UNPKG

@grucloud/core

Version:

GruCloud core, generate infrastructure code

www.grucloud.com

grucloud/grucloud

71 lines (67 loc) 1.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
const assert = require("assert"); const { tap, pipe, get, assign } = require("rubico"); const { when } = require("rubico/x"); const Axios = require("axios"); const { decodeJwt } = require("jose"); const logger = require("./logger")({ prefix: "JWT" }); const requestJwt = ({ tokenUrl, subject, client_secret, audience }) => pipe([ tap(() => { assert(tokenUrl); assert(subject); assert(client_secret); }), () => ({ grant_type: "client_credentials", client_id: subject, client_secret, }), when(() => audience, assign({ aud: () => audience })), (data) => ({ method: "POST", url: tokenUrl, headers: { "content-type": "application/x-www-form-urlencoded" }, data: new URLSearchParams(data), }), Axios.request, get("data.access_token"), tap((access_token) => { assert(access_token); }), tap( pipe([ decodeJwt, tap((pcarams) => { assert(true); }), ]) ), ])(); exports.getWebIdentityToken = async ({ audience }) => { const { GRUCLOUD_OAUTH_SERVER, GRUCLOUD_OAUTH_CLIENT_SECRET, GRUCLOUD_OAUTH_SUBJECT, GRUCLOUD_OAUTH_TOKEN, } = process.env; if ( GRUCLOUD_OAUTH_SERVER && GRUCLOUD_OAUTH_CLIENT_SECRET && GRUCLOUD_OAUTH_SUBJECT ) { logger.debug(`fetch a jwt from ${GRUCLOUD_OAUTH_SERVER}`); return requestJwt({ tokenUrl: GRUCLOUD_OAUTH_SERVER, subject: GRUCLOUD_OAUTH_SUBJECT, client_secret: GRUCLOUD_OAUTH_CLIENT_SECRET, audience, }); } else if (GRUCLOUD_OAUTH_TOKEN) { logger.info(`using GRUCLOUD_OAUTH_TOKEN`); return GRUCLOUD_OAUTH_TOKEN; } else { throw Error( "GRUCLOUD_OAUTH_TOKEN or (GRUCLOUD_OAUTH_SERVER, GRUCLOUD_OAUTH_CLIENT_SECRET, GRUCLOUD_OAUTH_SUBJECT) missing" ); } };