opal-security 2.3.4 → 3.0.1-beta.4262451

package/lib/graphql/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./fragment-masking";
+export * from "./gql";

package/lib/graphql/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./fragment-masking"), exports);
+tslib_1.__exportStar(require("./gql"), exports);

package/lib/handler.d.ts

@@ -1,16 +1,16 @@
-import { Command } from '@oclif/core';
-import { OperationVariables, ApolloError } from '@apollo/client/core';
+import type { ApolloError, OperationVariables } from "@apollo/client/core";
+import type { Command } from "@oclif/core";
 interface QueryHandlerProps<TVar = Record<string, any>> {
     command: Command;
     query: string;
     variables?: TVar;
 }
 export declare const runMutation: ({ command, query, variables, }: QueryHandlerProps) => Promise<{
-    resp: import("@apollo/client/core").FetchResult<any> | null;
+    resp: import("@apollo/client/core").FetchResult<any> | null | undefined;
     error: unknown;
 }>;
-export declare const runQuery: <TResponse = any, TVar extends OperationVariables = Record<string, any>>({ command, query, variables, }: QueryHandlerProps<TVar>) => Promise<{
-    resp: import("@apollo/client/core").ApolloQueryResult<TResponse> | null;
+export declare const runQueryDeprecated: <TResponse = any, TVar extends OperationVariables = Record<string, any>>({ command, query, variables, }: QueryHandlerProps<TVar>) => Promise<{
+    resp: import("@apollo/client/core").ApolloQueryResult<TResponse> | null | undefined;
     error: ApolloError;
 }>;
 export {};

package/lib/handler.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runQuery = exports.runMutation = void 0;
+exports.runQueryDeprecated = exports.runMutation = void 0;
 const graphql_tag_1 = require("graphql-tag");
 const apollo_1 = require("./lib/apollo");
 const runMutation = async ({ command, query, variables, }) => {
@@ -8,12 +8,12 @@ const runMutation = async ({ command, query, variables, }) => {
     let mutationResp = null;
     let mutationError = null;
     try {
-        mutationResp = await apollo_1.client.mutate({
+        mutationResp = await (apollo_1.client === null || apollo_1.client === void 0 ? void 0 : apollo_1.client.mutate({
             mutation: (0, graphql_tag_1.default) `
         ${query}
       `,
             variables: variables,
-        });
+        }));
     }
     catch (error) {
         mutationError = error;
@@ -21,21 +21,21 @@ const runMutation = async ({ command, query, variables, }) => {
     return { resp: mutationResp, error: mutationError };
 };
 exports.runMutation = runMutation;
-const runQuery = async ({ command, query, variables, }) => {
+const runQueryDeprecated = async ({ command, query, variables, }) => {
     await (0, apollo_1.initClient)(command);
     let queryResp = null;
     let queryError = null;
     try {
-        queryResp = await apollo_1.client.query({
+        queryResp = await (apollo_1.client === null || apollo_1.client === void 0 ? void 0 : apollo_1.client.query({
             query: (0, graphql_tag_1.default) `
         ${query}
       `,
             variables: variables,
-        });
+        }));
     }
     catch (error) {
         queryError = error;
     }
     return { resp: queryResp, error: queryError };
 };
-exports.runQuery = runQuery;
+exports.runQueryDeprecated = runQueryDeprecated;

package/lib/index.d.ts

@@ -1 +1 @@
-export { run } from '@oclif/core';
+export { run } from "@oclif/core";

package/lib/lib/apollo.d.ts

@@ -1,6 +1,8 @@
-import { ApolloClient, NormalizedCacheObject } from '@apollo/client/core';
-import { Command } from '@oclif/core';
+import { ApolloClient, type NormalizedCacheObject } from "@apollo/client/core";
+import type { Command } from "@oclif/core";
 export declare let client: ApolloClient<NormalizedCacheObject> | null;
+export declare let cookieStr: string;
 export declare const printResponse: (command: Command, resp: any) => void;
 export declare const handleError: (command: Command, err: any, resp?: any) => void;
 export declare const initClient: (command: Command, fetchAccessToken?: boolean) => Promise<void>;
+export declare function getClient(command: Command, fetchAccessToken?: boolean): Promise<ApolloClient<NormalizedCacheObject>>;

package/lib/lib/apollo.js

@@ -1,25 +1,32 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.initClient = exports.handleError = exports.printResponse = exports.client = void 0;
+exports.initClient = exports.handleError = exports.printResponse = exports.cookieStr = exports.client = void 0;
+exports.getClient = getClient;
 const core_1 = require("@apollo/client/core");
 const context_1 = require("@apollo/client/link/context");
 const error_1 = require("@apollo/client/link/error");
-const prettyjson_1 = require("prettyjson");
-const semver_1 = require("semver");
 const chalk_1 = require("chalk");
 const moment = require("moment");
-const config_1 = require("../lib/config");
-const credentials_1 = require("../lib/credentials");
+const prettyjson_1 = require("prettyjson");
+const semver_1 = require("semver");
+const globals_1 = require("@apollo/client/utilities/globals");
 const login_1 = require("../commands/login");
 const cmd_1 = require("../lib/cmd");
-const fetch = require('node-fetch');
-const https = require('https');
-const http = require('http');
+const config_1 = require("../lib/config");
+const credentials_1 = require("../lib/credentials");
+const fetch = require("node-fetch");
+const https = require("node:https");
+const http = require("node:http");
+// DO NOT USE DIRECTLY, use getClient instead
 exports.client = null;
-let alreadyNotifiedRecommendedVersion = false;
+// This is used to keep track of the auth-session cookie during login, before we can persist it into the credential store
+exports.cookieStr = "";
+let alreadyWarnedAboutVersion = false;
 const printResponse = (command, resp) => {
     const filteredJson = JSON.parse(JSON.stringify(resp.data, (k, v) => {
-        if (k === '__typename' || v === null || (Array.isArray(v) && v.length === 0)) {
+        if (k === "__typename" ||
+            v === null ||
+            (Array.isArray(v) && v.length === 0)) {
             return undefined;
         }
         return v;
@@ -28,27 +35,32 @@ const printResponse = (command, resp) => {
 };
 exports.printResponse = printResponse;
 const handleError = (command, err, resp) => {
-    if (err && typeof err === 'object' && ('networkError' in err && 'statusCode' in err.networkError)) {
+    if (err &&
+        typeof err === "object" &&
+        "networkError" in err &&
+        "statusCode" in err.networkError) {
         // Status code errors are already handled in the global Apollo handler, so we can just return here.
         return;
     }
     let errorMsg;
     if (!err) {
-        errorMsg = 'Unexpected response from server (see below). Please contact Opal support if this issue persists.';
+        errorMsg =
+            "Unexpected response from server (see below). Please contact Opal support if this issue persists.";
     }
-    else if (typeof err === 'object' && err.toString().includes('self signed certificate')) {
-        errorMsg = 'Request failed due to a self-signed certificate appearing in the certificate chain. Try setting your CLI to allow self-signed certs by running: "opal set-url --custom INSERT_URL_HERE --allowSelfSignedCerts"';
+    else if (typeof err === "object" &&
+        err.toString().includes("self signed certificate")) {
+        errorMsg =
+            'Request failed due to a self-signed certificate appearing in the certificate chain. Try setting your CLI to allow self-signed certs by running: "opal set-url --custom INSERT_URL_HERE --allowSelfSignedCerts"';
     }
     else {
         errorMsg = `Error: ${err}`;
     }
-    errorMsg = '❗ ' + errorMsg;
+    errorMsg = `❗ ${errorMsg}`;
     command.log(errorMsg);
     if (resp) {
         (0, exports.printResponse)(command, resp);
     }
     // OPAL-6579: Use process.exit to avoid UnhandledPromiseRejectionWarning
-    // eslint-disable-next-line no-process-exit,unicorn/no-process-exit
     process.exit(1);
 };
 exports.handleError = handleError;
@@ -57,7 +69,6 @@ const initClient = async (command, fetchAccessToken = true) => {
     const currentCLIVersion = command.config.version;
     const configData = (0, config_1.getOrCreateConfigData)(configDir);
     const opalCreds = await (0, credentials_1.getOpalCredentials)(command, fetchAccessToken);
-    const accessToken = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.accessToken;
     const organizationID = opalCreds === null || opalCreds === void 0 ? void 0 : opalCreds.organizationID;
     const httpsAgent = new https.Agent({
         rejectUnauthorized: !configData[config_1.allowSelfSignedCertsKey],
@@ -65,22 +76,26 @@ const initClient = async (command, fetchAccessToken = true) => {
     const httpAgent = new http.Agent({});
     const specifiedUrl = configData[config_1.urlKey];
     const customHeader = configData[config_1.customHttpHeaderKey];
-    const customHeaderKey = customHeader === undefined ?
-        '' :
-        customHeader.split(':')[0];
-    const customHeaderValue = customHeader === undefined ?
-        '' :
-        customHeader.split(':')[1];
-    const agent = specifiedUrl.includes('https') ? httpsAgent : httpAgent;
+    const customHeaderKey = customHeader === undefined ? "" : customHeader.split(":")[0];
+    const customHeaderValue = customHeader === undefined ? "" : customHeader.split(":")[1];
+    const agent = specifiedUrl.includes("https") ? httpsAgent : httpAgent;
     const httpLink = (0, core_1.createHttpLink)({
         uri: `${specifiedUrl}/query`,
+        credentials: "include",
         fetch,
         fetchOptions: {
             agent: agent,
+            credentials: "include",
         },
     });
     const authLink = (0, context_1.setContext)((_, { headers }) => {
-        const baseHeaders = Object.assign(Object.assign({}, headers), { authorization: `Bearer ${accessToken}`, 'X-Opal-Organization-ID': organizationID, 'X-Opal-Cli-Version': currentCLIVersion });
+        const baseHeaders = Object.assign(Object.assign({}, headers), { "User-Agent": `Opal CLI v${currentCLIVersion}`, "X-Opal-Organization-ID": organizationID, "X-Opal-Cli-Version": currentCLIVersion });
+        if (opalCreds.secretType === credentials_1.SecretType.ApiToken) {
+            baseHeaders.authorization = `Bearer ${opalCreds.secret}`;
+        }
+        else if (!!opalCreds.secret || !!exports.cookieStr) {
+            baseHeaders.cookie = opalCreds.secret || exports.cookieStr;
+        }
         if (customHeaderKey) {
             return {
                 headers: Object.assign(Object.assign({}, baseHeaders), { [customHeaderKey]: customHeaderValue }),
@@ -90,58 +105,75 @@ const initClient = async (command, fetchAccessToken = true) => {
             headers: Object.assign({}, baseHeaders),
         };
     });
+    /**
+     * How this check actually works:
+     * - no hard fails throughout, just warns
+     * - Looks for an 'expected CLI major version' header from the backend, and:
+     *   - if CLI version is < that, warns you need to upgrade CLI
+     *   - if CLI version is > that, warns you need to upgrade Opal
+     * - also, if there's a 'recommended version' header and CLI version is less, just suggests that you upgrade your CLI
+     *   - note the backend does not currently send this header)
+     */
     const checkCLIVersion = (operation) => {
         var _a;
         const headers = (_a = operation.getContext().response) === null || _a === void 0 ? void 0 : _a.headers;
-        if (headers) {
-            const expectedCLIMajorVersion = headers.get('Opal-CLI-Expected-Major-Version');
-            if (expectedCLIMajorVersion) {
+        if (!alreadyWarnedAboutVersion && headers) {
+            // we expect these versions to be a single number - a major version
+            const expectedCLIMajorVersion = headers.get("Opal-CLI-Expected-Major-Version");
+            if (expectedCLIMajorVersion === null || expectedCLIMajorVersion === void 0 ? void 0 : expectedCLIMajorVersion.match(/^\d+$/)) {
                 const semverExpectedMinCLIVersion = `${expectedCLIMajorVersion}.0.0`;
                 if ((0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(semverExpectedMinCLIVersion)) {
-                    command.warn(chalk_1.default.yellow(`
-❗️ Your CLI is outdated and is incompatible with your Opal server.
+                    command.log(chalk_1.default.yellow(`
+❗ Your CLI is outdated and is incompatible with your Opal server.
    Expected major version ${chalk_1.default.blueBright(semverExpectedMinCLIVersion)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
-   Upgrade using the following command: ${chalk_1.default.blueBright('brew upgrade opalsecurity/brew/opal-security')}\n`));
+   Upgrade using the following command: ${chalk_1.default.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
+                    alreadyWarnedAboutVersion = true;
                 }
                 else if ((0, semver_1.major)(currentCLIVersion) > (0, semver_1.major)(semverExpectedMinCLIVersion)) {
-                    command.warn(chalk_1.default.yellow(`
-❗️ Uh oh! The currently installed Opal server is outdated. Please contact your Opal admins to let them know they need to upgrade their deployment.\n`));
+                    command.log(chalk_1.default.yellow(`
+❗ Uh oh! The currently installed Opal server is outdated. Please contact your Opal admins to let them know they need to upgrade their deployment.\n`));
+                    alreadyWarnedAboutVersion = true;
                 }
             }
-            if (!alreadyNotifiedRecommendedVersion) {
-                const recommendedCLIMinorVersion = headers.get('Opal-CLI-Recommended-Version');
-                if (recommendedCLIMinorVersion && (0, semver_1.compare)(currentCLIVersion, recommendedCLIMinorVersion) < 0) {
+            const recommendedCLIMajorVersion = headers.get("Opal-CLI-Recommended-Version");
+            if (recommendedCLIMajorVersion === null || recommendedCLIMajorVersion === void 0 ? void 0 : recommendedCLIMajorVersion.match(/^\d+$/)) {
+                const recommendedSemverString = `${recommendedCLIMajorVersion}.0.0`;
+                if (recommendedSemverString &&
+                    (0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(recommendedSemverString)) {
                     command.log(chalk_1.default.yellow(`
-❗️ Opal recommends that you upgrade your CLI.
-   Recommended version >=${chalk_1.default.blueBright(recommendedCLIMinorVersion)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
-   Upgrade using the following command: ${chalk_1.default.blueBright('brew upgrade opalsecurity/brew/opal-security')}\n`));
+❗ Opal recommends that you upgrade your CLI.
+  Recommended version >=${chalk_1.default.blueBright(recommendedSemverString)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
+  Upgrade using the following command: ${chalk_1.default.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
                 }
-                alreadyNotifiedRecommendedVersion = true;
+                alreadyWarnedAboutVersion = true;
             }
         }
     };
     const checkCLIVersionLink = new core_1.ApolloLink((operation, forward) => {
-        return forward(operation).map(response => {
+        return forward(operation).map((response) => {
             checkCLIVersion(operation);
             return response;
         });
     });
     const errorLink = (0, error_1.onError)(({ networkError, operation }) => {
         var _a;
-        if (operation.operationName === login_1.CLIAuthSessionCheckName) {
-            // These operations are triggered after the user just called `opal login` or `opal set-token`,
-            // so we have special handling if they fail and we don't want to trigger an automatic redirect
-            // to the login screen again.
-            return;
-        }
-        if (operation.operationName === login_1.CLISignInMethodName) {
-            // We have special handling for this operation due to the fact that the backend version
+        // There's a few GQL operations where we don't want to use this error handler:
+        const customErrorOperations = [
+            // This is triggered just after the user called `opal login` or `opal set-token`, and has
+            // special handling if they fail, so we don't trigger an automatic re-login
+            login_1.CLIAuthSessionCheckName,
+            // This has special error handling to fall back to an older auth method that uses the OAuth access token
+            login_1.CLITokenExchangeName,
+            // This has special error handling due to the fact that the backend version
             // can be out of date and not include the new cliClientId field.
+            login_1.CLISignInMethodName,
+        ];
+        if (customErrorOperations.includes(operation.operationName)) {
             return;
         }
-        if (networkError && 'statusCode' in networkError) {
+        if (networkError && "statusCode" in networkError) {
             let errorMessage = null;
-            if ('result' in networkError) {
+            if ("result" in networkError) {
                 const result = networkError.result;
                 // result is now of type string | Record<string, any>
                 if (typeof result === "string")
@@ -152,12 +184,13 @@ const initClient = async (command, fetchAccessToken = true) => {
             }
             switch (networkError.statusCode) {
                 case 401: {
-                    command.log('Your session is invalid or expired. Authenticating now...\n');
+                    command.log("Your session is invalid or expired. Authenticating now...\n");
                     const loginCommand = new login_1.default([], command.config);
                     loginCommand.run().then(() => {
                         if (cmd_1.mostRecentCommandTime && cmd_1.mostRecentCommand) {
-                            const lastCommandReexecutionDuration = moment.duration(2, 'minutes');
-                            const lastCommandReexecutionDurationHasElapsed = cmd_1.mostRecentCommandTime.add(lastCommandReexecutionDuration) > moment(new Date());
+                            const lastCommandReexecutionDuration = moment.duration(2, "minutes");
+                            const lastCommandReexecutionDurationHasElapsed = cmd_1.mostRecentCommandTime.add(lastCommandReexecutionDuration) >
+                                moment(new Date());
                             if (lastCommandReexecutionDurationHasElapsed) {
                                 cmd_1.mostRecentCommand.run();
                             }
@@ -166,16 +199,35 @@ const initClient = async (command, fetchAccessToken = true) => {
                     break;
                 }
                 default:
-                    return (0, exports.handleError)(command, `Received status code ${networkError.statusCode} from server${errorMessage ? ` with message "${errorMessage}"` : ''}`);
+                    return (0, exports.handleError)(command, `Received status code ${networkError.statusCode} from server${errorMessage ? ` with message "${errorMessage}"` : ""}`);
             }
         }
     });
+    // Parses our auth-session cookie out of the Set-Cookie response header, saving it locally so we can use it for future requests
+    const preserveCookiesLink = new core_1.ApolloLink((operation, forward) => {
+        return forward(operation).map((response) => {
+            var _a, _b, _c, _d;
+            const cookieHeaderStr = (_c = (_b = (_a = operation.getContext().response) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.get("Set-Cookie")) !== null && _c !== void 0 ? _c : "";
+            const authSessionCookie = (_d = cookieHeaderStr.match(/auth-session=[^;]+;/)) === null || _d === void 0 ? void 0 : _d[0];
+            if (authSessionCookie) {
+                exports.cookieStr = authSessionCookie;
+            }
+            return response;
+        });
+    });
     let link = authLink.concat(httpLink);
     link = checkCLIVersionLink.concat(link);
+    link = preserveCookiesLink.concat(link);
     link = errorLink.concat(link);
     exports.client = new core_1.ApolloClient({
         link: link,
+        credentials: "include",
         cache: new core_1.InMemoryCache(),
     });
 };
 exports.initClient = initClient;
+async function getClient(command, fetchAccessToken = true) {
+    await (0, exports.initClient)(command, fetchAccessToken);
+    (0, globals_1.invariant)(exports.client, "Failed to initialize Opal Client");
+    return exports.client;
+}

package/lib/lib/aws.js

@@ -1,20 +1,20 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAwsEnvVarMessage = exports.getAwsConfigUpdateCmd = void 0;
-const opalProfileKey = 'opal';
+const opalProfileKey = "opal";
 const sanitize = (str) => {
     // Remove non standard characters.
     // Note: AWS supports profile names containing alphanumeric characters, symbols, and white spaces
     // from the ASCII character set.
-    let sanitizedStr = str.replace(/[^A-Za-z0-9-_ ]/g, '');
+    let sanitizedStr = str.replace(/[^A-Za-z0-9-_ ]/g, "");
     // De-dupe spaces
-    sanitizedStr = sanitizedStr.replace(/\s+/g, ' ');
+    sanitizedStr = sanitizedStr.replace(/\s+/g, " ");
     // Map remaining spaces to '-'
-    sanitizedStr = sanitizedStr.replace(/ /g, '-');
+    sanitizedStr = sanitizedStr.replace(/ /g, "-");
     return sanitizedStr;
 };
 const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, awsSessionToken) => {
-    let updateProfilesCmd = '';
+    let updateProfilesCmd = "";
     const sanitizedProfileName = sanitize(itemName);
     const profileNames = [opalProfileKey, sanitizedProfileName];
     profileNames.forEach((profileName, i) => {
@@ -25,25 +25,28 @@ const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, aws
         const cmd = `${updateAccessKeyCmd} && ${updateAccessSecretCmd} && ${updateSessionTokenCmd}`;
         updateProfilesCmd += cmd;
         if (i !== profileNames.length - 1) {
-            updateProfilesCmd += '&& ';
+            updateProfilesCmd += "&& ";
         }
     });
     return updateProfilesCmd;
 };
 exports.getAwsConfigUpdateCmd = getAwsConfigUpdateCmd;
 const getAwsEnvVarMessage = () => {
-    if (!process.env.AWS_DEFAULT_PROFILE || process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
-        let envVarPhrase = '';
+    if (!process.env.AWS_DEFAULT_PROFILE ||
+        process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
+        let envVarPhrase = "";
         if (!process.env.AWS_DEFAULT_PROFILE) {
-            envVarPhrase = 'unset';
+            envVarPhrase = "unset";
         }
         else if (process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
             envVarPhrase = `set to "${process.env.AWS_DEFAULT_PROFILE}"`;
         }
-        return '\n\n💡 Did you know you can set your AWS_DEFAULT_PROFILE environment ' +
+        return (
+        // biome-ignore lint/style/useTemplate: it's more readable if split across lines
+        "\n\n💡 Did you know you can set your AWS_DEFAULT_PROFILE environment " +
             `variable to "${opalProfileKey}" to avoid explicitly specifying profile in each command? ` +
-            `Currently, this variable is ${envVarPhrase}.`;
+            `Currently, this variable is ${envVarPhrase}.`);
     }
-    return '';
+    return "";
 };
 exports.getAwsEnvVarMessage = getAwsEnvVarMessage;

package/lib/lib/cmd.d.ts

@@ -1,12 +1,10 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import { ExecException } from 'child_process';
-import { Command } from '@oclif/core';
-import * as moment from 'moment';
+import type { ExecException } from "node:child_process";
+import type { Command } from "@oclif/core";
+import * as moment from "moment";
 export declare let mostRecentCommand: Command | null;
 export declare let mostRecentCommandTime: moment.Moment | null;
 export declare const setMostRecentCommand: (cmd: Command) => void;
 export declare const startInteractiveShell: (runCmd: string, shellName?: string) => void;
 export declare const runCommandExec: (runCmd: string, successMessage: string, errorMessage: string, envVars?: Record<string, any>) => void;
-export declare const runCommandExecWithCallback: (cmd: string, callback?: ((error: ExecException | null, stdout: Buffer, stderr: Buffer) => void) | undefined) => Promise<unknown>;
+export declare const runCommandExecWithCallback: (cmd: string, callback?: (error: ExecException | null, stdout: Buffer, stderr: Buffer) => void) => Promise<unknown>;
 export declare const runCommandSpawn: (runCmd: string, successMessage: string, errorMessage: string, envVars?: Record<string, any>) => void;

package/lib/lib/cmd.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.runCommandSpawn = exports.runCommandExecWithCallback = exports.runCommandExec = exports.startInteractiveShell = exports.setMostRecentCommand = exports.mostRecentCommandTime = exports.mostRecentCommand = void 0;
 const _ = require("lodash");
 const moment = require("moment");
-const { exec, spawn } = require('child_process');
+const { exec, spawn } = require("node:child_process");
 exports.mostRecentCommand = null;
 exports.mostRecentCommandTime = null;
 const setMostRecentCommand = (cmd) => {
@@ -14,10 +14,10 @@ exports.setMostRecentCommand = setMostRecentCommand;
 const startInteractiveShell = (runCmd, shellName) => {
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }),
-        stdio: 'inherit',
+        stdio: "inherit",
         shell: true,
     });
-    shell.on('close', (code) => {
+    shell.on("close", (code) => {
         if (shellName) {
             if (code === 0) {
                 console.log(`The previously launched ${shellName} has successfully terminated.`);
@@ -30,10 +30,10 @@ const startInteractiveShell = (runCmd, shellName) => {
             console.log(`❗ Error: shell terminated with code ${code}.`);
         }
     });
-    process.on('SIGINT', () => {
+    process.on("SIGINT", () => {
         // intercepting SIGINT
     });
-    process.on('SIGTSTP', () => {
+    process.on("SIGTSTP", () => {
         // intercepting SIGTSTP
     });
 };
@@ -42,7 +42,7 @@ const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
     const envVarsToUse = envVars || {};
     exec(`${runCmd}`, {
         env: Object.assign(Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }), envVarsToUse),
-    }, function (error, stdOut, stdErr) {
+    }, (error, stdOut, stdErr) => {
         if (error) {
             console.log(`\n❗ Error: ${_.upperFirst(errorMessage)}`);
         }
@@ -59,9 +59,9 @@ const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
 };
 exports.runCommandExec = runCommandExec;
 const runCommandExecWithCallback = (cmd, callback) => {
-    return new Promise(resolve => {
-        exec(cmd, function (error, stdOut, stdErr) {
-            callback && callback(error, stdOut, stdErr);
+    return new Promise((resolve) => {
+        exec(cmd, (error, stdOut, stdErr) => {
+            callback === null || callback === void 0 ? void 0 : callback(error, stdOut, stdErr);
             resolve(stdOut);
         });
     });
@@ -71,10 +71,10 @@ const runCommandSpawn = (runCmd, successMessage, errorMessage, envVars) => {
     const envVarsToUse = envVars || {};
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }), envVarsToUse),
-        stdio: 'inherit',
+        stdio: "inherit",
         shell: true,
     });
-    shell.on('close', (code) => {
+    shell.on("close", (code) => {
         if (code === 0) {
             console.log(`🎉 Success! ${_.upperFirst(successMessage)}`);
         }

package/lib/lib/config.js

@@ -1,18 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isProduction = exports.writeConfigData = exports.getOrCreateConfigData = exports.customHttpHeaderKey = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
-const fs = require("fs");
-const path = require("path");
-exports.urlKey = 'url';
-exports.defaultUrl = 'https://app.opal.dev';
-exports.allowSelfSignedCertsKey = 'allowSelfSignedCerts';
+const fs = require("node:fs");
+const path = require("node:path");
+exports.urlKey = "url";
+exports.defaultUrl = "https://app.opal.dev";
+exports.allowSelfSignedCertsKey = "allowSelfSignedCerts";
 exports.defaultAllowSelfSignedCerts = false;
-exports.customHttpHeaderKey = 'customHttpHeader';
+exports.customHttpHeaderKey = "customHttpHeader";
 const getOrCreateConfigData = (configDir) => {
     if (!fs.existsSync(configDir)) {
         fs.mkdirSync(configDir, { recursive: true });
     }
-    const configFilePath = path.join(configDir, 'config.json');
+    const configFilePath = path.join(configDir, "config.json");
     if (!fs.existsSync(configFilePath)) {
         fs.writeFileSync(configFilePath, JSON.stringify({
             [exports.urlKey]: exports.defaultUrl,
@@ -22,10 +22,10 @@ const getOrCreateConfigData = (configDir) => {
     let configData = {};
     try {
         const configDataRaw = fs.readFileSync(configFilePath);
-        configData = JSON.parse(configDataRaw.toString());
+        configData = JSON.parse(configDataRaw === null || configDataRaw === void 0 ? void 0 : configDataRaw.toString());
     }
     catch (error) {
-        if (error.code !== 'ENOENT') {
+        if (error.code !== "ENOENT") {
             throw error;
         }
     }
@@ -37,7 +37,7 @@ const writeConfigData = (configDir, newConfigData) => {
     for (const [key, value] of Object.entries(newConfigData)) {
         existingData[key] = value;
     }
-    const configFilePath = path.join(configDir, 'config.json');
+    const configFilePath = path.join(configDir, "config.json");
     fs.writeFileSync(configFilePath, JSON.stringify(existingData), {
         mode: 0o0600,
     });
@@ -46,10 +46,9 @@ exports.writeConfigData = writeConfigData;
 const isProduction = (configDir) => {
     const configData = (0, exports.getOrCreateConfigData)(configDir);
     // Custom URLs are considered production since it includes on-prem
-    return configData[exports.urlKey] !== 'https://dev.opal.dev' &&
-        configData[exports.urlKey] !== 'http://localhost:3000' &&
-        configData[exports.urlKey] !== 'http://localhost:4000' &&
-        configData[exports.urlKey] !== 'https://demo.opal.dev' &&
-        configData[exports.urlKey] !== 'https://staging.opal.dev';
+    return (configData[exports.urlKey] !== "https://dev.opal.dev" &&
+        configData[exports.urlKey] !== "https://demo.opal.dev" &&
+        configData[exports.urlKey] !== "https://staging.opal.dev" &&
+        !configData[exports.urlKey].match(/https?:\/\/localhost/));
 };
 exports.isProduction = isProduction;

package/lib/lib/credentials/index.d.ts

@@ -1,11 +1,16 @@
-import { Command } from '@oclif/core';
+import type { Command } from "@oclif/core";
 interface OpalCredentials {
     email?: string;
     organizationID?: string;
     clientIDCandidate?: string;
-    accessToken?: string;
+    secret?: string;
+    secretType?: SecretType;
 }
-export declare const setOpalCredentials: (command: Command, email: string | undefined, organizationID: string, clientIDCandidate: string | undefined | null, accessToken: string) => Promise<void>;
-export declare const getOpalCredentials: (command: Command, includeAccessToken?: boolean) => Promise<OpalCredentials>;
+export declare enum SecretType {
+    Cookie = "COOKIE",
+    ApiToken = "API_TOKEN"
+}
+export declare const setOpalCredentials: (command: Command, email: string | undefined, organizationID: string, clientIDCandidate: string | undefined | null, secret: string, secretType: SecretType) => Promise<void>;
+export declare const getOpalCredentials: (command: Command, includeAuthSecret?: boolean) => Promise<OpalCredentials>;
 export declare const removeOpalCredentials: (command: Command) => Promise<void>;
 export {};