qa360 1.4.5 → 2.0.1

package/dist/core/auth/index.d.ts

@@ -0,0 +1,238 @@
+/**
+ * QA360 Authentication Module
+ *
+ * Comprehensive authentication support for test adapters.
+ * Supports JWT, OAuth2, API Keys, Bearer tokens, Basic auth, TOTP,
+ * UI Login, and cloud provider credentials (GCP, AWS, Azure).
+ */
+/**
+ * Authentication result
+ */
+export interface AuthResult {
+    success: boolean;
+    credentials?: AuthCredentials;
+    error?: string;
+    expiresAt?: number;
+}
+/**
+ * Authentication credentials to be used in requests
+ */
+export interface AuthCredentials {
+    type: AuthType;
+    headers?: Record<string, string>;
+    queryParams?: Record<string, string>;
+    cookies?: Cookie[];
+    body?: Record<string, unknown>;
+}
+/**
+ * Cookie for session management
+ */
+export interface Cookie {
+    name: string;
+    value: string;
+    domain?: string;
+    path?: string;
+    expires?: Date;
+    httpOnly?: boolean;
+    secure?: boolean;
+}
+/**
+ * Authentication types
+ */
+export type AuthType = 'none' | 'jwt' | 'oauth2' | 'api_key' | 'bearer' | 'basic' | 'totp' | 'ui_login' | 'gcp_adc' | 'aws_iam' | 'azure_ad';
+/**
+ * Base configuration for all auth providers
+ */
+export interface BaseAuthConfig {
+    type: AuthType;
+    enabled?: boolean;
+    cache?: {
+        enabled?: boolean;
+        ttl?: number;
+    };
+}
+/**
+ * JWT configuration
+ */
+export interface JWTAuthConfig extends BaseAuthConfig {
+    type: 'jwt';
+    issuer?: string;
+    audience?: string;
+    subject?: string;
+    client_id?: string;
+    client_secret?: string;
+    token_endpoint?: string;
+    scopes?: string[];
+    auto_refresh?: boolean;
+    token?: string;
+}
+/**
+ * OAuth2 configuration
+ */
+export interface OAuth2AuthConfig extends BaseAuthConfig {
+    type: 'oauth2';
+    token_url: string;
+    client_id: string;
+    client_secret?: string;
+    scopes?: string[];
+    grant_type?: 'client_credentials' | 'authorization_code' | 'password';
+    username?: string;
+    password?: string;
+}
+/**
+ * API Key configuration
+ */
+export interface APIKeyAuthConfig extends BaseAuthConfig {
+    type: 'api_key';
+    key: string;
+    header_name?: string;
+    prefix?: string;
+    location?: 'header' | 'query';
+}
+/**
+ * Bearer token configuration
+ */
+export interface BearerAuthConfig extends BaseAuthConfig {
+    type: 'bearer';
+    token: string;
+}
+/**
+ * Basic auth configuration
+ */
+export interface BasicAuthConfig extends BaseAuthConfig {
+    type: 'basic';
+    username: string;
+    password: string;
+}
+/**
+ * TOTP configuration
+ */
+export interface TOTPAuthConfig extends BaseAuthConfig {
+    type: 'totp';
+    secret: string;
+    digits?: number;
+    period?: number;
+    algorithm?: 'sha1' | 'sha256' | 'sha512';
+}
+/**
+ * UI Login configuration
+ */
+export interface UILoginAuthConfig extends BaseAuthConfig {
+    type: 'ui_login';
+    url: string;
+    username?: string;
+    password?: string;
+    username_selector?: string;
+    password_selector?: string;
+    submit_selector?: string;
+    totp_secret?: string;
+    totp_selector?: string;
+    session_file?: string;
+}
+/**
+ * GCP ADC configuration
+ */
+export interface GCPADCConfig extends BaseAuthConfig {
+    type: 'gcp_adc';
+    project_id?: string;
+    scopes?: string[];
+}
+/**
+ * AWS IAM configuration
+ */
+export interface AWSIamConfig extends BaseAuthConfig {
+    type: 'aws_iam';
+    region?: string;
+    access_key_id?: string;
+    secret_access_key?: string;
+    session_token?: string;
+    role_arn?: string;
+    profile?: string;
+}
+/**
+ * Azure AD configuration
+ */
+export interface AzureADConfig extends BaseAuthConfig {
+    type: 'azure_ad';
+    tenant_id: string;
+    client_id: string;
+    client_secret?: string;
+    scope?: string;
+    token_endpoint?: string;
+}
+/**
+ * No-auth configuration (for unauthenticated requests)
+ */
+export interface NoneAuthConfig extends BaseAuthConfig {
+    type: 'none';
+}
+/**
+ * Union type for all auth configurations
+ */
+export type AuthConfig = JWTAuthConfig | OAuth2AuthConfig | APIKeyAuthConfig | BearerAuthConfig | BasicAuthConfig | TOTPAuthConfig | UILoginAuthConfig | GCPADCConfig | AWSIamConfig | AzureADConfig | NoneAuthConfig;
+/**
+ * Base interface for all auth providers
+ */
+export interface AuthProvider<T extends AuthConfig = AuthConfig> {
+    /**
+     * Provider type identifier
+     */
+    readonly type: AuthType;
+    /**
+     * Authenticate and retrieve credentials
+     */
+    authenticate(config: T): Promise<AuthResult>;
+    /**
+     * Refresh credentials if applicable
+     */
+    refresh?(config: T): Promise<AuthResult>;
+    /**
+     * Clear cached credentials
+     */
+    clear?(config: T): Promise<void>;
+    /**
+     * Validate current credentials
+     */
+    validate?(config: T): Promise<boolean>;
+}
+/**
+ * Simple in-memory cache for auth credentials
+ */
+export declare class AuthCache {
+    private cache;
+    private defaultTTL;
+    set(key: string, credentials: AuthCredentials, ttl?: number): void;
+    get(key: string): AuthCredentials | null;
+    clear(key?: string): void;
+    has(key: string): boolean;
+}
+/**
+ * Global auth cache instance
+ */
+export declare const authCache: AuthCache;
+/**
+ * Create cache key from config
+ */
+export declare function createCacheKey(type: AuthType, identifier: string): string;
+/**
+ * Check if credentials are expired
+ */
+export declare function isExpired(expiresAt?: number): boolean;
+/**
+ * Parse token from string (extracts token without "Bearer " prefix)
+ */
+export declare function parseToken(token: string): string;
+/**
+ * Encode basic auth header
+ */
+export declare function encodeBasicAuth(username: string, password: string): string;
+export { JWTProvider } from './jwt-provider.js';
+export { OAuth2Provider } from './oauth2-provider.js';
+export { APIKeyProvider } from './api-key-provider.js';
+export { BearerProvider, BasicAuthProvider } from './basic-auth-provider.js';
+export { TOTPProvider } from './totp-provider.js';
+export { UILoginProvider } from './ui-login-provider.js';
+export { GCPADCProvider } from './gcp-adc-provider.js';
+export { AWSIamProvider } from './aws-iam-provider.js';
+export { AzureADProvider } from './azure-ad-provider.js';
+export { AuthManager, authManager, authenticate, createAuthHeaders, applyAuthToRequest, AuthError } from './manager.js';

package/dist/core/auth/index.js

@@ -0,0 +1,82 @@
+/**
+ * QA360 Authentication Module
+ *
+ * Comprehensive authentication support for test adapters.
+ * Supports JWT, OAuth2, API Keys, Bearer tokens, Basic auth, TOTP,
+ * UI Login, and cloud provider credentials (GCP, AWS, Azure).
+ */
+/**
+ * Simple in-memory cache for auth credentials
+ */
+export class AuthCache {
+    cache = new Map();
+    defaultTTL = 3600; // 1 hour
+    set(key, credentials, ttl) {
+        const expiresAt = Date.now() + (ttl || this.defaultTTL) * 1000;
+        this.cache.set(key, { credentials, expiresAt });
+    }
+    get(key) {
+        const entry = this.cache.get(key);
+        if (!entry)
+            return null;
+        if (Date.now() > entry.expiresAt) {
+            this.cache.delete(key);
+            return null;
+        }
+        return entry.credentials;
+    }
+    clear(key) {
+        if (key) {
+            this.cache.delete(key);
+        }
+        else {
+            this.cache.clear();
+        }
+    }
+    has(key) {
+        return this.get(key) !== null;
+    }
+}
+/**
+ * Global auth cache instance
+ */
+export const authCache = new AuthCache();
+/**
+ * Create cache key from config
+ */
+export function createCacheKey(type, identifier) {
+    return `${type}:${identifier}`;
+}
+/**
+ * Check if credentials are expired
+ */
+export function isExpired(expiresAt) {
+    if (!expiresAt)
+        return false;
+    return Date.now() >= expiresAt;
+}
+/**
+ * Parse token from string (extracts token without "Bearer " prefix)
+ */
+export function parseToken(token) {
+    return token.replace(/^Bearer\s+/i, '').trim();
+}
+/**
+ * Encode basic auth header
+ */
+export function encodeBasicAuth(username, password) {
+    const encoded = Buffer.from(`${username}:${password}`).toString('base64');
+    return `Basic ${encoded}`;
+}
+// Re-export all providers
+export { JWTProvider } from './jwt-provider.js';
+export { OAuth2Provider } from './oauth2-provider.js';
+export { APIKeyProvider } from './api-key-provider.js';
+export { BearerProvider, BasicAuthProvider } from './basic-auth-provider.js';
+export { TOTPProvider } from './totp-provider.js';
+export { UILoginProvider } from './ui-login-provider.js';
+export { GCPADCProvider } from './gcp-adc-provider.js';
+export { AWSIamProvider } from './aws-iam-provider.js';
+export { AzureADProvider } from './azure-ad-provider.js';
+// Re-export manager and factory functions
+export { AuthManager, authManager, authenticate, createAuthHeaders, applyAuthToRequest, AuthError } from './manager.js';

package/dist/core/auth/jwt-provider.d.ts

@@ -0,0 +1,19 @@
+/**
+ * JWT Authentication Provider
+ *
+ * Handles JWT bearer token authentication with support for:
+ * - Pre-existing tokens
+ * - OAuth2 token endpoint (client credentials flow)
+ * - Automatic token refresh
+ */
+import { AuthProvider, AuthResult, JWTAuthConfig } from './index.js';
+export declare class JWTProvider implements AuthProvider<JWTAuthConfig> {
+    readonly type: "jwt";
+    authenticate(config: JWTAuthConfig): Promise<AuthResult>;
+    refresh(config: JWTAuthConfig): Promise<AuthResult>;
+    clear(config: JWTAuthConfig): Promise<void>;
+    validate(config: JWTAuthConfig): Promise<boolean>;
+    private fetchToken;
+    private createTokenResult;
+    private getCacheKey;
+}

package/dist/core/auth/jwt-provider.js

@@ -0,0 +1,160 @@
+/**
+ * JWT Authentication Provider
+ *
+ * Handles JWT bearer token authentication with support for:
+ * - Pre-existing tokens
+ * - OAuth2 token endpoint (client credentials flow)
+ * - Automatic token refresh
+ */
+import { authCache, createCacheKey, parseToken } from './index.js';
+export class JWTProvider {
+    type = 'jwt';
+    async authenticate(config) {
+        // If we have a pre-existing token, use it directly
+        if (config.token) {
+            return this.createTokenResult(config.token, config);
+        }
+        // If token_endpoint is provided, fetch token via OAuth2
+        if (config.token_endpoint) {
+            return await this.fetchToken(config);
+        }
+        return {
+            success: false,
+            error: 'JWT token or token_endpoint must be provided'
+        };
+    }
+    async refresh(config) {
+        if (!config.token_endpoint) {
+            return {
+                success: false,
+                error: 'Cannot refresh: no token_endpoint configured'
+            };
+        }
+        return await this.fetchToken(config);
+    }
+    clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+        return Promise.resolve();
+    }
+    async validate(config) {
+        if (!config.token)
+            return false;
+        try {
+            const parts = config.token.split('.');
+            if (parts.length !== 3)
+                return false;
+            // Decode payload (no verification, just check structure)
+            const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
+            // Check expiration if present
+            if (payload.exp) {
+                const now = Math.floor(Date.now() / 1000);
+                return payload.exp > now;
+            }
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async fetchToken(config) {
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (config.cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        // Prepare token request
+        const body = {
+            grant_type: 'client_credentials',
+            client_id: config.client_id,
+            client_secret: config.client_secret,
+        };
+        if (config.scopes && config.scopes.length > 0) {
+            body.scope = config.scopes.join(' ');
+        }
+        if (config.audience)
+            body.audience = config.audience;
+        try {
+            const endpoint = config.token_endpoint;
+            if (!endpoint) {
+                return { success: false, error: 'Token endpoint is required' };
+            }
+            const response = await fetch(endpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(body),
+            });
+            if (!response.ok) {
+                const error = await response.text().catch(() => 'Unknown error');
+                return {
+                    success: false,
+                    error: `Token request failed: ${response.status} ${error}`
+                };
+            }
+            const data = await response.json();
+            const token = data.access_token;
+            if (!token) {
+                return {
+                    success: false,
+                    error: 'No access_token in response'
+                };
+            }
+            return this.createTokenResult(token, config, data.expires_in);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Token fetch failed: ${error.message}`
+            };
+        }
+    }
+    createTokenResult(token, config, expiresIn) {
+        const cleanToken = parseToken(token);
+        const credentials = {
+            type: 'jwt',
+            headers: {
+                'Authorization': `Bearer ${cleanToken}`
+            }
+        };
+        // Calculate expiration
+        let expiresAt;
+        if (expiresIn) {
+            expiresAt = Date.now() + expiresIn * 1000;
+        }
+        else {
+            // Try to decode JWT and get exp claim
+            try {
+                const parts = cleanToken.split('.');
+                if (parts.length === 3) {
+                    const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString());
+                    if (payload.exp) {
+                        expiresAt = payload.exp * 1000;
+                    }
+                }
+            }
+            catch {
+                // Ignore decode errors
+            }
+        }
+        // Cache if enabled
+        if (config.cache?.enabled !== false && expiresAt) {
+            const ttl = config.cache?.ttl || Math.floor((expiresAt - Date.now()) / 1000);
+            const key = this.getCacheKey(config);
+            authCache.set(key, credentials, ttl);
+        }
+        return {
+            success: true,
+            credentials,
+            expiresAt
+        };
+    }
+    getCacheKey(config) {
+        const identifier = config.client_id || config.issuer || 'default';
+        return createCacheKey('jwt', identifier);
+    }
+}

package/dist/core/auth/manager.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Authentication Manager and Factory
+ *
+ * Central manager for handling multiple authentication profiles
+ * and creating auth providers based on configuration.
+ */
+import { AuthProvider, AuthConfig, AuthResult, AuthCredentials } from './index.js';
+/**
+ * Authentication error
+ */
+export declare class AuthError extends Error {
+    code: string;
+    provider?: string;
+    constructor(message: string, provider?: string);
+}
+/**
+ * Authentication Manager
+ *
+ * Manages multiple authentication profiles and provides
+ * a unified interface for authentication operations.
+ */
+export declare class AuthManager {
+    private profiles;
+    /**
+     * Register an authentication profile
+     */
+    registerProfile(name: string, config: AuthConfig): void;
+    /**
+     * Unregister an authentication profile
+     */
+    unregisterProfile(name: string): void;
+    /**
+     * Get a registered profile
+     */
+    getProfile(name: string): AuthConfig | undefined;
+    /**
+     * List all registered profiles
+     */
+    listProfiles(): string[];
+    /**
+     * Authenticate using a named profile
+     */
+    authenticate(name: string): Promise<AuthResult>;
+    /**
+     * Authenticate using a configuration directly
+     */
+    authenticateWithConfig(config: AuthConfig): Promise<AuthResult>;
+    /**
+     * Create an auth provider based on configuration type
+     */
+    createProvider(config: AuthConfig): AuthProvider;
+    /**
+     * Refresh authentication for a named profile
+     */
+    refresh(name: string): Promise<AuthResult>;
+    /**
+     * Clear authentication for a named profile
+     */
+    clear(name: string): Promise<void>;
+    /**
+     * Validate authentication for a named profile
+     */
+    validate(name: string): Promise<boolean>;
+    /**
+     * Clear all cached credentials
+     */
+    clearAll(): void;
+}
+/**
+ * Global auth manager instance
+ */
+export declare const authManager: AuthManager;
+/**
+ * Helper function to authenticate with a single config
+ */
+export declare function authenticate(config: AuthConfig): Promise<AuthResult>;
+/**
+ * Helper function to create auth credentials for use in requests
+ */
+export declare function createAuthHeaders(credentials: AuthCredentials): Record<string, string>;
+/**
+ * Apply auth credentials to a fetch request init
+ */
+export declare function applyAuthToRequest(credentials: AuthCredentials, init?: RequestInit): RequestInit;