npm - shopify - Versions diffs - 3.93.0 → 3.93.2 - Mend

shopify 3.93.0 → 3.93.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/dist/cli/services/store/{auth-config.js → auth/config.js} RENAMED Viewed

@@ -12,4 +12,4 @@ export function maskToken(token) {
         return '***';
     return `${token.slice(0, 10)}***`;
 }
-//# sourceMappingURL=auth-config.js.map
+//# sourceMappingURL=config.js.map

package/dist/cli/services/store/auth/existing-scopes.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export interface ResolvedStoreAuthScopes {
+    scopes: string[];
+    authoritative: boolean;
+}
+export declare function resolveExistingStoreAuthScopes(store: string): Promise<ResolvedStoreAuthScopes>;

package/dist/cli/services/store/auth/existing-scopes.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { normalizeStoreFqdn } from '@shopify/cli-kit/node/context/fqdn';
+import { outputContent, outputDebug, outputToken } from '@shopify/cli-kit/node/output';
+import { getCurrentStoredStoreAppSession } from './session-store.js';
+import { loadStoredStoreSession } from './session-lifecycle.js';
+import { fetchCurrentStoreAuthScopes } from './token-client.js';
+function truncateDebugMessage(message, length = 300) {
+    return message.slice(0, length);
+}
+function formatStoreScopeLookupError(error) {
+    if (error && typeof error === 'object' && 'response' in error) {
+        const response = error.response;
+        const status = response?.status;
+        const details = response?.errors;
+        if (typeof status === 'number') {
+            const summary = typeof details === 'string' ? details : JSON.stringify(details);
+            return truncateDebugMessage(summary ? `HTTP ${status}: ${summary}` : `HTTP ${status}`);
+        }
+    }
+    return truncateDebugMessage(error instanceof Error ? error.message : String(error));
+}
+export async function resolveExistingStoreAuthScopes(store) {
+    const normalizedStore = normalizeStoreFqdn(store);
+    const storedSession = getCurrentStoredStoreAppSession(normalizedStore);
+    if (!storedSession)
+        return { scopes: [], authoritative: true };
+    try {
+        const usableSession = await loadStoredStoreSession(normalizedStore);
+        const remoteScopes = await fetchCurrentStoreAuthScopes({
+            store: usableSession.store,
+            accessToken: usableSession.accessToken,
+        });
+        outputDebug(outputContent `Resolved current remote scopes for ${outputToken.raw(normalizedStore)}: ${outputToken.raw(remoteScopes.join(',') || 'none')}`);
+        return { scopes: remoteScopes, authoritative: true };
+    }
+    catch (error) {
+        outputDebug(outputContent `Falling back to locally stored scopes for ${outputToken.raw(normalizedStore)} after remote scope lookup failed: ${outputToken.raw(formatStoreScopeLookupError(error))}`);
+        return { scopes: storedSession.scopes, authoritative: false };
+    }
+}
+//# sourceMappingURL=existing-scopes.js.map

package/dist/cli/services/store/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { openURL } from '@shopify/cli-kit/node/system';
+import { exchangeStoreAuthCodeForToken } from './token-client.js';
+import { waitForStoreAuthCode } from './callback.js';
+import { type ResolvedStoreAuthScopes } from './existing-scopes.js';
+import { type StoreAuthPresenter, type StoreAuthResult } from './result.js';
+interface StoreAuthInput {
+    store: string;
+    scopes: string;
+}
+interface StoreAuthDependencies {
+    openURL: typeof openURL;
+    waitForStoreAuthCode: typeof waitForStoreAuthCode;
+    exchangeStoreAuthCodeForToken: typeof exchangeStoreAuthCodeForToken;
+    resolveExistingScopes: (store: string) => Promise<ResolvedStoreAuthScopes>;
+    presenter: StoreAuthPresenter;
+}
+export declare function authenticateStoreWithApp(input: StoreAuthInput, dependencies?: Partial<StoreAuthDependencies>): Promise<StoreAuthResult>;
+export {};

package/dist/cli/services/store/auth/index.js ADDED Viewed

@@ -0,0 +1,88 @@
+import { normalizeStoreFqdn } from '@shopify/cli-kit/node/context/fqdn';
+import { AbortError } from '@shopify/cli-kit/node/error';
+import { outputContent, outputDebug, outputToken } from '@shopify/cli-kit/node/output';
+import { openURL } from '@shopify/cli-kit/node/system';
+import { STORE_AUTH_APP_CLIENT_ID } from './config.js';
+import { setStoredStoreAppSession } from './session-store.js';
+import { exchangeStoreAuthCodeForToken } from './token-client.js';
+import { waitForStoreAuthCode } from './callback.js';
+import { createPkceBootstrap } from './pkce.js';
+import { mergeRequestedAndStoredScopes, parseStoreAuthScopes, resolveGrantedScopes } from './scopes.js';
+import { resolveExistingStoreAuthScopes } from './existing-scopes.js';
+import { createStoreAuthPresenter } from './result.js';
+const defaultStoreAuthDependencies = {
+    openURL,
+    waitForStoreAuthCode,
+    exchangeStoreAuthCodeForToken,
+    resolveExistingScopes: resolveExistingStoreAuthScopes,
+    presenter: createStoreAuthPresenter('text'),
+};
+export async function authenticateStoreWithApp(input, dependencies = {}) {
+    const resolvedDependencies = { ...defaultStoreAuthDependencies, ...dependencies };
+    const store = normalizeStoreFqdn(input.store);
+    const requestedScopes = parseStoreAuthScopes(input.scopes);
+    const existingScopeResolution = await resolvedDependencies.resolveExistingScopes(store);
+    const scopes = mergeRequestedAndStoredScopes(requestedScopes, existingScopeResolution.scopes);
+    const validationScopes = existingScopeResolution.authoritative ? scopes : requestedScopes;
+    if (existingScopeResolution.scopes.length > 0) {
+        outputDebug(outputContent `Merged requested scopes ${outputToken.raw(requestedScopes.join(','))} with existing scopes ${outputToken.raw(existingScopeResolution.scopes.join(','))} for ${outputToken.raw(store)}`);
+    }
+    const bootstrap = createPkceBootstrap({
+        store,
+        scopes,
+        exchangeCodeForToken: resolvedDependencies.exchangeStoreAuthCodeForToken,
+    });
+    const { authorization: { authorizationUrl }, } = bootstrap;
+    resolvedDependencies.presenter.openingBrowser();
+    const code = await resolvedDependencies.waitForStoreAuthCode({
+        ...bootstrap.waitForAuthCodeOptions,
+        onListening: async () => {
+            const opened = await resolvedDependencies.openURL(authorizationUrl);
+            if (!opened)
+                resolvedDependencies.presenter.manualAuthUrl(authorizationUrl);
+        },
+    });
+    const tokenResponse = await bootstrap.exchangeCodeForToken(code);
+    const userId = tokenResponse.associated_user?.id?.toString();
+    if (!userId) {
+        throw new AbortError('Shopify did not return associated user information for the online access token.');
+    }
+    const now = Date.now();
+    const expiresAt = tokenResponse.expires_in ? new Date(now + tokenResponse.expires_in * 1000).toISOString() : undefined;
+    const result = {
+        store,
+        userId,
+        scopes: resolveGrantedScopes(tokenResponse, validationScopes),
+        acquiredAt: new Date(now).toISOString(),
+        expiresAt,
+        refreshTokenExpiresAt: tokenResponse.refresh_token_expires_in
+            ? new Date(now + tokenResponse.refresh_token_expires_in * 1000).toISOString()
+            : undefined,
+        hasRefreshToken: !!tokenResponse.refresh_token,
+        associatedUser: tokenResponse.associated_user
+            ? {
+                id: tokenResponse.associated_user.id,
+                email: tokenResponse.associated_user.email,
+                firstName: tokenResponse.associated_user.first_name,
+                lastName: tokenResponse.associated_user.last_name,
+                accountOwner: tokenResponse.associated_user.account_owner,
+            }
+            : undefined,
+    };
+    setStoredStoreAppSession({
+        store,
+        clientId: STORE_AUTH_APP_CLIENT_ID,
+        userId,
+        accessToken: tokenResponse.access_token,
+        refreshToken: tokenResponse.refresh_token,
+        scopes: result.scopes,
+        acquiredAt: result.acquiredAt,
+        expiresAt,
+        refreshTokenExpiresAt: result.refreshTokenExpiresAt,
+        associatedUser: result.associatedUser,
+    });
+    outputDebug(outputContent `Session persisted for ${outputToken.raw(store)} (user ${outputToken.raw(userId)}, expires ${outputToken.raw(expiresAt ?? 'unknown')})`);
+    resolvedDependencies.presenter.success(result);
+    return result;
+}
+//# sourceMappingURL=index.js.map

package/dist/cli/services/store/auth/pkce.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import type { StoreTokenResponse } from './token-client.js';
+import type { WaitForAuthCodeOptions } from './callback.js';
+interface StoreAuthorizationContext {
+    store: string;
+    scopes: string[];
+    state: string;
+    port: number;
+    redirectUri: string;
+    authorizationUrl: string;
+    codeVerifier: string;
+}
+interface StoreAuthBootstrap {
+    authorization: StoreAuthorizationContext;
+    waitForAuthCodeOptions: WaitForAuthCodeOptions;
+    exchangeCodeForToken: (code: string) => Promise<StoreTokenResponse>;
+}
+export declare function generateCodeVerifier(): string;
+export declare function computeCodeChallenge(verifier: string): string;
+export declare function buildStoreAuthUrl(options: {
+    store: string;
+    scopes: string[];
+    state: string;
+    redirectUri: string;
+    codeChallenge: string;
+}): string;
+export declare function createPkceBootstrap(options: {
+    store: string;
+    scopes: string[];
+    exchangeCodeForToken: (options: {
+        store: string;
+        code: string;
+        codeVerifier: string;
+        redirectUri: string;
+    }) => Promise<StoreTokenResponse>;
+}): StoreAuthBootstrap;
+export {};

package/dist/cli/services/store/auth/pkce.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { randomUUID } from '@shopify/cli-kit/node/crypto';
+import { outputContent, outputDebug, outputToken } from '@shopify/cli-kit/node/output';
+import { createHash, randomBytes } from 'crypto';
+import { DEFAULT_STORE_AUTH_PORT, STORE_AUTH_APP_CLIENT_ID, storeAuthRedirectUri } from './config.js';
+export function generateCodeVerifier() {
+    return randomBytes(32).toString('base64url');
+}
+export function computeCodeChallenge(verifier) {
+    return createHash('sha256').update(verifier).digest('base64url');
+}
+export function buildStoreAuthUrl(options) {
+    const params = new URLSearchParams();
+    params.set('client_id', STORE_AUTH_APP_CLIENT_ID);
+    params.set('scope', options.scopes.join(','));
+    params.set('redirect_uri', options.redirectUri);
+    params.set('state', options.state);
+    params.set('response_type', 'code');
+    params.set('code_challenge', options.codeChallenge);
+    params.set('code_challenge_method', 'S256');
+    return `https://${options.store}/admin/oauth/authorize?${params.toString()}`;
+}
+export function createPkceBootstrap(options) {
+    const { store, scopes, exchangeCodeForToken } = options;
+    const port = DEFAULT_STORE_AUTH_PORT;
+    const state = randomUUID();
+    const redirectUri = storeAuthRedirectUri(port);
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = computeCodeChallenge(codeVerifier);
+    const authorizationUrl = buildStoreAuthUrl({ store, scopes, state, redirectUri, codeChallenge });
+    outputDebug(outputContent `Starting PKCE auth for ${outputToken.raw(store)} with scopes ${outputToken.raw(scopes.join(','))} (redirect_uri=${outputToken.raw(redirectUri)})`);
+    return {
+        authorization: {
+            store,
+            scopes,
+            state,
+            port,
+            redirectUri,
+            authorizationUrl,
+            codeVerifier,
+        },
+        waitForAuthCodeOptions: {
+            store,
+            state,
+            port,
+        },
+        exchangeCodeForToken: (code) => exchangeCodeForToken({ store, code, codeVerifier, redirectUri }),
+    };
+}
+//# sourceMappingURL=pkce.js.map

package/dist/cli/services/store/{auth-recovery.js → auth/recovery.js} RENAMED Viewed

@@ -14,4 +14,4 @@ export function reauthenticateStoreAuthError(message, store, scopes) {
 export function retryStoreAuthWithPermanentDomainError(returnedStore) {
     return new AbortError('OAuth callback store does not match the requested store.', `Shopify returned ${returnedStore} during authentication. Re-run using the permanent store domain:`, storeAuthCommandNextSteps(returnedStore, '<comma-separated-scopes>'));
 }
-//# sourceMappingURL=auth-recovery.js.map
+//# sourceMappingURL=recovery.js.map

package/dist/cli/services/store/auth/result.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+export interface StoreAuthResult {
+    store: string;
+    userId: string;
+    scopes: string[];
+    acquiredAt: string;
+    expiresAt?: string;
+    refreshTokenExpiresAt?: string;
+    hasRefreshToken: boolean;
+    associatedUser?: {
+        id: number;
+        email?: string;
+        firstName?: string;
+        lastName?: string;
+        accountOwner?: boolean;
+    };
+}
+type StoreAuthOutputFormat = 'text' | 'json';
+export interface StoreAuthPresenter {
+    openingBrowser: () => void;
+    manualAuthUrl: (authorizationUrl: string) => void;
+    success: (result: StoreAuthResult) => void;
+}
+export declare function createStoreAuthPresenter(format?: StoreAuthOutputFormat): StoreAuthPresenter;
+export {};

package/dist/cli/services/store/auth/result.js ADDED Viewed

@@ -0,0 +1,39 @@
+import { outputCompleted, outputInfo, outputResult, outputToken, outputContent } from '@shopify/cli-kit/node/output';
+function serializeStoreAuthResult(result) {
+    return JSON.stringify(result, null, 2);
+}
+function buildStoreAuthSuccessText(result) {
+    const displayName = result.associatedUser?.email ? ` as ${result.associatedUser.email}` : '';
+    return {
+        completed: ['Logged in.', `Authenticated${displayName} against ${result.store}.`],
+        info: ['', 'To verify that authentication worked, run:', `shopify store execute --store ${result.store} --query 'query { shop { name id } }'`],
+    };
+}
+function displayStoreAuthOpeningBrowser() {
+    outputInfo('Shopify CLI will open the app authorization page in your browser.');
+    outputInfo('');
+}
+function displayStoreAuthManualAuthUrl(authorizationUrl) {
+    outputInfo('Browser did not open automatically. Open this URL manually:');
+    outputInfo(outputContent `${outputToken.link(authorizationUrl)}`);
+    outputInfo('');
+}
+function displayStoreAuthResult(result, format = 'text') {
+    if (format === 'json') {
+        outputResult(serializeStoreAuthResult(result));
+        return;
+    }
+    const text = buildStoreAuthSuccessText(result);
+    text.completed.forEach((line) => outputCompleted(line));
+    text.info.forEach((line) => outputInfo(line));
+}
+export function createStoreAuthPresenter(format = 'text') {
+    return {
+        openingBrowser: displayStoreAuthOpeningBrowser,
+        manualAuthUrl: displayStoreAuthManualAuthUrl,
+        success(result) {
+            displayStoreAuthResult(result, format);
+        },
+    };
+}
+//# sourceMappingURL=result.js.map

package/dist/cli/services/store/auth/scopes.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { StoreTokenResponse } from './token-client.js';
+export declare function parseStoreAuthScopes(input: string): string[];
+export declare function mergeRequestedAndStoredScopes(requestedScopes: string[], storedScopes: string[]): string[];
+export declare function resolveGrantedScopes(tokenResponse: StoreTokenResponse, requestedScopes: string[]): string[];

package/dist/cli/services/store/auth/scopes.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { AbortError } from '@shopify/cli-kit/node/error';
+import { outputContent, outputDebug } from '@shopify/cli-kit/node/output';
+export function parseStoreAuthScopes(input) {
+    const scopes = input
+        .split(',')
+        .map((scope) => scope.trim())
+        .filter(Boolean);
+    if (scopes.length === 0) {
+        throw new AbortError('At least one scope is required.', 'Pass --scopes as a comma-separated list.');
+    }
+    return [...new Set(scopes)];
+}
+function expandImpliedStoreScopes(scopes) {
+    const expandedScopes = new Set(scopes);
+    for (const scope of scopes) {
+        const matches = scope.match(/^(unauthenticated_)?write_(.*)$/);
+        if (matches) {
+            expandedScopes.add(`${matches[1] ?? ''}read_${matches[2]}`);
+        }
+    }
+    return expandedScopes;
+}
+export function mergeRequestedAndStoredScopes(requestedScopes, storedScopes) {
+    const mergedScopes = [...storedScopes];
+    const expandedScopes = expandImpliedStoreScopes(storedScopes);
+    for (const scope of requestedScopes) {
+        if (expandedScopes.has(scope))
+            continue;
+        mergedScopes.push(scope);
+        for (const expandedScope of expandImpliedStoreScopes([scope])) {
+            expandedScopes.add(expandedScope);
+        }
+    }
+    return mergedScopes;
+}
+export function resolveGrantedScopes(tokenResponse, requestedScopes) {
+    if (!tokenResponse.scope) {
+        outputDebug(outputContent `Token response did not include scope; falling back to requested scopes`);
+        return requestedScopes;
+    }
+    const grantedScopes = parseStoreAuthScopes(tokenResponse.scope);
+    const expandedGrantedScopes = expandImpliedStoreScopes(grantedScopes);
+    const missingScopes = requestedScopes.filter((scope) => !expandedGrantedScopes.has(scope));
+    if (missingScopes.length > 0) {
+        throw new AbortError('Shopify granted fewer scopes than were requested.', `Missing scopes: ${missingScopes.join(', ')}.`, [
+            'Update the app or store installation scopes.',
+            'See https://shopify.dev/app/scopes',
+            'Re-run shopify store auth.',
+        ]);
+    }
+    return grantedScopes;
+}
+//# sourceMappingURL=scopes.js.map

package/dist/cli/services/store/auth/session-lifecycle.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { StoredStoreAppSession } from './session-store.js';
+export declare function isSessionExpired(session: StoredStoreAppSession): boolean;
+export declare function loadStoredStoreSession(store: string): Promise<StoredStoreAppSession>;

package/dist/cli/services/store/auth/session-lifecycle.js ADDED Viewed

@@ -0,0 +1,69 @@
+import { AbortError } from '@shopify/cli-kit/node/error';
+import { outputContent, outputDebug, outputToken } from '@shopify/cli-kit/node/output';
+import { maskToken } from './config.js';
+import { createStoredStoreAuthError, reauthenticateStoreAuthError } from './recovery.js';
+import { clearStoredStoreAppSession, getCurrentStoredStoreAppSession, setStoredStoreAppSession, } from './session-store.js';
+import { refreshStoreAccessToken } from './token-client.js';
+const EXPIRY_MARGIN_MS = 4 * 60 * 1000;
+export function isSessionExpired(session) {
+    if (!session.expiresAt)
+        return false;
+    const expiresAtMs = new Date(session.expiresAt).getTime();
+    if (Number.isNaN(expiresAtMs))
+        return true;
+    return expiresAtMs - EXPIRY_MARGIN_MS < Date.now();
+}
+function buildRefreshedStoredSession(session, refresh) {
+    const now = Date.now();
+    const expiresAt = refresh.expiresIn ? new Date(now + refresh.expiresIn * 1000).toISOString() : session.expiresAt;
+    return {
+        ...session,
+        accessToken: refresh.accessToken,
+        refreshToken: refresh.refreshToken ?? session.refreshToken,
+        expiresAt,
+        refreshTokenExpiresAt: refresh.refreshTokenExpiresIn
+            ? new Date(now + refresh.refreshTokenExpiresIn * 1000).toISOString()
+            : session.refreshTokenExpiresAt,
+        acquiredAt: new Date(now).toISOString(),
+    };
+}
+export async function loadStoredStoreSession(store) {
+    let session = getCurrentStoredStoreAppSession(store);
+    if (!session) {
+        throw createStoredStoreAuthError(store);
+    }
+    outputDebug(outputContent `Loaded stored session for ${outputToken.raw(store)}: token=${outputToken.raw(maskToken(session.accessToken))}, expires=${outputToken.raw(session.expiresAt ?? 'unknown')}`);
+    if (!isSessionExpired(session)) {
+        return session;
+    }
+    if (!session.refreshToken) {
+        throw reauthenticateStoreAuthError(`No refresh token stored for ${session.store}.`, session.store, session.scopes.join(','));
+    }
+    outputDebug(outputContent `Refreshing expired token for ${outputToken.raw(session.store)} (expired at ${outputToken.raw(session.expiresAt ?? 'unknown')}, refresh_token=${outputToken.raw(maskToken(session.refreshToken))})`);
+    const previousAccessToken = session.accessToken;
+    let refreshed;
+    try {
+        refreshed = await refreshStoreAccessToken({
+            store: session.store,
+            refreshToken: session.refreshToken,
+        });
+    }
+    catch (error) {
+        clearStoredStoreAppSession(session.store, session.userId);
+        if (error instanceof AbortError && error.message.startsWith(`Token refresh failed for ${session.store} (HTTP `)) {
+            throw reauthenticateStoreAuthError(error.message, session.store, session.scopes.join(','));
+        }
+        if (error instanceof AbortError && error.message === `Token refresh returned an invalid response for ${session.store}.`) {
+            throw reauthenticateStoreAuthError(error.message, session.store, session.scopes.join(','));
+        }
+        if (error instanceof AbortError && error.message === 'Received an invalid refresh response from Shopify.') {
+            throw error;
+        }
+        throw error;
+    }
+    session = buildRefreshedStoredSession(session, refreshed);
+    outputDebug(outputContent `Token refresh succeeded for ${outputToken.raw(session.store)}: ${outputToken.raw(maskToken(previousAccessToken))} → ${outputToken.raw(maskToken(session.accessToken))}, new expiry ${outputToken.raw(session.expiresAt ?? 'unknown')}`);
+    setStoredStoreAppSession(session);
+    return session;
+}
+//# sourceMappingURL=session-lifecycle.js.map

package/dist/cli/services/store/{session.d.ts → auth/session-store.d.ts} RENAMED Viewed

@@ -26,8 +26,7 @@ interface StoredStoreAppSessionBucket {
 interface StoreSessionSchema {
     [key: string]: StoredStoreAppSessionBucket;
 }
-export declare function getStoredStoreAppSession(store: string, storage?: LocalStorage<StoreSessionSchema>): StoredStoreAppSession | undefined;
+export declare function getCurrentStoredStoreAppSession(store: string, storage?: LocalStorage<StoreSessionSchema>): StoredStoreAppSession | undefined;
 export declare function setStoredStoreAppSession(session: StoredStoreAppSession, storage?: LocalStorage<StoreSessionSchema>): void;
 export declare function clearStoredStoreAppSession(store: string, userIdOrStorage?: string | LocalStorage<StoreSessionSchema>, maybeStorage?: LocalStorage<StoreSessionSchema>): void;
-export declare function isSessionExpired(session: StoredStoreAppSession): boolean;
 export {};

package/dist/cli/services/store/auth/session-store.js ADDED Viewed

@@ -0,0 +1,127 @@
+import { LocalStorage } from '@shopify/cli-kit/node/local-storage';
+import { storeAuthSessionKey } from './config.js';
+let _storeSessionStorage;
+function storeSessionStorage() {
+    _storeSessionStorage ?? (_storeSessionStorage = new LocalStorage({ projectName: 'shopify-cli-store' }));
+    return _storeSessionStorage;
+}
+function isString(value) {
+    return typeof value === 'string';
+}
+function sanitizeAssociatedUser(value) {
+    if (!value || typeof value !== 'object')
+        return undefined;
+    const associatedUser = value;
+    if (typeof associatedUser.id !== 'number')
+        return undefined;
+    return {
+        id: associatedUser.id,
+        ...(isString(associatedUser.email) ? { email: associatedUser.email } : {}),
+        ...(isString(associatedUser.firstName) ? { firstName: associatedUser.firstName } : {}),
+        ...(isString(associatedUser.lastName) ? { lastName: associatedUser.lastName } : {}),
+        ...(typeof associatedUser.accountOwner === 'boolean' ? { accountOwner: associatedUser.accountOwner } : {}),
+    };
+}
+function sanitizeStoredStoreAppSession(value) {
+    if (!value || typeof value !== 'object')
+        return undefined;
+    const session = value;
+    if (!isString(session.store) ||
+        !isString(session.clientId) ||
+        !isString(session.userId) ||
+        !isString(session.accessToken) ||
+        !Array.isArray(session.scopes) ||
+        !session.scopes.every(isString) ||
+        !isString(session.acquiredAt)) {
+        return undefined;
+    }
+    return {
+        store: session.store,
+        clientId: session.clientId,
+        userId: session.userId,
+        accessToken: session.accessToken,
+        scopes: session.scopes,
+        acquiredAt: session.acquiredAt,
+        ...(isString(session.refreshToken) ? { refreshToken: session.refreshToken } : {}),
+        ...(isString(session.expiresAt) ? { expiresAt: session.expiresAt } : {}),
+        ...(isString(session.refreshTokenExpiresAt) ? { refreshTokenExpiresAt: session.refreshTokenExpiresAt } : {}),
+        ...(sanitizeAssociatedUser(session.associatedUser) ? { associatedUser: sanitizeAssociatedUser(session.associatedUser) } : {}),
+    };
+}
+function readStoredStoreAppSessionBucket(store, storage) {
+    const key = storeAuthSessionKey(store);
+    const storedBucket = storage.get(key);
+    if (!storedBucket || typeof storedBucket !== 'object')
+        return undefined;
+    const { sessionsByUserId, currentUserId } = storedBucket;
+    if (!sessionsByUserId || typeof sessionsByUserId !== 'object' || Array.isArray(sessionsByUserId) || typeof currentUserId !== 'string') {
+        storage.delete(key);
+        return undefined;
+    }
+    const sanitizedSessionsByUserId = Object.fromEntries(Object.entries(sessionsByUserId).flatMap(([userId, session]) => {
+        const sanitizedSession = sanitizeStoredStoreAppSession(session);
+        return sanitizedSession ? [[userId, sanitizedSession]] : [];
+    }));
+    if (Object.keys(sanitizedSessionsByUserId).length !== Object.keys(sessionsByUserId).length) {
+        if (sanitizedSessionsByUserId[currentUserId]) {
+            storage.set(key, {
+                currentUserId,
+                sessionsByUserId: sanitizedSessionsByUserId,
+            });
+        }
+        else {
+            storage.delete(key);
+            return undefined;
+        }
+    }
+    return {
+        currentUserId,
+        sessionsByUserId: sanitizedSessionsByUserId,
+    };
+}
+export function getCurrentStoredStoreAppSession(store, storage = storeSessionStorage()) {
+    const bucket = readStoredStoreAppSessionBucket(store, storage);
+    if (!bucket)
+        return undefined;
+    const session = bucket.sessionsByUserId[bucket.currentUserId];
+    if (!session) {
+        storage.delete(storeAuthSessionKey(store));
+        return undefined;
+    }
+    return session;
+}
+export function setStoredStoreAppSession(session, storage = storeSessionStorage()) {
+    const key = storeAuthSessionKey(session.store);
+    const existingBucket = readStoredStoreAppSessionBucket(session.store, storage);
+    const nextBucket = {
+        currentUserId: session.userId,
+        sessionsByUserId: {
+            ...(existingBucket?.sessionsByUserId ?? {}),
+            [session.userId]: session,
+        },
+    };
+    storage.set(key, nextBucket);
+}
+export function clearStoredStoreAppSession(store, userIdOrStorage, maybeStorage) {
+    const userId = typeof userIdOrStorage === 'string' ? userIdOrStorage : undefined;
+    const storage = (typeof userIdOrStorage === 'string' ? maybeStorage : userIdOrStorage) ?? storeSessionStorage();
+    const key = storeAuthSessionKey(store);
+    if (!userId) {
+        storage.delete(key);
+        return;
+    }
+    const existingBucket = readStoredStoreAppSessionBucket(store, storage);
+    if (!existingBucket)
+        return;
+    const { [userId]: _removedSession, ...remainingSessions } = existingBucket.sessionsByUserId;
+    const remainingUserIds = Object.keys(remainingSessions);
+    if (remainingUserIds.length === 0) {
+        storage.delete(key);
+        return;
+    }
+    storage.set(key, {
+        currentUserId: existingBucket.currentUserId === userId ? remainingUserIds[0] : existingBucket.currentUserId,
+        sessionsByUserId: remainingSessions,
+    });
+}
+//# sourceMappingURL=session-store.js.map

package/dist/cli/services/store/auth/token-client.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+export interface StoreTokenResponse {
+    access_token: string;
+    token_type?: string;
+    scope?: string;
+    expires_in?: number;
+    refresh_token?: string;
+    refresh_token_expires_in?: number;
+    associated_user_scope?: string;
+    associated_user?: {
+        id: number;
+        first_name?: string;
+        last_name?: string;
+        email?: string;
+        account_owner?: boolean;
+        locale?: string;
+        collaborator?: boolean;
+        email_verified?: boolean;
+    };
+}
+interface StoreTokenRefreshPayload {
+    accessToken: string;
+    refreshToken?: string;
+    expiresIn?: number;
+    refreshTokenExpiresIn?: number;
+}
+export declare function exchangeStoreAuthCodeForToken(options: {
+    store: string;
+    code: string;
+    codeVerifier: string;
+    redirectUri: string;
+}): Promise<StoreTokenResponse>;
+export declare function refreshStoreAccessToken(options: {
+    store: string;
+    refreshToken: string;
+}): Promise<StoreTokenRefreshPayload>;
+export declare function fetchCurrentStoreAuthScopes(options: {
+    store: string;
+    accessToken: string;
+}): Promise<string[]>;
+export {};