alpic 0.0.0-dev.f91105e → 0.0.0-dev.fad1961
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api.js +1 -1
- package/dist/api.js.map +1 -1
- package/dist/commands/login.js +3 -4
- package/dist/commands/login.js.map +1 -1
- package/dist/lib/auth/auth.d.ts +1 -1
- package/dist/lib/auth/auth.js +4 -3
- package/dist/lib/auth/auth.js.map +1 -1
- package/dist/lib/auth/oauth/client.d.ts +27 -10
- package/dist/lib/auth/oauth/client.js +99 -53
- package/dist/lib/auth/oauth/client.js.map +1 -1
- package/dist/lib/auth/oauth/server.d.ts +1 -3
- package/dist/lib/auth/oauth/server.js +9 -11
- package/dist/lib/auth/oauth/server.js.map +1 -1
- package/dist/lib/auth/whoami.d.ts +2 -2
- package/dist/lib/auth/whoami.js +3 -3
- package/dist/lib/auth/whoami.js.map +1 -1
- package/package.json +2 -2
- package/dist/lib/auth/oauth/config.d.ts +0 -12
- package/dist/lib/auth/oauth/config.js +0 -39
- package/dist/lib/auth/oauth/config.js.map +0 -1
package/dist/api.js
CHANGED
|
@@ -6,7 +6,7 @@ import { env } from "./env.js";
|
|
|
6
6
|
import { getApiToken } from "./lib/auth/auth.js";
|
|
7
7
|
const link = new OpenAPILink(contract, {
|
|
8
8
|
url: env.ALPIC_API_BASE_URL,
|
|
9
|
-
|
|
9
|
+
headers: async () => {
|
|
10
10
|
return getApiToken().then((token) => (token ? { Authorization: `Bearer ${token}` } : {}));
|
|
11
11
|
},
|
|
12
12
|
plugins: [new ResponseValidationPlugin(contract)],
|
package/dist/api.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,QAAQ,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC,kBAAkB;IAC3B,IAAI,
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,QAAQ,EAAE;IACrC,GAAG,EAAE,GAAG,CAAC,kBAAkB;IAC3B,OAAO,EAAE,KAAK,IAAI,EAAE;QAClB,OAAO,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5F,CAAC;IACD,OAAO,EAAE,CAAC,IAAI,wBAAwB,CAAC,QAAQ,CAAC,CAAC;CAClD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,GAAG,GAA0C,gBAAgB,CAAC,IAAI,CAAC,CAAC"}
|
package/dist/commands/login.js
CHANGED
|
@@ -2,7 +2,7 @@ import * as p from "@clack/prompts";
|
|
|
2
2
|
import chalk from "chalk";
|
|
3
3
|
import open from "open";
|
|
4
4
|
import { AlpicCommand } from "../lib/alpic-command.js";
|
|
5
|
-
import {
|
|
5
|
+
import { oAuthClient } from "../lib/auth/oauth/client.js";
|
|
6
6
|
import { listenToOAuthCallback } from "../lib/auth/oauth/server.js";
|
|
7
7
|
import { getWhoamiInfo } from "../lib/auth/whoami.js";
|
|
8
8
|
import { globalStore } from "../lib/global-store.js";
|
|
@@ -12,19 +12,18 @@ export class Login extends AlpicCommand {
|
|
|
12
12
|
async run() {
|
|
13
13
|
await this.parse(Login);
|
|
14
14
|
p.intro("Log in to Alpic");
|
|
15
|
-
const token = await getValidAccessToken();
|
|
15
|
+
const token = await oAuthClient.getValidAccessToken();
|
|
16
16
|
if (token) {
|
|
17
17
|
p.outro("Already logged in.");
|
|
18
18
|
return;
|
|
19
19
|
}
|
|
20
|
-
const { authorizeUrl, state, nonce, codeVerifier
|
|
20
|
+
const { authorizeUrl, state, nonce, codeVerifier } = await oAuthClient.prepareOAuthConfig();
|
|
21
21
|
p.log.message("Opening browser to log in…");
|
|
22
22
|
await open(authorizeUrl.toString());
|
|
23
23
|
const storedToken = await listenToOAuthCallback({
|
|
24
24
|
state,
|
|
25
25
|
nonce,
|
|
26
26
|
codeVerifier,
|
|
27
|
-
config,
|
|
28
27
|
});
|
|
29
28
|
globalStore.saveCredentials(storedToken);
|
|
30
29
|
const info = await getWhoamiInfo();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAErD,MAAM,OAAO,KAAM,SAAQ,YAAY;IACrC,MAAM,CAAU,WAAW,GAAG,gDAAgD,CAAC;IAE/E,MAAM,CAAU,QAAQ,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAEvD,KAAK,CAAC,GAAG;QACP,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAExB,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAE3B,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACtD,IAAI,KAAK,EAAE,CAAC;YACV,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,MAAM,WAAW,CAAC,kBAAkB,EAAE,CAAC;QAE5F,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;QAC5C,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEpC,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC;YAC9C,KAAK;YACL,KAAK;YACL,YAAY;SACb,CAAC,CAAC;QAEH,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAEzC,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;QAEnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,CAAC,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,oBAAoB,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;QACrF,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACf,CAAC"}
|
package/dist/lib/auth/auth.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare function getApiToken(): Promise<string |
|
|
1
|
+
export declare function getApiToken(): Promise<string | undefined>;
|
|
2
2
|
export declare function isAuthenticated(): Promise<boolean>;
|
package/dist/lib/auth/auth.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { oAuthClient } from "./oauth/client.js";
|
|
2
2
|
export async function getApiToken() {
|
|
3
|
-
|
|
3
|
+
const token = process.env.ALPIC_API_KEY ?? (await oAuthClient.getValidAccessToken())?.access_token;
|
|
4
|
+
return token;
|
|
4
5
|
}
|
|
5
6
|
export async function isAuthenticated() {
|
|
6
7
|
const isAuthenticatedViaApiKey = hasApiKey();
|
|
@@ -15,6 +16,6 @@ function hasApiKey() {
|
|
|
15
16
|
return process.env.ALPIC_API_KEY !== undefined;
|
|
16
17
|
}
|
|
17
18
|
async function hasValidAccessToken() {
|
|
18
|
-
return (await getValidAccessToken()) !== null;
|
|
19
|
+
return (await oAuthClient.getValidAccessToken()) !== null;
|
|
19
20
|
}
|
|
20
21
|
//# sourceMappingURL=auth.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/lib/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/lib/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,MAAM,WAAW,CAAC,mBAAmB,EAAE,CAAC,EAAE,YAAY,CAAC;IAEnG,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,wBAAwB,GAAG,SAAS,EAAE,CAAC;IAC7C,IAAI,wBAAwB;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,uBAAuB,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAC5D,IAAI,uBAAuB;QAAE,OAAO,IAAI,CAAC;IAEzC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,SAAS,CAAC;AACjD,CAAC;AAED,KAAK,UAAU,mBAAmB;IAChC,OAAO,CAAC,MAAM,WAAW,CAAC,mBAAmB,EAAE,CAAC,KAAK,IAAI,CAAC;AAC5D,CAAC"}
|
|
@@ -1,12 +1,29 @@
|
|
|
1
1
|
import * as openid from "openid-client";
|
|
2
2
|
import { type Credentials } from "../../global-store.js";
|
|
3
|
-
export declare
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
3
|
+
export declare class OAuthClient {
|
|
4
|
+
private config;
|
|
5
|
+
initialize: Promise<void>;
|
|
6
|
+
constructor();
|
|
7
|
+
getValidAccessToken(): Promise<Credentials | null>;
|
|
8
|
+
fetchUserInfo(credentials: Credentials): Promise<openid.UserInfoResponse>;
|
|
9
|
+
refreshAccessToken(credentials: Credentials): Promise<Credentials>;
|
|
10
|
+
prepareOAuthConfig(): Promise<{
|
|
11
|
+
authorizeUrl: URL;
|
|
12
|
+
state: string;
|
|
13
|
+
nonce: string;
|
|
14
|
+
codeVerifier: string;
|
|
15
|
+
}>;
|
|
16
|
+
exchangeAuthorizationCode({ url, codeVerifier, state, nonce, }: {
|
|
17
|
+
url: URL;
|
|
18
|
+
codeVerifier: string;
|
|
19
|
+
state: string;
|
|
20
|
+
nonce: string;
|
|
21
|
+
}): Promise<openid.TokenEndpointResponse & openid.TokenEndpointResponseHelpers>;
|
|
22
|
+
getExpiresAt(expires_in: number): number;
|
|
23
|
+
private getCallbackUrl;
|
|
24
|
+
private loadConfig;
|
|
25
|
+
private fetchOAuthProtectedResourceConfig;
|
|
26
|
+
private getConfig;
|
|
27
|
+
private isAccessTokenExpired;
|
|
28
|
+
}
|
|
29
|
+
export declare const oAuthClient: OAuthClient;
|
|
@@ -1,66 +1,112 @@
|
|
|
1
1
|
import * as openid from "openid-client";
|
|
2
|
+
import { env } from "../../../env.js";
|
|
2
3
|
import { globalStore } from "../../global-store.js";
|
|
3
|
-
import { getIssuer, getOAuthConfig } from "./config.js";
|
|
4
4
|
import { LOOPBACK_HOST, LOOPBACK_PORT } from "./constants.js";
|
|
5
5
|
const SCOPES = ["openid", "email", "profile"];
|
|
6
|
-
export
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
6
|
+
export class OAuthClient {
|
|
7
|
+
config = null;
|
|
8
|
+
initialize;
|
|
9
|
+
constructor() {
|
|
10
|
+
this.initialize = this.loadConfig();
|
|
11
|
+
}
|
|
12
|
+
async getValidAccessToken() {
|
|
13
|
+
await this.initialize;
|
|
14
|
+
const stored = globalStore.getCredentials();
|
|
15
|
+
if (!stored) {
|
|
16
|
+
return null;
|
|
17
|
+
}
|
|
18
|
+
if (this.isAccessTokenExpired(stored)) {
|
|
19
|
+
try {
|
|
20
|
+
return await this.refreshAccessToken(stored);
|
|
21
|
+
}
|
|
22
|
+
catch {
|
|
23
|
+
return null;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
return stored;
|
|
27
|
+
}
|
|
28
|
+
async fetchUserInfo(credentials) {
|
|
29
|
+
return openid.fetchUserInfo(await this.getConfig(), credentials.access_token, credentials.sub);
|
|
30
|
+
}
|
|
31
|
+
async refreshAccessToken(credentials) {
|
|
32
|
+
if (!credentials.refresh_token) {
|
|
33
|
+
throw new Error("No refresh token available");
|
|
34
|
+
}
|
|
35
|
+
const response = await openid.refreshTokenGrant(await this.getConfig(), credentials.refresh_token);
|
|
36
|
+
const refreshed = {
|
|
37
|
+
access_token: response.access_token,
|
|
38
|
+
refresh_token: response.refresh_token ?? credentials.refresh_token,
|
|
39
|
+
expires_at: this.getExpiresAt(response.expires_in ?? 0),
|
|
40
|
+
sub: credentials.sub,
|
|
41
|
+
};
|
|
42
|
+
globalStore.saveCredentials(refreshed);
|
|
43
|
+
return refreshed;
|
|
44
|
+
}
|
|
45
|
+
async prepareOAuthConfig() {
|
|
46
|
+
await this.initialize;
|
|
47
|
+
if (!this.config) {
|
|
48
|
+
throw new Error("Config not loaded");
|
|
49
|
+
}
|
|
50
|
+
const codeVerifier = openid.randomPKCECodeVerifier();
|
|
51
|
+
const codeChallenge = await openid.calculatePKCECodeChallenge(codeVerifier);
|
|
52
|
+
const state = openid.randomState();
|
|
53
|
+
const nonce = openid.randomNonce();
|
|
54
|
+
const authorizeUrl = openid.buildAuthorizationUrl(this.config, {
|
|
55
|
+
redirect_uri: this.getCallbackUrl().toString(),
|
|
56
|
+
scope: SCOPES.join(" "),
|
|
57
|
+
code_challenge: codeChallenge,
|
|
58
|
+
code_challenge_method: "S256",
|
|
59
|
+
state,
|
|
60
|
+
nonce,
|
|
61
|
+
});
|
|
62
|
+
return { authorizeUrl, state, nonce, codeVerifier };
|
|
63
|
+
}
|
|
64
|
+
async exchangeAuthorizationCode({ url, codeVerifier, state, nonce, }) {
|
|
65
|
+
return await openid.authorizationCodeGrant(await this.getConfig(), url, {
|
|
66
|
+
pkceCodeVerifier: codeVerifier,
|
|
67
|
+
expectedState: state,
|
|
68
|
+
expectedNonce: nonce,
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
getExpiresAt(expires_in) {
|
|
72
|
+
return expires_in !== undefined ? Math.floor(Date.now() / 1000) + expires_in : Date.now() / 1000 + 3600;
|
|
15
73
|
}
|
|
16
|
-
|
|
74
|
+
getCallbackUrl() {
|
|
75
|
+
return new URL(`http://${LOOPBACK_HOST}:${LOOPBACK_PORT}/callback`);
|
|
76
|
+
}
|
|
77
|
+
async loadConfig() {
|
|
78
|
+
const protectedResourceConfig = await this.fetchOAuthProtectedResourceConfig();
|
|
79
|
+
const issuer = protectedResourceConfig.authorization_servers[0];
|
|
80
|
+
if (!issuer) {
|
|
81
|
+
throw new Error("No authorization server in OAuth protected resource config");
|
|
82
|
+
}
|
|
83
|
+
const issuerUrl = new URL(issuer);
|
|
17
84
|
try {
|
|
18
|
-
|
|
85
|
+
this.config = await openid.discovery(issuerUrl, env.ALPIC_COGNITO_CLIENT_ID);
|
|
19
86
|
}
|
|
20
87
|
catch {
|
|
21
|
-
|
|
88
|
+
throw new Error("Failed to discover OAuth config");
|
|
22
89
|
}
|
|
23
90
|
}
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
91
|
+
async fetchOAuthProtectedResourceConfig() {
|
|
92
|
+
const baseUrl = env.ALPIC_API_BASE_URL;
|
|
93
|
+
const response = await fetch(`${baseUrl}/.well-known/oauth-protected-resource`);
|
|
94
|
+
if (!response.ok) {
|
|
95
|
+
throw new Error(`Failed to load service config from ${baseUrl} (${response.status} ${response.statusText})`);
|
|
96
|
+
}
|
|
97
|
+
return (await response.json());
|
|
98
|
+
}
|
|
99
|
+
async getConfig() {
|
|
100
|
+
await this.initialize;
|
|
101
|
+
if (!this.config) {
|
|
102
|
+
throw new Error("Config not loaded");
|
|
103
|
+
}
|
|
104
|
+
return this.config;
|
|
105
|
+
}
|
|
106
|
+
isAccessTokenExpired(credentials) {
|
|
107
|
+
const EXPIRATION_WINDOW_IN_SECONDS = 300;
|
|
108
|
+
return Date.now() / 1000 + EXPIRATION_WINDOW_IN_SECONDS >= credentials.expires_at;
|
|
29
109
|
}
|
|
30
|
-
const issuer = await getIssuer();
|
|
31
|
-
const config = await getOAuthConfig(issuer);
|
|
32
|
-
const response = await openid.refreshTokenGrant(config, credentials.refresh_token);
|
|
33
|
-
const refreshed = {
|
|
34
|
-
access_token: response.access_token,
|
|
35
|
-
refresh_token: response.refresh_token ?? credentials.refresh_token,
|
|
36
|
-
expires_at: getExpiresAt(response.expires_in ?? 0),
|
|
37
|
-
sub: credentials.sub,
|
|
38
|
-
};
|
|
39
|
-
globalStore.saveCredentials(refreshed);
|
|
40
|
-
return refreshed;
|
|
41
|
-
}
|
|
42
|
-
export function getExpiresAt(expires_in) {
|
|
43
|
-
return expires_in !== undefined ? Math.floor(Date.now() / 1000) + expires_in : Date.now() / 1000 + 3600;
|
|
44
|
-
}
|
|
45
|
-
function isAccessTokenExpired(credentials) {
|
|
46
|
-
const EXPIRATION_WINDOW_IN_SECONDS = 300;
|
|
47
|
-
return Date.now() / 1000 + EXPIRATION_WINDOW_IN_SECONDS >= credentials.expires_at;
|
|
48
|
-
}
|
|
49
|
-
export async function prepareOAuthConfig() {
|
|
50
|
-
const issuer = await getIssuer();
|
|
51
|
-
const config = await getOAuthConfig(issuer);
|
|
52
|
-
const codeVerifier = openid.randomPKCECodeVerifier();
|
|
53
|
-
const codeChallenge = await openid.calculatePKCECodeChallenge(codeVerifier);
|
|
54
|
-
const state = openid.randomState();
|
|
55
|
-
const nonce = openid.randomNonce();
|
|
56
|
-
const authorizeUrl = openid.buildAuthorizationUrl(config, {
|
|
57
|
-
redirect_uri: `http://${LOOPBACK_HOST}:${LOOPBACK_PORT}/callback`,
|
|
58
|
-
scope: SCOPES.join(" "),
|
|
59
|
-
code_challenge: codeChallenge,
|
|
60
|
-
code_challenge_method: "S256",
|
|
61
|
-
state,
|
|
62
|
-
nonce,
|
|
63
|
-
});
|
|
64
|
-
return { authorizeUrl, state, nonce, codeVerifier, config };
|
|
65
110
|
}
|
|
111
|
+
export const oAuthClient = new OAuthClient();
|
|
66
112
|
//# sourceMappingURL=client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../../src/lib/auth/oauth/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AAExC,OAAO,
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../../src/lib/auth/oauth/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AAExC,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AACtC,OAAO,EAAoB,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE9D,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAU9C,MAAM,OAAO,WAAW;IACd,MAAM,GAAgC,IAAI,CAAC;IACnD,UAAU,CAAgB;IAE1B;QACE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,mBAAmB;QACvB,MAAM,IAAI,CAAC,UAAU,CAAC;QACtB,MAAM,MAAM,GAAG,WAAW,CAAC,cAAc,EAAE,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,WAAwB;QAC1C,OAAO,MAAM,CAAC,aAAa,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC;IACjG,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,WAAwB;QAC/C,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;QAEnG,MAAM,SAAS,GAAgB;YAC7B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,aAAa,EAAE,QAAQ,CAAC,aAAa,IAAI,WAAW,CAAC,aAAa;YAClE,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC;YACvD,GAAG,EAAE,WAAW,CAAC,GAAG;SACrB,CAAC;QAEF,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACvC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,IAAI,CAAC,UAAU,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,YAAY,CAAC,CAAC;QAC5E,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QAEnC,MAAM,YAAY,GAAG,MAAM,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE;YAC7D,YAAY,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,EAAE;YAC9C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,MAAM;YAC7B,KAAK;YACL,KAAK;SACN,CAAC,CAAC;QAEH,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,EAC9B,GAAG,EACH,YAAY,EACZ,KAAK,EACL,KAAK,GAMN;QACC,OAAO,MAAM,MAAM,CAAC,sBAAsB,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE;YACtE,gBAAgB,EAAE,YAAY;YAC9B,aAAa,EAAE,KAAK;YACpB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,UAAkB;QAC7B,OAAO,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;IAC1G,CAAC;IAEO,cAAc;QACpB,OAAO,IAAI,GAAG,CAAC,UAAU,aAAa,IAAI,aAAa,WAAW,CAAC,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,iCAAiC,EAAE,CAAC;QAC/E,MAAM,MAAM,GAAG,uBAAuB,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAC/E,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iCAAiC;QAC7C,MAAM,OAAO,GAAG,GAAG,CAAC,kBAAkB,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,uCAAuC,CAAC,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,OAAO,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC;QAC/G,CAAC;QACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiC,CAAC;IACjE,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,MAAM,IAAI,CAAC,UAAU,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEO,oBAAoB,CAAC,WAAwB;QACnD,MAAM,4BAA4B,GAAG,GAAG,CAAC;QACzC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,4BAA4B,IAAI,WAAW,CAAC,UAAU,CAAC;IACpF,CAAC;CACF;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC"}
|
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
import * as openid from "openid-client";
|
|
2
1
|
import type { Credentials } from "../../global-store.js";
|
|
3
|
-
export declare const listenToOAuthCallback: ({ state, nonce, codeVerifier,
|
|
2
|
+
export declare const listenToOAuthCallback: ({ state, nonce, codeVerifier, }: {
|
|
4
3
|
state: string;
|
|
5
4
|
nonce: string;
|
|
6
5
|
codeVerifier: string;
|
|
7
|
-
config: openid.Configuration;
|
|
8
6
|
}) => Promise<Credentials>;
|
|
@@ -1,21 +1,20 @@
|
|
|
1
1
|
import * as p from "@clack/prompts";
|
|
2
|
-
import * as openid from "openid-client";
|
|
3
2
|
import { createServer } from "node:http";
|
|
4
|
-
import {
|
|
3
|
+
import { oAuthClient } from "./client.js";
|
|
5
4
|
import { LOOPBACK_HOST, LOOPBACK_PORT } from "./constants.js";
|
|
6
|
-
const createCallbackServer = ({ state, nonce, codeVerifier,
|
|
5
|
+
const createCallbackServer = ({ state, nonce, codeVerifier, onSuccess, onError, }) => createServer(async (req, res) => {
|
|
7
6
|
const url = req.url ?? "/";
|
|
8
7
|
if (!url.startsWith("/callback")) {
|
|
9
8
|
p.log.message(`Ignoring request to ${url}`);
|
|
10
9
|
res.writeHead(404).end();
|
|
11
10
|
return;
|
|
12
11
|
}
|
|
13
|
-
const callbackUrl = new URL(url, `http://${req.headers.host}`);
|
|
14
12
|
try {
|
|
15
|
-
const tokens = await
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
13
|
+
const tokens = await oAuthClient.exchangeAuthorizationCode({
|
|
14
|
+
url: new URL(url, `http://${req.headers.host}`),
|
|
15
|
+
codeVerifier,
|
|
16
|
+
state,
|
|
17
|
+
nonce,
|
|
19
18
|
});
|
|
20
19
|
const sub = tokens.claims()?.sub;
|
|
21
20
|
if (!sub || !tokens.refresh_token) {
|
|
@@ -24,7 +23,7 @@ const createCallbackServer = ({ state, nonce, codeVerifier, config, onSuccess, o
|
|
|
24
23
|
const stored = {
|
|
25
24
|
access_token: tokens.access_token,
|
|
26
25
|
refresh_token: tokens.refresh_token,
|
|
27
|
-
expires_at: getExpiresAt(tokens.expires_in ?? 0),
|
|
26
|
+
expires_at: oAuthClient.getExpiresAt(tokens.expires_in ?? 0),
|
|
28
27
|
sub,
|
|
29
28
|
};
|
|
30
29
|
p.log.success("✅ Authentication successful");
|
|
@@ -39,13 +38,12 @@ const createCallbackServer = ({ state, nonce, codeVerifier, config, onSuccess, o
|
|
|
39
38
|
onError(e instanceof Error ? e : new Error(String(e)));
|
|
40
39
|
}
|
|
41
40
|
});
|
|
42
|
-
export const listenToOAuthCallback = ({ state, nonce, codeVerifier,
|
|
41
|
+
export const listenToOAuthCallback = ({ state, nonce, codeVerifier, }) => {
|
|
43
42
|
return new Promise((resolve, reject) => {
|
|
44
43
|
const callbackServer = createCallbackServer({
|
|
45
44
|
state,
|
|
46
45
|
nonce,
|
|
47
46
|
codeVerifier,
|
|
48
|
-
config,
|
|
49
47
|
onSuccess: (storedToken) => {
|
|
50
48
|
callbackServer.close();
|
|
51
49
|
resolve(storedToken);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../../src/lib/auth/oauth/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AACpC,OAAO,
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../../src/lib/auth/oauth/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,gBAAgB,CAAC;AACpC,OAAO,EAA6C,YAAY,EAAE,MAAM,WAAW,CAAC;AAGpF,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE9D,MAAM,oBAAoB,GAAG,CAAC,EAC5B,KAAK,EACL,KAAK,EACL,YAAY,EACZ,SAAS,EACT,OAAO,GAOR,EAAE,EAAE,CACH,YAAY,CAAC,KAAK,EAAE,GAAoB,EAAE,GAAmB,EAAE,EAAE;IAC/D,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACjC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;QAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QACzB,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,yBAAyB,CAAC;YACzD,GAAG,EAAE,IAAI,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/C,YAAY;YACZ,KAAK;YACL,KAAK;SACN,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC;QACjC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,MAAM,GAAgB;YAC1B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,UAAU,EAAE,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;YAC5D,GAAG;SACJ,CAAC;QACF,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;QAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,4BAA4B,EAAE,IAAI,CAAC,CAAC,CAAC;QAC/D,SAAS,CAAC,MAAM,CAAC,CAAC;IACpB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,kCAAkC,EAAE,KAAK,CAAC,CAAC,CAAC;QACzE,OAAO,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,EACpC,KAAK,EACL,KAAK,EACL,YAAY,GAKb,EAAE,EAAE;IACH,OAAO,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAClD,MAAM,cAAc,GAAG,oBAAoB,CAAC;YAC1C,KAAK;YACL,KAAK;YACL,YAAY;YACZ,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE;gBACzB,cAAc,CAAC,KAAK,EAAE,CAAC;gBACvB,OAAO,CAAC,WAAW,CAAC,CAAC;YACvB,CAAC;YACD,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACf,cAAc,CAAC,KAAK,EAAE,CAAC;gBACvB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;SACF,CAAC,CAAC;QACH,cAAc,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,SAAS,IAAI,CAAC,KAAa,EAAE,IAAY,EAAE,OAAgB;IACzD,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,MAAM,OAAO,GAAG,o9EAAo9E,CAAC;IACr+E,OAAO;;;;;WAKE,KAAK;;;;;qGAKqF,MAAM,iBAAiB,EAAE,YAAY,KAAK;;;;;;yCAMtG,OAAO;;UAEtC,KAAK;SACN,IAAI;;;QAGL,CAAC;AACT,CAAC"}
|
package/dist/lib/auth/whoami.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { api } from "../../api.js";
|
|
2
|
-
import {
|
|
2
|
+
import { oAuthClient } from "./oauth/client.js";
|
|
3
3
|
export async function getWhoamiInfo() {
|
|
4
4
|
if (process.env.ALPIC_API_KEY !== undefined) {
|
|
5
5
|
const team = await getApiKeyTeam();
|
|
@@ -8,7 +8,7 @@ export async function getWhoamiInfo() {
|
|
|
8
8
|
team,
|
|
9
9
|
};
|
|
10
10
|
}
|
|
11
|
-
const token = await getValidAccessToken();
|
|
11
|
+
const token = await oAuthClient.getValidAccessToken();
|
|
12
12
|
if (!token)
|
|
13
13
|
return null;
|
|
14
14
|
const userInfo = await fetchOAuthUserInfo(token);
|
|
@@ -22,7 +22,7 @@ export async function getWhoamiInfo() {
|
|
|
22
22
|
}
|
|
23
23
|
async function fetchOAuthUserInfo(credentials) {
|
|
24
24
|
try {
|
|
25
|
-
return
|
|
25
|
+
return await oAuthClient.fetchUserInfo(credentials);
|
|
26
26
|
}
|
|
27
27
|
catch {
|
|
28
28
|
return null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../../src/lib/auth/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../../src/lib/auth/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAOhD,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE,SAAS;YACjB,IAAI;SACL,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,mBAAmB,EAAE,CAAC;IACtD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,OAAO;QACL,MAAM,EAAE,OAAO;QACf,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,IAAI,EAAE,QAAQ,CAAC,IAAI;KACpB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,WAAwB;IACxD,IAAI,CAAC;QACH,OAAO,MAAM,WAAW,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa;IAC1B,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;IACxC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "alpic",
|
|
3
|
-
"version": "0.0.0-dev.
|
|
3
|
+
"version": "0.0.0-dev.fad1961",
|
|
4
4
|
"description": "The command-line interface for Alpic",
|
|
5
5
|
"homepage": "https://alpic.ai",
|
|
6
6
|
"preferGlobal": true,
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
"tar": "^7.4.0",
|
|
41
41
|
"xdg-app-paths": "^8.3.0",
|
|
42
42
|
"zod": "^4.3.6",
|
|
43
|
-
"@alpic-ai/api": "0.0.0-dev.
|
|
43
|
+
"@alpic-ai/api": "0.0.0-dev.fad1961"
|
|
44
44
|
},
|
|
45
45
|
"devDependencies": {
|
|
46
46
|
"@orpc/openapi": "^1.13.4",
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import * as openid from "openid-client";
|
|
2
|
-
export declare function getOAuthConfig(issuer: string): Promise<openid.Configuration>;
|
|
3
|
-
export declare function getIssuer(): Promise<string>;
|
|
4
|
-
interface OAuthProtectedResourceConfig {
|
|
5
|
-
resource: string;
|
|
6
|
-
authorization_servers: string[];
|
|
7
|
-
bearer_methods_supported: string[];
|
|
8
|
-
scopes_supported: string[];
|
|
9
|
-
resource_documentation: string;
|
|
10
|
-
}
|
|
11
|
-
export declare function getOAuthProtectedResourceConfig(): Promise<OAuthProtectedResourceConfig>;
|
|
12
|
-
export {};
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
import * as openid from "openid-client";
|
|
2
|
-
import { env } from "../../../env.js";
|
|
3
|
-
let cachedConfig;
|
|
4
|
-
export async function getOAuthConfig(issuer) {
|
|
5
|
-
if (cachedConfig) {
|
|
6
|
-
return cachedConfig;
|
|
7
|
-
}
|
|
8
|
-
const issuerUrl = new URL(issuer);
|
|
9
|
-
try {
|
|
10
|
-
cachedConfig = await openid.discovery(issuerUrl, env.ALPIC_COGNITO_CLIENT_ID);
|
|
11
|
-
}
|
|
12
|
-
catch {
|
|
13
|
-
throw new Error("Failed to discover OAuth config");
|
|
14
|
-
}
|
|
15
|
-
return cachedConfig;
|
|
16
|
-
}
|
|
17
|
-
export async function getIssuer() {
|
|
18
|
-
const config = await getOAuthProtectedResourceConfig();
|
|
19
|
-
const issuer = config.authorization_servers[0];
|
|
20
|
-
if (!issuer) {
|
|
21
|
-
throw new Error("No authorization server in OAuth protected resource config");
|
|
22
|
-
}
|
|
23
|
-
return issuer;
|
|
24
|
-
}
|
|
25
|
-
let cached;
|
|
26
|
-
export async function getOAuthProtectedResourceConfig() {
|
|
27
|
-
if (cached) {
|
|
28
|
-
return cached;
|
|
29
|
-
}
|
|
30
|
-
const baseUrl = env.ALPIC_API_BASE_URL;
|
|
31
|
-
const response = await fetch(`${baseUrl}/.well-known/oauth-protected-resource`);
|
|
32
|
-
if (!response.ok) {
|
|
33
|
-
throw new Error(`Failed to load service config from ${baseUrl} (${response.status} ${response.statusText})`);
|
|
34
|
-
}
|
|
35
|
-
const data = (await response.json());
|
|
36
|
-
cached = data;
|
|
37
|
-
return data;
|
|
38
|
-
}
|
|
39
|
-
//# sourceMappingURL=config.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/lib/auth/oauth/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,eAAe,CAAC;AAExC,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAEtC,IAAI,YAAkC,CAAC;AAEvC,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAc;IACjD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAElC,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,CAAC,uBAAuB,CAAC,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,MAAM,GAAG,MAAM,+BAA+B,EAAE,CAAC;IACvD,MAAM,MAAM,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAUD,IAAI,MAAoC,CAAC;AAEzC,MAAM,CAAC,KAAK,UAAU,+BAA+B;IACnD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,kBAAkB,CAAC;IACvC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,uCAAuC,CAAC,CAAC;IAEhF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,sCAAsC,OAAO,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC;IAC/G,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiC,CAAC;IACrE,MAAM,GAAG,IAAI,CAAC;IACd,OAAO,IAAI,CAAC;AACd,CAAC"}
|