wrangler 2.6.1 → 2.7.0

package/src/pages/upload.tsx

@@ -40,6 +40,10 @@ export function Options(yargs: Argv) {
 				type: "string",
 				description: "The name of the project you want to deploy to",
 			},
+			"skip-caching": {
+				type: "boolean",
+				description: "Skip asset caching which speeds up builds",
+			},
 		})
 		.epilogue(pagesBetaWarning);
 }
@@ -47,6 +51,7 @@ export function Options(yargs: Argv) {
 export const Handler = async ({
 	directory,
 	outputManifestPath,
+	skipCaching,
 }: UploadArgs) => {
 	if (!directory) {
 		throw new FatalError("Must specify a directory.", 1);
@@ -59,6 +64,7 @@ export const Handler = async ({
 	const manifest = await upload({
 		directory,
 		jwt: process.env.CF_PAGES_UPLOAD_JWT,
+		skipCaching: skipCaching ?? false,
 	});
 
 	if (outputManifestPath) {
@@ -74,8 +80,14 @@ export const upload = async (
 		| {
 				directory: string;
 				jwt: string;
+				skipCaching: boolean;
+		  }
+		| {
+				directory: string;
+				accountId: string;
+				projectName: string;
+				skipCaching: boolean;
 		  }
-		| { directory: string; accountId: string; projectName: string }
 ) => {
 	async function fetchJwt(): Promise<string> {
 		if ("jwt" in args) {
@@ -184,7 +196,12 @@ export const upload = async (
 	const start = Date.now();
 
 	let attempts = 0;
-	const getMissingHashes = async (): Promise<string[]> => {
+	const getMissingHashes = async (skipCaching: boolean): Promise<string[]> => {
+		if (skipCaching) {
+			console.debug("Force skipping cache");
+			return files.map(({ hash }) => hash);
+		}
+
 		try {
 			return await fetchResult<string[]>(`/pages/assets/check-missing`, {
 				method: "POST",
@@ -207,13 +224,13 @@ export const upload = async (
 					// Looks like the JWT expired, fetch another one
 					jwt = await fetchJwt();
 				}
-				return getMissingHashes();
+				return getMissingHashes(skipCaching);
 			} else {
 				throw e;
 			}
 		}
 	};
-	const missingHashes = await getMissingHashes();
+	const missingHashes = await getMissingHashes(args.skipCaching);
 
 	const sortedFiles = files
 		.filter((file) => missingHashes.includes(file.hash))
@@ -283,7 +300,8 @@ export const upload = async (
 			);
 
 			try {
-				return await fetchResult(`/pages/assets/upload`, {
+				console.debug("POST /pages/assets/upload");
+				const res = await fetchResult(`/pages/assets/upload`, {
 					method: "POST",
 					headers: {
 						"Content-Type": "application/json",
@@ -291,8 +309,10 @@ export const upload = async (
 					},
 					body: JSON.stringify(payload),
 				});
+				console.debug("result:", res);
 			} catch (e) {
 				if (attempts < MAX_UPLOAD_ATTEMPTS) {
+					console.debug("failed:", e, "retrying...");
 					// Exponential backoff, 1 second first time, then 2 second, then 4 second etc.
 					await new Promise((resolvePromise) =>
 						setTimeout(resolvePromise, Math.pow(2, attempts++) * 1000)
@@ -304,12 +324,13 @@ export const upload = async (
 					}
 					return doUpload();
 				} else {
+					console.debug("failed:", e);
 					throw e;
 				}
 			}
 		};
 
-		queue.add(() =>
+		void queue.add(() =>
 			doUpload().then(
 				() => {
 					counter += bucket.files.length;

package/src/publish/publish.ts

@@ -12,7 +12,7 @@ import {
 import { fetchListResult, fetchResult } from "../cfetch";
 import { printBindings } from "../config";
 import { createWorkerUploadForm } from "../create-worker-upload-form";
-import { confirm, fromDashMessagePrompt } from "../dialogs";
+import { confirm } from "../dialogs";
 import { getMigrationsToUpload } from "../durable";
 import { logger } from "../logger";
 import { getMetricsUsageHeaders } from "../metrics";
@@ -269,12 +269,14 @@ export default async function publish(props: Props): Promise<void> {
 				};
 			};
 
-			if (
-				(await fromDashMessagePrompt(
-					default_environment.script.last_deployed_from
-				)) === false
-			)
-				return;
+			if (default_environment.script.last_deployed_from === "dash") {
+				logger.warn(
+					`You are about to publish a Workers Service that was last published via the Cloudflare Dashboard.\nEdits that have been made via the dashboard will be overridden by your local code and config.`
+				);
+				if (!(await confirm("Would you like to continue?"))) {
+					return;
+				}
+			}
 		} catch (e) {
 			// code: 10090, message: workers.api.error.service_not_found
 			// is thrown from the above fetchResult on the first publish of a Worker

package/src/pubsub/{pubsub-commands.tsx → pubsub-commands.ts}

@@ -49,7 +49,7 @@ export function pubSubCommands(
 								namespace.description = args.description;
 							}
 
-							logger.log(`Creating Pub/SubNamespace ${args.name}...`);
+							logger.log(`Creating Pub/Sub Namespace ${args.name}...`);
 							await pubsub.createPubSubNamespace(accountId, namespace);
 							logger.log(`Success! Created Pub/Sub Namespace ${args.name}`);
 							await metrics.sendMetricsEvent("create pubsub namespace", {

package/src/secret/index.ts

@@ -58,7 +58,7 @@ export const secret = (secretYargs: Argv<CommonYargsOptions>) => {
 				const isInteractive = process.stdin.isTTY;
 				const secretValue = trimTrailingWhitespace(
 					isInteractive
-						? await prompt("Enter a secret value:", "password")
+						? await prompt("Enter a secret value:", { isSecret: true })
 						: await readFromStdin()
 				);
 

package/src/tail/index.ts

@@ -3,7 +3,7 @@ import onExit from "signal-exit";
 
 import { fetchResult, fetchScriptContent } from "../cfetch";
 import { readConfig } from "../config";
-import { tailDOLogPrompt } from "../dialogs";
+import { confirm } from "../dialogs";
 import {
 	isLegacyEnv,
 	printWranglerBanner,
@@ -144,8 +144,7 @@ export async function tailHandler(args: TailArgs) {
 			`Beginning log collection requires restarting the Durable Objects associated with ${scriptName}. Any WebSocket connections or other non-persisted state will be lost as part of this restart.`
 		);
 
-		const shouldContinue = await tailDOLogPrompt();
-		if (!shouldContinue) {
+		if (!(await confirm("Would you like to continue?"))) {
 			return;
 		}
 	}

package/src/tsconfig-sanity.ts

@@ -0,0 +1,16 @@
+// `@types/node` should be included
+Buffer.from("test");
+
+// @ts-expect-error `@types/jest` should NOT be included
+test("test");
+
+// @ts-expect-error `@cloudflare/workers-types` should NOT be included
+const _handler: ExportedHandler = {};
+// @ts-expect-error `@cloudflare/workers-types` should NOT be included
+new HTMLRewriter();
+
+// @ts-expect-error `fetch` should NOT be included as our minimum supported
+//  Node version is 16.13.0 which does not include `fetch` on the global scope
+void fetch("http://localhost/");
+
+export {};

package/src/user/access.ts

@@ -21,7 +21,6 @@ export async function domainUsesAccess(domain: string): Promise<boolean> {
 	try {
 		const controller = new AbortController();
 		const cancel = setTimeout(() => {
-			logger.debug("Timed out");
 			controller.abort();
 		}, 1000);
 

package/src/user/auth-variables.ts

@@ -0,0 +1,113 @@
+import { getEnvironmentVariableFactory } from "../environment-variables/factory";
+import { getCloudflareApiEnvironmentFromEnv } from "../environment-variables/misc-variables";
+import { getAccessToken } from "./access";
+
+/**
+ * `CLOUDFLARE_ACCOUNT_ID` overrides the account inferred from the current user.
+ */
+export const getCloudflareAccountIdFromEnv = getEnvironmentVariableFactory({
+	variableName: "CLOUDFLARE_ACCOUNT_ID",
+	deprecatedName: "CF_ACCOUNT_ID",
+});
+
+export const getCloudflareAPITokenFromEnv = getEnvironmentVariableFactory({
+	variableName: "CLOUDFLARE_API_TOKEN",
+	deprecatedName: "CF_API_TOKEN",
+});
+export const getCloudflareGlobalAuthKeyFromEnv = getEnvironmentVariableFactory({
+	variableName: "CLOUDFLARE_API_KEY",
+	deprecatedName: "CF_API_KEY",
+});
+export const getCloudflareGlobalAuthEmailFromEnv =
+	getEnvironmentVariableFactory({
+		variableName: "CLOUDFLARE_EMAIL",
+		deprecatedName: "CF_EMAIL",
+	});
+
+/**
+ * `WRANGLER_CLIENT_ID` is a UUID that is used to identify Wrangler
+ * to the Cloudflare APIs.
+ *
+ * Normally you should not need to set this explicitly.
+ * If you want to switch to the staging environment set the
+ * `WRANGLER_USE_STAGING` environment variable instead.
+ */
+export const getClientIdFromEnv = getEnvironmentVariableFactory({
+	variableName: "WRANGLER_CLIENT_ID",
+	defaultValue: () =>
+		getCloudflareApiEnvironmentFromEnv() === "staging"
+			? "4b2ea6cc-9421-4761-874b-ce550e0e3def"
+			: "54d11594-84e4-41aa-b438-e81b8fa78ee7",
+});
+
+/**
+ * `WRANGLER_AUTH_DOMAIN` is the URL base domain that is used
+ * to access OAuth URLs for the Cloudflare APIs.
+ *
+ * Normally you should not need to set this explicitly.
+ * If you want to switch to the staging environment set the
+ * `WRANGLER_USE_STAGING` environment variable instead.
+ */
+export const getAuthDomainFromEnv = getEnvironmentVariableFactory({
+	variableName: "WRANGLER_AUTH_DOMAIN",
+	defaultValue: () =>
+		getCloudflareApiEnvironmentFromEnv() === "staging"
+			? "dash.staging.cloudflare.com"
+			: "dash.cloudflare.com",
+});
+
+/**
+ * `WRANGLER_AUTH_URL` is the path that is used to access OAuth
+ * for the Cloudflare APIs.
+ *
+ * Normally you should not need to set this explicitly.
+ * If you want to switch to the staging environment set the
+ * `WRANGLER_USE_STAGING` environment variable instead.
+ */
+export const getAuthUrlFromEnv = getEnvironmentVariableFactory({
+	variableName: "WRANGLER_AUTH_URL",
+	defaultValue: () => `https://${getAuthDomainFromEnv()}/oauth2/auth`,
+});
+
+/**
+ * `WRANGLER_TOKEN_URL` is the path that is used to exchange an OAuth
+ * token for an API token.
+ *
+ * Normally you should not need to set this explicitly.
+ * If you want to switch to the staging environment set the
+ * `WRANGLER_USE_STAGING` environment variable instead.
+ */
+export const getTokenUrlFromEnv = getEnvironmentVariableFactory({
+	variableName: "WRANGLER_TOKEN_URL",
+	defaultValue: () => `https://${getAuthDomainFromEnv()}/oauth2/token`,
+});
+
+/**
+ * `WRANGLER_REVOKE_URL` is the path that is used to exchange an OAuth
+ * refresh token for a new OAuth token.
+ *
+ * Normally you should not need to set this explicitly.
+ * If you want to switch to the staging environment set the
+ * `WRANGLER_USE_STAGING` environment variable instead.
+ */
+export const getRevokeUrlFromEnv = getEnvironmentVariableFactory({
+	variableName: "WRANGLER_REVOKE_URL",
+	defaultValue: () => `https://${getAuthDomainFromEnv()}/oauth2/revoke`,
+});
+
+/**
+ * Set the `WRANGLER_CF_AUTHORIZATION_TOKEN` to the CF_Authorization token found at https://dash.staging.cloudflare.com/bypass-limits
+ * if you want to access the staging environment, triggered by `WRANGLER_API_ENVIRONMENT=staging`.
+ */
+export const getCloudflareAccessToken = async () => {
+	const env = getEnvironmentVariableFactory({
+		variableName: "WRANGLER_CF_AUTHORIZATION_TOKEN",
+	})();
+
+	// If the environment variable is defined, go ahead and use it.
+	if (env !== undefined) {
+		return env;
+	}
+
+	return getAccessToken(getAuthDomainFromEnv());
+};

package/src/user/choose-account.tsx

@@ -1,41 +1,11 @@
-import { Text } from "ink";
-import SelectInput from "ink-select-input";
-import React from "react";
 import { fetchListResult } from "../cfetch";
-import { logger } from "../logger";
-import { getCloudflareAccountIdFromEnv } from "./env-vars";
+import { getCloudflareAccountIdFromEnv } from "./auth-variables";
 
 export type ChooseAccountItem = {
 	id: string;
 	name: string;
 };
 
-/**
- * A component that allows the user to select from a list of available accounts.
- */
-export function ChooseAccount(props: {
-	accounts: ChooseAccountItem[];
-	onSelect: (account: { name: string; id: string }) => void;
-	onError: (error: Error) => void;
-}) {
-	return (
-		<>
-			<Text bold>Select an account from below:</Text>
-			<SelectInput
-				items={props.accounts.map((item) => ({
-					key: item.id,
-					label: item.name,
-					value: item,
-				}))}
-				onSelect={(item) => {
-					logger.log(`Using account: "${item.value.name} - ${item.value.id}"`);
-					props.onSelect({ id: item.value.id, name: item.value.name });
-				}}
-			/>
-		</>
-	);
-}
-
 /**
  * Infer a list of available accounts for the current user.
  */

package/src/user/index.ts

@@ -1,3 +1,2 @@
 export * from "./user";
-export * from "./env-vars";
 export * from "./choose-account";

package/src/user/{user.tsx → user.ts}

@@ -214,28 +214,61 @@ import url from "node:url";
 import { TextEncoder } from "node:util";
 import TOML from "@iarna/toml";
 import { HostURL } from "@webcontainer/env";
-import { render } from "ink";
-import Table from "ink-table";
-import React from "react";
 import { fetch } from "undici";
 import {
 	getConfigCache,
 	purgeConfigCaches,
 	saveToConfigCache,
 } from "../config-cache";
+import { NoDefaultValueProvided, select } from "../dialogs";
 import { getGlobalWranglerConfigPath } from "../global-wrangler-config-path";
 import { CI } from "../is-ci";
 import isInteractive from "../is-interactive";
 import { logger } from "../logger";
 import openInBrowser from "../open-in-browser";
 import { parseTOML, readFileSync } from "../parse";
-import { ChooseAccount, getAccountChoices } from "./choose-account";
-import { getAuthFromEnv } from "./env-vars";
+import { domainUsesAccess } from "./access";
+import {
+	getAuthDomainFromEnv,
+	getAuthUrlFromEnv,
+	getClientIdFromEnv,
+	getCloudflareAccessToken,
+	getCloudflareAPITokenFromEnv,
+	getCloudflareGlobalAuthEmailFromEnv,
+	getCloudflareGlobalAuthKeyFromEnv,
+	getRevokeUrlFromEnv,
+	getTokenUrlFromEnv,
+} from "./auth-variables";
+import { getAccountChoices } from "./choose-account";
 import { generateAuthUrl } from "./generate-auth-url";
 import { generateRandomState } from "./generate-random-state";
-import type { ApiCredentials } from "./env-vars";
+import type { ChooseAccountItem } from "./choose-account";
 import type { ParsedUrlQuery } from "node:querystring";
 
+export type ApiCredentials =
+	| {
+			apiToken: string;
+	  }
+	| {
+			authKey: string;
+			authEmail: string;
+	  };
+
+/**
+ * Try to read an API token or Global Auth from the environment.
+ */
+export function getAuthFromEnv(): ApiCredentials | undefined {
+	const globalApiKey = getCloudflareGlobalAuthKeyFromEnv();
+	const globalApiEmail = getCloudflareGlobalAuthEmailFromEnv();
+	const apiToken = getCloudflareAPITokenFromEnv();
+
+	if (globalApiKey && globalApiEmail) {
+		return { authKey: globalApiKey, authEmail: globalApiEmail };
+	} else if (apiToken) {
+		return { apiToken };
+	}
+}
+
 /**
  * An implementation of rfc6749#section-4.1 and rfc7636.
  */
@@ -330,11 +363,6 @@ export function validateScopeKeys(
 	return scopes.every((scope) => scope in Scopes);
 }
 
-const CLIENT_ID = "54d11594-84e4-41aa-b438-e81b8fa78ee7";
-const AUTH_URL = "https://dash.cloudflare.com/oauth2/auth";
-const TOKEN_URL = "https://dash.cloudflare.com/oauth2/token";
-const REVOKE_URL = "https://dash.cloudflare.com/oauth2/revoke";
-
 /**
  * To allow OAuth callbacks in environments such as WebContainer we need to
  * create a host URL which only resolves `localhost` to a WebContainer
@@ -386,7 +414,7 @@ function getAuthTokens(config?: UserAuthConfig): AuthTokens | undefined {
 }
 
 /**
- * Run the initialisation of the auth state, in the case that something changed.
+ * Run the initialization of the auth state, in the case that something changed.
  *
  * This runs automatically whenever `writeAuthConfigFile` is run, so generally
  * you won't need to call it yourself.
@@ -625,8 +653,8 @@ export async function getAuthURL(scopes = ScopeKeys): Promise<string> {
 	});
 
 	return generateAuthUrl({
-		authUrl: AUTH_URL,
-		clientId: CLIENT_ID,
+		authUrl: getAuthUrlFromEnv(),
+		clientId: getClientIdFromEnv(),
 		callbackUrl: CALLBACK_URL,
 		scopes,
 		stateQueryParam,
@@ -653,19 +681,14 @@ async function exchangeRefreshTokenForAccessToken(): Promise<AccessContext> {
 		logger.warn("No refresh token is present.");
 	}
 
-	const body =
-		`grant_type=refresh_token&` +
-		`refresh_token=${LocalState.refreshToken?.value}&` +
-		`client_id=${CLIENT_ID}`;
-
-	const response = await fetch(TOKEN_URL, {
-		method: "POST",
-		body,
-		headers: {
-			"Content-Type": "application/x-www-form-urlencoded",
-		},
+	const params = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: LocalState.refreshToken?.value ?? "",
+		client_id: getClientIdFromEnv(),
 	});
 
+	const response = await fetchAuthToken(params);
+
 	if (response.status >= 400) {
 		let tokenExchangeResErr = undefined;
 
@@ -743,20 +766,15 @@ async function exchangeAuthCodeForAccessToken(): Promise<AccessContext> {
 		logger.warn("No authorization grant code is being passed.");
 	}
 
-	const body =
-		`grant_type=authorization_code&` +
-		`code=${encodeURIComponent(authorizationCode || "")}&` +
-		`redirect_uri=${encodeURIComponent(CALLBACK_URL)}&` +
-		`client_id=${encodeURIComponent(CLIENT_ID)}&` +
-		`code_verifier=${codeVerifier}`;
-
-	const response = await fetch(TOKEN_URL, {
-		method: "POST",
-		body,
-		headers: {
-			"Content-Type": "application/x-www-form-urlencoded",
-		},
+	const params = new URLSearchParams({
+		grant_type: `authorization_code`,
+		code: authorizationCode ?? "",
+		redirect_uri: CALLBACK_URL,
+		client_id: getClientIdFromEnv(),
+		code_verifier: codeVerifier,
 	});
+
+	const response = await fetchAuthToken(params);
 	if (!response.ok) {
 		const { error } = (await response.json()) as { error: string };
 		// .catch((_) => ({ error: "invalid_json" }));
@@ -1038,11 +1056,11 @@ export async function logout(): Promise<void> {
 		}
 
 		const body =
-			`client_id=${encodeURIComponent(CLIENT_ID)}&` +
+			`client_id=${encodeURIComponent(getClientIdFromEnv())}&` +
 			`token_type_hint=refresh_token&` +
 			`token=${encodeURIComponent(LocalState.refreshToken?.value || "")}`;
 
-		const response = await fetch(REVOKE_URL, {
+		const response = await fetch(getRevokeUrlFromEnv(), {
 			method: "POST",
 			body,
 			headers: {
@@ -1055,11 +1073,11 @@ export async function logout(): Promise<void> {
 		);
 	}
 	const body =
-		`client_id=${encodeURIComponent(CLIENT_ID)}&` +
+		`client_id=${encodeURIComponent(getClientIdFromEnv())}&` +
 		`token_type_hint=refresh_token&` +
 		`token=${encodeURIComponent(LocalState.refreshToken?.value || "")}`;
 
-	const response = await fetch(REVOKE_URL, {
+	const response = await fetch(getRevokeUrlFromEnv(), {
 		method: "POST",
 		body,
 		headers: {
@@ -1077,8 +1095,7 @@ export function listScopes(message = "💁 Available scopes:"): void {
 		Scope: scope,
 		Description: Scopes[scope],
 	}));
-	const { unmount } = render(<Table data={data} />);
-	unmount();
+	logger.table(data);
 	// TODO: maybe a good idea to show usage here
 }
 
@@ -1097,36 +1114,32 @@ export async function getAccountId(): Promise<string | undefined> {
 		return accounts[0].id;
 	}
 
-	if (isInteractive() && !CI.isCI()) {
-		const account = await new Promise<{ id: string; name: string }>(
-			(resolve, reject) => {
-				const { unmount } = render(
-					<ChooseAccount
-						accounts={accounts}
-						onSelect={async (selected) => {
-							saveAccountToCache(selected);
-							resolve(selected);
-							unmount();
-						}}
-						onError={(err) => {
-							reject(err);
-							unmount();
-						}}
-					/>
-				);
-			}
-		);
-		return account.id;
+	try {
+		const accountID = await select("Select an account", {
+			choices: accounts.map((account) => ({
+				title: account.name,
+				value: account.id,
+			})),
+		});
+		const account = accounts.find(
+			(a) => a.id === accountID
+		) as ChooseAccountItem;
+		saveAccountToCache({ id: account.id, name: account.name });
+		return accountID;
+	} catch (e) {
+		// Did we try to select an account in CI or a non-interactive terminal?
+		if (e instanceof NoDefaultValueProvided) {
+			throw new Error(
+				`More than one account available but unable to select one in non-interactive mode.
+Please set the appropriate \`account_id\` in your \`wrangler.toml\` file.
+Available accounts are (\`<name>\`: \`<account_id>\`):
+${accounts
+	.map((account) => `  \`${account.name}\`: \`${account.id}\``)
+	.join("\n")}`
+			);
+		}
+		throw e;
 	}
-
-	throw new Error(
-		"More than one account available but unable to select one in non-interactive mode.\n" +
-			`Please set the appropriate \`account_id\` in your \`wrangler.toml\` file.\n` +
-			`Available accounts are ("<name>" - "<id>"):\n` +
-			accounts
-				.map((account) => `  "${account.name}" - "${account.id}")`)
-				.join("\n")
-	);
 }
 
 /**
@@ -1196,3 +1209,24 @@ export function getAccountFromCache():
 export function getScopes(): Scope[] | undefined {
 	return LocalState.scopes;
 }
+
+/**
+ * Make a request to the Cloudflare OAuth endpoint to get a token.
+ *
+ * Note that the `body` of the POST request is form-urlencoded so
+ * can be represented by a URLSearchParams object.
+ */
+async function fetchAuthToken(body: URLSearchParams) {
+	const headers: Record<string, string> = {
+		"Content-Type": "application/x-www-form-urlencoded",
+	};
+	if (await domainUsesAccess(getAuthDomainFromEnv())) {
+		// We are trying to access the staging API so we need an "access token".
+		headers["Cookie"] = `CF_Authorization=${await getCloudflareAccessToken()}`;
+	}
+	return await fetch(getTokenUrlFromEnv(), {
+		method: "POST",
+		body: body.toString(),
+		headers,
+	});
+}