@octokit/auth-app
Advanced tools
Comparing version 4.0.7 to 4.0.8
@@ -53,7 +53,5 @@ 'use strict'; | ||
const result = await cache.get(cacheKey); | ||
if (!result) { | ||
return; | ||
} | ||
const [token, createdAt, expiresAt, repositorySelection, permissionsString, singleFileName] = result.split("|"); | ||
@@ -66,3 +64,2 @@ const permissions = options.permissions || permissionsString.split(/,/).reduce((permissions, string) => { | ||
} | ||
return permissions; | ||
@@ -87,3 +84,2 @@ }, {}); | ||
} | ||
function optionsToCacheKey({ | ||
@@ -132,7 +128,5 @@ installationId, | ||
const installationId = Number(options.installationId || state.installationId); | ||
if (!installationId) { | ||
throw new Error("[@octokit/auth-app] installationId option is required for installation authentication."); | ||
} | ||
if (options.factory) { | ||
@@ -144,16 +138,14 @@ const { | ||
...factoryAuthOptions | ||
} = { ...state, | ||
} = { | ||
...state, | ||
...options | ||
}; // @ts-expect-error if `options.factory` is set, the return type for `auth()` should be `Promise<ReturnType<options.factory>>` | ||
}; | ||
// @ts-expect-error if `options.factory` is set, the return type for `auth()` should be `Promise<ReturnType<options.factory>>` | ||
return factory(factoryAuthOptions); | ||
} | ||
const optionsWithInstallationTokenFromState = Object.assign({ | ||
installationId | ||
}, options); | ||
if (!options.refresh) { | ||
const result = await get(state.cache, optionsWithInstallationTokenFromState); | ||
if (result) { | ||
@@ -183,3 +175,2 @@ const { | ||
} | ||
const appAuthentication = await getAppAuthentication(state); | ||
@@ -209,6 +200,4 @@ const request = customRequest || state.request; | ||
/* istanbul ignore next - permissions are optional per OpenAPI spec, but we think that is incorrect */ | ||
const permissions = permissionsOptional || {}; | ||
/* istanbul ignore next - repositorySelection are optional per OpenAPI spec, but we think that is incorrect */ | ||
const repositorySelection = repositorySelectionOptional || "all"; | ||
@@ -246,7 +235,6 @@ const repositoryIds = repositories ? repositories.map(r => r.id) : void 0; | ||
// @ts-expect-error "oauth" is not supperted in types | ||
case "oauth": | ||
state.log.warn( // @ts-expect-error `log.warn()` expects string | ||
state.log.warn( | ||
// @ts-expect-error `log.warn()` expects string | ||
new deprecation.Deprecation(`[@octokit/auth-app] {type: "oauth"} is deprecated. Use {type: "oauth-app"} instead`)); | ||
case "oauth-app": | ||
@@ -256,12 +244,10 @@ return state.oauthApp({ | ||
}); | ||
case "installation": | ||
return getInstallationAuthentication(state, { ...authOptions, | ||
return getInstallationAuthentication(state, { | ||
...authOptions, | ||
type: "installation" | ||
}); | ||
case "oauth-user": | ||
// @ts-expect-error TODO: infer correct auth options type based on type. authOptions should be typed as "WebFlowAuthOptions | OAuthAppDeviceFlowAuthOptions | GitHubAppDeviceFlowAuthOptions" | ||
return state.oauthApp(authOptions); | ||
default: | ||
@@ -273,8 +259,7 @@ // @ts-expect-error type is "never" at this point | ||
const PATHS = ["/app", "/app/hook/config", "/app/hook/deliveries", "/app/hook/deliveries/{delivery_id}", "/app/hook/deliveries/{delivery_id}/attempts", "/app/installations", "/app/installations/{installation_id}", "/app/installations/{installation_id}/access_tokens", "/app/installations/{installation_id}/suspended", "/marketplace_listing/accounts/{account_id}", "/marketplace_listing/plan", "/marketplace_listing/plans", "/marketplace_listing/plans/{plan_id}/accounts", "/marketplace_listing/stubbed/accounts/{account_id}", "/marketplace_listing/stubbed/plan", "/marketplace_listing/stubbed/plans", "/marketplace_listing/stubbed/plans/{plan_id}/accounts", "/orgs/{org}/installation", "/repos/{owner}/{repo}/installation", "/users/{username}/installation"]; // CREDIT: Simon Grondin (https://github.com/SGrondin) | ||
const PATHS = ["/app", "/app/hook/config", "/app/hook/deliveries", "/app/hook/deliveries/{delivery_id}", "/app/hook/deliveries/{delivery_id}/attempts", "/app/installations", "/app/installations/{installation_id}", "/app/installations/{installation_id}/access_tokens", "/app/installations/{installation_id}/suspended", "/marketplace_listing/accounts/{account_id}", "/marketplace_listing/plan", "/marketplace_listing/plans", "/marketplace_listing/plans/{plan_id}/accounts", "/marketplace_listing/stubbed/accounts/{account_id}", "/marketplace_listing/stubbed/plan", "/marketplace_listing/stubbed/plans", "/marketplace_listing/stubbed/plans/{plan_id}/accounts", "/orgs/{org}/installation", "/repos/{owner}/{repo}/installation", "/users/{username}/installation"]; | ||
// CREDIT: Simon Grondin (https://github.com/SGrondin) | ||
// https://github.com/octokit/plugin-throttling.js/blob/45c5d7f13b8af448a9dbca468d9c9150a73b3948/lib/route-matcher.js | ||
function routeMatcher(paths) { | ||
// EXAMPLE. For the following paths: | ||
/* [ | ||
@@ -284,4 +269,4 @@ "/orgs/{org}/invitations", | ||
] */ | ||
const regexes = paths.map(p => p.split("/").map(c => c.startsWith("{") ? "(?:.+?)" : c).join("/")); // 'regexes' would contain: | ||
const regexes = paths.map(p => p.split("/").map(c => c.startsWith("{") ? "(?:.+?)" : c).join("/")); | ||
// 'regexes' would contain: | ||
/* [ | ||
@@ -291,5 +276,4 @@ '/orgs/(?:.+?)/invitations', | ||
] */ | ||
const regex = `^(?:${regexes.map(r => `(?:${r})`).join("|")})[^/]*$`; // 'regex' would contain: | ||
const regex = `^(?:${regexes.map(r => `(?:${r})`).join("|")})[^/]*$`; | ||
// 'regex' would contain: | ||
/* | ||
@@ -300,6 +284,4 @@ ^(?:(?:\/orgs\/(?:.+?)\/invitations)|(?:\/repos\/(?:.+?)\/(?:.+?)\/collaborators\/(?:.+?)))[^\/]*$ | ||
*/ | ||
return new RegExp(regex, "i"); | ||
} | ||
const REGEX = routeMatcher(PATHS); | ||
@@ -311,15 +293,12 @@ function requiresAppAuth(url) { | ||
const FIVE_SECONDS_IN_MS = 5 * 1000; | ||
function isNotTimeSkewError(error) { | ||
return !(error.message.match(/'Expiration time' claim \('exp'\) must be a numeric value representing the future time at which the assertion expires/) || error.message.match(/'Issued at' claim \('iat'\) must be an Integer representing the time that the assertion was issued/)); | ||
} | ||
async function hook(state, request, route, parameters) { | ||
const endpoint = request.endpoint.merge(route, parameters); | ||
const url = endpoint.url; // Do not intercept request to retrieve a new token | ||
const url = endpoint.url; | ||
// Do not intercept request to retrieve a new token | ||
if (/\/login\/oauth\/access_token$/.test(url)) { | ||
return request(endpoint); | ||
} | ||
if (requiresAppAuth(url.replace(request.endpoint.DEFAULTS.baseUrl, ""))) { | ||
@@ -331,3 +310,2 @@ const { | ||
let response; | ||
try { | ||
@@ -340,10 +318,8 @@ response = await request(endpoint); | ||
throw error; | ||
} // If the date header is missing, we can't correct the system time skew. | ||
} | ||
// If the date header is missing, we can't correct the system time skew. | ||
// Throw the error to be handled upstream. | ||
if (typeof error.response.headers.date === "undefined") { | ||
throw error; | ||
} | ||
const diff = Math.floor((Date.parse(error.response.headers.date) - Date.parse(new Date().toString())) / 1000); | ||
@@ -354,3 +330,4 @@ state.log.warn(error.message); | ||
token | ||
} = await getAppAuthentication({ ...state, | ||
} = await getAppAuthentication({ | ||
...state, | ||
timeDifference: diff | ||
@@ -361,6 +338,4 @@ }); | ||
} | ||
return response; | ||
} | ||
if (authOauthUser.requiresBasicAuth(url)) { | ||
@@ -373,7 +348,7 @@ const authentication = await state.oauthApp({ | ||
} | ||
const { | ||
token, | ||
createdAt | ||
} = await getInstallationAuthentication(state, // @ts-expect-error TBD | ||
} = await getInstallationAuthentication(state, | ||
// @ts-expect-error TBD | ||
{}, request); | ||
@@ -390,6 +365,4 @@ endpoint.headers.authorization = `token ${token}`; | ||
*/ | ||
async function sendRequestWithRetries(state, request, options, createdAt, retries = 0) { | ||
const timeSinceTokenCreationInMs = +new Date() - +new Date(createdAt); | ||
try { | ||
@@ -401,3 +374,2 @@ return await request(options); | ||
} | ||
if (timeSinceTokenCreationInMs >= FIVE_SECONDS_IN_MS) { | ||
@@ -407,6 +379,4 @@ if (retries > 0) { | ||
} | ||
throw error; | ||
} | ||
++retries; | ||
@@ -420,3 +390,3 @@ const awaitTime = retries * 1000; | ||
const VERSION = "4.0.7"; | ||
const VERSION = "4.0.8"; | ||
@@ -427,15 +397,11 @@ function createAppAuth(options) { | ||
} | ||
if (!Number.isFinite(+options.appId)) { | ||
throw new Error("[@octokit/auth-app] appId option must be a number or numeric string"); | ||
} | ||
if (!options.privateKey) { | ||
throw new Error("[@octokit/auth-app] privateKey option is required"); | ||
} | ||
if ("installationId" in options && !options.installationId) { | ||
throw new Error("[@octokit/auth-app] installationId is set to a falsy value"); | ||
} | ||
const log = Object.assign({ | ||
@@ -462,4 +428,4 @@ warn: console.warn.bind(console) | ||
}) | ||
}); // @ts-expect-error not worth the extra code to appease TS | ||
}); | ||
// @ts-expect-error not worth the extra code to appease TS | ||
return Object.assign(auth.bind(null, state), { | ||
@@ -466,0 +432,0 @@ hook: hook.bind(null, state) |
@@ -1,1 +0,1 @@ | ||
export const VERSION = "4.0.7"; | ||
export const VERSION = "4.0.8"; |
import * as OctokitTypes from "@octokit/types"; | ||
import LRUCache from "lru-cache"; | ||
import * as OAuthAppAuth from "@octokit/auth-oauth-app"; | ||
declare type OAuthStrategyOptions = { | ||
type OAuthStrategyOptions = { | ||
clientId?: string; | ||
clientSecret?: string; | ||
}; | ||
declare type CommonStrategyOptions = { | ||
type CommonStrategyOptions = { | ||
appId: number | string; | ||
@@ -19,4 +19,4 @@ privateKey: string; | ||
}; | ||
export declare type StrategyOptions = OAuthStrategyOptions & CommonStrategyOptions & Record<string, unknown>; | ||
export declare type AppAuthOptions = { | ||
export type StrategyOptions = OAuthStrategyOptions & CommonStrategyOptions & Record<string, unknown>; | ||
export type AppAuthOptions = { | ||
type: "app"; | ||
@@ -30,3 +30,3 @@ }; | ||
**/ | ||
export declare type InstallationAuthOptions = { | ||
export type InstallationAuthOptions = { | ||
type: "installation"; | ||
@@ -41,3 +41,3 @@ installationId?: number | string; | ||
}; | ||
export declare type InstallationAuthOptionsWithFactory<T> = { | ||
export type InstallationAuthOptionsWithFactory<T> = { | ||
type: "installation"; | ||
@@ -52,7 +52,7 @@ installationId?: number | string; | ||
}; | ||
export declare type OAuthAppAuthOptions = OAuthAppAuth.AppAuthOptions; | ||
export declare type OAuthWebFlowAuthOptions = OAuthAppAuth.WebFlowAuthOptions; | ||
export declare type OAuthDeviceFlowAuthOptions = OAuthAppAuth.GitHubAppDeviceFlowAuthOptions; | ||
export declare type Authentication = AppAuthentication | OAuthAppAuthentication | InstallationAccessTokenAuthentication | GitHubAppUserAuthentication | GitHubAppUserAuthenticationWithExpiration; | ||
export declare type FactoryInstallationOptions = StrategyOptions & Omit<InstallationAuthOptions, "type">; | ||
export type OAuthAppAuthOptions = OAuthAppAuth.AppAuthOptions; | ||
export type OAuthWebFlowAuthOptions = OAuthAppAuth.WebFlowAuthOptions; | ||
export type OAuthDeviceFlowAuthOptions = OAuthAppAuth.GitHubAppDeviceFlowAuthOptions; | ||
export type Authentication = AppAuthentication | OAuthAppAuthentication | InstallationAccessTokenAuthentication | GitHubAppUserAuthentication | GitHubAppUserAuthenticationWithExpiration; | ||
export type FactoryInstallationOptions = StrategyOptions & Omit<InstallationAuthOptions, "type">; | ||
export interface FactoryInstallation<T> { | ||
@@ -76,21 +76,21 @@ (options: FactoryInstallationOptions): T; | ||
} | ||
export declare type AnyResponse = OctokitTypes.OctokitResponse<any>; | ||
export declare type EndpointDefaults = OctokitTypes.EndpointDefaults; | ||
export declare type EndpointOptions = OctokitTypes.EndpointOptions; | ||
export declare type RequestParameters = OctokitTypes.RequestParameters; | ||
export declare type Route = OctokitTypes.Route; | ||
export declare type RequestInterface = OctokitTypes.RequestInterface; | ||
export declare type Cache = LRUCache<string, string> | { | ||
export type AnyResponse = OctokitTypes.OctokitResponse<any>; | ||
export type EndpointDefaults = OctokitTypes.EndpointDefaults; | ||
export type EndpointOptions = OctokitTypes.EndpointOptions; | ||
export type RequestParameters = OctokitTypes.RequestParameters; | ||
export type Route = OctokitTypes.Route; | ||
export type RequestInterface = OctokitTypes.RequestInterface; | ||
export type Cache = LRUCache<string, string> | { | ||
get: (key: string) => string; | ||
set: (key: string, value: string) => any; | ||
}; | ||
export declare type APP_TYPE = "app"; | ||
export declare type TOKEN_TYPE = "token"; | ||
export declare type INSTALLATION_TOKEN_TYPE = "installation"; | ||
export declare type OAUTH_TOKEN_TYPE = "oauth"; | ||
export declare type REPOSITORY_SELECTION = "all" | "selected"; | ||
export declare type JWT = string; | ||
export declare type ACCESS_TOKEN = string; | ||
export declare type UTC_TIMESTAMP = string; | ||
export declare type AppAuthentication = { | ||
export type APP_TYPE = "app"; | ||
export type TOKEN_TYPE = "token"; | ||
export type INSTALLATION_TOKEN_TYPE = "installation"; | ||
export type OAUTH_TOKEN_TYPE = "oauth"; | ||
export type REPOSITORY_SELECTION = "all" | "selected"; | ||
export type JWT = string; | ||
export type ACCESS_TOKEN = string; | ||
export type UTC_TIMESTAMP = string; | ||
export type AppAuthentication = { | ||
type: APP_TYPE; | ||
@@ -101,3 +101,3 @@ token: JWT; | ||
}; | ||
export declare type InstallationAccessTokenData = { | ||
export type InstallationAccessTokenData = { | ||
token: ACCESS_TOKEN; | ||
@@ -112,4 +112,4 @@ createdAt: UTC_TIMESTAMP; | ||
}; | ||
export declare type CacheData = InstallationAccessTokenData; | ||
export declare type InstallationAccessTokenAuthentication = InstallationAccessTokenData & { | ||
export type CacheData = InstallationAccessTokenData; | ||
export type InstallationAccessTokenAuthentication = InstallationAccessTokenData & { | ||
type: TOKEN_TYPE; | ||
@@ -119,11 +119,11 @@ tokenType: INSTALLATION_TOKEN_TYPE; | ||
}; | ||
export declare type OAuthAppAuthentication = OAuthAppAuth.AppAuthentication; | ||
export declare type GitHubAppUserAuthentication = OAuthAppAuth.GitHubAppUserAuthentication; | ||
export declare type GitHubAppUserAuthenticationWithExpiration = OAuthAppAuth.GitHubAppUserAuthenticationWithExpiration; | ||
export declare type FactoryOptions = Required<Omit<StrategyOptions, keyof State>> & State; | ||
export declare type Permissions = Record<string, string>; | ||
export declare type WithInstallationId = { | ||
export type OAuthAppAuthentication = OAuthAppAuth.AppAuthentication; | ||
export type GitHubAppUserAuthentication = OAuthAppAuth.GitHubAppUserAuthentication; | ||
export type GitHubAppUserAuthenticationWithExpiration = OAuthAppAuth.GitHubAppUserAuthenticationWithExpiration; | ||
export type FactoryOptions = Required<Omit<StrategyOptions, keyof State>> & State; | ||
export type Permissions = Record<string, string>; | ||
export type WithInstallationId = { | ||
installationId: number; | ||
}; | ||
export declare type State = Required<Omit<CommonStrategyOptions, "installationId">> & { | ||
export type State = Required<Omit<CommonStrategyOptions, "installationId">> & { | ||
installationId?: number; | ||
@@ -130,0 +130,0 @@ } & OAuthStrategyOptions & { |
@@ -1,1 +0,1 @@ | ||
export declare const VERSION = "4.0.7"; | ||
export declare const VERSION = "4.0.8"; |
@@ -361,3 +361,3 @@ import { getUserAgent } from 'universal-user-agent'; | ||
const VERSION = "4.0.7"; | ||
const VERSION = "4.0.8"; | ||
@@ -364,0 +364,0 @@ function createAppAuth(options) { |
{ | ||
"name": "@octokit/auth-app", | ||
"description": "GitHub App authentication for JavaScript", | ||
"version": "4.0.7", | ||
"version": "4.0.8", | ||
"license": "MIT", | ||
@@ -32,3 +32,3 @@ "files": [ | ||
"lru-cache": "^6.0.0", | ||
"universal-github-app-jwt": "^1.0.1", | ||
"universal-github-app-jwt": "^1.1.1", | ||
"universal-user-agent": "^6.0.0" | ||
@@ -47,3 +47,3 @@ }, | ||
"jest": "^29.0.0", | ||
"prettier": "2.7.1", | ||
"prettier": "2.8.1", | ||
"semantic-release-plugin-update-version-in-files": "^1.0.0", | ||
@@ -50,0 +50,0 @@ "ts-jest": "^29.0.0", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
1380
154871