UNPKG

@scalar/api-client

Version:

the open source API testing client

github.com/scalar/scalar

scalar/scalar

101 lines (100 loc) 5.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import { shouldUseProxy as S } from "@scalar/oas-utils/helpers"; import { fromUint8Array as P, encode as k } from "js-base64"; const w = () => { const e = new Uint8Array(32); return crypto.getRandomValues(e), P(e, !0); }, U = async (e, l) => { if (l === "plain") return e; if (typeof crypto?.subtle?.digest != "function") return console.warn("SHA-256 is only supported when using https, using a plain text code challenge instead."), e; const n = new TextEncoder().encode(e), c = await crypto.subtle.digest("SHA-256", n); return P(new Uint8Array(c), !0); }, b = async (e, l, u) => { try { if (!e) return [new Error("Flow not found"), null]; const n = e.selectedScopes.join(" "); if (e.type === "clientCredentials" || e.type === "password") return x(e, n, { proxyUrl: u }); const c = (Math.random() + 1).toString(36).substring(2, 10), t = new URL(e.authorizationUrl); let m = null; if (e.type === "implicit") t.searchParams.set("response_type", "token"); else if (e.type === "authorizationCode" && (t.searchParams.set("response_type", "code"), e["x-usePkce"] !== "no")) { const r = w(), s = await U(r, e["x-usePkce"]); m = { codeVerifier: r, codeChallenge: s, codeChallengeMethod: e["x-usePkce"] === "SHA-256" ? "S256" : "plain" }, t.searchParams.set("code_challenge", s), t.searchParams.set("code_challenge_method", m.codeChallengeMethod); } if (e["x-scalar-redirect-uri"].startsWith("/")) { const r = l.url || window.location.origin + window.location.pathname, s = new URL(e["x-scalar-redirect-uri"], r).toString(); t.searchParams.set("redirect_uri", s); } else t.searchParams.set("redirect_uri", e["x-scalar-redirect-uri"]); e["x-scalar-security-query"] && Object.keys(e["x-scalar-security-query"]).forEach((r) => { const s = e["x-scalar-security-query"]?.[r]; s && t.searchParams.set(r, s); }), t.searchParams.set("client_id", e["x-scalar-client-id"]), t.searchParams.set("state", c), n && t.searchParams.set("scope", n); const a = window.open(t, "openAuth2Window", "left=100,top=100,width=800,height=600"); return a ? new Promise((r) => { const s = setInterval(() => { let o = null, d = null, h = null, y = null; try { const i = new URL(a.location.href).searchParams, _ = e["x-tokenName"] || "access_token"; o = i.get(_), d = i.get("code"), h = i.get("error"), y = i.get("error_description"); const g = new URLSearchParams(a.location.href.split("#")[1]); o ||= g.get(_), d ||= g.get("code"), h ||= g.get("error"), y ||= g.get("error_description"); } catch { } if (a.closed || o || d || h) if (clearInterval(s), a.close(), h) r([new Error(`OAuth error: ${h}${y ? ` (${y})` : ""}`), null]); else if (o) { const i = a.location.href.match(/state=([^&]*)/)?.[1]; r(i === c ? [null, o] : [new Error("State mismatch"), null]); } else d ? new URL(a.location.href).searchParams.get("state") === c ? x(e, n, { code: d, pkce: m, proxyUrl: u }).then(r) : r([new Error("State mismatch"), null]) : (clearInterval(s), r([new Error("Window was closed without granting authorization"), null])); }, 200); }) : [new Error("Failed to open auth window"), null]; } catch { return [new Error("Failed to authorize oauth2 flow"), null]; } }, x = async (e, l, { code: u, pkce: n, proxyUrl: c } = {}) => { if (!e) return [new Error("OAuth2 flow was not defined"), null]; const t = new URLSearchParams(); t.set("client_id", e["x-scalar-client-id"]), l && (e.type === "clientCredentials" || e.type === "password") && t.set("scope", l), e.clientSecret && (!e["x-scalar-credentials-location"] || e["x-scalar-credentials-location"] === "body") && t.set("client_secret", e.clientSecret), "x-scalar-redirect-uri" in e && e["x-scalar-redirect-uri"] && t.set("redirect_uri", e["x-scalar-redirect-uri"]), u ? (t.set("code", u), t.set("grant_type", "authorization_code"), n && t.set("code_verifier", n.codeVerifier)) : e.type === "password" ? (t.set("grant_type", "password"), t.set("username", e.username), t.set("password", e.password)) : t.set("grant_type", "client_credentials"), e["x-scalar-security-body"] && Object.entries(e["x-scalar-security-body"]).forEach(([p, a]) => { a && t.set(p, a); }); try { const p = { "Content-Type": "application/x-www-form-urlencoded" }; e.clientSecret && (!e["x-scalar-credentials-location"] || e["x-scalar-credentials-location"] === "header") && (p.Authorization = `Basic ${k(`${e["x-scalar-client-id"]}:${e.clientSecret}`)}`); const r = S(c, e.tokenUrl) ? `${c}?${new URLSearchParams([["scalar_url", e.tokenUrl]]).toString()}` : e.tokenUrl, o = await (await fetch(r, { method: "POST", headers: p, body: t })).json(), d = e["x-tokenName"] || "access_token"; return [null, o[d]]; } catch { return [new Error("Failed to get an access token. Please check your credentials."), null]; } }; export { b as authorizeOauth2, x as authorizeServers, U as generateCodeChallenge };