@vizamodo/runtime-primitives 1.1.8 → 1.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/aws/console-login.d.ts +1 -2
- package/dist/aws/console-login.js +4 -16
- package/dist/aws/credentials.d.ts +16 -0
- package/dist/aws/credentials.js +24 -0
- package/dist/github/github-app-token.d.ts +1 -1
- package/dist/github/github-app-token.js +4 -4
- package/dist/github/github-owner-token.d.ts +7 -2
- package/dist/github/github-owner-token.js +16 -4
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/package.json +2 -2
|
@@ -7,8 +7,7 @@ export interface AwsConsoleLoginConfig {
|
|
|
7
7
|
certBase64: string;
|
|
8
8
|
privateKeyBase64: string;
|
|
9
9
|
}
|
|
10
|
-
export declare function
|
|
11
|
-
export declare function createAwsFederatedLogin(params: AwsConsoleLoginConfig & {
|
|
10
|
+
export declare function createAwsFederatedLoginWithRetry(params: AwsConsoleLoginConfig & {
|
|
12
11
|
intent?: "console" | "billing" | "dynamodb" | "ssm";
|
|
13
12
|
}): Promise<{
|
|
14
13
|
loginUrl: string;
|
|
@@ -1,21 +1,9 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { buildFederationLoginUrl, } from "@vizamodo/aws-runtime-core";
|
|
2
2
|
import { retryOnce } from "../runtime/retry-once";
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
return await retryOnce((ctx) => issueAwsCredentials({
|
|
6
|
-
trustAnchorArn,
|
|
7
|
-
roleArn,
|
|
8
|
-
profileArn,
|
|
9
|
-
region,
|
|
10
|
-
certBase64,
|
|
11
|
-
privateKeyPkcs8Base64: privateKeyBase64,
|
|
12
|
-
profile,
|
|
13
|
-
...ctx,
|
|
14
|
-
}));
|
|
15
|
-
}
|
|
16
|
-
export async function createAwsFederatedLogin(params) {
|
|
3
|
+
import { issueAwsCredentialsWithRetry } from "./credentials";
|
|
4
|
+
export async function createAwsFederatedLoginWithRetry(params) {
|
|
17
5
|
const { intent, ...config } = params;
|
|
18
|
-
const creds = await
|
|
6
|
+
const creds = await issueAwsCredentialsWithRetry(config);
|
|
19
7
|
const { loginUrl, shortUrl } = await retryOnce((ctx) => buildFederationLoginUrl({
|
|
20
8
|
accessKeyId: creds.accessKeyId,
|
|
21
9
|
secretAccessKey: creds.secretAccessKey,
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export interface AwsCredentialConfig {
|
|
2
|
+
profile: string;
|
|
3
|
+
region: string;
|
|
4
|
+
trustAnchorArn: string;
|
|
5
|
+
roleArn: string;
|
|
6
|
+
profileArn: string;
|
|
7
|
+
certBase64: string;
|
|
8
|
+
privateKeyBase64: string;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Primitive: Issue AWS credentials with a single retry.
|
|
12
|
+
* - No console-specific logic
|
|
13
|
+
* - No side effects beyond AWS call
|
|
14
|
+
* - Deterministic input/output
|
|
15
|
+
*/
|
|
16
|
+
export declare function issueAwsCredentialsWithRetry(config: AwsCredentialConfig): Promise<import("@vizamodo/aws-runtime-core").AwsCredentialResult>;
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { issueAwsCredentials } from "@vizamodo/aws-runtime-core";
|
|
2
|
+
import { retryOnce } from "../runtime/retry-once";
|
|
3
|
+
/**
|
|
4
|
+
* Primitive: Issue AWS credentials with a single retry.
|
|
5
|
+
* - No console-specific logic
|
|
6
|
+
* - No side effects beyond AWS call
|
|
7
|
+
* - Deterministic input/output
|
|
8
|
+
*/
|
|
9
|
+
export async function issueAwsCredentialsWithRetry(config) {
|
|
10
|
+
const { profile, region, trustAnchorArn, roleArn, profileArn, certBase64, privateKeyBase64, } = config;
|
|
11
|
+
if (!profile || !region || !trustAnchorArn || !roleArn || !profileArn) {
|
|
12
|
+
throw new Error("Missing required AWS credential parameters");
|
|
13
|
+
}
|
|
14
|
+
return await retryOnce((ctx) => issueAwsCredentials({
|
|
15
|
+
trustAnchorArn,
|
|
16
|
+
roleArn,
|
|
17
|
+
profileArn,
|
|
18
|
+
region,
|
|
19
|
+
certBase64,
|
|
20
|
+
privateKeyPkcs8Base64: privateKeyBase64,
|
|
21
|
+
profile,
|
|
22
|
+
...ctx,
|
|
23
|
+
}));
|
|
24
|
+
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export declare function getGithubInstallationToken(installationId: number, privateKey: string,
|
|
1
|
+
export declare function getGithubInstallationToken(installationId: number, privateKey: string, clientId: string): Promise<{
|
|
2
2
|
token: string;
|
|
3
3
|
expiresAt: string;
|
|
4
4
|
}>;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
async function createGithubAppJwt(
|
|
1
|
+
async function createGithubAppJwt(clientId, privateKeyPem) {
|
|
2
2
|
// Convert PEM → ArrayBuffer
|
|
3
3
|
const pem = privateKeyPem
|
|
4
4
|
.replace(/-----BEGIN [A-Z ]+-----/g, "")
|
|
@@ -23,7 +23,7 @@ async function createGithubAppJwt(appId, privateKeyPem) {
|
|
|
23
23
|
const payload = {
|
|
24
24
|
iat: now - 60,
|
|
25
25
|
exp: now + 540,
|
|
26
|
-
iss:
|
|
26
|
+
iss: clientId,
|
|
27
27
|
};
|
|
28
28
|
const encode = (obj) => btoa(JSON.stringify(obj))
|
|
29
29
|
.replace(/=/g, "")
|
|
@@ -43,8 +43,8 @@ async function createGithubAppJwt(appId, privateKeyPem) {
|
|
|
43
43
|
.replace(/\//g, "_");
|
|
44
44
|
return `${data}.${sigB64}`;
|
|
45
45
|
}
|
|
46
|
-
export async function getGithubInstallationToken(installationId, privateKey,
|
|
47
|
-
const jwt = await createGithubAppJwt(
|
|
46
|
+
export async function getGithubInstallationToken(installationId, privateKey, clientId) {
|
|
47
|
+
const jwt = await createGithubAppJwt(clientId, privateKey);
|
|
48
48
|
const res = await fetch(`https://api.github.com/app/installations/${installationId}/access_tokens`, {
|
|
49
49
|
method: "POST",
|
|
50
50
|
headers: {
|
|
@@ -1,6 +1,11 @@
|
|
|
1
|
-
|
|
1
|
+
/**
|
|
2
|
+
* Use-case helper: get installation token with built-in retry.
|
|
3
|
+
* - wraps getInstallationTokenCached
|
|
4
|
+
* - avoids forcing consumers to compose retry manually
|
|
5
|
+
*/
|
|
6
|
+
export declare function getInstallationTokenWithRetry(params: {
|
|
2
7
|
installationId: number;
|
|
3
8
|
appPrivateKey: string;
|
|
4
|
-
|
|
9
|
+
clientId: string;
|
|
5
10
|
forceRefresh?: boolean;
|
|
6
11
|
}): Promise<string>;
|
|
@@ -1,10 +1,11 @@
|
|
|
1
|
+
import { retryOnce } from "../runtime/retry-once";
|
|
1
2
|
import { getGithubInstallationToken } from "./github-app-token";
|
|
2
3
|
import { getCachedOrFetch, wrapResult } from "@vizamodo/edge-cache-core";
|
|
3
|
-
|
|
4
|
-
const { installationId, appPrivateKey,
|
|
5
|
-
const key = `gh-token:${
|
|
4
|
+
async function getInstallationTokenCached(params) {
|
|
5
|
+
const { installationId, appPrivateKey, clientId, forceRefresh } = params;
|
|
6
|
+
const key = `gh-token:${clientId}:${installationId}`;
|
|
6
7
|
const token = await getCachedOrFetch(key, async () => {
|
|
7
|
-
const { token, expiresAt } = await getGithubInstallationToken(installationId, appPrivateKey,
|
|
8
|
+
const { token, expiresAt } = await getGithubInstallationToken(installationId, appPrivateKey, clientId);
|
|
8
9
|
// use wrapResult pattern to let cache derive TTL from expiresAt
|
|
9
10
|
return wrapResult(token, expiresAt);
|
|
10
11
|
}, {
|
|
@@ -14,3 +15,14 @@ export async function getInstallationTokenCached(params) {
|
|
|
14
15
|
);
|
|
15
16
|
return token;
|
|
16
17
|
}
|
|
18
|
+
/**
|
|
19
|
+
* Use-case helper: get installation token with built-in retry.
|
|
20
|
+
* - wraps getInstallationTokenCached
|
|
21
|
+
* - avoids forcing consumers to compose retry manually
|
|
22
|
+
*/
|
|
23
|
+
export async function getInstallationTokenWithRetry(params) {
|
|
24
|
+
return await retryOnce((ctx) => getInstallationTokenCached({
|
|
25
|
+
...params,
|
|
26
|
+
...(ctx ?? {})
|
|
27
|
+
}));
|
|
28
|
+
}
|
package/dist/index.d.ts
CHANGED
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
* Organized by domain to keep imports explicit and tree-shake friendly
|
|
4
4
|
*/
|
|
5
5
|
export * from "./aws/console-login";
|
|
6
|
+
export * from "./aws/credentials";
|
|
6
7
|
export * from "./aws/load-backup-from-ssm";
|
|
7
8
|
export * from "./aws/resolve-config";
|
|
8
9
|
export { buildSignedAwsRequest } from "@vizamodo/aws-runtime-core";
|
|
9
10
|
export * from "./crypto/age";
|
|
10
|
-
export * from "./github/github-app-token";
|
|
11
11
|
export * from "./github/github-owner-token";
|
|
12
12
|
export * from "./github/list-workflow-runs";
|
|
13
13
|
export * from "./github/put-secret";
|
package/dist/index.js
CHANGED
|
@@ -4,13 +4,13 @@
|
|
|
4
4
|
*/
|
|
5
5
|
// AWS
|
|
6
6
|
export * from "./aws/console-login";
|
|
7
|
+
export * from "./aws/credentials";
|
|
7
8
|
export * from "./aws/load-backup-from-ssm";
|
|
8
9
|
export * from "./aws/resolve-config";
|
|
9
10
|
export { buildSignedAwsRequest } from "@vizamodo/aws-runtime-core";
|
|
10
11
|
// Crypto
|
|
11
12
|
export * from "./crypto/age";
|
|
12
13
|
// GitHub
|
|
13
|
-
export * from "./github/github-app-token";
|
|
14
14
|
export * from "./github/github-owner-token";
|
|
15
15
|
export * from "./github/list-workflow-runs";
|
|
16
16
|
export * from "./github/put-secret";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vizamodo/runtime-primitives",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.10",
|
|
4
4
|
"description": "Edge-compatible runtime primitives for AWS, GitHub, crypto, and caching used across Viza services",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
"tweetnacl-sealedbox-js": "^1.2.0"
|
|
29
29
|
},
|
|
30
30
|
"devDependencies": {
|
|
31
|
-
"@types/node": "^25.
|
|
31
|
+
"@types/node": "^25.6.0",
|
|
32
32
|
"typescript": "^6.0.2"
|
|
33
33
|
},
|
|
34
34
|
"publishConfig": {
|