@rushstack/rush-azure-storage-build-cache-plugin/lib/AdoCodespacesAuthCredential.js

Rush plugin for Azure storage cloud build cache

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AdoCodespacesAuthCredential = void 0;
// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
// See LICENSE in the project root for license information.
const node_core_library_1 = require("@rushstack/node-core-library");
const identity_1 = require("@azure/identity");
/**
 * AdoCodespacesAuthCredential uses "Azure Devops Codespaces Authentication" VSCode extension to get the access
 * tokens for AAD in Codespaces.
 * https://github.com/microsoft/ado-codespaces-auth
 */
class AdoCodespacesAuthCredential {
    // eslint-disable-next-line @typescript-eslint/naming-convention
    async getToken(scopes, options) {
        var _a;
        try {
            let scope;
            if (Array.isArray(scopes)) {
                if (scopes.length > 1) {
                    throw new Error('Only one scope is supported');
                }
                else if (scopes.length === 0) {
                    throw new Error('A scope must be provided.');
                }
                else {
                    scope = scopes[0];
                }
            }
            else {
                scope = scopes;
            }
            const azureAuthHelperExec = 'azure-auth-helper';
            const token = node_core_library_1.Executable.spawnSync(azureAuthHelperExec, ['get-access-token', scope]).stdout;
            let expiresOnTimestamp;
            try {
                const decodedToken = this._decodeToken(token);
                if ((_a = decodedToken === null || decodedToken === void 0 ? void 0 : decodedToken.payload) === null || _a === void 0 ? void 0 : _a.exp) {
                    expiresOnTimestamp = decodedToken.payload.exp * 1000;
                }
                else {
                    expiresOnTimestamp = Date.now() + 3600000;
                }
            }
            catch (error) {
                throw new Error(`Failed to decode the token: ${error}`);
            }
            return {
                token,
                expiresOnTimestamp
            };
        }
        catch (error) {
            throw new identity_1.CredentialUnavailableError(`Failed to get token from Azure DevOps Codespaces Authentication: ${error.message}`);
        }
    }
    _decodeToken(token) {
        const parts = token.split('.');
        if (parts.length !== 3) {
            throw new Error('Invalid token');
        }
        const header = Buffer.from(parts[0], 'base64').toString();
        const payload = Buffer.from(parts[1], 'base64').toString();
        const signature = parts[2];
        return {
            header: JSON.parse(header),
            payload: JSON.parse(payload),
            signature
        };
    }
}
exports.AdoCodespacesAuthCredential = AdoCodespacesAuthCredential;
//# sourceMappingURL=AdoCodespacesAuthCredential.js.map