qa360 1.4.5 → 2.0.1

package/dist/core/auth/aws-iam-provider.js

@@ -0,0 +1,177 @@
+/**
+ * AWS IAM Authentication Provider
+ *
+ * Handles AWS authentication using IAM credentials.
+ * Supports credential chains, environment variables, and profiles.
+ */
+import { authCache, createCacheKey } from './index.js';
+export class AWSIamProvider {
+    type = 'aws_iam';
+    async authenticate(config) {
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (config.cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        // Get AWS credentials
+        const awsCreds = await this.getCredentials(config);
+        if (!awsCreds) {
+            return {
+                success: false,
+                error: 'Failed to obtain AWS credentials. Ensure you have configured AWS credentials via environment variables, ~/.aws/credentials, or IAM role.'
+            };
+        }
+        // Sign request to get session token if using temporary credentials
+        const credentials = {
+            type: 'aws_iam',
+            headers: {
+                'X-Amz-Security-Token': awsCreds.session_token || '',
+                'X-Amz-Date': this.getAmzDate()
+            }
+        };
+        // Add basic auth header for some AWS services
+        if (awsCreds.access_key_id && awsCreds.secret_access_key) {
+            credentials.headers['X-Amz-Credential'] = `${awsCreds.access_key_id}`;
+        }
+        // Cache credentials (AWS temp tokens expire in 1 hour typically)
+        if (config.cache?.enabled !== false) {
+            const ttl = config.cache?.ttl || 3600;
+            authCache.set(cacheKey, credentials, ttl);
+        }
+        return {
+            success: true,
+            credentials,
+            expiresAt: awsCreds.expiration || Date.now() + 3600 * 1000
+        };
+    }
+    async refresh(config) {
+        authCache.clear(this.getCacheKey(config));
+        return this.authenticate(config);
+    }
+    clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+        return Promise.resolve();
+    }
+    async validate(config) {
+        const key = this.getCacheKey(config);
+        return authCache.has(key);
+    }
+    /**
+     * Get AWS credentials from various sources
+     */
+    async getCredentials(config) {
+        // Method 1: Direct credentials from config
+        if (config.access_key_id && config.secret_access_key) {
+            return {
+                access_key_id: config.access_key_id,
+                secret_access_key: config.secret_access_key,
+                session_token: config.session_token
+            };
+        }
+        // Method 2: Environment variables
+        const envCreds = this.getFromEnv();
+        if (envCreds)
+            return envCreds;
+        // Method 3: AWS profile
+        if (config.profile) {
+            const profileCreds = await this.getFromProfile(config.profile);
+            if (profileCreds)
+                return profileCreds;
+        }
+        // Method 4: Try AWS SDK if available
+        const sdkCreds = await this.getFromSDK(config);
+        if (sdkCreds)
+            return sdkCreds;
+        return null;
+    }
+    /**
+     * Get credentials from environment variables
+     */
+    getFromEnv() {
+        const accessKeyId = process.env.AWS_ACCESS_KEY_ID;
+        const secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY;
+        const sessionToken = process.env.AWS_SESSION_TOKEN;
+        if (accessKeyId && secretAccessKey) {
+            return {
+                access_key_id: accessKeyId,
+                secret_access_key: secretAccessKey,
+                session_token: sessionToken
+            };
+        }
+        return null;
+    }
+    /**
+     * Get credentials from AWS profile file
+     */
+    async getFromProfile(profile) {
+        try {
+            const fs = require('node:fs');
+            const path = require('node:path');
+            const { execSync } = require('node:child_process');
+            const homeDir = process.env.HOME || process.env.USERPROFILE;
+            const credentialsPath = path.join(homeDir, '.aws', 'credentials');
+            if (!fs.existsSync(credentialsPath)) {
+                return null;
+            }
+            // Use AWS CLI to get credentials for profile
+            const creds = execSync(`aws configure export --profile ${profile}`, {
+                encoding: 'utf-8',
+                stdio: ['pipe', 'pipe', 'pipe']
+            });
+            // Parse the export output
+            const accessKeyMatch = creds.match(/AWS_ACCESS_KEY_ID="([^"]+)"/);
+            const secretKeyMatch = creds.match(/AWS_SECRET_ACCESS_KEY="([^"]+)"/);
+            const sessionMatch = creds.match(/AWS_SESSION_TOKEN="([^"]+)"/);
+            if (accessKeyMatch && secretKeyMatch) {
+                return {
+                    access_key_id: accessKeyMatch[1],
+                    secret_access_key: secretKeyMatch[1],
+                    session_token: sessionMatch?.[1]
+                };
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Get credentials from AWS SDK v3
+     */
+    async getFromSDK(config) {
+        try {
+            // Try to import AWS SDK
+            // @ts-ignore - AWS SDK is optional dependency
+            const { defaultProvider } = await import('@aws-sdk/credential-providers');
+            const provider = defaultProvider({
+                profile: config.profile
+            });
+            const creds = await provider();
+            return {
+                access_key_id: creds.accessKeyId,
+                secret_access_key: creds.secretAccessKey,
+                session_token: creds.sessionToken,
+                expiration: creds.expiration?.getTime()
+            };
+        }
+        catch {
+            // AWS SDK not available or error
+            return null;
+        }
+    }
+    /**
+     * Get AMZ date format for AWS signing
+     */
+    getAmzDate() {
+        const now = new Date();
+        return now.toISOString().replace(/[:\-]|\.\d{3}/g, '');
+    }
+    getCacheKey(config) {
+        const identifier = config.profile || config.region || 'default';
+        return createCacheKey('aws_iam', identifier);
+    }
+}

package/dist/core/auth/azure-ad-provider.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Azure AD Authentication Provider
+ *
+ * Handles Azure Active Directory authentication.
+ * Supports OAuth2 client credentials flow with Azure AD.
+ */
+import { AuthProvider, AuthResult, AzureADConfig } from './index.js';
+export declare class AzureADProvider implements AuthProvider<AzureADConfig> {
+    readonly type: "azure_ad";
+    authenticate(config: AzureADConfig): Promise<AuthResult>;
+    refresh(config: AzureADConfig): Promise<AuthResult>;
+    clear(config: AzureADConfig): Promise<void>;
+    validate(config: AzureADConfig): Promise<boolean>;
+    private getCacheKey;
+}

package/dist/core/auth/azure-ad-provider.js

@@ -0,0 +1,99 @@
+/**
+ * Azure AD Authentication Provider
+ *
+ * Handles Azure Active Directory authentication.
+ * Supports OAuth2 client credentials flow with Azure AD.
+ */
+import { authCache, createCacheKey } from './index.js';
+export class AzureADProvider {
+    type = 'azure_ad';
+    async authenticate(config) {
+        const { tenant_id, client_id, client_secret, scope = 'https://management.azure.com/.default' } = config;
+        if (!tenant_id || !client_id) {
+            return {
+                success: false,
+                error: 'Azure AD requires tenant_id and client_id'
+            };
+        }
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (config.cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        // Default token endpoint for Azure AD
+        const tokenEndpoint = config.token_endpoint ||
+            `https://login.microsoftonline.com/${tenant_id}/oauth2/v2.0/token`;
+        try {
+            const body = new URLSearchParams({
+                grant_type: 'client_credentials',
+                client_id,
+                client_secret: client_secret || '',
+                scope
+            });
+            const response = await fetch(tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded'
+                },
+                body: body.toString()
+            });
+            if (!response.ok) {
+                const error = await response.text().catch(() => 'Unknown error');
+                return {
+                    success: false,
+                    error: `Azure AD token request failed: ${response.status} ${error}`
+                };
+            }
+            const data = await response.json();
+            const token = data.access_token;
+            if (!token) {
+                return {
+                    success: false,
+                    error: 'No access_token in Azure AD response'
+                };
+            }
+            const credentials = {
+                type: 'azure_ad',
+                headers: {
+                    'Authorization': `Bearer ${token}`
+                }
+            };
+            // Cache with calculated expiration
+            if (config.cache?.enabled !== false) {
+                const expiresIn = data.expires_in || 3600;
+                const ttl = config.cache?.ttl || expiresIn;
+                authCache.set(cacheKey, credentials, ttl);
+            }
+            return {
+                success: true,
+                credentials,
+                expiresAt: data.expires_in ? Date.now() + data.expires_in * 1000 : undefined
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Azure AD authentication failed: ${error.message}`
+            };
+        }
+    }
+    async refresh(config) {
+        authCache.clear(this.getCacheKey(config));
+        return this.authenticate(config);
+    }
+    clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+        return Promise.resolve();
+    }
+    async validate(config) {
+        const key = this.getCacheKey(config);
+        return authCache.has(key);
+    }
+    getCacheKey(config) {
+        return createCacheKey('azure_ad', config.client_id);
+    }
+}

package/dist/core/auth/basic-auth-provider.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Bearer Token and Basic Authentication Providers
+ *
+ * Handles generic bearer token and HTTP Basic Authentication.
+ */
+import { AuthProvider, AuthResult, BearerAuthConfig, BasicAuthConfig } from './index.js';
+/**
+ * Bearer Token Authentication Provider
+ */
+export declare class BearerProvider implements AuthProvider<BearerAuthConfig> {
+    readonly type: "bearer";
+    authenticate(config: BearerAuthConfig): Promise<AuthResult>;
+    clear(config: BearerAuthConfig): Promise<void>;
+    validate(config: BearerAuthConfig): Promise<boolean>;
+    private getCacheKey;
+}
+/**
+ * Basic Authentication Provider
+ */
+export declare class BasicAuthProvider implements AuthProvider<BasicAuthConfig> {
+    readonly type: "basic";
+    authenticate(config: BasicAuthConfig): Promise<AuthResult>;
+    clear(config: BasicAuthConfig): Promise<void>;
+    validate(config: BasicAuthConfig): Promise<boolean>;
+    private getCacheKey;
+}

package/dist/core/auth/basic-auth-provider.js

@@ -0,0 +1,111 @@
+/**
+ * Bearer Token and Basic Authentication Providers
+ *
+ * Handles generic bearer token and HTTP Basic Authentication.
+ */
+import { parseToken, encodeBasicAuth, authCache, createCacheKey } from './index.js';
+/**
+ * Bearer Token Authentication Provider
+ */
+export class BearerProvider {
+    type = 'bearer';
+    async authenticate(config) {
+        const { token, cache } = config;
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        const cleanToken = parseToken(token);
+        const credentials = {
+            type: 'bearer',
+            headers: {
+                'Authorization': `Bearer ${cleanToken}`
+            }
+        };
+        // Cache if enabled
+        if (cache?.enabled !== false) {
+            const ttl = cache?.ttl || 3600;
+            authCache.set(cacheKey, credentials, ttl);
+        }
+        return {
+            success: true,
+            credentials
+        };
+    }
+    async clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+    }
+    async validate(config) {
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first, then validate token
+        if (authCache.has(cacheKey)) {
+            return true;
+        }
+        return !!config.token && config.token.length > 0;
+    }
+    getCacheKey(config) {
+        // Use token hash as identifier
+        const crypto = require('node:crypto');
+        const hash = crypto.createHash('sha256').update(config.token || '').digest('hex').substring(0, 16);
+        return createCacheKey('bearer', hash);
+    }
+}
+/**
+ * Basic Authentication Provider
+ */
+export class BasicAuthProvider {
+    type = 'basic';
+    async authenticate(config) {
+        const { username, password, cache } = config;
+        if (!username || !password) {
+            return {
+                success: false,
+                error: 'Username and password are required for Basic auth'
+            };
+        }
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        const credentials = {
+            type: 'basic',
+            headers: {
+                'Authorization': encodeBasicAuth(username, password)
+            }
+        };
+        // Cache if enabled
+        if (cache?.enabled !== false) {
+            const ttl = cache?.ttl || 3600;
+            authCache.set(cacheKey, credentials, ttl);
+        }
+        return {
+            success: true,
+            credentials
+        };
+    }
+    async clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+    }
+    async validate(config) {
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first, then validate credentials
+        if (authCache.has(cacheKey)) {
+            return true;
+        }
+        return !!config.username && !!config.password;
+    }
+    getCacheKey(config) {
+        // Use username as identifier
+        return createCacheKey('basic', config.username || 'default');
+    }
+}

package/dist/core/auth/gcp-adc-provider.d.ts

@@ -0,0 +1,27 @@
+/**
+ * GCP Application Default Credentials Provider
+ *
+ * Handles GCP authentication using Application Default Credentials.
+ * Supports service account credentials and ADC resolution.
+ */
+import { AuthProvider, AuthResult, GCPADCConfig } from './index.js';
+export declare class GCPADCProvider implements AuthProvider<GCPADCConfig> {
+    readonly type: "gcp_adc";
+    authenticate(config: GCPADCConfig): Promise<AuthResult>;
+    refresh(config: GCPADCConfig): Promise<AuthResult>;
+    clear(config: GCPADCConfig): Promise<void>;
+    validate(config: GCPADCConfig): Promise<boolean>;
+    /**
+     * Get GCP access token from various sources
+     */
+    private getAccessToken;
+    /**
+     * Get token from gcloud CLI
+     */
+    private getTokenFromGcloud;
+    /**
+     * Get token from GCP metadata server
+     */
+    private getTokenFromMetadataServer;
+    private getCacheKey;
+}

package/dist/core/auth/gcp-adc-provider.js

@@ -0,0 +1,126 @@
+/**
+ * GCP Application Default Credentials Provider
+ *
+ * Handles GCP authentication using Application Default Credentials.
+ * Supports service account credentials and ADC resolution.
+ */
+import { authCache, createCacheKey } from './index.js';
+export class GCPADCProvider {
+    type = 'gcp_adc';
+    async authenticate(config) {
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (config.cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        // Try to get GCP access token
+        try {
+            const token = await this.getAccessToken(config);
+            if (!token) {
+                return {
+                    success: false,
+                    error: 'Failed to obtain GCP access token. Ensure you are authenticated with gcloud auth application-default login or have a service account key.'
+                };
+            }
+            const credentials = {
+                type: 'gcp_adc',
+                headers: {
+                    'Authorization': `Bearer ${token}`
+                }
+            };
+            // GCP tokens typically expire in 1 hour
+            if (config.cache?.enabled !== false) {
+                const ttl = config.cache?.ttl || 3600;
+                authCache.set(cacheKey, credentials, ttl);
+            }
+            return {
+                success: true,
+                credentials,
+                expiresAt: Date.now() + 3600 * 1000
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `GCP ADC authentication failed: ${error.message}`
+            };
+        }
+    }
+    async refresh(config) {
+        // Clear cache and re-authenticate
+        authCache.clear(this.getCacheKey(config));
+        return this.authenticate(config);
+    }
+    clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+        return Promise.resolve();
+    }
+    async validate(config) {
+        const key = this.getCacheKey(config);
+        return authCache.has(key);
+    }
+    /**
+     * Get GCP access token from various sources
+     */
+    async getAccessToken(config) {
+        // Method 1: Try environment variable (GOOGLE_TOKEN)
+        if (process.env.GOOGLE_TOKEN) {
+            return process.env.GOOGLE_TOKEN;
+        }
+        // Method 2: Try gcloud auth print-access-token
+        const token = await this.getTokenFromGcloud();
+        if (token)
+            return token;
+        // Method 3: Try metadata server (for GCE/GKE)
+        const metadataToken = await this.getTokenFromMetadataServer();
+        if (metadataToken)
+            return metadataToken;
+        return null;
+    }
+    /**
+     * Get token from gcloud CLI
+     */
+    async getTokenFromGcloud() {
+        try {
+            const { execSync } = require('node:child_process');
+            const token = execSync('gcloud auth print-access-token', {
+                encoding: 'utf-8',
+                stdio: ['pipe', 'pipe', 'pipe']
+            }).trim();
+            return token || null;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Get token from GCP metadata server
+     */
+    async getTokenFromMetadataServer() {
+        try {
+            const response = await fetch('http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token', {
+                headers: {
+                    'Metadata-Flavor': 'Google'
+                },
+                // Timeout for metadata server
+                signal: AbortSignal.timeout(2000)
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const data = await response.json();
+            return data.access_token;
+        }
+        catch {
+            return null;
+        }
+    }
+    getCacheKey(config) {
+        const identifier = config.project_id || 'default';
+        return createCacheKey('gcp_adc', identifier);
+    }
+}