devflare 1.0.0-next.18 → 1.0.0-next.19

package/dist/index-k7m5f1dg.js

@@ -0,0 +1,200 @@
+import {
+  apiDelete,
+  apiGetAll,
+  apiPost,
+  apiPut
+} from "./index-mg8vwqxf.js";
+
+// src/cloudflare/known-permission-group-ids.generated.ts
+var KNOWN_PERMISSION_GROUP_IDS_DATA = {
+  WORKERS_SCRIPTS_WRITE: null,
+  WORKERS_SCRIPTS_READ: null,
+  ACCOUNT_SETTINGS_READ: null,
+  WORKERS_KV_STORAGE_WRITE: null,
+  WORKERS_KV_STORAGE_READ: null,
+  ACCOUNT_API_TOKENS_WRITE: null,
+  ACCOUNT_API_TOKENS_READ: null
+};
+
+// src/cloudflare/tokens.ts
+var MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS = 300;
+var DEVFLARE_MANAGED_TOKEN_PREFIX = "devflare-";
+var ACCOUNT_OWNED_TOKEN_SCOPE = "com.cloudflare.api.account";
+var ACCOUNT_API_TOKENS_PERMISSION_GROUP_NAME_PATTERN = /^Account API Tokens\b/i;
+var DEVFLARE_MANAGED_TOKEN_NAME_PATTERN = /^devflare-/i;
+var DEVFLARE_PERMISSION_GROUP_NAME_PATTERNS = [
+  /^Account Analytics /i,
+  /^Account Settings /i,
+  /^Account Filter Lists /i,
+  /^AI /i,
+  /^Analytics /i,
+  /^Browser Rendering /i,
+  /^Cache Purge\b/i,
+  /^D1 /i,
+  /^DNS /i,
+  /^Email /i,
+  /^Hyperdrive /i,
+  /^Images /i,
+  /^Logs /i,
+  /^Logpush /i,
+  /^Pages /i,
+  /^Queues /i,
+  /^R2 /i,
+  /^SSL and Certificates /i,
+  /^Stream /i,
+  /^Vectorize /i,
+  /^Workers /i,
+  /^Zone Settings /i,
+  /^Zone /i
+];
+function deriveKnownPermissionGroupIds(data) {
+  const result = {};
+  for (const key of Object.keys(data)) {
+    const value = data[key];
+    result[key] = value === null ? undefined : value;
+  }
+  return result;
+}
+var KNOWN_PERMISSION_GROUP_IDS = deriveKnownPermissionGroupIds(KNOWN_PERMISSION_GROUP_IDS_DATA);
+function dedupePermissionGroups(permissionGroups) {
+  const seenIds = new Set;
+  return permissionGroups.filter((permissionGroup) => {
+    if (seenIds.has(permissionGroup.id)) {
+      return false;
+    }
+    seenIds.add(permissionGroup.id);
+    return true;
+  });
+}
+function dedupePermissionGroupIds(permissionGroupIds) {
+  return Array.from(new Set(permissionGroupIds.map((id) => id.trim()).filter(Boolean)));
+}
+function excludeAccountApiTokensPermissionGroups(permissionGroups) {
+  return permissionGroups.filter((permissionGroup) => {
+    return !ACCOUNT_API_TOKENS_PERMISSION_GROUP_NAME_PATTERN.test(permissionGroup.name);
+  });
+}
+function keepAccountOwnedTokenCompatiblePermissionGroups(permissionGroups) {
+  return permissionGroups.filter((permissionGroup) => {
+    return permissionGroup.scopes.some((scope) => scope.trim() === ACCOUNT_OWNED_TOKEN_SCOPE);
+  });
+}
+function selectReusableAccountOwnedTokenPermissionGroups(permissionGroups) {
+  return dedupePermissionGroups(excludeAccountApiTokensPermissionGroups(keepAccountOwnedTokenCompatiblePermissionGroups(permissionGroups)));
+}
+function parseOptionalDate(value) {
+  if (!value) {
+    return;
+  }
+  const parsed = new Date(value);
+  return Number.isNaN(parsed.getTime()) ? undefined : parsed;
+}
+function mapAccountOwnedAPITokenPolicy(policy) {
+  return {
+    id: policy.id,
+    effect: policy.effect,
+    permissionGroups: policy.permission_groups?.map((permissionGroup) => ({
+      id: permissionGroup.id,
+      name: permissionGroup.name
+    }))
+  };
+}
+function mapAccountOwnedAPIToken(token) {
+  return {
+    id: token.id,
+    name: token.name ?? token.id,
+    status: token.status,
+    value: token.value,
+    issuedOn: parseOptionalDate(token.issued_on),
+    modifiedOn: parseOptionalDate(token.modified_on),
+    lastUsedOn: parseOptionalDate(token.last_used_on),
+    policies: token.policies?.map(mapAccountOwnedAPITokenPolicy)
+  };
+}
+function isDevflareManagedTokenName(name) {
+  return DEVFLARE_MANAGED_TOKEN_NAME_PATTERN.test(name.trim());
+}
+function normalizeDevflareTokenName(name) {
+  const trimmedName = name.trim();
+  if (!trimmedName) {
+    throw new Error("Devflare token name cannot be empty");
+  }
+  const suffix = isDevflareManagedTokenName(trimmedName) ? trimmedName.replace(DEVFLARE_MANAGED_TOKEN_NAME_PATTERN, "") : trimmedName;
+  if (!suffix) {
+    throw new Error("Devflare token name cannot be empty");
+  }
+  return `${DEVFLARE_MANAGED_TOKEN_PREFIX}${suffix}`;
+}
+function stripDevflareTokenNamePrefix(name) {
+  const trimmedName = name.trim();
+  if (!trimmedName) {
+    return trimmedName;
+  }
+  const strippedName = trimmedName.replace(DEVFLARE_MANAGED_TOKEN_NAME_PATTERN, "");
+  return strippedName || trimmedName;
+}
+function filterDevflareManagedTokens(tokens) {
+  return tokens.filter((token) => isDevflareManagedTokenName(token.name));
+}
+function selectDevflarePermissionGroups(permissionGroups) {
+  const selectedPermissionGroups = dedupePermissionGroups(selectReusableAccountOwnedTokenPermissionGroups(permissionGroups).filter((permissionGroup) => {
+    return DEVFLARE_PERMISSION_GROUP_NAME_PATTERNS.some((pattern) => {
+      return pattern.test(permissionGroup.name);
+    });
+  }));
+  if (selectedPermissionGroups.length === 0) {
+    throw new Error("Could not map the available Cloudflare permission groups to a Devflare token policy.");
+  }
+  if (selectedPermissionGroups.length > MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS) {
+    throw new Error(`Devflare selected ${selectedPermissionGroups.length} permission groups, which exceeds Cloudflare's ${MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS}-group limit for account-owned tokens.`);
+  }
+  return selectedPermissionGroups;
+}
+function selectAllReusablePermissionGroups(permissionGroups) {
+  const selectedPermissionGroups = selectReusableAccountOwnedTokenPermissionGroups(permissionGroups);
+  if (selectedPermissionGroups.length === 0) {
+    throw new Error("Could not find any reusable account-scoped Cloudflare permission groups for this Devflare token.");
+  }
+  if (selectedPermissionGroups.length > MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS) {
+    throw new Error(`Devflare selected ${selectedPermissionGroups.length} permission groups, which exceeds Cloudflare's ${MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS}-group limit for account-owned tokens.`);
+  }
+  return selectedPermissionGroups;
+}
+async function listAccountTokenPermissionGroups(accountId, options) {
+  const permissionGroups = await apiGetAll(`/accounts/${accountId}/tokens/permission_groups`, options);
+  return dedupePermissionGroups(permissionGroups);
+}
+async function listAccountOwnedAPITokens(accountId, options) {
+  const tokens = await apiGetAll(`/accounts/${accountId}/tokens`, options);
+  return tokens.map(mapAccountOwnedAPIToken);
+}
+async function deleteAccountOwnedAPIToken(accountId, tokenId, options) {
+  return apiDelete(`/accounts/${accountId}/tokens/${tokenId}`, options);
+}
+async function rollAccountOwnedAPITokenValue(accountId, tokenId, options) {
+  return apiPut(`/accounts/${accountId}/tokens/${tokenId}/value`, {}, options);
+}
+async function createAccountOwnedAPIToken(accountId, options, clientOptions) {
+  const permissionGroupIds = dedupePermissionGroupIds(options.permissionGroupIds);
+  if (permissionGroupIds.length === 0) {
+    throw new Error("Cannot create a Devflare token without any permission groups");
+  }
+  if (permissionGroupIds.length > MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS) {
+    throw new Error(`Cannot create a Devflare token with more than ${MAX_ACCOUNT_OWNED_TOKEN_PERMISSION_GROUPS} permission groups.`);
+  }
+  const createdToken = await apiPost(`/accounts/${accountId}/tokens`, {
+    name: options.name,
+    policies: [
+      {
+        effect: "allow",
+        resources: {
+          [`com.cloudflare.api.account.${accountId}`]: "*"
+        },
+        permission_groups: permissionGroupIds.map((id) => ({ id }))
+      }
+    ]
+  }, clientOptions);
+  return mapAccountOwnedAPIToken(createdToken);
+}
+
+export { normalizeDevflareTokenName, stripDevflareTokenNamePrefix, filterDevflareManagedTokens, selectDevflarePermissionGroups, selectAllReusablePermissionGroups, listAccountTokenPermissionGroups, listAccountOwnedAPITokens, deleteAccountOwnedAPIToken, rollAccountOwnedAPITokenValue, createAccountOwnedAPIToken };