qa360 1.4.5 → 2.0.1

package/dist/core/auth/manager.js

@@ -0,0 +1,230 @@
+/**
+ * Authentication Manager and Factory
+ *
+ * Central manager for handling multiple authentication profiles
+ * and creating auth providers based on configuration.
+ */
+import { authCache } from './index.js';
+import { JWTProvider } from './jwt-provider.js';
+import { OAuth2Provider } from './oauth2-provider.js';
+import { APIKeyProvider } from './api-key-provider.js';
+import { BearerProvider, BasicAuthProvider } from './basic-auth-provider.js';
+import { TOTPProvider } from './totp-provider.js';
+import { UILoginProvider } from './ui-login-provider.js';
+import { GCPADCProvider } from './gcp-adc-provider.js';
+import { AWSIamProvider } from './aws-iam-provider.js';
+import { AzureADProvider } from './azure-ad-provider.js';
+/**
+ * Authentication error
+ */
+export class AuthError extends Error {
+    code = 'AUTH_ERROR';
+    provider;
+    constructor(message, provider) {
+        super(message);
+        this.name = 'AuthError';
+        this.provider = provider;
+    }
+}
+/**
+ * Authentication Manager
+ *
+ * Manages multiple authentication profiles and provides
+ * a unified interface for authentication operations.
+ */
+export class AuthManager {
+    profiles = new Map();
+    /**
+     * Register an authentication profile
+     */
+    registerProfile(name, config) {
+        this.profiles.set(name, config);
+    }
+    /**
+     * Unregister an authentication profile
+     */
+    unregisterProfile(name) {
+        this.profiles.delete(name);
+    }
+    /**
+     * Get a registered profile
+     */
+    getProfile(name) {
+        return this.profiles.get(name);
+    }
+    /**
+     * List all registered profiles
+     */
+    listProfiles() {
+        return Array.from(this.profiles.keys());
+    }
+    /**
+     * Authenticate using a named profile
+     */
+    async authenticate(name) {
+        const config = this.profiles.get(name);
+        if (!config) {
+            return {
+                success: false,
+                error: `Profile '${name}' not found`
+            };
+        }
+        return this.authenticateWithConfig(config);
+    }
+    /**
+     * Authenticate using a configuration directly
+     */
+    async authenticateWithConfig(config) {
+        const provider = this.createProvider(config);
+        try {
+            return await provider.authenticate(config);
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `Authentication failed: ${error.message}`
+            };
+        }
+    }
+    /**
+     * Create an auth provider based on configuration type
+     */
+    createProvider(config) {
+        switch (config.type) {
+            case 'jwt':
+                return new JWTProvider();
+            case 'oauth2':
+                return new OAuth2Provider();
+            case 'api_key':
+                return new APIKeyProvider();
+            case 'bearer':
+                return new BearerProvider();
+            case 'basic':
+                return new BasicAuthProvider();
+            case 'totp':
+                return new TOTPProvider();
+            case 'ui_login':
+                return new UILoginProvider();
+            case 'gcp_adc':
+                return new GCPADCProvider();
+            case 'aws_iam':
+                return new AWSIamProvider();
+            case 'azure_ad':
+                return new AzureADProvider();
+            case 'none':
+                return new NoneAuthProvider();
+            default:
+                throw new AuthError(`Unknown auth type: ${config.type}`);
+        }
+    }
+    /**
+     * Refresh authentication for a named profile
+     */
+    async refresh(name) {
+        const config = this.profiles.get(name);
+        if (!config) {
+            return {
+                success: false,
+                error: `Profile '${name}' not found`
+            };
+        }
+        const provider = this.createProvider(config);
+        if (provider.refresh) {
+            try {
+                return await provider.refresh(config);
+            }
+            catch (error) {
+                return {
+                    success: false,
+                    error: `Refresh failed: ${error.message}`
+                };
+            }
+        }
+        return {
+            success: false,
+            error: `Auth type '${config.type}' does not support refresh`
+        };
+    }
+    /**
+     * Clear authentication for a named profile
+     */
+    async clear(name) {
+        const config = this.profiles.get(name);
+        if (!config)
+            return;
+        const provider = this.createProvider(config);
+        if (provider.clear) {
+            await provider.clear(config);
+        }
+    }
+    /**
+     * Validate authentication for a named profile
+     */
+    async validate(name) {
+        const config = this.profiles.get(name);
+        if (!config)
+            return false;
+        const provider = this.createProvider(config);
+        if (provider.validate) {
+            return provider.validate(config);
+        }
+        return true;
+    }
+    /**
+     * Clear all cached credentials
+     */
+    clearAll() {
+        authCache.clear();
+    }
+}
+/**
+ * No-op authentication provider (for unauthenticated requests)
+ */
+class NoneAuthProvider {
+    type = 'none';
+    async authenticate() {
+        return {
+            success: true,
+            credentials: { type: 'none' }
+        };
+    }
+    async validate() {
+        return true;
+    }
+}
+/**
+ * Global auth manager instance
+ */
+export const authManager = new AuthManager();
+/**
+ * Helper function to authenticate with a single config
+ */
+export async function authenticate(config) {
+    const manager = new AuthManager();
+    return manager.authenticateWithConfig(config);
+}
+/**
+ * Helper function to create auth credentials for use in requests
+ */
+export function createAuthHeaders(credentials) {
+    const headers = {};
+    if (credentials.headers) {
+        Object.assign(headers, credentials.headers);
+    }
+    return headers;
+}
+/**
+ * Apply auth credentials to a fetch request init
+ */
+export function applyAuthToRequest(credentials, init = {}) {
+    const headers = new Headers(init.headers);
+    if (credentials.headers) {
+        Object.entries(credentials.headers).forEach(([key, value]) => {
+            headers.set(key, value);
+        });
+    }
+    return {
+        ...init,
+        headers
+    };
+}

package/dist/core/auth/oauth2-provider.d.ts

@@ -0,0 +1,17 @@
+/**
+ * OAuth2 Authentication Provider
+ *
+ * Handles OAuth2 authentication with support for:
+ * - Client credentials grant
+ * - Password grant (resource owner)
+ * - Authorization code grant (requires pre-issued code)
+ */
+import { AuthProvider, AuthResult, OAuth2AuthConfig } from './index.js';
+export declare class OAuth2Provider implements AuthProvider<OAuth2AuthConfig> {
+    readonly type: "oauth2";
+    authenticate(config: OAuth2AuthConfig): Promise<AuthResult>;
+    refresh(config: OAuth2AuthConfig): Promise<AuthResult>;
+    clear(config: OAuth2AuthConfig): Promise<void>;
+    validate(config: OAuth2AuthConfig): Promise<boolean>;
+    private getCacheKey;
+}

package/dist/core/auth/oauth2-provider.js

@@ -0,0 +1,114 @@
+/**
+ * OAuth2 Authentication Provider
+ *
+ * Handles OAuth2 authentication with support for:
+ * - Client credentials grant
+ * - Password grant (resource owner)
+ * - Authorization code grant (requires pre-issued code)
+ */
+import { authCache, createCacheKey } from './index.js';
+export class OAuth2Provider {
+    type = 'oauth2';
+    async authenticate(config) {
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first
+        if (config.cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        // Prepare token request based on grant type
+        const grantType = config.grant_type || 'client_credentials';
+        const body = {
+            grant_type: grantType,
+            client_id: config.client_id,
+        };
+        // Add client secret for most grants (except some implicit flows)
+        if (config.client_secret) {
+            body.client_secret = config.client_secret;
+        }
+        // Grant-specific parameters
+        if (grantType === 'password') {
+            if (!config.username || !config.password) {
+                return {
+                    success: false,
+                    error: 'Username and password required for password grant'
+                };
+            }
+            body.username = config.username;
+            body.password = config.password;
+        }
+        if (config.scopes && config.scopes.length > 0) {
+            body.scope = config.scopes.join(' ');
+        }
+        try {
+            const response = await fetch(config.token_url, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: new URLSearchParams(body).toString(),
+            });
+            if (!response.ok) {
+                const error = await response.text().catch(() => 'Unknown error');
+                return {
+                    success: false,
+                    error: `OAuth2 token request failed: ${response.status} ${error}`
+                };
+            }
+            const data = await response.json();
+            const token = data.access_token;
+            if (!token) {
+                return {
+                    success: false,
+                    error: 'No access_token in OAuth2 response'
+                };
+            }
+            const credentials = {
+                type: 'oauth2',
+                headers: {
+                    'Authorization': `Bearer ${token}`
+                }
+            };
+            // Calculate expiration
+            let expiresAt;
+            if (data.expires_in) {
+                expiresAt = Date.now() + data.expires_in * 1000;
+            }
+            // Cache if enabled
+            if (config.cache?.enabled !== false) {
+                const ttl = config.cache?.ttl || data.expires_in || 3600;
+                authCache.set(cacheKey, credentials, ttl);
+            }
+            return {
+                success: true,
+                credentials,
+                expiresAt
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: `OAuth2 request failed: ${error.message}`
+            };
+        }
+    }
+    async refresh(config) {
+        // For OAuth2, refresh is typically the same as authenticate
+        // unless we have a refresh token (which we don't store currently)
+        return this.authenticate(config);
+    }
+    clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+        return Promise.resolve();
+    }
+    async validate(config) {
+        const key = this.getCacheKey(config);
+        return authCache.has(key);
+    }
+    getCacheKey(config) {
+        return createCacheKey('oauth2', config.client_id);
+    }
+}

package/dist/core/auth/totp-provider.d.ts

@@ -0,0 +1,31 @@
+/**
+ * TOTP Authentication Provider
+ *
+ * Handles Time-based One-Time Password authentication.
+ * Generates TOTP codes using HMAC-based algorithm.
+ */
+import { AuthProvider, AuthResult, TOTPAuthConfig } from './index.js';
+export declare class TOTPProvider implements AuthProvider<TOTPAuthConfig> {
+    readonly type: "totp";
+    authenticate(config: TOTPAuthConfig): Promise<AuthResult>;
+    clear(config: TOTPAuthConfig): Promise<void>;
+    validate(config: TOTPAuthConfig): Promise<boolean>;
+    private getCacheKey;
+    /**
+     * Generate TOTP code
+     * Based on RFC 6238
+     */
+    private generateTOTP;
+    /**
+     * Convert counter to 8-byte array
+     */
+    private counterToBytes;
+    /**
+     * Decode Base32 string to Buffer
+     */
+    private base32Decode;
+    /**
+     * Get Node.js crypto module
+     */
+    private getCrypto;
+}

package/dist/core/auth/totp-provider.js

@@ -0,0 +1,134 @@
+/**
+ * TOTP Authentication Provider
+ *
+ * Handles Time-based One-Time Password authentication.
+ * Generates TOTP codes using HMAC-based algorithm.
+ */
+import { authCache, createCacheKey } from './index.js';
+export class TOTPProvider {
+    type = 'totp';
+    async authenticate(config) {
+        const { secret, digits = 6, period = 30, algorithm = 'sha1', cache } = config;
+        if (!secret) {
+            return {
+                success: false,
+                error: 'TOTP secret is required'
+            };
+        }
+        const cacheKey = this.getCacheKey(config);
+        // Check cache first (short TTL for TOTP - codes change every 30 seconds)
+        if (cache?.enabled !== false) {
+            const cached = authCache.get(cacheKey);
+            if (cached) {
+                return { success: true, credentials: cached };
+            }
+        }
+        // Generate current TOTP code
+        const code = this.generateTOTP(secret, digits, period, algorithm);
+        const credentials = {
+            type: 'totp',
+            headers: {
+                'X-TOTP': code
+            },
+            body: {
+                totp_code: code,
+                totp_algorithm: algorithm,
+                totp_digits: digits,
+                totp_period: period
+            }
+        };
+        // Cache with short TTL (default 30 seconds - one TOTP period)
+        if (cache?.enabled !== false) {
+            const ttl = cache?.ttl || period;
+            authCache.set(cacheKey, credentials, ttl);
+        }
+        // Calculate expiration time
+        const now = Math.floor(Date.now() / 1000);
+        const currentPeriod = Math.floor(now / period);
+        const nextPeriodTime = (currentPeriod + 1) * period * 1000;
+        return {
+            success: true,
+            credentials,
+            expiresAt: nextPeriodTime
+        };
+    }
+    async clear(config) {
+        const key = this.getCacheKey(config);
+        authCache.clear(key);
+    }
+    async validate(config) {
+        const key = this.getCacheKey(config);
+        // Check cache first, then validate secret
+        if (authCache.has(key)) {
+            return true;
+        }
+        return !!config.secret && config.secret.length > 0;
+    }
+    getCacheKey(config) {
+        // Use secret hash as identifier since secret is the main config
+        const crypto = this.getCrypto();
+        const hash = crypto.createHash('sha256').update(config.secret || '').digest('hex').substring(0, 16);
+        return createCacheKey('totp', hash);
+    }
+    /**
+     * Generate TOTP code
+     * Based on RFC 6238
+     */
+    generateTOTP(secret, digits, period, algorithm) {
+        const counter = Math.floor(Date.now() / 1000 / period);
+        const counterBytes = this.counterToBytes(counter);
+        const key = this.base32Decode(secret);
+        // Import crypto conditionally for Node.js
+        const crypto = this.getCrypto();
+        const hmac = crypto.createHmac(algorithm, key);
+        hmac.update(counterBytes);
+        const hmacResult = hmac.digest();
+        // Dynamic truncation
+        const offset = hmacResult[hmacResult.length - 1] & 0xf;
+        const binary = ((hmacResult[offset] & 0x7f) << 24) |
+            ((hmacResult[offset + 1] & 0xff) << 16) |
+            ((hmacResult[offset + 2] & 0xff) << 8) |
+            (hmacResult[offset + 3] & 0xff);
+        const otp = binary % Math.pow(10, digits);
+        return otp.toString().padStart(digits, '0');
+    }
+    /**
+     * Convert counter to 8-byte array
+     */
+    counterToBytes(counter) {
+        const buffer = Buffer.alloc(8);
+        for (let i = 7; i >= 0; i--) {
+            buffer[i] = counter & 0xff;
+            counter = counter >> 8;
+        }
+        return buffer;
+    }
+    /**
+     * Decode Base32 string to Buffer
+     */
+    base32Decode(secret) {
+        const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+        const bits = secret.toUpperCase().replace(/[^A-Z2-7]/g, '');
+        const hex = [];
+        for (let i = 0; i < bits.length; i += 8) {
+            const chunk = bits.substring(i, i + 8);
+            let byte = 0;
+            for (let j = 0; j < 8; j++) {
+                const val = alphabet.indexOf(chunk[j]);
+                if (val === -1)
+                    continue;
+                byte = (byte << 5) | val;
+            }
+            hex.push((byte >> 16) & 0xff);
+            hex.push((byte >> 8) & 0xff);
+            hex.push(byte & 0xff);
+        }
+        return Buffer.from(hex);
+    }
+    /**
+     * Get Node.js crypto module
+     */
+    getCrypto() {
+        return require('node:crypto');
+    }
+}

package/dist/core/auth/ui-login-provider.d.ts

@@ -0,0 +1,26 @@
+/**
+ * UI Login Authentication Provider
+ *
+ * Handles form-based UI login authentication using Playwright.
+ * Supports TOTP for 2FA and session persistence.
+ */
+import { AuthProvider, AuthResult, UILoginAuthConfig, Cookie } from './index.js';
+export declare class UILoginProvider implements AuthProvider<UILoginAuthConfig> {
+    readonly type: "ui_login";
+    authenticate(config: UILoginAuthConfig): Promise<AuthResult>;
+    clear(config: UILoginAuthConfig): Promise<void>;
+    validate(config: UILoginAuthConfig): Promise<boolean>;
+    private getCacheKey;
+    /**
+     * Generate TOTP code (simplified version)
+     */
+    private generateTOTP;
+    /**
+     * Save session cookies to file
+     */
+    private saveSession;
+    /**
+     * Load session cookies from file
+     */
+    loadSession(filepath: string): Promise<Cookie[]>;
+}