npm - oauth.do - Versions diffs - 0.1.14 → 0.2.0 - Mend

oauth.do 0.1.14 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/node.js CHANGED Viewed

@@ -8,6 +8,17 @@ var __export = (target, all) => {
     __defProp(target, name, { get: all[name], enumerable: true });
 };
+// src/utils.ts
+function getEnv(key) {
+  if (globalThis[key]) return globalThis[key];
+  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
+  return void 0;
+}
+var init_utils = __esm({
+  "src/utils.ts"() {
+  }
+});
 // src/storage.ts
 var storage_exports = {};
 __export(storage_exports, {
@@ -22,10 +33,6 @@ __export(storage_exports, {
 function isNode() {
   return typeof process !== "undefined" && process.versions != null && process.versions.node != null;
 }
-function getEnv2(key) {
-  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
-  return void 0;
-}
 function createSecureStorage(storagePath) {
   if (isNode()) {
     return new SecureFileTokenStorage(storagePath);
@@ -38,6 +45,7 @@ function createSecureStorage(storagePath) {
 var KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, KeychainTokenStorage, SecureFileTokenStorage, FileTokenStorage, MemoryTokenStorage, LocalStorageTokenStorage, CompositeTokenStorage;
 var init_storage = __esm({
   "src/storage.ts"() {
+    init_utils();
     KEYCHAIN_SERVICE = "oauth.do";
     KEYCHAIN_ACCOUNT = "access_token";
     KeychainTokenStorage = class {
@@ -57,7 +65,7 @@ var init_storage = __esm({
           const keytarModule = imported.default || imported;
           this.keytar = keytarModule;
           if (typeof this.keytar.getPassword !== "function") {
-            if (getEnv2("DEBUG")) {
+            if (getEnv("DEBUG")) {
               console.warn("Keytar module loaded but getPassword is not a function:", Object.keys(this.keytar));
             }
             this.keytar = null;
@@ -65,7 +73,7 @@ var init_storage = __esm({
           }
           return this.keytar;
         } catch (error) {
-          if (getEnv2("DEBUG")) {
+          if (getEnv("DEBUG")) {
             console.warn("Keychain storage not available:", error);
           }
           return null;
@@ -80,7 +88,7 @@ var init_storage = __esm({
           const token = await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
           return token;
         } catch (error) {
-          if (getEnv2("DEBUG")) {
+          if (getEnv("DEBUG")) {
             console.warn("Failed to get token from keychain:", error);
           }
           return null;
@@ -122,7 +130,7 @@ var init_storage = __esm({
           await keytar.getPassword(KEYCHAIN_SERVICE, "__test__");
           return true;
         } catch (error) {
-          if (getEnv2("DEBUG")) {
+          if (getEnv("DEBUG")) {
             console.warn("Keychain not available:", error);
           }
           return false;
@@ -167,7 +175,7 @@ var init_storage = __esm({
           const fs = await import('fs/promises');
           const stats = await fs.stat(this.tokenPath);
           const mode = stats.mode & 511;
-          if (mode !== 384 && getEnv2("DEBUG")) {
+          if (mode !== 384 && getEnv("DEBUG")) {
             console.warn(
               `Warning: Token file has insecure permissions (${mode.toString(8)}). Expected 600. Run: chmod 600 ${this.tokenPath}`
             );
@@ -346,7 +354,7 @@ var init_storage = __esm({
             try {
               await this.keychainStorage.setToken(fileToken);
               await this.fileStorage.removeToken();
-              if (getEnv2("DEBUG")) {
+              if (getEnv("DEBUG")) {
                 console.log("Migrated token from file to keychain");
               }
             } catch {
@@ -377,11 +385,7 @@ var init_storage = __esm({
 });
 // src/config.ts
-function getEnv(key) {
-  if (globalThis[key]) return globalThis[key];
-  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
-  return void 0;
-}
+init_utils();
 var globalConfig = {
   apiUrl: getEnv("OAUTH_API_URL") || getEnv("API_URL") || "https://apis.do",
   clientId: getEnv("OAUTH_CLIENT_ID") || "client_01JQYTRXK9ZPD8JPJTKDCRB656",
@@ -400,6 +404,7 @@ function getConfig() {
 }
 // src/auth.ts
+init_utils();
 async function resolveSecret(value) {
   if (!value) return null;
   if (typeof value === "string") return value;
@@ -408,14 +413,9 @@ async function resolveSecret(value) {
   }
   return null;
 }
-function getEnv3(key) {
-  if (globalThis[key]) return globalThis[key];
-  if (typeof process !== "undefined" && process.env?.[key]) return process.env[key];
-  return void 0;
-}
 async function getUser(token) {
   const config = getConfig();
-  const authToken = token || getEnv3("DO_TOKEN") || "";
+  const authToken = token || getEnv("DO_TOKEN") || "";
   if (!authToken) {
     return { user: null };
   }
@@ -462,7 +462,7 @@ async function login(credentials) {
 }
 async function logout(token) {
   const config = getConfig();
-  const authToken = token || getEnv3("DO_TOKEN") || "";
+  const authToken = token || getEnv("DO_TOKEN") || "";
   if (!authToken) {
     return;
   }
@@ -481,10 +481,15 @@ async function logout(token) {
     console.error("Logout error:", error);
   }
 }
+var REFRESH_BUFFER_MS = 5 * 60 * 1e3;
+function isTokenExpired(expiresAt) {
+  if (!expiresAt) return false;
+  return Date.now() >= expiresAt - REFRESH_BUFFER_MS;
+}
 async function getToken() {
-  const adminToken = getEnv3("DO_ADMIN_TOKEN");
+  const adminToken = getEnv("DO_ADMIN_TOKEN");
   if (adminToken) return adminToken;
-  const doToken = getEnv3("DO_TOKEN");
+  const doToken = getEnv("DO_TOKEN");
   if (doToken) return doToken;
   try {
     const { env } = await import('cloudflare:workers');
@@ -498,6 +503,32 @@ async function getToken() {
     const { createSecureStorage: createSecureStorage2 } = await Promise.resolve().then(() => (init_storage(), storage_exports));
     const config = getConfig();
     const storage = createSecureStorage2(config.storagePath);
+    const tokenData = storage.getTokenData ? await storage.getTokenData() : null;
+    if (tokenData) {
+      if (!isTokenExpired(tokenData.expiresAt)) {
+        return tokenData.accessToken;
+      }
+      if (tokenData.refreshToken) {
+        try {
+          const newTokens = await refreshAccessToken(tokenData.refreshToken);
+          const expiresAt = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
+          const newData = {
+            accessToken: newTokens.access_token,
+            refreshToken: newTokens.refresh_token || tokenData.refreshToken,
+            expiresAt
+          };
+          if (storage.setTokenData) {
+            await storage.setTokenData(newData);
+          } else {
+            await storage.setToken(newTokens.access_token);
+          }
+          return newTokens.access_token;
+        } catch {
+          return null;
+        }
+      }
+      return null;
+    }
     return await storage.getToken();
   } catch {
     return null;
@@ -768,97 +799,116 @@ init_storage();
 // src/login.ts
 init_storage();
-var REFRESH_BUFFER_MS = 5 * 60 * 1e3;
-function isTokenExpired(expiresAt) {
+var REFRESH_BUFFER_MS2 = 5 * 60 * 1e3;
+var loginInProgress = null;
+var refreshInProgress = null;
+function isTokenExpired2(expiresAt) {
   if (!expiresAt) return false;
-  return Date.now() >= expiresAt - REFRESH_BUFFER_MS;
+  return Date.now() >= expiresAt - REFRESH_BUFFER_MS2;
+}
+async function doRefresh(tokenData, storage) {
+  if (refreshInProgress) {
+    return refreshInProgress;
+  }
+  refreshInProgress = (async () => {
+    try {
+      const newTokens = await refreshAccessToken(tokenData.refreshToken);
+      const expiresAt = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
+      const newData = {
+        accessToken: newTokens.access_token,
+        refreshToken: newTokens.refresh_token || tokenData.refreshToken,
+        expiresAt
+      };
+      if (storage?.setTokenData) {
+        await storage.setTokenData(newData);
+      } else if (storage?.setToken) {
+        await storage.setToken(newTokens.access_token);
+      }
+      return { token: newTokens.access_token, isNewLogin: false };
+    } finally {
+      refreshInProgress = null;
+    }
+  })();
+  return refreshInProgress;
+}
+async function doDeviceLogin(options) {
+  if (loginInProgress) {
+    return loginInProgress;
+  }
+  const config = getConfig();
+  const {
+    openBrowser = true,
+    print = console.log,
+    provider,
+    storage = createSecureStorage(config.storagePath)
+  } = options;
+  loginInProgress = (async () => {
+    try {
+      print("\nLogging in...\n");
+      const authResponse = await authorizeDevice({ provider });
+      print(`To complete login:`);
+      print(`  1. Visit: ${authResponse.verification_uri}`);
+      print(`  2. Enter code: ${authResponse.user_code}`);
+      print(`
+  Or open: ${authResponse.verification_uri_complete}
+`);
+      if (openBrowser) {
+        try {
+          const open = await import('open');
+          await open.default(authResponse.verification_uri_complete);
+          print("Browser opened automatically\n");
+        } catch {
+        }
+      }
+      print("Waiting for authorization...\n");
+      const tokenResponse = await pollForTokens(
+        authResponse.device_code,
+        authResponse.interval,
+        authResponse.expires_in
+      );
+      const expiresAt = tokenResponse.expires_in ? Date.now() + tokenResponse.expires_in * 1e3 : void 0;
+      const newData = {
+        accessToken: tokenResponse.access_token,
+        refreshToken: tokenResponse.refresh_token,
+        expiresAt
+      };
+      if (storage.setTokenData) {
+        await storage.setTokenData(newData);
+      } else {
+        await storage.setToken(tokenResponse.access_token);
+      }
+      print("Login successful!\n");
+      return { token: tokenResponse.access_token, isNewLogin: true };
+    } finally {
+      loginInProgress = null;
+    }
+  })();
+  return loginInProgress;
 }
 async function ensureLoggedIn(options = {}) {
   const config = getConfig();
-  const { openBrowser = true, print = console.log, provider, storage = createSecureStorage(config.storagePath) } = options;
+  const { storage = createSecureStorage(config.storagePath) } = options;
   const tokenData = storage.getTokenData ? await storage.getTokenData() : null;
   const existingToken = tokenData?.accessToken || await storage.getToken();
   if (existingToken) {
-    if (tokenData && isTokenExpired(tokenData.expiresAt)) {
-      if (tokenData.refreshToken) {
-        try {
-          const newTokens = await refreshAccessToken(tokenData.refreshToken);
-          const expiresAt2 = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
-          const newData2 = {
-            accessToken: newTokens.access_token,
-            refreshToken: newTokens.refresh_token || tokenData.refreshToken,
-            expiresAt: expiresAt2
-          };
-          if (storage.setTokenData) {
-            await storage.setTokenData(newData2);
-          } else {
-            await storage.setToken(newTokens.access_token);
-          }
-          return { token: newTokens.access_token, isNewLogin: false };
-        } catch (error) {
-          console.warn("Token refresh failed:", error);
-        }
+    if (tokenData?.expiresAt && !isTokenExpired2(tokenData.expiresAt)) {
+      return { token: existingToken, isNewLogin: false };
+    }
+    if (tokenData?.refreshToken) {
+      try {
+        return await doRefresh(tokenData, storage);
+      } catch (error) {
+        console.warn("Token refresh failed:", error);
       }
-    } else {
+    }
+    if (!tokenData?.expiresAt && !tokenData?.refreshToken) {
       const { user } = await getUser(existingToken);
       if (user) {
         return { token: existingToken, isNewLogin: false };
       }
-      if (tokenData?.refreshToken) {
-        try {
-          const newTokens = await refreshAccessToken(tokenData.refreshToken);
-          const expiresAt2 = newTokens.expires_in ? Date.now() + newTokens.expires_in * 1e3 : void 0;
-          const newData2 = {
-            accessToken: newTokens.access_token,
-            refreshToken: newTokens.refresh_token || tokenData.refreshToken,
-            expiresAt: expiresAt2
-          };
-          if (storage.setTokenData) {
-            await storage.setTokenData(newData2);
-          } else {
-            await storage.setToken(newTokens.access_token);
-          }
-          return { token: newTokens.access_token, isNewLogin: false };
-        } catch {
-        }
-      }
     }
   }
-  print("\nLogging in...\n");
-  const authResponse = await authorizeDevice({ provider });
-  print(`To complete login:`);
-  print(`  1. Visit: ${authResponse.verification_uri}`);
-  print(`  2. Enter code: ${authResponse.user_code}`);
-  print(`
-  Or open: ${authResponse.verification_uri_complete}
-`);
-  if (openBrowser) {
-    try {
-      const open = await import('open');
-      await open.default(authResponse.verification_uri_complete);
-      print("Browser opened automatically\n");
-    } catch {
-    }
-  }
-  print("Waiting for authorization...\n");
-  const tokenResponse = await pollForTokens(
-    authResponse.device_code,
-    authResponse.interval,
-    authResponse.expires_in
-  );
-  const expiresAt = tokenResponse.expires_in ? Date.now() + tokenResponse.expires_in * 1e3 : void 0;
-  const newData = {
-    accessToken: tokenResponse.access_token,
-    refreshToken: tokenResponse.refresh_token,
-    expiresAt
-  };
-  if (storage.setTokenData) {
-    await storage.setTokenData(newData);
-  } else {
-    await storage.setToken(tokenResponse.access_token);
-  }
-  print("Login successful!\n");
-  return { token: tokenResponse.access_token, isNewLogin: true };
+  return doDeviceLogin(options);
 }
 async function forceLogin(options = {}) {
   const config = getConfig();