UNPKG

appstore-cli

Version:

A command-line interface (CLI) to interact with the Apple App Store Connect API.

111 lines (110 loc) • 6.04 kB

JavaScript

"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __generator = (this && this.__generator) || function (thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (g && (g = 0, op[0] && (_ = 0)), _) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } }; Object.defineProperty(exports, "__esModule", { value: true }); exports.generateJwt = generateJwt; var jsonwebtoken_1 = require("jsonwebtoken"); var crypto_1 = require("crypto"); var config_1 = require("./config"); function generateJwt(config) { return __awaiter(this, void 0, void 0, function () { var privateKey, keyObject, payload, currentTime, options, token; return __generator(this, function (_a) { switch (_a.label) { case 0: // Validate required configuration fields if (!config.issuerId) { throw new Error('Issuer ID is required but not provided'); } if (!config.keyId) { throw new Error('Key ID is required but not provided'); } return [4 /*yield*/, (0, config_1.getPrivateKey)(config)]; case 1: privateKey = _a.sent(); if (!privateKey) { throw new Error('Private key is required but not provided'); } try { keyObject = crypto_1.default.createPrivateKey(privateKey); } catch (keyError) { // Sanitize error message to avoid exposing key information throw new Error('Invalid private key format'); } payload = { iss: config.issuerId, exp: Math.floor(Date.now() / 1000) + (20 * 60), // 20 minutes aud: 'appstoreconnect-v1' }; // Validate payload fields if (!payload.iss) { throw new Error('Issuer ID is required in JWT payload'); } currentTime = Math.floor(Date.now() / 1000); if (!payload.exp || payload.exp <= currentTime) { throw new Error('Invalid expiration time in JWT payload'); } // Ensure expiration doesn't exceed 30 minutes (with 10-minute buffer) if (payload.exp - currentTime > 30 * 60) { throw new Error('Token expiration time exceeds maximum allowed duration'); } options = { algorithm: 'ES256', header: { alg: 'ES256', kid: config.keyId, typ: 'JWT' } }; try { token = jsonwebtoken_1.default.sign(payload, keyObject, options); // Additional validation that token was created successfully if (!token || typeof token !== 'string') { throw new Error('Failed to generate JWT token'); } return [2 /*return*/, token]; } catch (signError) { // Sanitize error message to avoid exposing key information throw new Error('Failed to sign JWT token'); } return [2 /*return*/]; } }); }); }