oauth.do 0.1.13 → 0.1.15

package/dist/node.js

@@ -26,9 +26,9 @@ function getEnv2(key) {
   if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
   return void 0;
 }
-function createSecureStorage() {
+function createSecureStorage(storagePath) {
   if (isNode()) {
-    return new SecureFileTokenStorage();
+    return new SecureFileTokenStorage(storagePath);
   }
   if (typeof localStorage !== "undefined") {
     return new LocalStorageTokenStorage();
@@ -133,6 +133,10 @@ var init_storage = __esm({
       tokenPath = null;
       configDir = null;
       initialized = false;
+      customPath;
+      constructor(customPath) {
+        this.customPath = customPath;
+      }
       async init() {
         if (this.initialized) return this.tokenPath !== null;
         this.initialized = true;
@@ -140,8 +144,14 @@ var init_storage = __esm({
         try {
           const os = await import('os');
           const path = await import('path');
-          this.configDir = path.join(os.homedir(), ".oauth.do");
-          this.tokenPath = path.join(this.configDir, "token");
+          if (this.customPath) {
+            const expandedPath = this.customPath.startsWith("~/") ? path.join(os.homedir(), this.customPath.slice(2)) : this.customPath;
+            this.tokenPath = expandedPath;
+            this.configDir = path.dirname(expandedPath);
+          } else {
+            this.configDir = path.join(os.homedir(), ".oauth.do");
+            this.tokenPath = path.join(this.configDir, "token");
+          }
           return true;
         } catch {
           return false;
@@ -376,7 +386,8 @@ var globalConfig = {
   apiUrl: getEnv("OAUTH_API_URL") || getEnv("API_URL") || "https://apis.do",
   clientId: getEnv("OAUTH_CLIENT_ID") || "client_01JQYTRXK9ZPD8JPJTKDCRB656",
   authKitDomain: getEnv("OAUTH_AUTHKIT_DOMAIN") || "login.oauth.do",
-  fetch: globalThis.fetch
+  fetch: globalThis.fetch,
+  storagePath: getEnv("OAUTH_STORAGE_PATH")
 };
 function configure(config) {
   globalConfig = {
@@ -470,6 +481,11 @@ async function logout(token) {
     console.error("Logout error:", error);
   }
 }
+var REFRESH_BUFFER_MS = 5 * 60 * 1e3;
+function isTokenExpired(expiresAt) {
+  if (!expiresAt) return false;
+  return Date.now() >= expiresAt - REFRESH_BUFFER_MS;
+}
 async function getToken() {
   const adminToken = getEnv3("DO_ADMIN_TOKEN");
   if (adminToken) return adminToken;
@@ -485,7 +501,34 @@ async function getToken() {
   }
   try {
     const { createSecureStorage: createSecureStorage2 } = await Promise.resolve().then(() => (init_storage(), storage_exports));
-    const storage = createSecureStorage2();
+    const config = getConfig();
+    const storage = createSecureStorage2(config.storagePath);
+    const tokenData = storage.getTokenData ? await storage.getTokenData() : null;
+    if (tokenData) {
+      if (!isTokenExpired(tokenData.expiresAt)) {
+        return tokenData.accessToken;
+      }
+      if (tokenData.refreshToken) {
+        try {
+          const newTokens = await refreshAccessToken(tokenData.refreshToken);
+          const expiresAt = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
+          const newData = {
+            accessToken: newTokens.access_token,
+            refreshToken: newTokens.refresh_token || tokenData.refreshToken,
+            expiresAt
+          };
+          if (storage.setTokenData) {
+            await storage.setTokenData(newData);
+          } else {
+            await storage.setToken(newTokens.access_token);
+          }
+          return newTokens.access_token;
+        } catch {
+          return null;
+        }
+      }
+      return null;
+    }
     return await storage.getToken();
   } catch {
     return null;
@@ -512,7 +555,7 @@ async function refreshAccessToken(refreshToken) {
       grant_type: "refresh_token",
       refresh_token: refreshToken,
       client_id: config.clientId
-    })
+    }).toString()
   });
   if (!response.ok) {
     const errorText = await response.text();
@@ -556,7 +599,7 @@ async function authorizeDevice(options = {}) {
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
       },
-      body
+      body: body.toString()
     });
     if (!response.ok) {
       const errorText = await response.text();
@@ -592,7 +635,7 @@ async function pollForTokens(deviceCode, interval = 5, expiresIn = 600) {
           grant_type: "urn:ietf:params:oauth:grant-type:device_code",
           device_code: deviceCode,
           client_id: config.clientId
-        })
+        }).toString()
       });
       if (response.ok) {
         const data = await response.json();
@@ -622,64 +665,178 @@ async function pollForTokens(deviceCode, interval = 5, expiresIn = 600) {
   }
 }
 
+// src/github-device.ts
+async function startGitHubDeviceFlow(options) {
+  const { clientId, scope = "user:email read:user" } = options;
+  const fetchImpl = options.fetch || globalThis.fetch;
+  if (!clientId) {
+    throw new Error("GitHub client ID is required for device authorization");
+  }
+  try {
+    const url = "https://github.com/login/device/code";
+    const body = new URLSearchParams({
+      client_id: clientId,
+      scope
+    });
+    const response = await fetchImpl(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Accept": "application/json"
+      },
+      body
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`GitHub device authorization failed: ${response.statusText} - ${errorText}`);
+    }
+    const data = await response.json();
+    return {
+      deviceCode: data.device_code,
+      userCode: data.user_code,
+      verificationUri: data.verification_uri,
+      expiresIn: data.expires_in,
+      interval: data.interval
+    };
+  } catch (error) {
+    console.error("GitHub device authorization error:", error);
+    throw error;
+  }
+}
+async function pollGitHubDeviceFlow(deviceCode, options) {
+  const { clientId, interval = 5, expiresIn = 900 } = options;
+  const fetchImpl = options.fetch || globalThis.fetch;
+  if (!clientId) {
+    throw new Error("GitHub client ID is required for token polling");
+  }
+  const startTime = Date.now();
+  const timeout = expiresIn * 1e3;
+  let currentInterval = interval * 1e3;
+  while (true) {
+    if (Date.now() - startTime > timeout) {
+      throw new Error("GitHub device authorization expired. Please try again.");
+    }
+    await new Promise((resolve) => setTimeout(resolve, currentInterval));
+    try {
+      const url = "https://github.com/login/oauth/access_token";
+      const body = new URLSearchParams({
+        client_id: clientId,
+        device_code: deviceCode,
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+      });
+      const response = await fetchImpl(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          "Accept": "application/json"
+        },
+        body
+      });
+      const data = await response.json();
+      if ("access_token" in data) {
+        return {
+          accessToken: data.access_token,
+          tokenType: data.token_type,
+          scope: data.scope
+        };
+      }
+      const error = data.error || "unknown";
+      switch (error) {
+        case "authorization_pending":
+          continue;
+        case "slow_down":
+          currentInterval += 5e3;
+          continue;
+        case "access_denied":
+          throw new Error("Access denied by user");
+        case "expired_token":
+          throw new Error("Device code expired");
+        default:
+          throw new Error(`GitHub token polling failed: ${error}`);
+      }
+    } catch (error) {
+      if (error instanceof Error) {
+        throw error;
+      }
+      continue;
+    }
+  }
+}
+async function getGitHubUser(accessToken, options = {}) {
+  const fetchImpl = options.fetch || globalThis.fetch;
+  if (!accessToken) {
+    throw new Error("GitHub access token is required");
+  }
+  try {
+    const response = await fetchImpl("https://api.github.com/user", {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${accessToken}`,
+        "Accept": "application/vnd.github+json",
+        "X-GitHub-Api-Version": "2022-11-28"
+      }
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`GitHub user fetch failed: ${response.statusText} - ${errorText}`);
+    }
+    const data = await response.json();
+    return {
+      id: data.id,
+      login: data.login,
+      email: data.email,
+      name: data.name,
+      avatarUrl: data.avatar_url
+    };
+  } catch (error) {
+    console.error("GitHub user fetch error:", error);
+    throw error;
+  }
+}
+
 // src/index.ts
 init_storage();
 
 // src/login.ts
 init_storage();
-var REFRESH_BUFFER_MS = 5 * 60 * 1e3;
-function isTokenExpired(expiresAt) {
+var REFRESH_BUFFER_MS2 = 5 * 60 * 1e3;
+function isTokenExpired2(expiresAt) {
   if (!expiresAt) return false;
-  return Date.now() >= expiresAt - REFRESH_BUFFER_MS;
+  return Date.now() >= expiresAt - REFRESH_BUFFER_MS2;
 }
 async function ensureLoggedIn(options = {}) {
-  const { openBrowser = true, print = console.log, provider, storage = createSecureStorage() } = options;
+  const config = getConfig();
+  const { openBrowser = true, print = console.log, provider, storage = createSecureStorage(config.storagePath) } = options;
   const tokenData = storage.getTokenData ? await storage.getTokenData() : null;
   const existingToken = tokenData?.accessToken || await storage.getToken();
   if (existingToken) {
-    if (tokenData && isTokenExpired(tokenData.expiresAt)) {
-      if (tokenData.refreshToken) {
-        try {
-          const newTokens = await refreshAccessToken(tokenData.refreshToken);
-          const expiresAt2 = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
-          const newData2 = {
-            accessToken: newTokens.access_token,
-            refreshToken: newTokens.refresh_token || tokenData.refreshToken,
-            expiresAt: expiresAt2
-          };
-          if (storage.setTokenData) {
-            await storage.setTokenData(newData2);
-          } else {
-            await storage.setToken(newTokens.access_token);
-          }
-          return { token: newTokens.access_token, isNewLogin: false };
-        } catch (error) {
-          console.warn("Token refresh failed:", error);
+    if (tokenData?.expiresAt && !isTokenExpired2(tokenData.expiresAt)) {
+      return { token: existingToken, isNewLogin: false };
+    }
+    if (tokenData?.refreshToken) {
+      try {
+        const newTokens = await refreshAccessToken(tokenData.refreshToken);
+        const expiresAt2 = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
+        const newData2 = {
+          accessToken: newTokens.access_token,
+          refreshToken: newTokens.refresh_token || tokenData.refreshToken,
+          expiresAt: expiresAt2
+        };
+        if (storage.setTokenData) {
+          await storage.setTokenData(newData2);
+        } else {
+          await storage.setToken(newTokens.access_token);
         }
+        return { token: newTokens.access_token, isNewLogin: false };
+      } catch (error) {
+        console.warn("Token refresh failed:", error);
       }
-    } else {
+    }
+    if (!tokenData?.expiresAt && !tokenData?.refreshToken) {
       const { user } = await getUser(existingToken);
       if (user) {
         return { token: existingToken, isNewLogin: false };
       }
-      if (tokenData?.refreshToken) {
-        try {
-          const newTokens = await refreshAccessToken(tokenData.refreshToken);
-          const expiresAt2 = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
-          const newData2 = {
-            accessToken: newTokens.access_token,
-            refreshToken: newTokens.refresh_token || tokenData.refreshToken,
-            expiresAt: expiresAt2
-          };
-          if (storage.setTokenData) {
-            await storage.setTokenData(newData2);
-          } else {
-            await storage.setToken(newTokens.access_token);
-          }
-          return { token: newTokens.access_token, isNewLogin: false };
-        } catch {
-        }
-      }
     }
   }
   print("\nLogging in...\n");
@@ -719,16 +876,18 @@ async function ensureLoggedIn(options = {}) {
   return { token: tokenResponse.access_token, isNewLogin: true };
 }
 async function forceLogin(options = {}) {
-  const { storage = createSecureStorage() } = options;
+  const config = getConfig();
+  const { storage = createSecureStorage(config.storagePath) } = options;
   await storage.removeToken();
   return ensureLoggedIn(options);
 }
 async function ensureLoggedOut(options = {}) {
-  const { print = console.log, storage = createSecureStorage() } = options;
+  const config = getConfig();
+  const { print = console.log, storage = createSecureStorage(config.storagePath) } = options;
   await storage.removeToken();
   print("Logged out successfully\n");
 }
 
-export { CompositeTokenStorage, FileTokenStorage, KeychainTokenStorage, LocalStorageTokenStorage, MemoryTokenStorage, SecureFileTokenStorage, auth, authorizeDevice, buildAuthUrl, configure, createSecureStorage, ensureLoggedIn, ensureLoggedOut, forceLogin, getConfig, getToken, getUser, isAuthenticated, login, logout, pollForTokens };
+export { CompositeTokenStorage, FileTokenStorage, KeychainTokenStorage, LocalStorageTokenStorage, MemoryTokenStorage, SecureFileTokenStorage, auth, authorizeDevice, buildAuthUrl, configure, createSecureStorage, ensureLoggedIn, ensureLoggedOut, forceLogin, getConfig, getGitHubUser, getToken, getUser, isAuthenticated, login, logout, pollForTokens, pollGitHubDeviceFlow, startGitHubDeviceFlow };
 //# sourceMappingURL=node.js.map
 //# sourceMappingURL=node.js.map