UNPKG

@redocly/cli

Version:

[@Redocly](https://redocly.com) CLI is your all-in-one OpenAPI utility. It builds, manages, improves, and quality-checks your OpenAPI descriptions, all of which comes in handy for various phases of the API Lifecycle. Create your own rulesets to make API g

github.com/Redocly/redocly-cli

Redocly/redocly-cli

112 lines (93 loc) 3.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import { homedir } from 'node:os'; import * as path from 'node:path'; import { mkdirSync, existsSync, writeFileSync, readFileSync, rmSync } from 'node:fs'; import * as crypto from 'node:crypto'; import { Buffer } from 'node:buffer'; import { type AuthToken, RedoclyOAuthDeviceFlow } from './device-flow'; const SALT = '4618dbc9-8aed-4e27-aaf0-225f4603e5a4'; const CRYPTO_ALGORITHM = 'aes-256-cbc'; export class RedoclyOAuthClient { private dir: string; private cipher: crypto.Cipher; private decipher: crypto.Decipher; constructor(private clientName: string, private version: string) { this.dir = path.join(homedir(), '.redocly'); if (!existsSync(this.dir)) { mkdirSync(this.dir); } const homeDirPath = process.env.HOME as string; const hash = crypto.createHash('sha256'); hash.update(`${homeDirPath}${SALT}`); const hashHex = hash.digest('hex'); const key = Buffer.alloc( 32, Buffer.from(hashHex).toString('base64') ).toString() as crypto.CipherKey; const iv = Buffer.alloc( 16, Buffer.from(process.env.HOME as string).toString('base64') ).toString() as crypto.BinaryLike; this.cipher = crypto.createCipheriv(CRYPTO_ALGORITHM, key, iv); this.decipher = crypto.createDecipheriv(CRYPTO_ALGORITHM, key, iv); } async login(baseUrl: string) { const deviceFlow = new RedoclyOAuthDeviceFlow(baseUrl, this.clientName, this.version); const token = await deviceFlow.run(); if (!token) { throw new Error('Failed to login'); } this.saveToken(token); } async logout() { try { this.removeToken(); } catch (err) { // do nothing } } async isAuthorized(baseUrl: string, apiKey?: string) { const deviceFlow = new RedoclyOAuthDeviceFlow(baseUrl, this.clientName, this.version); if (apiKey) { return await deviceFlow.verifyApiKey(apiKey); } const token = await this.readToken(); if (!token) { return false; } const isValidAccessToken = await deviceFlow.verifyToken(token.access_token); if (isValidAccessToken) { return true; } try { const newToken = await deviceFlow.refreshToken(token.refresh_token); await this.saveToken(newToken); } catch { return false; } return true; } private async saveToken(token: AuthToken) { try { const encrypted = this.cipher.update(JSON.stringify(token), 'utf8', 'hex') + this.cipher.final('hex'); writeFileSync(path.join(this.dir, 'auth.json'), encrypted); } catch (error) { process.stderr.write('Error saving tokens:', error); } } private async readToken() { try { const token = readFileSync(path.join(this.dir, 'auth.json'), 'utf8'); const decrypted = this.decipher.update(token, 'hex', 'utf8') + this.decipher.final('utf8'); return decrypted ? JSON.parse(decrypted) : null; } catch { return null; } } private async removeToken() { const tokenPath = path.join(this.dir, 'auth.json'); if (existsSync(tokenPath)) { rmSync(tokenPath); } } }