchema();
|
|
61
|
+
const baseSchema = composeConfigSchema(unsCoreSchema, projectExtrasSchema).strict();
|
|
62
|
+
// 1) JSON Schema for VS Code $schema
|
|
63
|
+
const jsonSchema = zodToJsonSchema(baseSchema, "AppConfig");
|
|
64
|
+
write(path.resolve("config.schema.json"), JSON.stringify(jsonSchema, null, 2));
|
|
65
|
+
// 2) TypeScript `export type AppConfig = {...}`
|
|
66
66
|
const { node } = zodToTs(baseSchema, "AppConfig");
|
|
67
67
|
const interfaceBody = printNode(node);
|
|
68
68
|
const tsContent = `/* Auto-generated. Do not edit by hand. */\nexport interface ProjectAppConfig ${interfaceBody}\n\nexport interface AppConfig extends ProjectAppConfig {}\n\ntype GeneratedProjectAppConfig = ProjectAppConfig;\ntype GeneratedAppConfig = AppConfig;\n\ndeclare module "@uns-kit/core/config/app-config.js" {\n interface ProjectAppConfig extends GeneratedProjectAppConfig {}\n interface AppConfig extends GeneratedAppConfig {}\n}\n`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-config-schema.js","sourceRoot":"","sources":["../../src/tools/generate-config-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG5D,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"generate-config-schema.js","sourceRoot":"","sources":["../../src/tools/generate-config-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG5D,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAEpE,SAAS,KAAK,CAAC,QAAgB,EAAE,IAAY;IAC3C,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,IAAI,aAAa,GAAG,KAAK,CAAC;AAE1B,KAAK,UAAU,cAAc;IAC3B,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IACD,aAAa,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,iIAAiI,CAClI,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,uBAAuB;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,qCAAqC,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAEtE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,IAAI,QAAQ,KAAK,KAAK,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACrE,MAAM,cAAc,EAAE,CAAC;YACzB,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,MAAM,EAAE,mBAAmB,EAAE,CAAC;gBAChC,OAAO,MAAM,CAAC,mBAAqC,CAAC;YACtD,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,WAAW,SAAS,wCAAwC,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,+CAA+C,SAAS,MAAM,MAAM,EAAE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,uCAAuC,CAAC,CAAC;IACzE,OAAO,UAAU,CAAC,mBAAqC,CAAC;AAC1D,CAAC;AAED,yFAAyF;AACzF,+FAA+F;AAC/F,MAAM,cAAc,GAAG,CAAC,UAAe,EAAE,EAAE,CACzC,UAAU,CAAC,OAAO,CAAC,qBAAqB,CAAC,UAAU,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAEhF,KAAK,MAAM,MAAM,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,EAAE,CAAC;IAC1D,WAAW,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAC3E,MAAM,mBAAmB,GAAG,MAAM,uBAAuB,EAAE,CAAC;AAC5D,MAAM,UAAU,GAAG,mBAAmB,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC,MAAM,EAAE,CAAC;AAEpF,qCAAqC;AACrC,MAAM,UAAU,GAAG,eAAe,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC5D,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAE/E,gDAAgD;AAChD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAClD,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAEtC,MAAM,SAAS,GAAG,iFAAiF,aAAa,8UAA8U,CAAC;AAE/b,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,4BAA4B,CAAC,EAAE,SAAS,CAAC,CAAC;AAE7D,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC","sourcesContent":["import fs from \"node:fs\";\nimport path from \"node:path\";\nimport { pathToFileURL } from \"node:url\";\nimport { zodToJsonSchema } from \"zod-to-json-schema\";\nimport { zodToTs, printNode, withGetType } from \"zod-to-ts\";\nimport { z } from \"zod\";\n\nimport { hostValueSchema } from \"../uns-config/host-placeholders.js\";\nimport { secretValueSchema } from \"../uns-config/secret-placeholders.js\";\nimport { composeConfigSchema } from \"../uns-config/schema-tools.js\";\n\nfunction write(filePath: string, data: string) {\n fs.mkdirSync(path.dirname(filePath), { recursive: true });\n fs.writeFileSync(filePath, data);\n}\n\nlet tsLoaderReady = false;\n\nasync function ensureTsLoader(): Promise<void> {\n if (tsLoaderReady) {\n return;\n }\n tsLoaderReady = true;\n try {\n await import(\"tsx/esm\");\n } catch (error) {\n throw new Error(\n \"Unable to load TypeScript project.config.extension. Install 'tsx' (e.g. pnpm add -D tsx) or provide a compiled JavaScript file.\",\n );\n }\n}\n\nasync function loadProjectExtrasSchema(): Promise<z.AnyZodObject> {\n const base = path.resolve(process.cwd(), \"src/config/project.config.extension\");\n const extensions = [\"\", \".ts\", \".mts\", \".tsx\", \".js\", \".mjs\", \".cjs\"];\n\n for (const ext of extensions) {\n const candidate = ext ? `${base}${ext}` : base;\n if (!fs.existsSync(candidate)) {\n continue;\n }\n\n const lowerExt = path.extname(candidate).toLowerCase();\n try {\n if (lowerExt === \".ts\" || lowerExt === \".mts\" || lowerExt === \".tsx\") {\n await ensureTsLoader();\n }\n\n const module = await import(pathToFileURL(candidate).href);\n if (module?.projectExtrasSchema) {\n return module.projectExtrasSchema as z.AnyZodObject;\n }\n\n throw new Error(`Module '${candidate}' does not export projectExtrasSchema.`);\n } catch (error) {\n const reason = error instanceof Error ? error.message : String(error);\n throw new Error(`Failed to load project config extension at '${candidate}': ${reason}`);\n }\n }\n\n const coreModule = await import(\"../config/project.config.extension.js\");\n return coreModule.projectExtrasSchema as z.AnyZodObject;\n}\n\n// Keep placeholder-backed values as plain strings in the generated TypeScript typings so\n// consuming code reflects the resolved shapes while the JSON schema still exposes full unions.\nconst renderAsString = (typescript: any) =>\n typescript.factory.createKeywordTypeNode(typescript.SyntaxKind.StringKeyword);\n\nfor (const schema of [hostValueSchema, secretValueSchema]) {\n withGetType(schema, renderAsString);\n}\n\nconst { unsCoreSchema } = await import(\"../uns-config/uns-core-schema.js\");\nconst projectExtrasSchema = await loadProjectExtrasSchema();\nconst baseSchema = composeConfigSchema(unsCoreSchema, projectExtrasSchema).strict();\n\n// 1) JSON Schema for VS Code $schema\nconst jsonSchema = zodToJsonSchema(baseSchema, \"AppConfig\");\nwrite(path.resolve(\"config.schema.json\"), JSON.stringify(jsonSchema, null, 2));\n\n// 2) TypeScript `export type AppConfig = {...}`\nconst { node } = zodToTs(baseSchema, \"AppConfig\");\nconst interfaceBody = printNode(node);\n\nconst tsContent = `/* Auto-generated. Do not edit by hand. */\\nexport interface ProjectAppConfig ${interfaceBody}\\n\\nexport interface AppConfig extends ProjectAppConfig {}\\n\\ntype GeneratedProjectAppConfig = ProjectAppConfig;\\ntype GeneratedAppConfig = AppConfig;\\n\\ndeclare module \"@uns-kit/core/config/app-config.js\" {\\n interface ProjectAppConfig extends GeneratedProjectAppConfig {}\\n interface AppConfig extends GeneratedAppConfig {}\\n}\\n`;\n\nwrite(path.resolve(\"./src/config/app-config.ts\"), tsContent);\n\nconsole.log(\"Generated config.schema.json and updated src/config/app-config.ts\");\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secret-resolver.d.ts","sourceRoot":"","sources":["../../src/uns-config/secret-resolver.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"secret-resolver.d.ts","sourceRoot":"","sources":["../../src/uns-config/secret-resolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAIL,KAAK,iBAAiB,EACvB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAEL,KAAK,eAAe,EAErB,MAAM,wBAAwB,CAAC;AAEhC,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,SAAS,CAAC;AACrD,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,SAAS,CAAC;AAEnD,KAAK,0BAA0B,GAC3B;IAAE,QAAQ,EAAE,KAAK,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAChC;IAAE,QAAQ,EAAE,WAAW,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,KAAK,wBAAwB,GAAG,eAAe,CAAC;AAEhD,MAAM,MAAM,cAAc,CAAC,CAAC,IAAI,CAAC,SAAS,0BAA0B,GAChE,mBAAmB,GACnB,CAAC,SAAS,wBAAwB,GAChC,iBAAiB,GACnB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,GACnB,cAAc,CAAC,CAAC,CAAC,EAAE,GACnB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAAE,GACxC,CAAC,CAAC;AAEV,MAAM,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;AAE1D,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;CAC9B;AAED,MAAM,MAAM,gBAAgB,GAAG,CAC7B,OAAO,EAAE,qBAAqB,KAC3B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;AAEjC,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yFAAyF;IACzF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mFAAmF;IACnF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,IAAI,CAAC,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC7B,uEAAuE;IACvE,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,4EAA4E;IAC5E,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,wBAAwB,CAAC;IACrC,kFAAkF;IAClF,eAAe,CAAC,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,KAAK,GAAG,WAAW,KAAK,IAAI,CAAC;IACxF,qDAAqD;IACrD,KAAK,CAAC,EAAE,mBAAmB,CAAC;CAC7B;AAED,MAAM,WAAW,mBAAmB;IAClC,8EAA8E;IAC9E,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,qEAAqE;IACrE,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IACnD;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IACpF,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,oBAAoB,EAAE,GAAG,SAAS,CAAC,CAAC;IAC7E,gFAAgF;IAChF,aAAa,CAAC,EAAE,CAAC,WAAW,EAAE,eAAe,KAAK,IAAI,CAAC;CACxD;AAwED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,SAAS,EACjB,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,iBAAiB,CAAC,CAI5B;AAED,wBAAgB,yBAAyB,IAAI,IAAI,CAIhD"}
|
|
@@ -1,8 +1,50 @@
|
|
|
1
|
+
import fs from "node:fs/promises";
|
|
1
2
|
import os from "node:os";
|
|
2
3
|
import { isSecretPlaceholder, } from "./secret-placeholders.js";
|
|
3
4
|
import { isHostPlaceholder, } from "./host-placeholders.js";
|
|
5
|
+
const INFISICAL_TOKEN_FILE = "/run/secrets/infisical_token";
|
|
6
|
+
const INFISICAL_PROJECT_ID_FILE = "/run/secrets/infisical_project_id";
|
|
7
|
+
const INFISICAL_SITE_URL_FILE = "/run/secrets/infisical_site_url";
|
|
8
|
+
const INFISICAL_TOKEN_FILE_ALT = "/var/lib/uns/secrets/infisical_token";
|
|
9
|
+
const INFISICAL_PROJECT_ID_FILE_ALT = "/var/lib/uns/secrets/infisical_project_id";
|
|
10
|
+
const INFISICAL_SITE_URL_FILE_ALT = "/var/lib/uns/secrets/infisical_site_url";
|
|
4
11
|
const envCache = new Map();
|
|
5
12
|
const infisicalCache = new Map();
|
|
13
|
+
async function readSecretFile(filePath) {
|
|
14
|
+
try {
|
|
15
|
+
const content = await fs.readFile(filePath, "utf8");
|
|
16
|
+
const trimmed = content.trim();
|
|
17
|
+
return trimmed.length > 0 ? trimmed : undefined;
|
|
18
|
+
}
|
|
19
|
+
catch (error) {
|
|
20
|
+
if (error.code === "ENOENT") {
|
|
21
|
+
return undefined;
|
|
22
|
+
}
|
|
23
|
+
throw new Error(`Failed to read Infisical secret file '${filePath}': ${error instanceof Error ? error.message : String(error)}`, { cause: error });
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
async function resolveInfisicalToken(options) {
|
|
27
|
+
const candidate = options?.token ??
|
|
28
|
+
process.env["INFISICAL_TOKEN"] ??
|
|
29
|
+
process.env["INFISICAL_PERSONAL_TOKEN"] ??
|
|
30
|
+
(await readSecretFile(INFISICAL_TOKEN_FILE)) ??
|
|
31
|
+
(await readSecretFile(INFISICAL_TOKEN_FILE_ALT));
|
|
32
|
+
return candidate?.trim() || undefined;
|
|
33
|
+
}
|
|
34
|
+
async function resolveInfisicalSiteUrl(options) {
|
|
35
|
+
const candidate = options?.siteUrl ??
|
|
36
|
+
process.env["INFISICAL_SITE_URL"] ??
|
|
37
|
+
(await readSecretFile(INFISICAL_SITE_URL_FILE)) ??
|
|
38
|
+
(await readSecretFile(INFISICAL_SITE_URL_FILE_ALT));
|
|
39
|
+
return candidate?.trim() || undefined;
|
|
40
|
+
}
|
|
41
|
+
async function resolveInfisicalProjectId(options) {
|
|
42
|
+
const candidate = options?.projectId ??
|
|
43
|
+
process.env["INFISICAL_PROJECT_ID"] ??
|
|
44
|
+
(await readSecretFile(INFISICAL_PROJECT_ID_FILE)) ??
|
|
45
|
+
(await readSecretFile(INFISICAL_PROJECT_ID_FILE_ALT));
|
|
46
|
+
return candidate?.trim() || undefined;
|
|
47
|
+
}
|
|
6
48
|
const structuredCloneFallback = (value) => typeof structuredClone === "function"
|
|
7
49
|
? structuredClone(value)
|
|
8
50
|
: JSON.parse(JSON.stringify(value));
|
|
@@ -126,7 +168,7 @@ function resolveSystemHost(placeholder, options) {
|
|
|
126
168
|
const interfaceEntries = targetName
|
|
127
169
|
? [[targetName, interfaces[targetName]]]
|
|
128
170
|
: Object.entries(interfaces);
|
|
129
|
-
for (const [
|
|
171
|
+
for (const [, ifaceList] of interfaceEntries) {
|
|
130
172
|
if (!ifaceList) {
|
|
131
173
|
continue;
|
|
132
174
|
}
|
|
@@ -153,7 +195,7 @@ function resolveSystemHost(placeholder, options) {
|
|
|
153
195
|
const targetDescription = targetName ? `interface '${targetName}'` : "available interfaces";
|
|
154
196
|
throw new Error(`System host lookup failed for ${targetDescription} (family ${family}).`);
|
|
155
197
|
}
|
|
156
|
-
|
|
198
|
+
function resolveEnvSecret(placeholder, options) {
|
|
157
199
|
const envMap = options.env ?? process.env;
|
|
158
200
|
const cacheKey = placeholder.key;
|
|
159
201
|
if (envCache.has(cacheKey)) {
|
|
@@ -180,10 +222,11 @@ async function resolveInfisicalSecret(placeholder, options) {
|
|
|
180
222
|
const fetcher = await getInfisicalFetcher(infisicalOptions);
|
|
181
223
|
if (!fetcher) {
|
|
182
224
|
options.onMissingSecret?.(placeholder, "infisical");
|
|
183
|
-
throw new Error("Infisical secret requested but no resolver is configured. Provide SecretResolverOptions.infisical
|
|
225
|
+
throw new Error("Infisical secret requested but no resolver is configured. Provide SecretResolverOptions.infisical, " +
|
|
226
|
+
"set INFISICAL_TOKEN/INFISICAL_PERSONAL_TOKEN, or supply /run/secrets/infisical_token (/var/lib/uns/secrets/infisical_token also supported).");
|
|
184
227
|
}
|
|
185
|
-
const environment = placeholder.environment ?? infisicalOptions?.environment ?? process.env
|
|
186
|
-
const projectId = placeholder.projectId ?? infisicalOptions
|
|
228
|
+
const environment = placeholder.environment ?? infisicalOptions?.environment ?? process.env["INFISICAL_ENVIRONMENT"];
|
|
229
|
+
const projectId = placeholder.projectId ?? (await resolveInfisicalProjectId(infisicalOptions));
|
|
187
230
|
const type = infisicalOptions?.type ?? "shared";
|
|
188
231
|
if (!environment) {
|
|
189
232
|
throw new Error(`Infisical secret '${placeholder.path}:${placeholder.key}' is missing an environment. ` +
|
|
@@ -191,7 +234,8 @@ async function resolveInfisicalSecret(placeholder, options) {
|
|
|
191
234
|
}
|
|
192
235
|
if (!projectId) {
|
|
193
236
|
throw new Error(`Infisical secret '${placeholder.path}:${placeholder.key}' is missing a project id. ` +
|
|
194
|
-
"Set it on the placeholder, pass SecretResolverOptions.infisical.projectId,
|
|
237
|
+
"Set it on the placeholder, pass SecretResolverOptions.infisical.projectId, define INFISICAL_PROJECT_ID, " +
|
|
238
|
+
"or provide /run/secrets/infisical_project_id (also /var/lib/uns/secrets/infisical_project_id).");
|
|
195
239
|
}
|
|
196
240
|
const cacheKey = JSON.stringify({
|
|
197
241
|
path: placeholder.path,
|
|
@@ -228,23 +272,18 @@ async function resolveInfisicalSecret(placeholder, options) {
|
|
|
228
272
|
return fetchPromise;
|
|
229
273
|
}
|
|
230
274
|
async function getInfisicalFetcher(options) {
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
if (options.fetchSecret) {
|
|
235
|
-
return options.fetchSecret;
|
|
275
|
+
const effectiveOptions = options ?? {};
|
|
276
|
+
if (effectiveOptions.fetchSecret) {
|
|
277
|
+
return effectiveOptions.fetchSecret;
|
|
236
278
|
}
|
|
237
|
-
const token =
|
|
238
|
-
process.env.INFISICAL_TOKEN ??
|
|
239
|
-
process.env.INFISICAL_PERSONAL_TOKEN ??
|
|
240
|
-
"";
|
|
279
|
+
const token = await resolveInfisicalToken(effectiveOptions);
|
|
241
280
|
if (!token) {
|
|
242
281
|
return undefined;
|
|
243
282
|
}
|
|
244
|
-
const
|
|
245
|
-
const cacheKey = `${token}::${
|
|
283
|
+
const siteUrl = await resolveInfisicalSiteUrl(effectiveOptions);
|
|
284
|
+
const cacheKey = `${token}::${siteUrl ?? ""}`;
|
|
246
285
|
if (!defaultInfisicalFetcherCache.has(cacheKey)) {
|
|
247
|
-
defaultInfisicalFetcherCache.set(cacheKey, createDefaultInfisicalFetcher(token,
|
|
286
|
+
defaultInfisicalFetcherCache.set(cacheKey, createDefaultInfisicalFetcher(token, siteUrl));
|
|
248
287
|
}
|
|
249
288
|
const baseFetcher = await defaultInfisicalFetcherCache.get(cacheKey);
|
|
250
289
|
return baseFetcher;
|
|
@@ -257,7 +296,7 @@ async function createDefaultInfisicalFetcher(token, siteUrl) {
|
|
|
257
296
|
if (!InfisicalSDK) {
|
|
258
297
|
throw new Error("@infisical/sdk does not export InfisicalSDK");
|
|
259
298
|
}
|
|
260
|
-
const sdkInstance = new InfisicalSDK({ siteUrl });
|
|
299
|
+
const sdkInstance = new InfisicalSDK({ siteUrl: siteUrl ?? "" });
|
|
261
300
|
const authenticatedSdk = sdkInstance.auth().accessToken(token);
|
|
262
301
|
return async ({ path, key, environment, projectId, type = "shared" }) => {
|
|
263
302
|
if (!environment) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secret-resolver.js","sourceRoot":"","sources":["../../src/uns-config/secret-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AAGzB,OAAO,EACL,mBAAmB,GAIpB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,iBAAiB,GAGlB,MAAM,wBAAwB,CAAC;AAqFhC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA8B,CAAC;AACvD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAuC,CAAC;AAEtE,MAAM,uBAAuB,GAAG,CAAI,KAAQ,EAAK,EAAE,CACjD,OAAO,eAAe,KAAK,UAAU;IACnC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;IACxB,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAO,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAiB,EACjB,UAAiC,EAAE;IAEnC,MAAM,OAAO,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,OAAO,OAA4B,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACjB,cAAc,CAAC,KAAK,EAAE,CAAC;IACvB,4BAA4B,CAAC,KAAK,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAa,EAAE,OAA8B;IACtE,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QACtF,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAA+B,CAAC;QAE5C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAEzB,IAAI,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAC5D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAC3B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;gBACtB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAChE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAC3B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;gBACtB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC1D,GAAG,CAAC,GAAG,CAAC,GAAG,aAAwB,CAAC;QACtC,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,WAA8B,EAC9B,OAA8B;IAE9B,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC7B,KAAK,KAAK;YACR,OAAO,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,WAAW;YACd,OAAO,sBAAsB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACtD;YACE,uDAAuD;YACvD,OAAO,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAQ;IACnC,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,WAA4B,EAC5B,OAA6B;IAE7B,MAAM,gBAAgB,GAAG,OAAO,IAAI,EAAE,CAAC;IAEvC,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC7B,KAAK,QAAQ;YACX,OAAO,WAAW,CAAC,KAAK,CAAC;QAC3B,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;YAEnD,IAAI,QAAQ,GAAG,MAAM,oBAAoB,CACvC,WAAW,CAAC,GAAG,EACf,gBAAgB,CAAC,eAAe,CACjC,CAAC;YAEF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,QAAQ,GAAG,MAAM,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACvC,CAAC;YAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;oBACtC,OAAO,WAAW,CAAC,OAAO,CAAC;gBAC7B,CAAC;gBACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;oBACzB,OAAO,SAAS,CAAC;gBACnB,CAAC;gBAED,gBAAgB,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,kBAAkB,WAAW,CAAC,GAAG,0BAA0B,CAAC,CAAC;YAC/E,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,KAAK,QAAQ;YACX,OAAO,iBAAiB,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAC1D;YACE,OAAO,uBAAuB,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,GAAW,EACX,QAA4E;IAE5E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,oCAAoC,GAAG,0BACrC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,EACF,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,CAAQ;IACvC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,iBAAiB,CACxB,WAAkC,EAClC,OAA4B;IAE5B,MAAM,aAAa,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,iBAAiB,CAAC;IACxE,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,IAAI,MAAM,CAAC;IAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,aAAa,CAAC;IAE7C,MAAM,gBAAgB,GAAiE,UAAU;QAC/F,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/B,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,IACE,KAAK;gBACL,KAAK,CAAC,MAAM,KAAK,MAAM;gBACvB,KAAK,CAAC,QAAQ,KAAK,IAAI;gBACvB,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ;gBACjC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EACxB,CAAC;gBACD,OAAO,KAAK,CAAC,OAAO,CAAC;YACvB,CAAC;QACH,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO,WAAW,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,CAAC;IACrC,MAAM,iBAAiB,GAAG,UAAU,CAAC,CAAC,CAAC,cAAc,UAAU,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC;IAC5F,MAAM,IAAI,KAAK,CACb,iCAAiC,iBAAiB,YAAY,MAAM,IAAI,CACzE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,WAAiC,EACjC,OAA8B;IAE9B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAC1C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC;IAEjC,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAE/B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACtC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,WAAW,CAAC,OAAO,CAAC;QAC7B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YACzB,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YAClC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,CAAC,eAAe,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,eAAe,CAAC,CAAC;IAC7E,CAAC;IAED,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,WAAuC,EACvC,OAA8B;IAE9B,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAE5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,eAAe,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,IAAI,KAAK,CACb,oGAAoG,CACrG,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,WAAW,CAAC,WAAW,IAAI,gBAAgB,EAAE,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAClH,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,IAAI,gBAAgB,EAAE,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAC3G,MAAM,IAAI,GAAG,gBAAgB,EAAE,IAAI,IAAI,QAAQ,CAAC;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,qBAAqB,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC,GAAG,+BAA+B;YACvF,+GAA+G,CAChH,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,qBAAqB,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC,GAAG,6BAA6B;YACrF,4GAA4G,CAC7G,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,WAAW;QACX,SAAS;QACT,IAAI;KACL,CAAC,CAAC;IAEH,IAAI,gBAAgB,EAAE,KAAK,KAAK,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtE,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IACnD,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC;QAC3B,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,WAAW;QACX,SAAS;QACT,IAAI;KACL,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACf,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAC5C,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBACtC,OAAO,WAAW,CAAC,OAAO,CAAC;YAC7B,CAAC;YACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;gBACzB,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,CAAC,eAAe,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,WAAW,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC,GAAG,2BAA2B,CAC1E,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,IAAI,gBAAgB,EAAE,KAAK,KAAK,KAAK,EAAE,CAAC;QACtC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,OAAkC;IAElC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,OAAO,CAAC,WAAW,CAAC;IAC7B,CAAC;IAED,MAAM,KAAK,GACT,OAAO,CAAC,KAAK;QACb,OAAO,CAAC,GAAG,CAAC,eAAe;QAC3B,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACpC,EAAE,CAAC;IAEL,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC;IAC3E,MAAM,QAAQ,GAAG,GAAG,KAAK,KAAK,UAAU,EAAE,CAAC;IAE3C,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,4BAA4B,CAAC,GAAG,CAC9B,QAAQ,EACR,6BAA6B,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CACtD,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;IACtE,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,4BAA4B,GAAG,IAAI,GAAG,EAAqC,CAAC;AAElF,KAAK,UAAU,6BAA6B,CAC1C,KAAa,EACb,OAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,SAAS,GAAoC,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAClF,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAClD,MAAM,gBAAgB,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE/D,OAAO,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,GAAG,QAAQ,EAAyB,EAAE,EAAE;YAC7F,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,IAAI,GAAG,8BAA8B,CAC/D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,IAAI,GAAG,4BAA4B,CAC7D,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,gBAAgB;iBAClC,OAAO,EAAE;iBACT,SAAS,CAAC;gBACT,UAAU,EAAE,GAAG;gBACf,UAAU,EAAE,IAAI;gBAChB,WAAW;gBACX,SAAS;gBACT,eAAe,EAAE,IAAI;gBACrB,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM;aACpE,CAAC,CAAC;YAEL,OAAO,MAAM,EAAE,WAAW,IAAI,SAAS,CAAC;QAC1C,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,kHAAkH,EAClH,EAAE,KAAK,EAAE,KAAc,EAAE,CAC1B,CAAC;IACJ,CAAC;AACH,CAAC","sourcesContent":["import os from \"node:os\";\nimport type { NetworkInterfaceInfo } from \"node:os\";\nimport type { AppConfig } from \"../config/app-config.js\";\nimport {\n isSecretPlaceholder,\n type EnvSecretPlaceholder,\n type InfisicalSecretPlaceholder,\n type SecretPlaceholder,\n} from \"./secret-placeholders.js\";\nimport {\n isHostPlaceholder,\n type HostPlaceholder,\n type SystemHostPlaceholder,\n} from \"./host-placeholders.js\";\n\nexport type SecretValueResolved = string | undefined;\nexport type HostValueResolved = string | undefined;\n\ntype SecretPlaceholderCandidate =\n | { provider: \"env\"; key: string }\n | { provider: \"infisical\"; key: string; path: string };\n\ntype HostPlaceholderCandidate = HostPlaceholder;\n\nexport type ResolvedConfig<T> = T extends SecretPlaceholderCandidate\n ? SecretValueResolved\n : T extends HostPlaceholderCandidate\n ? HostValueResolved\n : T extends (infer U)[]\n ? ResolvedConfig<U>[]\n : T extends Record<string, unknown>\n ? { [K in keyof T]: ResolvedConfig<T[K]> }\n : T;\n\nexport type ResolvedAppConfig = ResolvedConfig<AppConfig>;\n\nexport interface InfisicalFetchRequest {\n path: string;\n key: string;\n environment?: string;\n projectId?: string;\n type?: \"shared\" | \"personal\";\n}\n\nexport type InfisicalFetcher = (\n request: InfisicalFetchRequest\n) => Promise<string | undefined>;\n\nexport interface InfisicalResolverOptions {\n /**\n * Provide a custom fetcher. If omitted, the resolver tries to lazily instantiate\n * an Infisical client using @infisical/sdk based on the supplied token/siteUrl/options.\n */\n fetchSecret?: InfisicalFetcher;\n /**\n * Machine token or personal token used when creating the default Infisical client.\n * Falls back to the INFISICAL_TOKEN or INFISICAL_PERSONAL_TOKEN environment variables.\n */\n token?: string;\n /** Optional Infisical site URL override. Defaults to INFISICAL_SITE_URL when present. */\n siteUrl?: string;\n /** Default environment used when a placeholder does not specify one explicitly. */\n environment?: string;\n /** Default project id used when a placeholder does not provide one. */\n projectId?: string;\n /** Default secret type. Shared secrets are used by default. */\n type?: \"shared\" | \"personal\";\n /** Disable in-memory caching when set to false. Enabled by default. */\n cache?: boolean;\n}\n\nexport interface SecretResolverOptions {\n /** Environment map used for `env` placeholders. Defaults to process.env. */\n env?: NodeJS.ProcessEnv;\n /** Configuration for resolving Infisical placeholders. */\n infisical?: InfisicalResolverOptions;\n /** Callback invoked before throwing when a required secret cannot be resolved. */\n onMissingSecret?: (placeholder: SecretPlaceholder, source: \"env\" | \"infisical\") => void;\n /** Configuration for resolving host placeholders. */\n hosts?: HostResolverOptions;\n}\n\nexport interface HostResolverOptions {\n /** Optional environment map used when falling back to process.env lookups. */\n env?: NodeJS.ProcessEnv;\n /** Static mapping of external host keys to concrete host strings. */\n externalHosts?: Record<string, string | undefined>;\n /**\n * Custom resolver invoked when an external host needs to be resolved.\n * It can return synchronously or asynchronously.\n */\n resolveExternal?: (key: string) => string | undefined | Promise<string | undefined>;\n /** Override for os.networkInterfaces (handy for tests). */\n networkInterfaces?: () => Record<string, NetworkInterfaceInfo[] | undefined>;\n /** Callback invoked before throwing when a required host cannot be resolved. */\n onMissingHost?: (placeholder: HostPlaceholder) => void;\n}\n\nconst envCache = new Map<string, string | undefined>();\nconst infisicalCache = new Map<string, Promise<string | undefined>>();\n\nconst structuredCloneFallback = <T>(value: T): T =>\n typeof structuredClone === \"function\"\n ? structuredClone(value)\n : (JSON.parse(JSON.stringify(value)) as T);\n\nexport async function resolveConfigSecrets(\n config: AppConfig,\n options: SecretResolverOptions = {}\n): Promise<ResolvedAppConfig> {\n const working = structuredCloneFallback(config);\n await resolveNode(working, options);\n return working as ResolvedAppConfig;\n}\n\nexport function clearSecretResolverCaches(): void {\n envCache.clear();\n infisicalCache.clear();\n defaultInfisicalFetcherCache.clear();\n}\n\nasync function resolveNode(node: unknown, options: SecretResolverOptions): Promise<unknown> {\n if (isSecretPlaceholder(node)) {\n return resolveSecretValue(node, options);\n }\n\n if (isHostPlaceholder(node)) {\n return resolveHostValue(node, options.hosts);\n }\n\n if (Array.isArray(node)) {\n const resolvedArray = await Promise.all(node.map(item => resolveNode(item, options)));\n return resolvedArray;\n }\n\n if (node && typeof node === \"object\") {\n const obj = node as Record<string, unknown>;\n\n for (const key of Object.keys(obj)) {\n const current = obj[key];\n\n if (isSecretPlaceholder(current)) {\n const resolved = await resolveSecretValue(current, options);\n if (resolved === undefined) {\n delete obj[key];\n } else {\n obj[key] = resolved;\n }\n continue;\n }\n\n if (isHostPlaceholder(current)) {\n const resolved = await resolveHostValue(current, options.hosts);\n if (resolved === undefined) {\n delete obj[key];\n } else {\n obj[key] = resolved;\n }\n continue;\n }\n\n const resolvedChild = await resolveNode(current, options);\n obj[key] = resolvedChild as unknown;\n }\n\n return obj;\n }\n\n return node;\n}\n\nasync function resolveSecretValue(\n placeholder: SecretPlaceholder,\n options: SecretResolverOptions\n): Promise<SecretValueResolved> {\n switch (placeholder.provider) {\n case \"env\":\n return resolveEnvSecret(placeholder, options);\n case \"infisical\":\n return resolveInfisicalSecret(placeholder, options);\n default:\n // Exhaustive check to guard future provider additions.\n return assertNeverProvider(placeholder);\n }\n}\n\nfunction assertNeverProvider(x: never): never {\n throw new Error(`Unsupported secret provider: ${JSON.stringify(x)}`);\n}\n\nasync function resolveHostValue(\n placeholder: HostPlaceholder,\n options?: HostResolverOptions\n): Promise<HostValueResolved> {\n const effectiveOptions = options ?? {};\n\n switch (placeholder.provider) {\n case \"inline\":\n return placeholder.value;\n case \"external\": {\n const envMap = effectiveOptions.env ?? process.env;\n\n let resolved = await maybeResolveExternal(\n placeholder.key,\n effectiveOptions.resolveExternal\n );\n\n if (resolved === undefined) {\n resolved = effectiveOptions.externalHosts?.[placeholder.key];\n }\n\n if (resolved === undefined) {\n resolved = envMap?.[placeholder.key];\n }\n\n if (resolved === undefined) {\n if (placeholder.default !== undefined) {\n return placeholder.default;\n }\n if (placeholder.optional) {\n return undefined;\n }\n\n effectiveOptions.onMissingHost?.(placeholder);\n throw new Error(`External host '${placeholder.key}' could not be resolved.`);\n }\n\n return resolved;\n }\n case \"system\":\n return resolveSystemHost(placeholder, effectiveOptions);\n default:\n return assertNeverHostProvider(placeholder);\n }\n}\n\nasync function maybeResolveExternal(\n key: string,\n resolver?: (key: string) => string | undefined | Promise<string | undefined>\n): Promise<string | undefined> {\n if (!resolver) {\n return undefined;\n }\n\n try {\n return await resolver(key);\n } catch (error) {\n throw new Error(\n `Failed to resolve external host '${key}' via custom resolver: ${\n error instanceof Error ? error.message : String(error)\n }`,\n { cause: error }\n );\n }\n}\n\nfunction assertNeverHostProvider(x: never): never {\n throw new Error(`Unsupported host provider: ${JSON.stringify(x)}`);\n}\n\nfunction resolveSystemHost(\n placeholder: SystemHostPlaceholder,\n options: HostResolverOptions\n): HostValueResolved {\n const getInterfaces = options.networkInterfaces ?? os.networkInterfaces;\n const interfaces = getInterfaces();\n const family = placeholder.family ?? \"IPv4\";\n const targetName = placeholder.interfaceName;\n\n const interfaceEntries: Array<readonly [string, NetworkInterfaceInfo[] | undefined]> = targetName\n ? [[targetName, interfaces[targetName]]]\n : Object.entries(interfaces);\n\n for (const [name, ifaceList] of interfaceEntries) {\n if (!ifaceList) {\n continue;\n }\n for (const iface of ifaceList) {\n if (\n iface &&\n iface.family === family &&\n iface.internal !== true &&\n typeof iface.address === \"string\" &&\n iface.address.length > 0\n ) {\n return iface.address;\n }\n }\n\n if (targetName) {\n break;\n }\n }\n\n if (placeholder.default !== undefined) {\n return placeholder.default;\n }\n\n if (placeholder.optional) {\n return undefined;\n }\n\n options.onMissingHost?.(placeholder);\n const targetDescription = targetName ? `interface '${targetName}'` : \"available interfaces\";\n throw new Error(\n `System host lookup failed for ${targetDescription} (family ${family}).`\n );\n}\n\nasync function resolveEnvSecret(\n placeholder: EnvSecretPlaceholder,\n options: SecretResolverOptions\n): Promise<SecretValueResolved> {\n const envMap = options.env ?? process.env;\n const cacheKey = placeholder.key;\n\n if (envCache.has(cacheKey)) {\n return envCache.get(cacheKey) ?? undefined;\n }\n\n const value = envMap[cacheKey];\n\n if (value === undefined || value === null) {\n if (placeholder.default !== undefined) {\n envCache.set(cacheKey, placeholder.default);\n return placeholder.default;\n }\n if (placeholder.optional) {\n envCache.set(cacheKey, undefined);\n return undefined;\n }\n\n options.onMissingSecret?.(placeholder, \"env\");\n throw new Error(`Required environment variable '${cacheKey}' is not set.`);\n }\n\n envCache.set(cacheKey, value);\n return value;\n}\n\nasync function resolveInfisicalSecret(\n placeholder: InfisicalSecretPlaceholder,\n options: SecretResolverOptions\n): Promise<SecretValueResolved> {\n const infisicalOptions = options.infisical;\n const fetcher = await getInfisicalFetcher(infisicalOptions);\n\n if (!fetcher) {\n options.onMissingSecret?.(placeholder, \"infisical\");\n throw new Error(\n \"Infisical secret requested but no resolver is configured. Provide SecretResolverOptions.infisical.\"\n );\n }\n\n const environment = placeholder.environment ?? infisicalOptions?.environment ?? process.env.INFISICAL_ENVIRONMENT;\n const projectId = placeholder.projectId ?? infisicalOptions?.projectId ?? process.env.INFISICAL_PROJECT_ID;\n const type = infisicalOptions?.type ?? \"shared\";\n\n if (!environment) {\n throw new Error(\n `Infisical secret '${placeholder.path}:${placeholder.key}' is missing an environment. ` +\n \"Set it on the placeholder, pass SecretResolverOptions.infisical.environment, or define INFISICAL_ENVIRONMENT.\"\n );\n }\n\n if (!projectId) {\n throw new Error(\n `Infisical secret '${placeholder.path}:${placeholder.key}' is missing a project id. ` +\n \"Set it on the placeholder, pass SecretResolverOptions.infisical.projectId, or define INFISICAL_PROJECT_ID.\"\n );\n }\n\n const cacheKey = JSON.stringify({\n path: placeholder.path,\n key: placeholder.key,\n environment,\n projectId,\n type,\n });\n\n if (infisicalOptions?.cache !== false && infisicalCache.has(cacheKey)) {\n return infisicalCache.get(cacheKey) ?? undefined;\n }\n\n const fetchPromise = fetcher({\n path: placeholder.path,\n key: placeholder.key,\n environment,\n projectId,\n type,\n }).then(secret => {\n if (secret === undefined || secret === null) {\n if (placeholder.default !== undefined) {\n return placeholder.default;\n }\n if (placeholder.optional) {\n return undefined;\n }\n options.onMissingSecret?.(placeholder, \"infisical\");\n throw new Error(\n `Secret '${placeholder.path}:${placeholder.key}' not found in Infisical.`\n );\n }\n return secret;\n });\n\n if (infisicalOptions?.cache !== false) {\n infisicalCache.set(cacheKey, fetchPromise);\n }\n\n return fetchPromise;\n}\n\nasync function getInfisicalFetcher(\n options?: InfisicalResolverOptions\n): Promise<InfisicalFetcher | undefined> {\n if (!options) {\n return undefined;\n }\n\n if (options.fetchSecret) {\n return options.fetchSecret;\n }\n\n const token =\n options.token ??\n process.env.INFISICAL_TOKEN ??\n process.env.INFISICAL_PERSONAL_TOKEN ??\n \"\";\n\n if (!token) {\n return undefined;\n }\n\n const siteUrlKey = options.siteUrl ?? process.env.INFISICAL_SITE_URL ?? \"\";\n const cacheKey = `${token}::${siteUrlKey}`;\n\n if (!defaultInfisicalFetcherCache.has(cacheKey)) {\n defaultInfisicalFetcherCache.set(\n cacheKey,\n createDefaultInfisicalFetcher(token, options.siteUrl)\n );\n }\n\n const baseFetcher = await defaultInfisicalFetcherCache.get(cacheKey)!;\n return baseFetcher;\n}\n\nconst defaultInfisicalFetcherCache = new Map<string, Promise<InfisicalFetcher>>();\n\nasync function createDefaultInfisicalFetcher(\n token: string,\n siteUrl?: string\n): Promise<InfisicalFetcher> {\n try {\n const sdkModule: typeof import(\"@infisical/sdk\") = await import(\"@infisical/sdk\");\n const { InfisicalSDK, SecretType } = sdkModule;\n if (!InfisicalSDK) {\n throw new Error(\"@infisical/sdk does not export InfisicalSDK\");\n }\n\n const sdkInstance = new InfisicalSDK({ siteUrl });\n const authenticatedSdk = sdkInstance.auth().accessToken(token);\n\n return async ({ path, key, environment, projectId, type = \"shared\" }: InfisicalFetchRequest) => {\n if (!environment) {\n throw new Error(\n `Infisical secret '${path}:${key}' is missing an environment.`\n );\n }\n if (!projectId) {\n throw new Error(\n `Infisical secret '${path}:${key}' is missing a project id.`\n );\n }\n\n const secret = await authenticatedSdk\n .secrets()\n .getSecret({\n secretName: key,\n secretPath: path,\n environment,\n projectId,\n viewSecretValue: true,\n type: type === \"personal\" ? SecretType.Personal : SecretType.Shared,\n });\n\n return secret?.secretValue ?? undefined;\n };\n } catch (error) {\n throw new Error(\n \"Failed to initialize @infisical/sdk. Install the package or provide SecretResolverOptions.infisical.fetchSecret.\",\n { cause: error as Error }\n );\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"secret-resolver.js","sourceRoot":"","sources":["../../src/uns-config/secret-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,EAAE,MAAM,SAAS,CAAC;AAGzB,OAAO,EACL,mBAAmB,GAIpB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,iBAAiB,GAGlB,MAAM,wBAAwB,CAAC;AAqFhC,MAAM,oBAAoB,GAAG,8BAA8B,CAAC;AAC5D,MAAM,yBAAyB,GAAG,mCAAmC,CAAC;AACtE,MAAM,uBAAuB,GAAG,iCAAiC,CAAC;AAClE,MAAM,wBAAwB,GAAG,sCAAsC,CAAC;AACxE,MAAM,6BAA6B,GAAG,2CAA2C,CAAC;AAClF,MAAM,2BAA2B,GAAG,yCAAyC,CAAC;AAE9E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA8B,CAAC;AACvD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAuC,CAAC;AAEtE,KAAK,UAAU,cAAc,CAAC,QAAgB;IAC5C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,IAAI,KAAK,CACb,yCAAyC,QAAQ,MAC/C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,EACF,EAAE,KAAK,EAAE,KAAc,EAAE,CAC1B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,OAAkC;IAElC,MAAM,SAAS,GACb,OAAO,EAAE,KAAK;QACd,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QACvC,CAAC,MAAM,cAAc,CAAC,oBAAoB,CAAC,CAAC;QAC5C,CAAC,MAAM,cAAc,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAEnD,OAAO,SAAS,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACxC,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAkC;IAElC,MAAM,SAAS,GACb,OAAO,EAAE,OAAO;QAChB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACjC,CAAC,MAAM,cAAc,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC,MAAM,cAAc,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAEtD,OAAO,SAAS,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACxC,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,OAAkC;IAElC,MAAM,SAAS,GACb,OAAO,EAAE,SAAS;QAClB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;QACnC,CAAC,MAAM,cAAc,CAAC,yBAAyB,CAAC,CAAC;QACjD,CAAC,MAAM,cAAc,CAAC,6BAA6B,CAAC,CAAC,CAAC;IAExD,OAAO,SAAS,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACxC,CAAC;AAED,MAAM,uBAAuB,GAAG,CAAI,KAAQ,EAAK,EAAE,CACjD,OAAO,eAAe,KAAK,UAAU;IACnC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;IACxB,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAO,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAiB,EACjB,UAAiC,EAAE;IAEnC,MAAM,OAAO,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACjB,cAAc,CAAC,KAAK,EAAE,CAAC;IACvB,4BAA4B,CAAC,KAAK,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAa,EAAE,OAA8B;IACtE,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QACtF,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAA+B,CAAC;QAE5C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YAEzB,IAAI,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBAC5D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAC3B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;gBACtB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAChE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAC3B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;gBACtB,CAAC;gBACD,SAAS;YACX,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC1D,GAAG,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC;QAC3B,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,WAA8B,EAC9B,OAA8B;IAE9B,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC7B,KAAK,KAAK;YACR,OAAO,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,WAAW;YACd,OAAO,sBAAsB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACtD;YACE,uDAAuD;YACvD,OAAO,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAQ;IACnC,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,WAA4B,EAC5B,OAA6B;IAE7B,MAAM,gBAAgB,GAAG,OAAO,IAAI,EAAE,CAAC;IAEvC,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC7B,KAAK,QAAQ;YACX,OAAO,WAAW,CAAC,KAAK,CAAC;QAC3B,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;YAEnD,IAAI,QAAQ,GAAG,MAAM,oBAAoB,CACvC,WAAW,CAAC,GAAG,EACf,gBAAgB,CAAC,eAAe,CACjC,CAAC;YAEF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAC/D,CAAC;YAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,QAAQ,GAAG,MAAM,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACvC,CAAC;YAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;oBACtC,OAAO,WAAW,CAAC,OAAO,CAAC;gBAC7B,CAAC;gBACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;oBACzB,OAAO,SAAS,CAAC;gBACnB,CAAC;gBAED,gBAAgB,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,kBAAkB,WAAW,CAAC,GAAG,0BAA0B,CAAC,CAAC;YAC/E,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,KAAK,QAAQ;YACX,OAAO,iBAAiB,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QAC1D;YACE,OAAO,uBAAuB,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,GAAW,EACX,QAA4E;IAE5E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,oCAAoC,GAAG,0BACrC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,EACF,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,CAAQ;IACvC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,iBAAiB,CACxB,WAAkC,EAClC,OAA4B;IAE5B,MAAM,aAAa,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,iBAAiB,CAAC;IACxE,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,IAAI,MAAM,CAAC;IAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,aAAa,CAAC;IAE7C,MAAM,gBAAgB,GAAiE,UAAU;QAC/F,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/B,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,gBAAgB,EAAE,CAAC;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,IACE,KAAK;gBACL,KAAK,CAAC,MAAM,KAAK,MAAM;gBACvB,KAAK,CAAC,QAAQ,KAAK,IAAI;gBACvB,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ;gBACjC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EACxB,CAAC;gBACD,OAAO,KAAK,CAAC,OAAO,CAAC;YACvB,CAAC;QACH,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO,WAAW,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,CAAC,aAAa,EAAE,CAAC,WAAW,CAAC,CAAC;IACrC,MAAM,iBAAiB,GAAG,UAAU,CAAC,CAAC,CAAC,cAAc,UAAU,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC;IAC5F,MAAM,IAAI,KAAK,CACb,iCAAiC,iBAAiB,YAAY,MAAM,IAAI,CACzE,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,WAAiC,EACjC,OAA8B;IAE9B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAC1C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC;IAEjC,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAE/B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACtC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,WAAW,CAAC,OAAO,CAAC;QAC7B,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YACzB,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YAClC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,CAAC,eAAe,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,eAAe,CAAC,CAAC;IAC7E,CAAC;IAED,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,WAAuC,EACvC,OAA8B;IAE9B,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAE5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,eAAe,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,IAAI,KAAK,CACb,qGAAqG;YACrG,6IAA6I,CAC9I,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,WAAW,CAAC,WAAW,IAAI,gBAAgB,EAAE,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACrH,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,IAAI,CAAC,MAAM,yBAAyB,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC/F,MAAM,IAAI,GAAG,gBAAgB,EAAE,IAAI,IAAI,QAAQ,CAAC;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,qBAAqB,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC,GAAG,+BAA+B;YACvF,+GAA+G,CAChH,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,qBAAqB,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC,GAAG,6BAA6B;YACrF,0GAA0G;YAC1G,gGAAgG,CACjG,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,WAAW;QACX,SAAS;QACT,IAAI;KACL,CAAC,CAAC;IAEH,IAAI,gBAAgB,EAAE,KAAK,KAAK,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtE,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IACnD,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC;QAC3B,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,GAAG,EAAE,WAAW,CAAC,GAAG;QACpB,WAAW;QACX,SAAS;QACT,IAAI;KACL,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACf,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAC5C,IAAI,WAAW,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBACtC,OAAO,WAAW,CAAC,OAAO,CAAC;YAC7B,CAAC;YACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;gBACzB,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,CAAC,eAAe,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,WAAW,WAAW,CAAC,IAAI,IAAI,WAAW,CAAC,GAAG,2BAA2B,CAC1E,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,IAAI,gBAAgB,EAAE,KAAK,KAAK,KAAK,EAAE,CAAC;QACtC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,OAAkC;IAElC,MAAM,gBAAgB,GAAG,OAAO,IAAI,EAAE,CAAC;IAEvC,IAAI,gBAAgB,CAAC,WAAW,EAAE,CAAC;QACjC,OAAO,gBAAgB,CAAC,WAAW,CAAC;IACtC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,qBAAqB,CAAC,gBAAgB,CAAC,CAAC;IAE5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,gBAAgB,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,GAAG,KAAK,KAAK,OAAO,IAAI,EAAE,EAAE,CAAC;IAE9C,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,4BAA4B,CAAC,GAAG,CAC9B,QAAQ,EACR,6BAA6B,CAAC,KAAK,EAAE,OAAO,CAAC,CAC9C,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,4BAA4B,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;IACtE,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,4BAA4B,GAAG,IAAI,GAAG,EAAqC,CAAC;AAElF,KAAK,UAAU,6BAA6B,CAC1C,KAAa,EACb,OAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACjD,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,YAAY,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,gBAAgB,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE/D,OAAO,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,GAAG,QAAQ,EAAyB,EAAE,EAAE;YAC7F,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,IAAI,GAAG,8BAA8B,CAC/D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,IAAI,GAAG,4BAA4B,CAC7D,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,gBAAgB;iBAClC,OAAO,EAAE;iBACT,SAAS,CAAC;gBACT,UAAU,EAAE,GAAG;gBACf,UAAU,EAAE,IAAI;gBAChB,WAAW;gBACX,SAAS;gBACT,eAAe,EAAE,IAAI;gBACrB,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM;aACpE,CAAC,CAAC;YAEL,OAAO,MAAM,EAAE,WAAW,IAAI,SAAS,CAAC;QAC1C,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,kHAAkH,EAClH,EAAE,KAAK,EAAE,KAAc,EAAE,CAC1B,CAAC;IACJ,CAAC;AACH,CAAC","sourcesContent":["import fs from \"node:fs/promises\";\nimport os from \"node:os\";\nimport type { NetworkInterfaceInfo } from \"node:os\";\nimport type { AppConfig } from \"../config/app-config.js\";\nimport {\n isSecretPlaceholder,\n type EnvSecretPlaceholder,\n type InfisicalSecretPlaceholder,\n type SecretPlaceholder,\n} from \"./secret-placeholders.js\";\nimport {\n isHostPlaceholder,\n type HostPlaceholder,\n type SystemHostPlaceholder,\n} from \"./host-placeholders.js\";\n\nexport type SecretValueResolved = string | undefined;\nexport type HostValueResolved = string | undefined;\n\ntype SecretPlaceholderCandidate =\n | { provider: \"env\"; key: string }\n | { provider: \"infisical\"; key: string; path: string };\n\ntype HostPlaceholderCandidate = HostPlaceholder;\n\nexport type ResolvedConfig<T> = T extends SecretPlaceholderCandidate\n ? SecretValueResolved\n : T extends HostPlaceholderCandidate\n ? HostValueResolved\n : T extends (infer U)[]\n ? ResolvedConfig<U>[]\n : T extends Record<string, unknown>\n ? { [K in keyof T]: ResolvedConfig<T[K]> }\n : T;\n\nexport type ResolvedAppConfig = ResolvedConfig<AppConfig>;\n\nexport interface InfisicalFetchRequest {\n path: string;\n key: string;\n environment?: string;\n projectId?: string;\n type?: \"shared\" | \"personal\";\n}\n\nexport type InfisicalFetcher = (\n request: InfisicalFetchRequest\n) => Promise<string | undefined>;\n\nexport interface InfisicalResolverOptions {\n /**\n * Provide a custom fetcher. If omitted, the resolver tries to lazily instantiate\n * an Infisical client using @infisical/sdk based on the supplied token/siteUrl/options.\n */\n fetchSecret?: InfisicalFetcher;\n /**\n * Machine token or personal token used when creating the default Infisical client.\n * Falls back to the INFISICAL_TOKEN or INFISICAL_PERSONAL_TOKEN environment variables.\n */\n token?: string;\n /** Optional Infisical site URL override. Defaults to INFISICAL_SITE_URL when present. */\n siteUrl?: string;\n /** Default environment used when a placeholder does not specify one explicitly. */\n environment?: string;\n /** Default project id used when a placeholder does not provide one. */\n projectId?: string;\n /** Default secret type. Shared secrets are used by default. */\n type?: \"shared\" | \"personal\";\n /** Disable in-memory caching when set to false. Enabled by default. */\n cache?: boolean;\n}\n\nexport interface SecretResolverOptions {\n /** Environment map used for `env` placeholders. Defaults to process.env. */\n env?: NodeJS.ProcessEnv;\n /** Configuration for resolving Infisical placeholders. */\n infisical?: InfisicalResolverOptions;\n /** Callback invoked before throwing when a required secret cannot be resolved. */\n onMissingSecret?: (placeholder: SecretPlaceholder, source: \"env\" | \"infisical\") => void;\n /** Configuration for resolving host placeholders. */\n hosts?: HostResolverOptions;\n}\n\nexport interface HostResolverOptions {\n /** Optional environment map used when falling back to process.env lookups. */\n env?: NodeJS.ProcessEnv;\n /** Static mapping of external host keys to concrete host strings. */\n externalHosts?: Record<string, string | undefined>;\n /**\n * Custom resolver invoked when an external host needs to be resolved.\n * It can return synchronously or asynchronously.\n */\n resolveExternal?: (key: string) => string | undefined | Promise<string | undefined>;\n /** Override for os.networkInterfaces (handy for tests). */\n networkInterfaces?: () => Record<string, NetworkInterfaceInfo[] | undefined>;\n /** Callback invoked before throwing when a required host cannot be resolved. */\n onMissingHost?: (placeholder: HostPlaceholder) => void;\n}\n\nconst INFISICAL_TOKEN_FILE = \"/run/secrets/infisical_token\";\nconst INFISICAL_PROJECT_ID_FILE = \"/run/secrets/infisical_project_id\";\nconst INFISICAL_SITE_URL_FILE = \"/run/secrets/infisical_site_url\";\nconst INFISICAL_TOKEN_FILE_ALT = \"/var/lib/uns/secrets/infisical_token\";\nconst INFISICAL_PROJECT_ID_FILE_ALT = \"/var/lib/uns/secrets/infisical_project_id\";\nconst INFISICAL_SITE_URL_FILE_ALT = \"/var/lib/uns/secrets/infisical_site_url\";\n\nconst envCache = new Map<string, string | undefined>();\nconst infisicalCache = new Map<string, Promise<string | undefined>>();\n\nasync function readSecretFile(filePath: string): Promise<string | undefined> {\n try {\n const content = await fs.readFile(filePath, \"utf8\");\n const trimmed = content.trim();\n return trimmed.length > 0 ? trimmed : undefined;\n } catch (error) {\n if ((error as NodeJS.ErrnoException).code === \"ENOENT\") {\n return undefined;\n }\n throw new Error(\n `Failed to read Infisical secret file '${filePath}': ${\n error instanceof Error ? error.message : String(error)\n }`,\n { cause: error as Error }\n );\n }\n}\n\nasync function resolveInfisicalToken(\n options?: InfisicalResolverOptions\n): Promise<string | undefined> {\n const candidate =\n options?.token ??\n process.env[\"INFISICAL_TOKEN\"] ??\n process.env[\"INFISICAL_PERSONAL_TOKEN\"] ??\n (await readSecretFile(INFISICAL_TOKEN_FILE)) ??\n (await readSecretFile(INFISICAL_TOKEN_FILE_ALT));\n\n return candidate?.trim() || undefined;\n}\n\nasync function resolveInfisicalSiteUrl(\n options?: InfisicalResolverOptions\n): Promise<string | undefined> {\n const candidate =\n options?.siteUrl ??\n process.env[\"INFISICAL_SITE_URL\"] ??\n (await readSecretFile(INFISICAL_SITE_URL_FILE)) ??\n (await readSecretFile(INFISICAL_SITE_URL_FILE_ALT));\n\n return candidate?.trim() || undefined;\n}\n\nasync function resolveInfisicalProjectId(\n options?: InfisicalResolverOptions\n): Promise<string | undefined> {\n const candidate =\n options?.projectId ??\n process.env[\"INFISICAL_PROJECT_ID\"] ??\n (await readSecretFile(INFISICAL_PROJECT_ID_FILE)) ??\n (await readSecretFile(INFISICAL_PROJECT_ID_FILE_ALT));\n\n return candidate?.trim() || undefined;\n}\n\nconst structuredCloneFallback = <T>(value: T): T =>\n typeof structuredClone === \"function\"\n ? structuredClone(value)\n : (JSON.parse(JSON.stringify(value)) as T);\n\nexport async function resolveConfigSecrets(\n config: AppConfig,\n options: SecretResolverOptions = {}\n): Promise<ResolvedAppConfig> {\n const working = structuredCloneFallback(config);\n await resolveNode(working, options);\n return working;\n}\n\nexport function clearSecretResolverCaches(): void {\n envCache.clear();\n infisicalCache.clear();\n defaultInfisicalFetcherCache.clear();\n}\n\nasync function resolveNode(node: unknown, options: SecretResolverOptions): Promise<unknown> {\n if (isSecretPlaceholder(node)) {\n return resolveSecretValue(node, options);\n }\n\n if (isHostPlaceholder(node)) {\n return resolveHostValue(node, options.hosts);\n }\n\n if (Array.isArray(node)) {\n const resolvedArray = await Promise.all(node.map(item => resolveNode(item, options)));\n return resolvedArray;\n }\n\n if (node && typeof node === \"object\") {\n const obj = node as Record<string, unknown>;\n\n for (const key of Object.keys(obj)) {\n const current = obj[key];\n\n if (isSecretPlaceholder(current)) {\n const resolved = await resolveSecretValue(current, options);\n if (resolved === undefined) {\n delete obj[key];\n } else {\n obj[key] = resolved;\n }\n continue;\n }\n\n if (isHostPlaceholder(current)) {\n const resolved = await resolveHostValue(current, options.hosts);\n if (resolved === undefined) {\n delete obj[key];\n } else {\n obj[key] = resolved;\n }\n continue;\n }\n\n const resolvedChild = await resolveNode(current, options);\n obj[key] = resolvedChild;\n }\n\n return obj;\n }\n\n return node;\n}\n\nasync function resolveSecretValue(\n placeholder: SecretPlaceholder,\n options: SecretResolverOptions\n): Promise<SecretValueResolved> {\n switch (placeholder.provider) {\n case \"env\":\n return resolveEnvSecret(placeholder, options);\n case \"infisical\":\n return resolveInfisicalSecret(placeholder, options);\n default:\n // Exhaustive check to guard future provider additions.\n return assertNeverProvider(placeholder);\n }\n}\n\nfunction assertNeverProvider(x: never): never {\n throw new Error(`Unsupported secret provider: ${JSON.stringify(x)}`);\n}\n\nasync function resolveHostValue(\n placeholder: HostPlaceholder,\n options?: HostResolverOptions\n): Promise<HostValueResolved> {\n const effectiveOptions = options ?? {};\n\n switch (placeholder.provider) {\n case \"inline\":\n return placeholder.value;\n case \"external\": {\n const envMap = effectiveOptions.env ?? process.env;\n\n let resolved = await maybeResolveExternal(\n placeholder.key,\n effectiveOptions.resolveExternal\n );\n\n if (resolved === undefined) {\n resolved = effectiveOptions.externalHosts?.[placeholder.key];\n }\n\n if (resolved === undefined) {\n resolved = envMap?.[placeholder.key];\n }\n\n if (resolved === undefined) {\n if (placeholder.default !== undefined) {\n return placeholder.default;\n }\n if (placeholder.optional) {\n return undefined;\n }\n\n effectiveOptions.onMissingHost?.(placeholder);\n throw new Error(`External host '${placeholder.key}' could not be resolved.`);\n }\n\n return resolved;\n }\n case \"system\":\n return resolveSystemHost(placeholder, effectiveOptions);\n default:\n return assertNeverHostProvider(placeholder);\n }\n}\n\nasync function maybeResolveExternal(\n key: string,\n resolver?: (key: string) => string | undefined | Promise<string | undefined>\n): Promise<string | undefined> {\n if (!resolver) {\n return undefined;\n }\n\n try {\n return await resolver(key);\n } catch (error) {\n throw new Error(\n `Failed to resolve external host '${key}' via custom resolver: ${\n error instanceof Error ? error.message : String(error)\n }`,\n { cause: error }\n );\n }\n}\n\nfunction assertNeverHostProvider(x: never): never {\n throw new Error(`Unsupported host provider: ${JSON.stringify(x)}`);\n}\n\nfunction resolveSystemHost(\n placeholder: SystemHostPlaceholder,\n options: HostResolverOptions\n): HostValueResolved {\n const getInterfaces = options.networkInterfaces ?? os.networkInterfaces;\n const interfaces = getInterfaces();\n const family = placeholder.family ?? \"IPv4\";\n const targetName = placeholder.interfaceName;\n\n const interfaceEntries: Array<readonly [string, NetworkInterfaceInfo[] | undefined]> = targetName\n ? [[targetName, interfaces[targetName]]]\n : Object.entries(interfaces);\n\n for (const [, ifaceList] of interfaceEntries) {\n if (!ifaceList) {\n continue;\n }\n for (const iface of ifaceList) {\n if (\n iface &&\n iface.family === family &&\n iface.internal !== true &&\n typeof iface.address === \"string\" &&\n iface.address.length > 0\n ) {\n return iface.address;\n }\n }\n\n if (targetName) {\n break;\n }\n }\n\n if (placeholder.default !== undefined) {\n return placeholder.default;\n }\n\n if (placeholder.optional) {\n return undefined;\n }\n\n options.onMissingHost?.(placeholder);\n const targetDescription = targetName ? `interface '${targetName}'` : \"available interfaces\";\n throw new Error(\n `System host lookup failed for ${targetDescription} (family ${family}).`\n );\n}\n\nfunction resolveEnvSecret(\n placeholder: EnvSecretPlaceholder,\n options: SecretResolverOptions\n): SecretValueResolved {\n const envMap = options.env ?? process.env;\n const cacheKey = placeholder.key;\n\n if (envCache.has(cacheKey)) {\n return envCache.get(cacheKey) ?? undefined;\n }\n\n const value = envMap[cacheKey];\n\n if (value === undefined || value === null) {\n if (placeholder.default !== undefined) {\n envCache.set(cacheKey, placeholder.default);\n return placeholder.default;\n }\n if (placeholder.optional) {\n envCache.set(cacheKey, undefined);\n return undefined;\n }\n\n options.onMissingSecret?.(placeholder, \"env\");\n throw new Error(`Required environment variable '${cacheKey}' is not set.`);\n }\n\n envCache.set(cacheKey, value);\n return value;\n}\n\nasync function resolveInfisicalSecret(\n placeholder: InfisicalSecretPlaceholder,\n options: SecretResolverOptions\n): Promise<SecretValueResolved> {\n const infisicalOptions = options.infisical;\n const fetcher = await getInfisicalFetcher(infisicalOptions);\n\n if (!fetcher) {\n options.onMissingSecret?.(placeholder, \"infisical\");\n throw new Error(\n \"Infisical secret requested but no resolver is configured. Provide SecretResolverOptions.infisical, \" +\n \"set INFISICAL_TOKEN/INFISICAL_PERSONAL_TOKEN, or supply /run/secrets/infisical_token (/var/lib/uns/secrets/infisical_token also supported).\"\n );\n }\n\n const environment = placeholder.environment ?? infisicalOptions?.environment ?? process.env[\"INFISICAL_ENVIRONMENT\"];\n const projectId = placeholder.projectId ?? (await resolveInfisicalProjectId(infisicalOptions));\n const type = infisicalOptions?.type ?? \"shared\";\n\n if (!environment) {\n throw new Error(\n `Infisical secret '${placeholder.path}:${placeholder.key}' is missing an environment. ` +\n \"Set it on the placeholder, pass SecretResolverOptions.infisical.environment, or define INFISICAL_ENVIRONMENT.\"\n );\n }\n\n if (!projectId) {\n throw new Error(\n `Infisical secret '${placeholder.path}:${placeholder.key}' is missing a project id. ` +\n \"Set it on the placeholder, pass SecretResolverOptions.infisical.projectId, define INFISICAL_PROJECT_ID, \" +\n \"or provide /run/secrets/infisical_project_id (also /var/lib/uns/secrets/infisical_project_id).\"\n );\n }\n\n const cacheKey = JSON.stringify({\n path: placeholder.path,\n key: placeholder.key,\n environment,\n projectId,\n type,\n });\n\n if (infisicalOptions?.cache !== false && infisicalCache.has(cacheKey)) {\n return infisicalCache.get(cacheKey) ?? undefined;\n }\n\n const fetchPromise = fetcher({\n path: placeholder.path,\n key: placeholder.key,\n environment,\n projectId,\n type,\n }).then(secret => {\n if (secret === undefined || secret === null) {\n if (placeholder.default !== undefined) {\n return placeholder.default;\n }\n if (placeholder.optional) {\n return undefined;\n }\n options.onMissingSecret?.(placeholder, \"infisical\");\n throw new Error(\n `Secret '${placeholder.path}:${placeholder.key}' not found in Infisical.`\n );\n }\n return secret;\n });\n\n if (infisicalOptions?.cache !== false) {\n infisicalCache.set(cacheKey, fetchPromise);\n }\n\n return fetchPromise;\n}\n\nasync function getInfisicalFetcher(\n options?: InfisicalResolverOptions\n): Promise<InfisicalFetcher | undefined> {\n const effectiveOptions = options ?? {};\n\n if (effectiveOptions.fetchSecret) {\n return effectiveOptions.fetchSecret;\n }\n\n const token = await resolveInfisicalToken(effectiveOptions);\n\n if (!token) {\n return undefined;\n }\n\n const siteUrl = await resolveInfisicalSiteUrl(effectiveOptions);\n const cacheKey = `${token}::${siteUrl ?? \"\"}`;\n\n if (!defaultInfisicalFetcherCache.has(cacheKey)) {\n defaultInfisicalFetcherCache.set(\n cacheKey,\n createDefaultInfisicalFetcher(token, siteUrl)\n );\n }\n\n const baseFetcher = await defaultInfisicalFetcherCache.get(cacheKey)!;\n return baseFetcher;\n}\n\nconst defaultInfisicalFetcherCache = new Map<string, Promise<InfisicalFetcher>>();\n\nasync function createDefaultInfisicalFetcher(\n token: string,\n siteUrl?: string\n): Promise<InfisicalFetcher> {\n try {\n const sdkModule = await import(\"@infisical/sdk\");\n const { InfisicalSDK, SecretType } = sdkModule;\n if (!InfisicalSDK) {\n throw new Error(\"@infisical/sdk does not export InfisicalSDK\");\n }\n\n const sdkInstance = new InfisicalSDK({ siteUrl: siteUrl ?? \"\" });\n const authenticatedSdk = sdkInstance.auth().accessToken(token);\n\n return async ({ path, key, environment, projectId, type = \"shared\" }: InfisicalFetchRequest) => {\n if (!environment) {\n throw new Error(\n `Infisical secret '${path}:${key}' is missing an environment.`\n );\n }\n if (!projectId) {\n throw new Error(\n `Infisical secret '${path}:${key}' is missing a project id.`\n );\n }\n\n const secret = await authenticatedSdk\n .secrets()\n .getSecret({\n secretName: key,\n secretPath: path,\n environment,\n projectId,\n viewSecretValue: true,\n type: type === \"personal\" ? SecretType.Personal : SecretType.Shared,\n });\n\n return secret?.secretValue ?? undefined;\n };\n } catch (error) {\n throw new Error(\n \"Failed to initialize @infisical/sdk. Install the package or provide SecretResolverOptions.infisical.fetchSecret.\",\n { cause: error as Error }\n );\n }\n}\n"]}
|