npm - oauth.do - Versions diffs - 0.1.0 - Mend

oauth.do 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,637 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+// src/storage.ts
+var storage_exports = {};
+__export(storage_exports, {
+  CompositeTokenStorage: () => CompositeTokenStorage,
+  FileTokenStorage: () => FileTokenStorage,
+  KeychainTokenStorage: () => KeychainTokenStorage,
+  LocalStorageTokenStorage: () => LocalStorageTokenStorage,
+  MemoryTokenStorage: () => MemoryTokenStorage,
+  SecureFileTokenStorage: () => SecureFileTokenStorage,
+  createSecureStorage: () => createSecureStorage
+});
+function isNode() {
+  return typeof process !== "undefined" && process.versions != null && process.versions.node != null;
+}
+function getEnv2(key) {
+  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
+  return void 0;
+}
+function createSecureStorage() {
+  if (isNode()) {
+    return new CompositeTokenStorage();
+  }
+  if (typeof localStorage !== "undefined") {
+    return new LocalStorageTokenStorage();
+  }
+  return new MemoryTokenStorage();
+}
+var KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, KeychainTokenStorage, SecureFileTokenStorage, FileTokenStorage, MemoryTokenStorage, LocalStorageTokenStorage, CompositeTokenStorage;
+var init_storage = __esm({
+  "src/storage.ts"() {
+    KEYCHAIN_SERVICE = "oauth.do";
+    KEYCHAIN_ACCOUNT = "access_token";
+    KeychainTokenStorage = class {
+      keytar = null;
+      initialized = false;
+      /**
+       * Lazily load keytar module
+       * Returns null if keytar is not available (e.g., missing native dependencies)
+       */
+      async getKeytar() {
+        if (this.initialized) {
+          return this.keytar;
+        }
+        this.initialized = true;
+        try {
+          this.keytar = await import('keytar');
+          return this.keytar;
+        } catch (error) {
+          if (getEnv2("DEBUG")) {
+            console.warn("Keychain storage not available:", error);
+          }
+          return null;
+        }
+      }
+      async getToken() {
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+          return null;
+        }
+        try {
+          const token = await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+          return token;
+        } catch (error) {
+          if (getEnv2("DEBUG")) {
+            console.warn("Failed to get token from keychain:", error);
+          }
+          return null;
+        }
+      }
+      async setToken(token) {
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+          throw new Error("Keychain storage not available");
+        }
+        try {
+          await keytar.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, token);
+        } catch (error) {
+          throw new Error(`Failed to save token to keychain: ${error}`);
+        }
+      }
+      async removeToken() {
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+          return;
+        }
+        try {
+          await keytar.deletePassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+        } catch {
+        }
+      }
+      /**
+       * Check if keychain storage is available on this system
+       */
+      async isAvailable() {
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+          return false;
+        }
+        try {
+          await keytar.getPassword(KEYCHAIN_SERVICE, "__test__");
+          return true;
+        } catch {
+          return false;
+        }
+      }
+    };
+    SecureFileTokenStorage = class {
+      tokenPath = null;
+      configDir = null;
+      initialized = false;
+      async init() {
+        if (this.initialized) return this.tokenPath !== null;
+        this.initialized = true;
+        if (!isNode()) return false;
+        try {
+          const os = await import('os');
+          const path = await import('path');
+          this.configDir = path.join(os.homedir(), ".oauth.do");
+          this.tokenPath = path.join(this.configDir, "token");
+          return true;
+        } catch {
+          return false;
+        }
+      }
+      async getToken() {
+        if (!await this.init() || !this.tokenPath) return null;
+        try {
+          const fs = await import('fs/promises');
+          const stats = await fs.stat(this.tokenPath);
+          const mode = stats.mode & 511;
+          if (mode !== 384 && getEnv2("DEBUG")) {
+            console.warn(
+              `Warning: Token file has insecure permissions (${mode.toString(8)}). Expected 600. Run: chmod 600 ${this.tokenPath}`
+            );
+          }
+          const token = await fs.readFile(this.tokenPath, "utf-8");
+          return token.trim();
+        } catch {
+          return null;
+        }
+      }
+      async setToken(token) {
+        if (!await this.init() || !this.tokenPath || !this.configDir) {
+          throw new Error("File storage not available");
+        }
+        try {
+          const fs = await import('fs/promises');
+          await fs.mkdir(this.configDir, { recursive: true, mode: 448 });
+          await fs.writeFile(this.tokenPath, token, { encoding: "utf-8", mode: 384 });
+          await fs.chmod(this.tokenPath, 384);
+        } catch (error) {
+          console.error("Failed to save token:", error);
+          throw error;
+        }
+      }
+      async removeToken() {
+        if (!await this.init() || !this.tokenPath) return;
+        try {
+          const fs = await import('fs/promises');
+          await fs.unlink(this.tokenPath);
+        } catch {
+        }
+      }
+    };
+    FileTokenStorage = class {
+      tokenPath = null;
+      configDir = null;
+      initialized = false;
+      async init() {
+        if (this.initialized) return this.tokenPath !== null;
+        this.initialized = true;
+        if (!isNode()) return false;
+        try {
+          const os = await import('os');
+          const path = await import('path');
+          this.configDir = path.join(os.homedir(), ".oauth.do");
+          this.tokenPath = path.join(this.configDir, "token");
+          return true;
+        } catch {
+          return false;
+        }
+      }
+      async getToken() {
+        if (!await this.init() || !this.tokenPath) return null;
+        try {
+          const fs = await import('fs/promises');
+          const token = await fs.readFile(this.tokenPath, "utf-8");
+          return token.trim();
+        } catch {
+          return null;
+        }
+      }
+      async setToken(token) {
+        if (!await this.init() || !this.tokenPath || !this.configDir) {
+          throw new Error("File storage not available");
+        }
+        try {
+          const fs = await import('fs/promises');
+          await fs.mkdir(this.configDir, { recursive: true });
+          await fs.writeFile(this.tokenPath, token, "utf-8");
+        } catch (error) {
+          console.error("Failed to save token:", error);
+          throw error;
+        }
+      }
+      async removeToken() {
+        if (!await this.init() || !this.tokenPath) return;
+        try {
+          const fs = await import('fs/promises');
+          await fs.unlink(this.tokenPath);
+        } catch {
+        }
+      }
+    };
+    MemoryTokenStorage = class {
+      token = null;
+      async getToken() {
+        return this.token;
+      }
+      async setToken(token) {
+        this.token = token;
+      }
+      async removeToken() {
+        this.token = null;
+      }
+    };
+    LocalStorageTokenStorage = class {
+      key = "oauth.do:token";
+      async getToken() {
+        if (typeof localStorage === "undefined") {
+          return null;
+        }
+        return localStorage.getItem(this.key);
+      }
+      async setToken(token) {
+        if (typeof localStorage === "undefined") {
+          throw new Error("localStorage is not available");
+        }
+        localStorage.setItem(this.key, token);
+      }
+      async removeToken() {
+        if (typeof localStorage === "undefined") {
+          return;
+        }
+        localStorage.removeItem(this.key);
+      }
+    };
+    CompositeTokenStorage = class {
+      keychainStorage;
+      fileStorage;
+      preferredStorage = null;
+      constructor() {
+        this.keychainStorage = new KeychainTokenStorage();
+        this.fileStorage = new SecureFileTokenStorage();
+      }
+      /**
+       * Determine the best available storage backend
+       */
+      async getPreferredStorage() {
+        if (this.preferredStorage) {
+          return this.preferredStorage;
+        }
+        if (await this.keychainStorage.isAvailable()) {
+          this.preferredStorage = this.keychainStorage;
+          return this.preferredStorage;
+        }
+        this.preferredStorage = this.fileStorage;
+        return this.preferredStorage;
+      }
+      async getToken() {
+        const keychainToken = await this.keychainStorage.getToken();
+        if (keychainToken) {
+          return keychainToken;
+        }
+        const fileToken = await this.fileStorage.getToken();
+        if (fileToken) {
+          if (await this.keychainStorage.isAvailable()) {
+            try {
+              await this.keychainStorage.setToken(fileToken);
+              await this.fileStorage.removeToken();
+              if (getEnv2("DEBUG")) {
+                console.log("Migrated token from file to keychain");
+              }
+            } catch {
+            }
+          }
+          return fileToken;
+        }
+        return null;
+      }
+      async setToken(token) {
+        const storage = await this.getPreferredStorage();
+        await storage.setToken(token);
+      }
+      async removeToken() {
+        await Promise.all([this.keychainStorage.removeToken(), this.fileStorage.removeToken()]);
+      }
+      /**
+       * Get information about the current storage backend
+       */
+      async getStorageInfo() {
+        if (await this.keychainStorage.isAvailable()) {
+          return { type: "keychain", secure: true };
+        }
+        return { type: "file", secure: true };
+      }
+    };
+  }
+});
+// src/config.ts
+function getEnv(key) {
+  if (globalThis[key]) return globalThis[key];
+  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
+  return void 0;
+}
+var globalConfig = {
+  apiUrl: getEnv("OAUTH_API_URL") || getEnv("API_URL") || "https://apis.do",
+  clientId: getEnv("OAUTH_CLIENT_ID") || "oauth.do",
+  authKitDomain: getEnv("OAUTH_AUTHKIT_DOMAIN") || "login.oauth.do",
+  fetch: globalThis.fetch
+};
+function configure(config) {
+  globalConfig = {
+    ...globalConfig,
+    ...config
+  };
+}
+function getConfig() {
+  return globalConfig;
+}
+// src/auth.ts
+function getEnv3(key) {
+  if (globalThis[key]) return globalThis[key];
+  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
+  return void 0;
+}
+async function auth(token) {
+  const config = getConfig();
+  const authToken = token || getEnv3("DO_TOKEN") || "";
+  if (!authToken) {
+    return { user: null };
+  }
+  try {
+    const response = await config.fetch(`${config.apiUrl}/me`, {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${authToken}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (!response.ok) {
+      if (response.status === 401) {
+        return { user: null };
+      }
+      throw new Error(`Authentication failed: ${response.statusText}`);
+    }
+    const user = await response.json();
+    return { user, token: authToken };
+  } catch (error) {
+    console.error("Auth error:", error);
+    return { user: null };
+  }
+}
+async function login(credentials) {
+  const config = getConfig();
+  try {
+    const response = await config.fetch(`${config.apiUrl}/login`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(credentials)
+    });
+    if (!response.ok) {
+      throw new Error(`Login failed: ${response.statusText}`);
+    }
+    const data = await response.json();
+    return { user: data.user, token: data.token };
+  } catch (error) {
+    console.error("Login error:", error);
+    throw error;
+  }
+}
+async function logout(token) {
+  const config = getConfig();
+  const authToken = token || getEnv3("DO_TOKEN") || "";
+  if (!authToken) {
+    return;
+  }
+  try {
+    const response = await config.fetch(`${config.apiUrl}/logout`, {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${authToken}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (!response.ok) {
+      console.warn(`Logout warning: ${response.statusText}`);
+    }
+  } catch (error) {
+    console.error("Logout error:", error);
+  }
+}
+async function getToken() {
+  const adminToken = getEnv3("DO_ADMIN_TOKEN");
+  if (adminToken) return adminToken;
+  const doToken = getEnv3("DO_TOKEN");
+  if (doToken) return doToken;
+  try {
+    const { createSecureStorage: createSecureStorage2 } = await Promise.resolve().then(() => (init_storage(), storage_exports));
+    const storage = createSecureStorage2();
+    return await storage.getToken();
+  } catch {
+    return null;
+  }
+}
+async function isAuthenticated(token) {
+  const result = await auth(token);
+  return result.user !== null;
+}
+function buildAuthUrl(options) {
+  const config = getConfig();
+  const clientId = options.clientId || config.clientId;
+  const authDomain = options.authDomain || config.authKitDomain;
+  const params = new URLSearchParams({
+    client_id: clientId,
+    redirect_uri: options.redirectUri,
+    response_type: options.responseType || "code",
+    scope: options.scope || "openid profile email"
+  });
+  if (options.state) {
+    params.set("state", options.state);
+  }
+  return `https://${authDomain}/authorize?${params.toString()}`;
+}
+// src/device.ts
+async function authorizeDevice() {
+  const config = getConfig();
+  if (!config.clientId) {
+    throw new Error('Client ID is required for device authorization. Set OAUTH_CLIENT_ID or configure({ clientId: "..." })');
+  }
+  try {
+    const response = await config.fetch(`https://${config.authKitDomain}/device/authorize`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        client_id: config.clientId
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`Device authorization failed: ${response.statusText}`);
+    }
+    const data = await response.json();
+    return data;
+  } catch (error) {
+    console.error("Device authorization error:", error);
+    throw error;
+  }
+}
+async function pollForTokens(deviceCode, interval = 5, expiresIn = 600) {
+  const config = getConfig();
+  if (!config.clientId) {
+    throw new Error("Client ID is required for token polling");
+  }
+  const startTime = Date.now();
+  const timeout = expiresIn * 1e3;
+  let currentInterval = interval * 1e3;
+  while (true) {
+    if (Date.now() - startTime > timeout) {
+      throw new Error("Device authorization expired. Please try again.");
+    }
+    await new Promise((resolve) => setTimeout(resolve, currentInterval));
+    try {
+      const response = await config.fetch(`https://${config.authKitDomain}/device/token`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          device_code: deviceCode,
+          client_id: config.clientId
+        })
+      });
+      if (response.ok) {
+        const data = await response.json();
+        return data;
+      }
+      const errorData = await response.json().catch(() => ({ error: "unknown" }));
+      const error = errorData.error || "unknown";
+      switch (error) {
+        case "authorization_pending":
+          continue;
+        case "slow_down":
+          currentInterval += 5e3;
+          continue;
+        case "access_denied":
+          throw new Error("Access denied by user");
+        case "expired_token":
+          throw new Error("Device code expired");
+        default:
+          throw new Error(`Token polling failed: ${error}`);
+      }
+    } catch (error) {
+      if (error instanceof Error) {
+        throw error;
+      }
+      continue;
+    }
+  }
+}
+// src/apikey.ts
+function getEnv4(key) {
+  if (globalThis[key]) return globalThis[key];
+  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
+  return void 0;
+}
+async function createApiKey(options, token) {
+  const config = getConfig();
+  const authToken = token || getEnv4("DO_TOKEN");
+  if (!authToken) {
+    throw new Error("Authentication required to create API key");
+  }
+  const response = await config.fetch(`${config.apiUrl}/api-keys`, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${authToken}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(options)
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Failed to create API key: ${error}`);
+  }
+  return response.json();
+}
+async function listApiKeys(token) {
+  const config = getConfig();
+  const authToken = token || getEnv4("DO_TOKEN");
+  if (!authToken) {
+    throw new Error("Authentication required to list API keys");
+  }
+  const response = await config.fetch(`${config.apiUrl}/api-keys`, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${authToken}`,
+      "Content-Type": "application/json"
+    }
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Failed to list API keys: ${error}`);
+  }
+  return response.json();
+}
+async function getApiKey(id, token) {
+  const config = getConfig();
+  const authToken = token || getEnv4("DO_TOKEN");
+  if (!authToken) {
+    throw new Error("Authentication required to get API key");
+  }
+  const response = await config.fetch(`${config.apiUrl}/api-keys/${id}`, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${authToken}`,
+      "Content-Type": "application/json"
+    }
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Failed to get API key: ${error}`);
+  }
+  return response.json();
+}
+async function rotateApiKey(id, options, token) {
+  const config = getConfig();
+  const authToken = token || getEnv4("DO_TOKEN");
+  if (!authToken) {
+    throw new Error("Authentication required to rotate API key");
+  }
+  const response = await config.fetch(`${config.apiUrl}/api-keys/${id}/rotate`, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${authToken}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(options || {})
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Failed to rotate API key: ${error}`);
+  }
+  return response.json();
+}
+async function deleteApiKey(id, token) {
+  const config = getConfig();
+  const authToken = token || getEnv4("DO_TOKEN");
+  if (!authToken) {
+    throw new Error("Authentication required to delete API key");
+  }
+  const response = await config.fetch(`${config.apiUrl}/api-keys/${id}`, {
+    method: "DELETE",
+    headers: {
+      "Authorization": `Bearer ${authToken}`,
+      "Content-Type": "application/json"
+    }
+  });
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(`Failed to delete API key: ${error}`);
+  }
+}
+// src/index.ts
+init_storage();
+export { CompositeTokenStorage, FileTokenStorage, KeychainTokenStorage, LocalStorageTokenStorage, MemoryTokenStorage, SecureFileTokenStorage, auth, authorizeDevice, buildAuthUrl, configure, createApiKey, createSecureStorage, deleteApiKey, getApiKey, getConfig, getToken, isAuthenticated, listApiKeys, login, logout, pollForTokens, rotateApiKey };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map