@vybestack/llxprt-code-auth 0.10.0-nightly.260613.1adad3b34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.last_build +0 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +11 -0
- package/dist/index.js.map +1 -0
- package/dist/src/auth-precedence-resolver.d.ts +147 -0
- package/dist/src/auth-precedence-resolver.js +542 -0
- package/dist/src/auth-precedence-resolver.js.map +1 -0
- package/dist/src/flows/anthropic-device-flow.d.ts +57 -0
- package/dist/src/flows/anthropic-device-flow.js +231 -0
- package/dist/src/flows/anthropic-device-flow.js.map +1 -0
- package/dist/src/flows/codex-device-flow.d.ts +114 -0
- package/dist/src/flows/codex-device-flow.js +437 -0
- package/dist/src/flows/codex-device-flow.js.map +1 -0
- package/dist/src/flows/qwen-device-flow.d.ts +45 -0
- package/dist/src/flows/qwen-device-flow.js +183 -0
- package/dist/src/flows/qwen-device-flow.js.map +1 -0
- package/dist/src/index.d.ts +34 -0
- package/dist/src/index.js +26 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/interfaces/debug-logger.d.ts +31 -0
- package/dist/src/interfaces/debug-logger.js +6 -0
- package/dist/src/interfaces/debug-logger.js.map +1 -0
- package/dist/src/interfaces/index.d.ts +18 -0
- package/dist/src/interfaces/index.js +10 -0
- package/dist/src/interfaces/index.js.map +1 -0
- package/dist/src/interfaces/provider-key-storage.d.ts +26 -0
- package/dist/src/interfaces/provider-key-storage.js +6 -0
- package/dist/src/interfaces/provider-key-storage.js.map +1 -0
- package/dist/src/interfaces/runtime-context.d.ts +37 -0
- package/dist/src/interfaces/runtime-context.js +6 -0
- package/dist/src/interfaces/runtime-context.js.map +1 -0
- package/dist/src/interfaces/secure-store.d.ts +47 -0
- package/dist/src/interfaces/secure-store.js +6 -0
- package/dist/src/interfaces/secure-store.js.map +1 -0
- package/dist/src/interfaces/settings-service.d.ts +25 -0
- package/dist/src/interfaces/settings-service.js +6 -0
- package/dist/src/interfaces/settings-service.js.map +1 -0
- package/dist/src/keyring-token-store.d.ts +96 -0
- package/dist/src/keyring-token-store.js +391 -0
- package/dist/src/keyring-token-store.js.map +1 -0
- package/dist/src/oauth-errors.d.ts +173 -0
- package/dist/src/oauth-errors.js +465 -0
- package/dist/src/oauth-errors.js.map +1 -0
- package/dist/src/precedence.d.ts +115 -0
- package/dist/src/precedence.js +278 -0
- package/dist/src/precedence.js.map +1 -0
- package/dist/src/proxy/framing.d.ts +35 -0
- package/dist/src/proxy/framing.js +86 -0
- package/dist/src/proxy/framing.js.map +1 -0
- package/dist/src/proxy/proxy-provider-key-storage.d.ts +23 -0
- package/dist/src/proxy/proxy-provider-key-storage.js +41 -0
- package/dist/src/proxy/proxy-provider-key-storage.js.map +1 -0
- package/dist/src/proxy/proxy-socket-client.d.ts +43 -0
- package/dist/src/proxy/proxy-socket-client.js +219 -0
- package/dist/src/proxy/proxy-socket-client.js.map +1 -0
- package/dist/src/proxy/proxy-token-store.d.ts +39 -0
- package/dist/src/proxy/proxy-token-store.js +87 -0
- package/dist/src/proxy/proxy-token-store.js.map +1 -0
- package/dist/src/token-merge.d.ts +16 -0
- package/dist/src/token-merge.js +13 -0
- package/dist/src/token-merge.js.map +1 -0
- package/dist/src/token-sanitization.d.ts +16 -0
- package/dist/src/token-sanitization.js +10 -0
- package/dist/src/token-sanitization.js.map +1 -0
- package/dist/src/token-store.d.ts +93 -0
- package/dist/src/token-store.js +7 -0
- package/dist/src/token-store.js.map +1 -0
- package/dist/src/types.d.ts +204 -0
- package/dist/src/types.js +86 -0
- package/dist/src/types.js.map +1 -0
- package/package.json +42 -0
|
@@ -0,0 +1,391 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license
|
|
3
|
+
* Copyright 2025 Vybestack LLC
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* Keyring-backed OAuth token storage implementing the TokenStore interface.
|
|
8
|
+
*
|
|
9
|
+
* Delegates credential CRUD to ISecureStore (injected via DI) and uses
|
|
10
|
+
* filesystem-based advisory locks for refresh concurrency control.
|
|
11
|
+
*
|
|
12
|
+
* @plan PLAN-20260213-KEYRINGTOKENSTORE.P06, PLAN-20260608-ISSUE1586.P09
|
|
13
|
+
* @requirement R1.1, R1.2, R1.3, REQ-AUTH-001.1
|
|
14
|
+
*/
|
|
15
|
+
import { promises as fs } from 'node:fs';
|
|
16
|
+
import { join } from 'node:path';
|
|
17
|
+
import { homedir } from 'node:os';
|
|
18
|
+
import { OAuthTokenSchema, } from './types.js';
|
|
19
|
+
// ─── Constants ───────────────────────────────────────────────────────────────
|
|
20
|
+
/** @internal */
|
|
21
|
+
const _SERVICE_NAME = 'llxprt-code-oauth';
|
|
22
|
+
void _SERVICE_NAME;
|
|
23
|
+
// Allow email-style bucket names (e.g., user@example.com) while keeping filenames safe.
|
|
24
|
+
// @fix issue1439 - relaxed from /^[a-zA-Z0-9_-]+$/ to allow '.' and '@'
|
|
25
|
+
const NAME_REGEX = /^[a-zA-Z0-9._@-]{1,64}$/;
|
|
26
|
+
const DEFAULT_BUCKET = 'default';
|
|
27
|
+
const DEFAULT_LOCK_WAIT_MS = 10_000;
|
|
28
|
+
const DEFAULT_STALE_THRESHOLD_MS = 30_000;
|
|
29
|
+
const LOCK_POLL_INTERVAL_MS = 100;
|
|
30
|
+
const LOCK_WRITE_GRACE_MS = 750;
|
|
31
|
+
/** Lazily resolved to avoid crashing when homedir() is undefined at import time. */
|
|
32
|
+
let _lockDir;
|
|
33
|
+
function getLockDir() {
|
|
34
|
+
// eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- intentional falsy coalescing
|
|
35
|
+
if (!_lockDir) {
|
|
36
|
+
_lockDir = join(homedir(), '.llxprt', 'oauth', 'locks');
|
|
37
|
+
}
|
|
38
|
+
return _lockDir;
|
|
39
|
+
}
|
|
40
|
+
// ─── Helpers ─────────────────────────────────────────────────────────────────
|
|
41
|
+
const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
|
|
42
|
+
// ─── KeyringTokenStore Class ─────────────────────────────────────────────────
|
|
43
|
+
/**
|
|
44
|
+
* Keyring-backed token store with filesystem advisory locks.
|
|
45
|
+
*
|
|
46
|
+
* @internal **DO NOT instantiate directly in consumer code.**
|
|
47
|
+
* Use `createTokenStore()` from `credential-store-factory.ts` instead.
|
|
48
|
+
*
|
|
49
|
+
* @plan PLAN-20260213-KEYRINGTOKENSTORE.P06, PLAN-20260608-ISSUE1586.P11
|
|
50
|
+
* @plan PLAN-20250214-CREDPROXY.P36
|
|
51
|
+
*/
|
|
52
|
+
export class KeyringTokenStore {
|
|
53
|
+
static NO_OP_LOGGER = {
|
|
54
|
+
debug: () => { },
|
|
55
|
+
error: () => { },
|
|
56
|
+
warn: () => { },
|
|
57
|
+
log: () => { },
|
|
58
|
+
};
|
|
59
|
+
secureStore;
|
|
60
|
+
logger;
|
|
61
|
+
lockDir;
|
|
62
|
+
constructor(options) {
|
|
63
|
+
if (!options?.secureStore) {
|
|
64
|
+
throw new Error('KeyringTokenStore requires an ISecureStore instance. ' +
|
|
65
|
+
'Use createKeyringTokenStore() from core.');
|
|
66
|
+
}
|
|
67
|
+
this.secureStore = options.secureStore;
|
|
68
|
+
this.logger = options.logger ?? KeyringTokenStore.NO_OP_LOGGER;
|
|
69
|
+
this.lockDir = options.lockDir ?? getLockDir();
|
|
70
|
+
}
|
|
71
|
+
validateName(name, label) {
|
|
72
|
+
if (!NAME_REGEX.test(name)) {
|
|
73
|
+
throw new Error(`Invalid ${label} name: "${name}". Allowed: letters, numbers, dashes, underscores, dots, @ (1-64 chars).`);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
accountKey(provider, bucket) {
|
|
77
|
+
const resolvedBucket = bucket ?? DEFAULT_BUCKET;
|
|
78
|
+
this.validateName(provider, 'provider');
|
|
79
|
+
this.validateName(resolvedBucket, 'bucket');
|
|
80
|
+
return `${provider}:${resolvedBucket}`;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Non-cryptographic FNV-1a hash for debug log identifiers.
|
|
84
|
+
*/
|
|
85
|
+
hashIdentifier(key) {
|
|
86
|
+
let h = 0x811c9dc5;
|
|
87
|
+
for (let i = 0; i < key.length; i++) {
|
|
88
|
+
h ^= key.charCodeAt(i);
|
|
89
|
+
h = Math.imul(h, 0x01000193);
|
|
90
|
+
}
|
|
91
|
+
return (h >>> 0).toString(16).padStart(8, '0');
|
|
92
|
+
}
|
|
93
|
+
lockFilePath(provider, bucket) {
|
|
94
|
+
const resolved = bucket ?? DEFAULT_BUCKET;
|
|
95
|
+
if (resolved === DEFAULT_BUCKET) {
|
|
96
|
+
return join(this.lockDir, `${provider}-refresh.lock`);
|
|
97
|
+
}
|
|
98
|
+
return join(this.lockDir, `${provider}-${resolved}-refresh.lock`);
|
|
99
|
+
}
|
|
100
|
+
authLockFilePath(provider, bucket) {
|
|
101
|
+
const resolved = bucket ?? DEFAULT_BUCKET;
|
|
102
|
+
if (resolved === DEFAULT_BUCKET) {
|
|
103
|
+
return join(this.lockDir, `${provider}-auth.lock`);
|
|
104
|
+
}
|
|
105
|
+
return join(this.lockDir, `${provider}-${resolved}-auth.lock`);
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Ensures the lock directory exists.
|
|
109
|
+
*/
|
|
110
|
+
async ensureLockDir() {
|
|
111
|
+
await fs.mkdir(this.lockDir, { recursive: true, mode: 0o700 });
|
|
112
|
+
}
|
|
113
|
+
/**
|
|
114
|
+
* Shared lock acquisition logic used by both refresh and auth locks.
|
|
115
|
+
*/
|
|
116
|
+
async acquireLock(lockPath, waitMs, staleMs) {
|
|
117
|
+
const startTime = Date.now();
|
|
118
|
+
await this.ensureLockDir();
|
|
119
|
+
this.logger.debug(`[acquireLock] wait=${waitMs} stale=${staleMs} poll=${LOCK_POLL_INTERVAL_MS}`);
|
|
120
|
+
// eslint-disable-next-line sonarjs/too-many-break-or-continue-in-loop -- lock acquisition loop
|
|
121
|
+
while (Date.now() - startTime < waitMs) {
|
|
122
|
+
const createResult = await this.tryCreateLock(lockPath);
|
|
123
|
+
if (createResult === 'acquired') {
|
|
124
|
+
return true;
|
|
125
|
+
}
|
|
126
|
+
const checkResult = await this.checkExistingLock(lockPath, staleMs);
|
|
127
|
+
if (checkResult === 'retry') {
|
|
128
|
+
await sleep(LOCK_POLL_INTERVAL_MS);
|
|
129
|
+
continue;
|
|
130
|
+
}
|
|
131
|
+
if (checkResult === 'stale_broken') {
|
|
132
|
+
continue;
|
|
133
|
+
}
|
|
134
|
+
await sleep(LOCK_POLL_INTERVAL_MS);
|
|
135
|
+
}
|
|
136
|
+
return false;
|
|
137
|
+
}
|
|
138
|
+
async tryCreateLock(lockPath) {
|
|
139
|
+
let createdLockInfo = null;
|
|
140
|
+
try {
|
|
141
|
+
const lockInfo = { pid: process.pid, timestamp: Date.now() };
|
|
142
|
+
await fs.writeFile(lockPath, JSON.stringify(lockInfo), {
|
|
143
|
+
flag: 'wx',
|
|
144
|
+
mode: 0o600,
|
|
145
|
+
});
|
|
146
|
+
createdLockInfo = lockInfo;
|
|
147
|
+
try {
|
|
148
|
+
const content = await fs.readFile(lockPath, 'utf8');
|
|
149
|
+
const existing = JSON.parse(content);
|
|
150
|
+
// eslint-disable-next-line sonarjs/nested-control-flow -- lock verification
|
|
151
|
+
if (existing.pid === createdLockInfo.pid &&
|
|
152
|
+
existing.timestamp === createdLockInfo.timestamp) {
|
|
153
|
+
return 'acquired';
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
catch {
|
|
157
|
+
// Lock file disappeared or is unreadable
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
catch (writeError) {
|
|
161
|
+
const err = writeError;
|
|
162
|
+
if (err.code !== 'EEXIST') {
|
|
163
|
+
throw writeError;
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
return 'exists';
|
|
167
|
+
}
|
|
168
|
+
async checkExistingLock(lockPath, staleMs) {
|
|
169
|
+
try {
|
|
170
|
+
const content = await fs.readFile(lockPath, 'utf8');
|
|
171
|
+
const existing = JSON.parse(content);
|
|
172
|
+
const lockAge = Date.now() - existing.timestamp;
|
|
173
|
+
const hasValidPid = typeof existing.pid === 'number' &&
|
|
174
|
+
Number.isInteger(existing.pid) &&
|
|
175
|
+
existing.pid > 0;
|
|
176
|
+
const isRecentInFlightWrite = !hasValidPid && lockAge <= LOCK_WRITE_GRACE_MS;
|
|
177
|
+
if (isRecentInFlightWrite) {
|
|
178
|
+
return 'retry';
|
|
179
|
+
}
|
|
180
|
+
if (lockAge > staleMs) {
|
|
181
|
+
// eslint-disable-next-line sonarjs/nested-control-flow -- stale lock cleanup
|
|
182
|
+
try {
|
|
183
|
+
await fs.unlink(lockPath);
|
|
184
|
+
}
|
|
185
|
+
catch {
|
|
186
|
+
// Ignore ENOENT
|
|
187
|
+
}
|
|
188
|
+
return 'stale_broken';
|
|
189
|
+
}
|
|
190
|
+
return 'fresh';
|
|
191
|
+
}
|
|
192
|
+
catch {
|
|
193
|
+
try {
|
|
194
|
+
const stat = await fs.stat(lockPath);
|
|
195
|
+
const fileAge = Date.now() - stat.mtimeMs;
|
|
196
|
+
if (fileAge <= LOCK_WRITE_GRACE_MS) {
|
|
197
|
+
return 'retry';
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
catch {
|
|
201
|
+
// Ignore stat errors
|
|
202
|
+
}
|
|
203
|
+
try {
|
|
204
|
+
await fs.unlink(lockPath);
|
|
205
|
+
}
|
|
206
|
+
catch {
|
|
207
|
+
// Ignore ENOENT
|
|
208
|
+
}
|
|
209
|
+
return 'stale_broken';
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
async releaseLock(lockPath) {
|
|
213
|
+
try {
|
|
214
|
+
await fs.unlink(lockPath);
|
|
215
|
+
}
|
|
216
|
+
catch (error) {
|
|
217
|
+
const err = error;
|
|
218
|
+
if (err.code !== 'ENOENT') {
|
|
219
|
+
throw error;
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
/**
|
|
224
|
+
* Validates and persists an OAuth token to ISecureStore.
|
|
225
|
+
*/
|
|
226
|
+
async saveToken(provider, token, bucket) {
|
|
227
|
+
const key = this.accountKey(provider, bucket);
|
|
228
|
+
this.logger.debug(`[saveToken] [${this.hashIdentifier(key)}] type=${token.token_type}`);
|
|
229
|
+
const validatedToken = OAuthTokenSchema.passthrough().parse(token);
|
|
230
|
+
const serialized = JSON.stringify(validatedToken);
|
|
231
|
+
await this.secureStore.set(key, serialized);
|
|
232
|
+
}
|
|
233
|
+
/**
|
|
234
|
+
* Retrieves and validates an OAuth token from ISecureStore.
|
|
235
|
+
*/
|
|
236
|
+
async getToken(provider, bucket) {
|
|
237
|
+
const key = this.accountKey(provider, bucket);
|
|
238
|
+
this.logger.debug(`[getToken] [${this.hashIdentifier(key)}]`);
|
|
239
|
+
let raw;
|
|
240
|
+
try {
|
|
241
|
+
raw = await this.secureStore.get(key);
|
|
242
|
+
}
|
|
243
|
+
catch (error) {
|
|
244
|
+
const ssError = error;
|
|
245
|
+
if ('code' in ssError && ssError.code === 'CORRUPT') {
|
|
246
|
+
this.logger.warn(`Corrupt token envelope for [${this.hashIdentifier(key)}]: ${ssError.message}`);
|
|
247
|
+
return null;
|
|
248
|
+
}
|
|
249
|
+
throw error;
|
|
250
|
+
}
|
|
251
|
+
if (raw === null) {
|
|
252
|
+
return null;
|
|
253
|
+
}
|
|
254
|
+
let parsed;
|
|
255
|
+
try {
|
|
256
|
+
parsed = JSON.parse(raw);
|
|
257
|
+
}
|
|
258
|
+
catch (parseError) {
|
|
259
|
+
const msg = parseError instanceof Error ? parseError.message : String(parseError);
|
|
260
|
+
this.logger.warn(`Corrupt token JSON for [${this.hashIdentifier(key)}]: ${msg}`);
|
|
261
|
+
return null;
|
|
262
|
+
}
|
|
263
|
+
try {
|
|
264
|
+
return OAuthTokenSchema.passthrough().parse(parsed);
|
|
265
|
+
}
|
|
266
|
+
catch (zodError) {
|
|
267
|
+
const msg = zodError instanceof Error ? zodError.message : String(zodError);
|
|
268
|
+
this.logger.warn(`Invalid token schema for [${this.hashIdentifier(key)}]: ${msg}`);
|
|
269
|
+
return null;
|
|
270
|
+
}
|
|
271
|
+
}
|
|
272
|
+
/**
|
|
273
|
+
* Removes a token from ISecureStore. Best-effort — errors are swallowed.
|
|
274
|
+
*/
|
|
275
|
+
async removeToken(provider, bucket) {
|
|
276
|
+
const key = this.accountKey(provider, bucket);
|
|
277
|
+
this.logger.debug(`[removeToken] [${this.hashIdentifier(key)}]`);
|
|
278
|
+
try {
|
|
279
|
+
await this.secureStore.delete(key);
|
|
280
|
+
}
|
|
281
|
+
catch (error) {
|
|
282
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
283
|
+
this.logger.warn(`Failed to remove token for [${this.hashIdentifier(key)}]: ${msg}`);
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
/**
|
|
287
|
+
* Lists all unique provider names from ISecureStore keys.
|
|
288
|
+
*/
|
|
289
|
+
async listProviders() {
|
|
290
|
+
this.logger.debug(`[listProviders]`);
|
|
291
|
+
try {
|
|
292
|
+
const allKeys = await this.secureStore.list();
|
|
293
|
+
const providerSet = new Set();
|
|
294
|
+
for (const key of allKeys) {
|
|
295
|
+
if (key.includes(':')) {
|
|
296
|
+
const provider = key.split(':')[0];
|
|
297
|
+
providerSet.add(provider);
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
return Array.from(providerSet).sort();
|
|
301
|
+
}
|
|
302
|
+
catch (error) {
|
|
303
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
304
|
+
this.logger.warn(`Failed to list providers: ${msg}`);
|
|
305
|
+
return [];
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
/**
|
|
309
|
+
* Lists all bucket names for a given provider.
|
|
310
|
+
*/
|
|
311
|
+
async listBuckets(provider) {
|
|
312
|
+
this.validateName(provider, 'provider');
|
|
313
|
+
try {
|
|
314
|
+
const allKeys = await this.secureStore.list();
|
|
315
|
+
const prefix = `${provider}:`;
|
|
316
|
+
const buckets = [];
|
|
317
|
+
for (const key of allKeys) {
|
|
318
|
+
if (key.startsWith(prefix)) {
|
|
319
|
+
const bucket = key.substring(prefix.length);
|
|
320
|
+
buckets.push(bucket);
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
return buckets.sort();
|
|
324
|
+
}
|
|
325
|
+
catch (error) {
|
|
326
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
327
|
+
this.logger.warn(`Failed to list buckets for [${this.hashIdentifier(provider + ':')}]: ${msg}`);
|
|
328
|
+
return [];
|
|
329
|
+
}
|
|
330
|
+
}
|
|
331
|
+
/**
|
|
332
|
+
* Returns placeholder bucket statistics if a token exists for the given bucket.
|
|
333
|
+
*/
|
|
334
|
+
async getBucketStats(provider, bucket) {
|
|
335
|
+
const token = await this.getToken(provider, bucket);
|
|
336
|
+
if (token === null) {
|
|
337
|
+
return null;
|
|
338
|
+
}
|
|
339
|
+
return {
|
|
340
|
+
bucket,
|
|
341
|
+
requestCount: 0,
|
|
342
|
+
percentage: 0,
|
|
343
|
+
lastUsed: undefined,
|
|
344
|
+
};
|
|
345
|
+
}
|
|
346
|
+
/**
|
|
347
|
+
* Acquires a filesystem-based advisory lock for token refresh.
|
|
348
|
+
*/
|
|
349
|
+
async acquireRefreshLock(provider, options) {
|
|
350
|
+
this.validateName(provider, 'provider');
|
|
351
|
+
if (options?.bucket)
|
|
352
|
+
this.validateName(options.bucket, 'bucket');
|
|
353
|
+
const lockPath = this.lockFilePath(provider, options?.bucket);
|
|
354
|
+
const waitMs = options?.waitMs ?? DEFAULT_LOCK_WAIT_MS;
|
|
355
|
+
const staleMs = options?.staleMs ?? DEFAULT_STALE_THRESHOLD_MS;
|
|
356
|
+
return this.acquireLock(lockPath, waitMs, staleMs);
|
|
357
|
+
}
|
|
358
|
+
/**
|
|
359
|
+
* Releases a filesystem-based advisory lock. Idempotent.
|
|
360
|
+
*/
|
|
361
|
+
async releaseRefreshLock(provider, bucket) {
|
|
362
|
+
this.validateName(provider, 'provider');
|
|
363
|
+
if (bucket)
|
|
364
|
+
this.validateName(bucket, 'bucket');
|
|
365
|
+
const lockPath = this.lockFilePath(provider, bucket);
|
|
366
|
+
return this.releaseLock(lockPath);
|
|
367
|
+
}
|
|
368
|
+
/**
|
|
369
|
+
* Acquires a filesystem-based advisory lock for interactive authentication.
|
|
370
|
+
*/
|
|
371
|
+
async acquireAuthLock(provider, options) {
|
|
372
|
+
this.validateName(provider, 'provider');
|
|
373
|
+
if (options?.bucket)
|
|
374
|
+
this.validateName(options.bucket, 'bucket');
|
|
375
|
+
const lockPath = this.authLockFilePath(provider, options?.bucket);
|
|
376
|
+
const waitMs = options?.waitMs ?? 60_000;
|
|
377
|
+
const staleMs = options?.staleMs ?? 360_000;
|
|
378
|
+
return this.acquireLock(lockPath, waitMs, staleMs);
|
|
379
|
+
}
|
|
380
|
+
/**
|
|
381
|
+
* Releases the auth lock for a provider. Idempotent.
|
|
382
|
+
*/
|
|
383
|
+
async releaseAuthLock(provider, bucket) {
|
|
384
|
+
this.validateName(provider, 'provider');
|
|
385
|
+
if (bucket)
|
|
386
|
+
this.validateName(bucket, 'bucket');
|
|
387
|
+
const lockPath = this.authLockFilePath(provider, bucket);
|
|
388
|
+
return this.releaseLock(lockPath);
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
//# sourceMappingURL=keyring-token-store.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keyring-token-store.js","sourceRoot":"","sources":["../../src/keyring-token-store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;GAQG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EACL,gBAAgB,GAGjB,MAAM,YAAY,CAAC;AAQpB,gFAAgF;AAEhF,gBAAgB;AAChB,MAAM,aAAa,GAAG,mBAAmB,CAAC;AAC1C,KAAK,aAAa,CAAC;AACnB,wFAAwF;AACxF,wEAAwE;AACxE,MAAM,UAAU,GAAG,yBAAyB,CAAC;AAC7C,MAAM,cAAc,GAAG,SAAS,CAAC;AACjC,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAC1C,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,oFAAoF;AACpF,IAAI,QAA4B,CAAC;AACjC,SAAS,UAAU;IACjB,wGAAwG;IACxG,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gFAAgF;AAEhF,MAAM,KAAK,GAAG,CAAC,EAAU,EAAiB,EAAE,CAC1C,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAEpD,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,OAAO,iBAAiB;IACpB,MAAM,CAAU,YAAY,GAAiB;QACnD,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;QACf,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;QACd,GAAG,EAAE,GAAG,EAAE,GAAE,CAAC;KACd,CAAC;IAEe,WAAW,CAAe;IAC1B,MAAM,CAAe;IACrB,OAAO,CAAS;IAEjC,YAAY,OAIX;QACC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,uDAAuD;gBACrD,0CAA0C,CAC7C,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,iBAAiB,CAAC,YAAY,CAAC;QAC/D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;IACjD,CAAC;IAEO,YAAY,CAAC,IAAY,EAAE,KAAa;QAC9C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,WAAW,KAAK,WAAW,IAAI,0EAA0E,CAC1G,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,QAAgB,EAAE,MAAe;QAClD,MAAM,cAAc,GAAG,MAAM,IAAI,cAAc,CAAC;QAChD,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;QAC5C,OAAO,GAAG,QAAQ,IAAI,cAAc,EAAE,CAAC;IACzC,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAW;QAChC,IAAI,CAAC,GAAG,UAAU,CAAC;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACvB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAEO,YAAY,CAAC,QAAgB,EAAE,MAAe;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,cAAc,CAAC;QAC1C,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,QAAQ,eAAe,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,eAAe,CAAC,CAAC;IACpE,CAAC;IAEO,gBAAgB,CAAC,QAAgB,EAAE,MAAe;QACxD,MAAM,QAAQ,GAAG,MAAM,IAAI,cAAc,CAAC;QAC1C,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,QAAQ,YAAY,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,QAAQ,IAAI,QAAQ,YAAY,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CACvB,QAAgB,EAChB,MAAc,EACd,OAAe;QAEf,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE3B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,sBAAsB,MAAM,UAAU,OAAO,SAAS,qBAAqB,EAAE,CAC9E,CAAC;QAEF,+FAA+F;QAC/F,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,MAAM,EAAE,CAAC;YACvC,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACpE,IAAI,WAAW,KAAK,OAAO,EAAE,CAAC;gBAC5B,MAAM,KAAK,CAAC,qBAAqB,CAAC,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,IAAI,WAAW,KAAK,cAAc,EAAE,CAAC;gBACnC,SAAS;YACX,CAAC;YAED,MAAM,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,aAAa,CACzB,QAAgB;QAEhB,IAAI,eAAe,GAA8C,IAAI,CAAC;QACtE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC7D,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE;gBACrD,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;YACH,eAAe,GAAG,QAAQ,CAAC;YAE3B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAGlC,CAAC;gBACF,4EAA4E;gBAC5E,IACE,QAAQ,CAAC,GAAG,KAAK,eAAe,CAAC,GAAG;oBACpC,QAAQ,CAAC,SAAS,KAAK,eAAe,CAAC,SAAS,EAChD,CAAC;oBACD,OAAO,UAAU,CAAC;gBACpB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yCAAyC;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,UAAmC,CAAC;YAChD,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,UAAU,CAAC;YACnB,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,QAAgB,EAChB,OAAe;QAEf,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAGlC,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,CAAC;YAEhD,MAAM,WAAW,GACf,OAAO,QAAQ,CAAC,GAAG,KAAK,QAAQ;gBAChC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC9B,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC;YACnB,MAAM,qBAAqB,GACzB,CAAC,WAAW,IAAI,OAAO,IAAI,mBAAmB,CAAC;YAEjD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,6EAA6E;gBAC7E,IAAI,CAAC;oBACH,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC5B,CAAC;gBAAC,MAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;gBACD,OAAO,cAAc,CAAC;YACxB,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACrC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;gBAC1C,IAAI,OAAO,IAAI,mBAAmB,EAAE,CAAC;oBACnC,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB;YAClB,CAAC;YACD,OAAO,cAAc,CAAC;QACxB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,QAAgB;QACxC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAA8B,CAAC;YAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,QAAgB,EAChB,KAAiB,EACjB,MAAe;QAEf,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,gBAAgB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,KAAK,CAAC,UAAU,EAAE,CACrE,CAAC;QACF,MAAM,cAAc,GAAG,gBAAgB,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CACZ,QAAgB,EAChB,MAAe;QAEf,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE9D,IAAI,GAAkB,CAAC;QACvB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAA0B,CAAC;YAC3C,IAAI,MAAM,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACpD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,+BAA+B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,OAAO,CAAC,OAAO,EAAE,CAC/E,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,GAAG,GACP,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACxE,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,2BAA2B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CAC/D,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,OAAO,gBAAgB,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YAClB,MAAM,GAAG,GACP,QAAQ,YAAY,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,6BAA6B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CACjE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,MAAe;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,+BAA+B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;YACtC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBACnC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;YACrD,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB;QAChC,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YAC9C,MAAM,MAAM,GAAG,GAAG,QAAQ,GAAG,CAAC;YAC9B,MAAM,OAAO,GAAa,EAAE,CAAC;YAC7B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAC5C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,+BAA+B,IAAI,CAAC,cAAc,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,EAAE,CAC9E,CAAC;YACF,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAClB,QAAgB,EAChB,MAAc;QAEd,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,MAAM;YACN,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;YACb,QAAQ,EAAE,SAAS;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,QAAgB,EAChB,OAAgE;QAEhE,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxC,IAAI,OAAO,EAAE,MAAM;YAAE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEjE,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,oBAAoB,CAAC;QACvD,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,0BAA0B,CAAC;QAE/D,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,QAAgB,EAAE,MAAe;QACxD,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,QAAgB,EAChB,OAAgE;QAEhE,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxC,IAAI,OAAO,EAAE,MAAM;YAAE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEjE,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,MAAM,CAAC;QACzC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,OAAO,CAAC;QAE5C,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,MAAe;QACrD,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC"}
|
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license
|
|
3
|
+
* Copyright 2025 Vybestack LLC
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* OAuth Error Handling System
|
|
8
|
+
*
|
|
9
|
+
* Provides comprehensive error classification, user-friendly messaging,
|
|
10
|
+
* and recovery mechanisms for OAuth providers.
|
|
11
|
+
*/
|
|
12
|
+
/**
|
|
13
|
+
* OAuth error categories for classification and handling
|
|
14
|
+
*/
|
|
15
|
+
export declare enum OAuthErrorCategory {
|
|
16
|
+
/** User must take action (re-authenticate, grant permissions) */
|
|
17
|
+
USER_ACTION_REQUIRED = "user_action_required",
|
|
18
|
+
/** Network or temporary service issues that can be retried */
|
|
19
|
+
TRANSIENT = "transient",
|
|
20
|
+
/** System issues (file permissions, storage problems) */
|
|
21
|
+
SYSTEM = "system",
|
|
22
|
+
/** Critical security or data corruption issues */
|
|
23
|
+
CRITICAL = "critical",
|
|
24
|
+
/** Configuration or setup problems */
|
|
25
|
+
CONFIGURATION = "configuration"
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Specific OAuth error types with detailed classification
|
|
29
|
+
*/
|
|
30
|
+
export declare enum OAuthErrorType {
|
|
31
|
+
AUTHENTICATION_REQUIRED = "authentication_required",
|
|
32
|
+
AUTHORIZATION_EXPIRED = "authorization_expired",
|
|
33
|
+
INSUFFICIENT_PERMISSIONS = "insufficient_permissions",
|
|
34
|
+
USER_CANCELLED = "user_cancelled",
|
|
35
|
+
INVALID_CREDENTIALS = "invalid_credentials",
|
|
36
|
+
NETWORK_ERROR = "network_error",
|
|
37
|
+
SERVICE_UNAVAILABLE = "service_unavailable",
|
|
38
|
+
RATE_LIMITED = "rate_limited",
|
|
39
|
+
TIMEOUT = "timeout",
|
|
40
|
+
STORAGE_ERROR = "storage_error",
|
|
41
|
+
FILE_PERMISSIONS = "file_permissions",
|
|
42
|
+
CORRUPTED_DATA = "corrupted_data",
|
|
43
|
+
SECURITY_VIOLATION = "security_violation",
|
|
44
|
+
MALFORMED_TOKEN = "malformed_token",
|
|
45
|
+
INVALID_CLIENT_ID = "invalid_client_id",
|
|
46
|
+
INVALID_ENDPOINT = "invalid_endpoint",
|
|
47
|
+
MISSING_CONFIGURATION = "missing_configuration",
|
|
48
|
+
UNKNOWN = "unknown"
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Retry strategy configuration
|
|
52
|
+
*/
|
|
53
|
+
export interface RetryConfig {
|
|
54
|
+
/** Maximum number of retry attempts */
|
|
55
|
+
maxAttempts: number;
|
|
56
|
+
/** Base delay between retries in milliseconds */
|
|
57
|
+
baseDelayMs: number;
|
|
58
|
+
/** Multiplier for exponential backoff */
|
|
59
|
+
backoffMultiplier: number;
|
|
60
|
+
/** Maximum delay between retries in milliseconds */
|
|
61
|
+
maxDelayMs: number;
|
|
62
|
+
/** Whether to add random jitter to delays */
|
|
63
|
+
jitter: boolean;
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Default retry configuration for transient errors
|
|
67
|
+
*/
|
|
68
|
+
export declare const DEFAULT_RETRY_CONFIG: RetryConfig;
|
|
69
|
+
/**
|
|
70
|
+
* Comprehensive OAuth error with classification and user guidance
|
|
71
|
+
*/
|
|
72
|
+
export declare class OAuthError extends Error {
|
|
73
|
+
readonly category: OAuthErrorCategory;
|
|
74
|
+
readonly type: OAuthErrorType;
|
|
75
|
+
readonly provider: string;
|
|
76
|
+
readonly userMessage: string;
|
|
77
|
+
readonly actionRequired: string | null;
|
|
78
|
+
readonly isRetryable: boolean;
|
|
79
|
+
readonly retryAfterMs: number | null;
|
|
80
|
+
readonly technicalDetails: Record<string, unknown>;
|
|
81
|
+
readonly originalError: Error | null;
|
|
82
|
+
constructor(type: OAuthErrorType, provider: string, message: string, options?: {
|
|
83
|
+
userMessage?: string;
|
|
84
|
+
actionRequired?: string;
|
|
85
|
+
retryAfterMs?: number;
|
|
86
|
+
technicalDetails?: Record<string, unknown>;
|
|
87
|
+
originalError?: Error;
|
|
88
|
+
cause?: Error;
|
|
89
|
+
});
|
|
90
|
+
/**
|
|
91
|
+
* Categorizes error type into handling categories
|
|
92
|
+
*/
|
|
93
|
+
private categorizeError;
|
|
94
|
+
/**
|
|
95
|
+
* Determines if error type is retryable
|
|
96
|
+
*/
|
|
97
|
+
private determineRetryability;
|
|
98
|
+
/**
|
|
99
|
+
* Generates user-friendly error message
|
|
100
|
+
*/
|
|
101
|
+
private generateUserMessage;
|
|
102
|
+
/**
|
|
103
|
+
* Generates actionable guidance for users
|
|
104
|
+
*/
|
|
105
|
+
private generateActionRequired;
|
|
106
|
+
/**
|
|
107
|
+
* Creates a sanitized version of the error for logging
|
|
108
|
+
*/
|
|
109
|
+
toLogEntry(): Record<string, unknown>;
|
|
110
|
+
}
|
|
111
|
+
/**
|
|
112
|
+
* Error factory for common OAuth error scenarios
|
|
113
|
+
*/
|
|
114
|
+
export declare class OAuthErrorFactory {
|
|
115
|
+
/**
|
|
116
|
+
* Creates an authentication required error
|
|
117
|
+
*/
|
|
118
|
+
static authenticationRequired(provider: string, details?: Record<string, unknown>): OAuthError;
|
|
119
|
+
/**
|
|
120
|
+
* Creates an expired authorization error
|
|
121
|
+
*/
|
|
122
|
+
static authorizationExpired(provider: string, details?: Record<string, unknown>): OAuthError;
|
|
123
|
+
/**
|
|
124
|
+
* Creates a network error with retry capability
|
|
125
|
+
*/
|
|
126
|
+
static networkError(provider: string, originalError?: Error, details?: Record<string, unknown>): OAuthError;
|
|
127
|
+
/**
|
|
128
|
+
* Creates a rate limited error with specific retry delay
|
|
129
|
+
*/
|
|
130
|
+
static rateLimited(provider: string, retryAfterSeconds?: number, details?: Record<string, unknown>): OAuthError;
|
|
131
|
+
/**
|
|
132
|
+
* Creates a storage error
|
|
133
|
+
*/
|
|
134
|
+
static storageError(provider: string, originalError?: Error, details?: Record<string, unknown>): OAuthError;
|
|
135
|
+
/**
|
|
136
|
+
* Creates a corrupted data error
|
|
137
|
+
*/
|
|
138
|
+
static corruptedData(provider: string, details?: Record<string, unknown>): OAuthError;
|
|
139
|
+
/**
|
|
140
|
+
* Creates an error from an unknown error, attempting classification
|
|
141
|
+
*/
|
|
142
|
+
static fromUnknown(provider: string, error: unknown, context?: string): OAuthError;
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Retry handler with exponential backoff and jitter
|
|
146
|
+
*/
|
|
147
|
+
export declare class RetryHandler {
|
|
148
|
+
private config;
|
|
149
|
+
constructor(config?: RetryConfig);
|
|
150
|
+
/**
|
|
151
|
+
* Executes operation with retry logic for transient errors
|
|
152
|
+
*/
|
|
153
|
+
executeWithRetry<T>(operation: () => Promise<T>, provider: string, context?: string): Promise<T>;
|
|
154
|
+
/**
|
|
155
|
+
* Sleep utility
|
|
156
|
+
*/
|
|
157
|
+
private sleep;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Graceful error handler for OAuth operations
|
|
161
|
+
*/
|
|
162
|
+
export declare class GracefulErrorHandler {
|
|
163
|
+
private retryHandler;
|
|
164
|
+
constructor(retryHandler?: RetryHandler);
|
|
165
|
+
/**
|
|
166
|
+
* Handles errors gracefully, providing fallback behavior when possible
|
|
167
|
+
*/
|
|
168
|
+
handleGracefully<T>(operation: () => Promise<T>, fallback: T | (() => T | Promise<T>), provider: string, context?: string): Promise<T>;
|
|
169
|
+
/**
|
|
170
|
+
* Wraps a method to handle errors gracefully with logging
|
|
171
|
+
*/
|
|
172
|
+
wrapMethod<TArgs extends unknown[], TReturn>(method: (...args: TArgs) => Promise<TReturn>, provider: string, methodName: string, fallback?: TReturn | ((...args: TArgs) => TReturn | Promise<TReturn>)): (...args: TArgs) => Promise<TReturn>;
|
|
173
|
+
}
|