npm - @zapier/zapier-sdk-cli - Versions diffs - 0.42.2 → 0.43.0 - Mend

@zapier/zapier-sdk-cli 0.42.2 → 0.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CHANGELOG.md +12 -0
package/dist/cli.cjs +619 -34
package/dist/cli.d.mts +0 -1
package/dist/cli.d.ts +0 -1
package/dist/cli.mjs +601 -19
package/dist/index.cjs +607 -23
package/dist/index.mjs +592 -11
package/dist/login.cjs +599 -7
package/dist/login.d.mts +144 -1
package/dist/login.d.ts +144 -1
package/dist/login.mjs +565 -1
package/dist/package.json +5 -2
package/dist/src/login/filesystem-cache.d.ts +25 -0
package/dist/src/login/filesystem-cache.js +195 -0
package/dist/src/login/index.d.ts +115 -0
package/dist/src/login/index.js +442 -0
package/dist/src/login/keychain.d.ts +18 -0
package/dist/src/login/keychain.js +74 -0
package/dist/src/login.d.ts +10 -1
package/dist/src/login.js +10 -1
package/dist/src/plugins/feedback/index.js +1 -1
package/dist/src/plugins/getLoginConfigPath/index.js +1 -1
package/dist/src/plugins/login/index.js +1 -1
package/dist/src/plugins/logout/index.js +1 -1
package/dist/src/sdk.js +1 -1
package/dist/src/utils/auth/login.d.ts +1 -1
package/dist/src/utils/auth/login.js +1 -1
package/dist/src/utils/constants.d.ts +1 -1
package/dist/src/utils/constants.js +1 -1
package/dist/src/utils/version-checker.js +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +7 -4

package/dist/login.cjs CHANGED Viewed

@@ -1,12 +1,604 @@
 'use strict';
-var zapierSdkCliLogin = require('@zapier/zapier-sdk-cli-login');
+var Conf = require('conf');
+var fs = require('fs');
+var jwt = require('jsonwebtoken');
+var crossKeychain = require('cross-keychain');
+var crypto = require('crypto');
+var path = require('path');
+var lockfile = require('proper-lockfile');
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+function _interopNamespace(e) {
+  if (e && e.__esModule) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
-Object.keys(zapierSdkCliLogin).forEach(function (k) {
-	if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
-		enumerable: true,
-		get: function () { return zapierSdkCliLogin[k]; }
-	});
-});
+var Conf__default = /*#__PURE__*/_interopDefault(Conf);
+var jwt__namespace = /*#__PURE__*/_interopNamespace(jwt);
+var lockfile__namespace = /*#__PURE__*/_interopNamespace(lockfile);
+// src/login/index.ts
+var SERVICE = "zapier-sdk-cli";
+var ACCOUNT = "login";
+var cachedBackendInfo;
+async function getBackendInfo() {
+  if (!cachedBackendInfo) {
+    const keyring = await crossKeychain.getKeyring();
+    cachedBackendInfo = `${keyring.name} (${keyring.id})`;
+  }
+  return cachedBackendInfo;
+}
+var keychainQueue = Promise.resolve();
+function enqueue(fn) {
+  const result = keychainQueue.then(fn, fn);
+  keychainQueue = result.then(
+    () => {
+    },
+    () => {
+    }
+  );
+  return result;
+}
+async function getTokensFromKeychain({
+  debugLog
+} = {}) {
+  return enqueue(async () => {
+    const backendInfo = await getBackendInfo();
+    debugLog?.(`Keychain read via ${backendInfo}`);
+    const startTime = Date.now();
+    const raw = await crossKeychain.getPassword(SERVICE, ACCOUNT);
+    debugLog?.(`Keychain read completed in ${Date.now() - startTime}ms`);
+    if (!raw) {
+      debugLog?.("Keychain returned no data");
+      return void 0;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch {
+      debugLog?.("Keychain data is not valid JSON");
+      return void 0;
+    }
+    if (typeof parsed.login_jwt === "string" && typeof parsed.login_refresh_token === "string") {
+      return {
+        login_jwt: parsed.login_jwt,
+        login_refresh_token: parsed.login_refresh_token
+      };
+    }
+    debugLog?.("Keychain data has invalid shape", parsed);
+    return void 0;
+  });
+}
+async function setTokensInKeychain({
+  data,
+  debugLog
+}) {
+  return enqueue(async () => {
+    const backendInfo = await getBackendInfo();
+    debugLog?.(`Keychain write via ${backendInfo}`);
+    const startTime = Date.now();
+    await crossKeychain.setPassword(SERVICE, ACCOUNT, JSON.stringify(data));
+    debugLog?.(`Keychain write completed in ${Date.now() - startTime}ms`);
+  });
+}
+async function clearTokensFromKeychain({
+  debugLog
+} = {}) {
+  return enqueue(async () => {
+    try {
+      const backendInfo = await getBackendInfo();
+      debugLog?.(`Keychain clear via ${backendInfo}`);
+      await crossKeychain.deletePassword(SERVICE, ACCOUNT);
+    } catch {
+    }
+  });
+}
+var SERVICE2 = "zapier-sdk-cache";
+var CONFIG_KEY = "cache";
+var LOCK_UPDATE_MS = 5e3;
+var LOCK_STALE_MS = 1e4;
+var LOCK_RETRY_WAIT_MS = 100;
+var LOCK_RETRY_MAX_WAIT_MS = 1e3;
+var LOCK_RETRY_COUNT = 120;
+function keychainAccount(key) {
+  return crypto.createHash("sha256").update(key).digest("hex");
+}
+function readConfigMap() {
+  const cfg = getConfig();
+  const stored = cfg.get(CONFIG_KEY);
+  if (stored && typeof stored === "object") {
+    return stored;
+  }
+  return {};
+}
+function writeConfigMap(map) {
+  getConfig().set(CONFIG_KEY, map);
+}
+function entryIsExpired(entry) {
+  return entry.expires_at !== void 0 && entry.expires_at <= Date.now();
+}
+function createCache() {
+  return {
+    async get(key) {
+      const entry = readConfigMap()[key];
+      if (!entry) return void 0;
+      if (entryIsExpired(entry)) return void 0;
+      if (entry.secret) {
+        const stored = await enqueue(async () => {
+          await getBackendInfo();
+          return crossKeychain.getPassword(SERVICE2, keychainAccount(key));
+        });
+        if (!stored) {
+          return void 0;
+        }
+        return { value: stored, expiresAt: entry.expires_at };
+      }
+      if (entry.value === void 0) return void 0;
+      return { value: entry.value, expiresAt: entry.expires_at };
+    },
+    async set(key, value, options) {
+      const secret = options?.secret ?? false;
+      const expiresAt = options?.ttl ? Date.now() + options.ttl * 1e3 : void 0;
+      if (secret) {
+        try {
+          await enqueue(async () => {
+            await getBackendInfo();
+            await crossKeychain.setPassword(SERVICE2, keychainAccount(key), value);
+          });
+        } catch {
+          return;
+        }
+        const map = readConfigMap();
+        map[key] = { secret: true, expires_at: expiresAt };
+        try {
+          writeConfigMap(map);
+        } catch {
+        }
+      } else {
+        const map = readConfigMap();
+        map[key] = { secret: false, value, expires_at: expiresAt };
+        try {
+          writeConfigMap(map);
+        } catch {
+        }
+      }
+    },
+    async delete(key) {
+      const map = readConfigMap();
+      const entry = map[key];
+      if (entry) {
+        delete map[key];
+        try {
+          writeConfigMap(map);
+        } catch {
+        }
+      }
+      if (entry?.secret) {
+        try {
+          await enqueue(async () => {
+            await getBackendInfo();
+            await crossKeychain.deletePassword(SERVICE2, keychainAccount(key));
+          });
+        } catch {
+        }
+      }
+    },
+    async withLock(_key, fn) {
+      const cfg = getConfig();
+      const lockTarget = `${cfg.path}.cache-lock`;
+      try {
+        fs.mkdirSync(path.dirname(lockTarget), { recursive: true });
+        if (!fs.existsSync(lockTarget)) {
+          fs.writeFileSync(lockTarget, "");
+        }
+      } catch {
+        return fn();
+      }
+      let release = null;
+      try {
+        release = await lockfile__namespace.lock(lockTarget, {
+          stale: LOCK_STALE_MS,
+          update: LOCK_UPDATE_MS,
+          retries: {
+            retries: LOCK_RETRY_COUNT,
+            factor: 1.2,
+            minTimeout: LOCK_RETRY_WAIT_MS,
+            maxTimeout: LOCK_RETRY_MAX_WAIT_MS
+          }
+        });
+      } catch {
+        return fn();
+      }
+      try {
+        return await fn();
+      } finally {
+        try {
+          await release();
+        } catch {
+        }
+      }
+    }
+  };
+}
+// src/login/index.ts
+var ZapierAuthenticationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ZapierAuthenticationError";
+  }
+};
+var config = null;
+var DEFAULT_AUTH_CLIENT_ID = "grwWZD5hUWGvb4V8ODBuOtXer3h0DBEZ2HR8aay6";
+var TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1e3;
+function createDebugLog(enabled) {
+  if (!enabled) {
+    return () => {
+    };
+  }
+  return (message, data) => {
+    if (data === void 0) {
+      console.log(`[Zapier SDK CLI Login] ${message}`);
+    } else {
+      console.log(`[Zapier SDK CLI Login] ${message}`, data);
+    }
+  };
+}
+function censorHeaderValue(value) {
+  if (value.length > 12) {
+    return `${value.substring(0, 4)}...${value.substring(value.length - 4)}`;
+  }
+  return `${value.charAt(0)}...`;
+}
+function getAuthClientId(clientId) {
+  return clientId || DEFAULT_AUTH_CLIENT_ID;
+}
+var AUTH_MODE_HEADER = "X-Auth";
+var DEFAULT_AUTH_BASE_URL = "https://zapier.com";
+function getAuthTokenUrl(options) {
+  const authBaseUrl = options?.baseUrl || DEFAULT_AUTH_BASE_URL;
+  return `${authBaseUrl}/oauth/token/`;
+}
+function getAuthAuthorizeUrl(options) {
+  const authBaseUrl = options?.baseUrl || DEFAULT_AUTH_BASE_URL;
+  return `${authBaseUrl}/oauth/authorize/`;
+}
+function getPkceLoginConfig(options) {
+  return {
+    clientId: getAuthClientId(options?.credentials?.clientId),
+    tokenUrl: getAuthTokenUrl({ baseUrl: options?.credentials?.baseUrl }),
+    authorizeUrl: getAuthAuthorizeUrl({
+      baseUrl: options?.credentials?.baseUrl
+    })
+  };
+}
+var cachedLogin;
+function getConfig() {
+  if (!config) {
+    config = new Conf__default.default({ projectName: "zapier-sdk-cli" });
+    if (!config.has("login_storage_mode")) {
+      config.set(
+        "login_storage_mode",
+        fs.existsSync(config.path) ? "config" : "keychain"
+      );
+    }
+  }
+  return config;
+}
+function unloadConfig() {
+  config = null;
+  cachedLogin = void 0;
+}
+async function updateLogin(loginData, options = {}) {
+  const debugLog = createDebugLog(options.debug ?? false);
+  const storage = options.storage ?? cachedLogin?.storage ?? "keychain";
+  const expiresAt = Date.now() + loginData.expires_in * 1e3;
+  const cfg = getConfig();
+  cfg.set("login_storage_mode", storage);
+  if (storage === "keychain") {
+    await setTokensInKeychain({
+      data: {
+        login_jwt: loginData.access_token,
+        login_refresh_token: loginData.refresh_token
+      },
+      debugLog
+    });
+    cfg.set("login_expires_at", expiresAt);
+    cfg.delete("login_jwt");
+    cfg.delete("login_refresh_token");
+  } else {
+    cfg.set("login_jwt", loginData.access_token);
+    cfg.set("login_refresh_token", loginData.refresh_token);
+    cfg.set("login_expires_at", expiresAt);
+    await clearTokensFromKeychain({ debugLog });
+  }
+  cachedLogin = {
+    jwt: loginData.access_token,
+    refreshToken: loginData.refresh_token,
+    expiresAt,
+    storage
+  };
+}
+function decodeJwtOrThrow(token) {
+  if (typeof token !== "string") {
+    throw new Error("Expected JWT to be a string");
+  }
+  const decodedJwt = jwt__namespace.decode(token, { complete: true });
+  if (!decodedJwt) {
+    throw new Error("Could not decode JWT");
+  }
+  if (typeof decodedJwt.payload === "string") {
+    throw new Error("Did not expect JWT payload to be a string");
+  }
+  return decodedJwt;
+}
+async function refreshJwt(refreshToken, options = {}) {
+  const {
+    onEvent,
+    fetch = globalThis.fetch,
+    credentials,
+    debug = false
+  } = options;
+  const debugLog = createDebugLog(debug);
+  const tokenUrl = getAuthTokenUrl({ baseUrl: credentials?.baseUrl });
+  const clientId = getAuthClientId(credentials?.clientId);
+  const startTime = Date.now();
+  try {
+    onEvent?.({
+      type: "auth_refreshing",
+      payload: {
+        message: "Refreshing your token...",
+        operation: "token_refresh"
+      },
+      timestamp: Date.now()
+    });
+    debugLog(`\u2192 POST ${tokenUrl}`, {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        [AUTH_MODE_HEADER]: "no"
+      },
+      body: {
+        client_id: clientId,
+        refresh_token: censorHeaderValue(refreshToken),
+        grant_type: "refresh_token"
+      }
+    });
+    const response = await fetch(tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        [AUTH_MODE_HEADER]: "no"
+      },
+      body: new URLSearchParams({
+        client_id: clientId,
+        refresh_token: refreshToken,
+        grant_type: "refresh_token"
+      })
+    });
+    const duration = Date.now() - startTime;
+    if (!response.ok) {
+      debugLog(`\u2190 ${response.status} ${response.statusText} (${duration}ms)`);
+      throw new Error(
+        `Token refresh failed: ${response.status} ${response.statusText}`
+      );
+    }
+    debugLog(`\u2190 ${response.status} ${response.statusText} (${duration}ms)`);
+    const data = await response.json();
+    await updateLogin(data, { debug });
+    debugLog(
+      `Token refreshed and saved to ${cachedLogin?.storage ?? "keychain"}`
+    );
+    onEvent?.({
+      type: "auth_success",
+      payload: {
+        message: "Token refreshed successfully",
+        operation: "token_refresh"
+      },
+      timestamp: Date.now()
+    });
+    return data.access_token;
+  } catch (error) {
+    const duration = Date.now() - startTime;
+    debugLog(`\u2716 Token refresh failed (${duration}ms)`, {
+      error: error instanceof Error ? error.message : error
+    });
+    cachedLogin = void 0;
+    const errorMessage = `Token refresh failed: ${error instanceof Error ? error.message : "Unknown error"}`;
+    onEvent?.({
+      type: "auth_error",
+      payload: {
+        message: errorMessage,
+        error: errorMessage,
+        operation: "token_refresh"
+      },
+      timestamp: Date.now()
+    });
+    throw error;
+  }
+}
+var pendingRefresh = null;
+var pendingResolve = null;
+async function resolveStoredLogin(debugLog) {
+  if (cachedLogin) {
+    debugLog("Using in-memory cached credentials");
+    return cachedLogin;
+  }
+  if (pendingResolve) {
+    debugLog("Waiting for existing keychain read to complete");
+    return pendingResolve;
+  }
+  pendingResolve = resolveStoredLoginFromStorage(debugLog).finally(() => {
+    pendingResolve = null;
+  });
+  return pendingResolve;
+}
+async function resolveStoredLoginFromStorage(debugLog) {
+  let cfg;
+  try {
+    cfg = getConfig();
+  } catch (error) {
+    debugLog("Failed to load config", {
+      error: error instanceof Error ? error.message : error
+    });
+    return void 0;
+  }
+  const expiresAt = cfg.get("login_expires_at");
+  const configJwt = cfg.get("login_jwt");
+  const configRefresh = cfg.get("login_refresh_token");
+  if (configJwt && configRefresh && typeof expiresAt === "number") {
+    debugLog("Loaded credentials from config (legacy format)");
+    cachedLogin = {
+      jwt: configJwt,
+      refreshToken: configRefresh,
+      expiresAt,
+      storage: "config"
+    };
+    return cachedLogin;
+  }
+  if (typeof expiresAt !== "number") {
+    debugLog("No stored login credentials found");
+    return void 0;
+  }
+  const keychainData = await getTokensFromKeychain({ debugLog });
+  if (!keychainData) {
+    debugLog("No tokens found in keychain");
+    return void 0;
+  }
+  debugLog("Loaded credentials from keychain");
+  cachedLogin = {
+    jwt: keychainData.login_jwt,
+    refreshToken: keychainData.login_refresh_token,
+    expiresAt,
+    storage: "keychain"
+  };
+  return cachedLogin;
+}
+async function resolveOrRefreshToken(options = {}) {
+  const { debug = false } = options;
+  const debugLog = createDebugLog(debug);
+  const stored = await resolveStoredLogin(debugLog);
+  if (!stored) {
+    return void 0;
+  }
+  const { jwt: storedJwt, refreshToken, expiresAt } = stored;
+  if (expiresAt > Date.now() + TOKEN_REFRESH_BUFFER_MS) {
+    debugLog("Using cached token (still valid)");
+    return storedJwt;
+  }
+  debugLog("Token expired, refreshing...");
+  if (pendingRefresh) {
+    debugLog("Waiting for existing refresh to complete");
+    return pendingRefresh;
+  }
+  pendingRefresh = refreshJwt(refreshToken, options).finally(() => {
+    pendingRefresh = null;
+  });
+  return await pendingRefresh;
+}
+async function getToken(options = {}) {
+  try {
+    return await resolveOrRefreshToken(options);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Token refresh failed";
+    throw new ZapierAuthenticationError(
+      `${message}
+Please run 'login' to authenticate again.`
+    );
+  }
+}
+async function getLoggedInUser(options = {}) {
+  const jwt2 = await getToken(options).catch(() => void 0);
+  if (!jwt2) {
+    throw new Error(
+      "No valid authentication token available. Please login first."
+    );
+  }
+  let decodedJwt = decodeJwtOrThrow(jwt2);
+  if (decodedJwt.payload["sub_type"] == "service") {
+    decodedJwt = decodeJwtOrThrow(decodedJwt.payload["njwt"]);
+  }
+  if (typeof decodedJwt.payload["zap:acc"] !== "string") {
+    throw new Error("JWT payload does not contain accountId");
+  }
+  const accountId = parseInt(decodedJwt.payload["zap:acc"], 10);
+  if (isNaN(accountId)) {
+    throw new Error("JWT accountId is not a number");
+  }
+  if (decodedJwt.payload["sub_type"] !== "customuser" || typeof decodedJwt.payload["sub"] !== "string") {
+    throw new Error("JWT payload does not contain customUserId");
+  }
+  const customUserId = parseInt(decodedJwt.payload["sub"], 10);
+  if (isNaN(customUserId)) {
+    throw new Error("JWT customUserId is not a number");
+  }
+  const email = decodedJwt.payload["zap:uname"];
+  if (typeof email !== "string") {
+    throw new Error("JWT payload does not contain email");
+  }
+  return {
+    accountId,
+    customUserId,
+    email
+  };
+}
+function getLoginStorageMode() {
+  const cfg = getConfig();
+  if (typeof cfg.get("login_jwt") === "string") {
+    return "config";
+  }
+  const explicitMode = cfg.get("login_storage_mode");
+  if (explicitMode === "keychain" || explicitMode === "config") {
+    return explicitMode;
+  }
+  return "keychain";
+}
+async function logout(options = {}) {
+  const { onEvent } = options;
+  const mode = getLoginStorageMode();
+  cachedLogin = void 0;
+  await clearTokensFromKeychain();
+  const cfg = getConfig();
+  cfg.set("login_storage_mode", mode);
+  cfg.delete("login_expires_at");
+  cfg.delete("login_jwt");
+  cfg.delete("login_refresh_token");
+  onEvent?.({
+    type: "auth_logout",
+    payload: { message: "Logged out successfully", operation: "logout" },
+    timestamp: Date.now()
+  });
+}
+function getConfigPath() {
+  const cfg = getConfig();
+  return cfg.path;
+}
+exports.AUTH_MODE_HEADER = AUTH_MODE_HEADER;
+exports.ZapierAuthenticationError = ZapierAuthenticationError;
+exports.createCache = createCache;
+exports.getAuthAuthorizeUrl = getAuthAuthorizeUrl;
+exports.getAuthTokenUrl = getAuthTokenUrl;
+exports.getConfig = getConfig;
+exports.getConfigPath = getConfigPath;
+exports.getLoggedInUser = getLoggedInUser;
+exports.getLoginStorageMode = getLoginStorageMode;
+exports.getPkceLoginConfig = getPkceLoginConfig;
+exports.getToken = getToken;
+exports.logout = logout;
+exports.unloadConfig = unloadConfig;
+exports.updateLogin = updateLogin;