poe-code 3.0.292 → 3.0.293

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.js +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/package.json +1 -1
  4. package/packages/opencode-poe-auth/dist/poe-auth-plugin.js +32 -5
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "poe-code",
3
- "version": "3.0.292",
3
+ "version": "3.0.293",
4
4
  "description": "CLI tool to configure Poe API for developer workflows.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
package/packages/opencode-poe-auth/dist/poe-auth-plugin.js CHANGED
@@ -1,20 +1,29 @@
1
1
  import open from "open";
2
2
  import { createOAuthClient } from "poe-oauth";
3
3
  const CLIENT_ID = "client_728290227fc048cc9262091a1ea197ea";
4
+ const MAX_VALID_EPOCH_MS = 8_640_000_000_000_000;
4
5
  function getExpiry(expiresIn) {
5
6
  if (expiresIn === null) {
6
- return Number.MAX_SAFE_INTEGER;
7
+ return MAX_VALID_EPOCH_MS;
7
8
  }
8
- if (typeof expiresIn !== "number" || !Number.isFinite(expiresIn) || expiresIn < 0) {
9
+ if (typeof expiresIn !== "number" ||
10
+ !Number.isFinite(expiresIn) ||
11
+ !Number.isInteger(expiresIn) ||
12
+ expiresIn < 0) {
9
13
  throw new Error("Poe API key has invalid expiration metadata. Run `opencode providers login` again.");
10
14
  }
11
- return Date.now() + expiresIn * 1000;
15
+ const expires = Date.now() + expiresIn * 1000;
16
+ assertValidExpiryTimestamp(expires);
17
+ return expires;
12
18
  }
13
19
  function requireApiKey(value) {
14
20
  const apiKey = typeof value === "string" ? value.trim() : "";
15
21
  if (apiKey.length === 0) {
16
22
  throw new Error("Poe API key is missing. Run `opencode providers login` again.");
17
23
  }
24
+ if (hasControlCharacter(apiKey)) {
25
+ throw new Error("Poe API key contains invalid characters. Run `opencode providers login` again.");
26
+ }
18
27
  return apiKey;
19
28
  }
20
29
  async function authorize() {
@@ -34,7 +43,7 @@ async function authorize() {
34
43
  instructions: "Complete authorization in your browser. This window will close automatically.",
35
44
  method: "auto",
36
45
  callback: async () => {
37
- const result = await authorization.waitForResult();
46
+ const result = (await authorization.waitForResult());
38
47
  const resultRecord = isObjectRecord(result) ? result : {};
39
48
  const apiKey = requireApiKey(getOwnEntry(resultRecord, "apiKey"));
40
49
  return {
@@ -63,7 +72,8 @@ export async function PoeAuthPlugin(_input) {
63
72
  return {};
64
73
  }
65
74
  const expires = getOwnEntry(auth, "expires");
66
- if (typeof expires !== "number" || !Number.isFinite(expires) || expires <= Date.now()) {
75
+ assertValidExpiryTimestamp(expires);
76
+ if (expires <= Date.now()) {
67
77
  throw new Error("Poe API key expired. Run `opencode providers login` again.");
68
78
  }
69
79
  return { apiKey: requireApiKey(getOwnEntry(auth, "access")) };
@@ -95,3 +105,20 @@ function getOwnString(record, key) {
95
105
  const value = getOwnEntry(record, key);
96
106
  return typeof value === "string" ? value : undefined;
97
107
  }
108
+ function assertValidExpiryTimestamp(value) {
109
+ if (typeof value !== "number" ||
110
+ !Number.isFinite(value) ||
111
+ !Number.isSafeInteger(value) ||
112
+ value > MAX_VALID_EPOCH_MS) {
113
+ throw new Error("Poe API key has invalid expiration metadata. Run `opencode providers login` again.");
114
+ }
115
+ }
116
+ function hasControlCharacter(value) {
117
+ for (const character of value) {
118
+ const code = character.charCodeAt(0);
119
+ if (code <= 31 || code === 127) {
120
+ return true;
121
+ }
122
+ }
123
+ return false;
124
+ }