UNPKG

aws-delivlib

Version:

A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.

github.com/cdklabs/aws-delivlib

cdklabs/aws-delivlib

857 lines (828 loc) • 27 kB

JavaScript

"use strict"; var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( // If the importer is in node compatibility mode or this is not an ESM // file that has been converted to a CommonJS file using a Babel- // compatible transform (i.e. "__esModule" has not been set), then set // "default" to the CommonJS "module.exports" for node compatibility. isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod )); var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // pkg/dist-src/index.js var dist_src_exports = {}; __export(dist_src_exports, { OAuthApp: () => OAuthApp, createAWSLambdaAPIGatewayV2Handler: () => createAWSLambdaAPIGatewayV2Handler, createCloudflareHandler: () => createCloudflareHandler, createNodeMiddleware: () => createNodeMiddleware, createWebWorkerHandler: () => createWebWorkerHandler, handleRequest: () => handleRequest }); module.exports = __toCommonJS(dist_src_exports); var import_auth_oauth_app = require("@octokit/auth-oauth-app"); // pkg/dist-src/version.js var VERSION = "4.2.4"; // pkg/dist-src/add-event-handler.js function addEventHandler(state, eventName, eventHandler) { if (Array.isArray(eventName)) { for (const singleEventName of eventName) { addEventHandler(state, singleEventName, eventHandler); } return; } if (!state.eventHandlers[eventName]) { state.eventHandlers[eventName] = []; } state.eventHandlers[eventName].push(eventHandler); } // pkg/dist-src/oauth-app-octokit.js var import_core = require("@octokit/core"); var import_universal_user_agent = require("universal-user-agent"); var OAuthAppOctokit = import_core.Octokit.defaults({ userAgent: `octokit-oauth-app.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}` }); // pkg/dist-src/methods/get-user-octokit.js var import_auth_oauth_user = require("@octokit/auth-oauth-user"); // pkg/dist-src/emit-event.js async function emitEvent(state, context) { const { name, action } = context; if (state.eventHandlers[`${name}.${action}`]) { for (const eventHandler of state.eventHandlers[`${name}.${action}`]) { await eventHandler(context); } } if (state.eventHandlers[name]) { for (const eventHandler of state.eventHandlers[name]) { await eventHandler(context); } } } // pkg/dist-src/methods/get-user-octokit.js async function getUserOctokitWithState(state, options) { return state.octokit.auth({ type: "oauth-user", ...options, async factory(options2) { const octokit = new state.Octokit({ authStrategy: import_auth_oauth_user.createOAuthUserAuth, auth: options2 }); const authentication = await octokit.auth({ type: "get" }); await emitEvent(state, { name: "token", action: "created", token: authentication.token, scopes: authentication.scopes, authentication, octokit }); return octokit; } }); } // pkg/dist-src/methods/get-web-flow-authorization-url.js var OAuthMethods = __toESM(require("@octokit/oauth-methods")); function getWebFlowAuthorizationUrlWithState(state, options) { const optionsWithDefaults = { clientId: state.clientId, request: state.octokit.request, ...options, allowSignup: state.allowSignup ?? options.allowSignup, redirectUrl: options.redirectUrl ?? state.redirectUrl, scopes: options.scopes ?? state.defaultScopes }; return OAuthMethods.getWebFlowAuthorizationUrl({ clientType: state.clientType, ...optionsWithDefaults }); } // pkg/dist-src/methods/create-token.js var OAuthAppAuth = __toESM(require("@octokit/auth-oauth-app")); async function createTokenWithState(state, options) { const authentication = await state.octokit.auth({ type: "oauth-user", ...options }); await emitEvent(state, { name: "token", action: "created", token: authentication.token, scopes: authentication.scopes, authentication, octokit: new state.Octokit({ authStrategy: OAuthAppAuth.createOAuthUserAuth, auth: { clientType: state.clientType, clientId: state.clientId, clientSecret: state.clientSecret, token: authentication.token, scopes: authentication.scopes, refreshToken: authentication.refreshToken, expiresAt: authentication.expiresAt, refreshTokenExpiresAt: authentication.refreshTokenExpiresAt } }) }); return { authentication }; } // pkg/dist-src/methods/check-token.js var OAuthMethods2 = __toESM(require("@octokit/oauth-methods")); async function checkTokenWithState(state, options) { const result = await OAuthMethods2.checkToken({ // @ts-expect-error not worth the extra code to appease TS clientType: state.clientType, clientId: state.clientId, clientSecret: state.clientSecret, request: state.octokit.request, ...options }); Object.assign(result.authentication, { type: "token", tokenType: "oauth" }); return result; } // pkg/dist-src/methods/reset-token.js var OAuthMethods3 = __toESM(require("@octokit/oauth-methods")); var import_auth_oauth_user2 = require("@octokit/auth-oauth-user"); async function resetTokenWithState(state, options) { const optionsWithDefaults = { clientId: state.clientId, clientSecret: state.clientSecret, request: state.octokit.request, ...options }; if (state.clientType === "oauth-app") { const response2 = await OAuthMethods3.resetToken({ clientType: "oauth-app", ...optionsWithDefaults }); const authentication2 = Object.assign(response2.authentication, { type: "token", tokenType: "oauth" }); await emitEvent(state, { name: "token", action: "reset", token: response2.authentication.token, scopes: response2.authentication.scopes || void 0, authentication: authentication2, octokit: new state.Octokit({ authStrategy: import_auth_oauth_user2.createOAuthUserAuth, auth: { clientType: state.clientType, clientId: state.clientId, clientSecret: state.clientSecret, token: response2.authentication.token, scopes: response2.authentication.scopes } }) }); return { ...response2, authentication: authentication2 }; } const response = await OAuthMethods3.resetToken({ clientType: "github-app", ...optionsWithDefaults }); const authentication = Object.assign(response.authentication, { type: "token", tokenType: "oauth" }); await emitEvent(state, { name: "token", action: "reset", token: response.authentication.token, authentication, octokit: new state.Octokit({ authStrategy: import_auth_oauth_user2.createOAuthUserAuth, auth: { clientType: state.clientType, clientId: state.clientId, clientSecret: state.clientSecret, token: response.authentication.token } }) }); return { ...response, authentication }; } // pkg/dist-src/methods/refresh-token.js var OAuthMethods4 = __toESM(require("@octokit/oauth-methods")); var import_auth_oauth_user3 = require("@octokit/auth-oauth-user"); async function refreshTokenWithState(state, options) { if (state.clientType === "oauth-app") { throw new Error( "[@octokit/oauth-app] app.refreshToken() is not supported for OAuth Apps" ); } const response = await OAuthMethods4.refreshToken({ clientType: "github-app", clientId: state.clientId, clientSecret: state.clientSecret, request: state.octokit.request, refreshToken: options.refreshToken }); const authentication = Object.assign(response.authentication, { type: "token", tokenType: "oauth" }); await emitEvent(state, { name: "token", action: "refreshed", token: response.authentication.token, authentication, octokit: new state.Octokit({ authStrategy: import_auth_oauth_user3.createOAuthUserAuth, auth: { clientType: state.clientType, clientId: state.clientId, clientSecret: state.clientSecret, token: response.authentication.token } }) }); return { ...response, authentication }; } // pkg/dist-src/methods/scope-token.js var OAuthMethods5 = __toESM(require("@octokit/oauth-methods")); var import_auth_oauth_user4 = require("@octokit/auth-oauth-user"); async function scopeTokenWithState(state, options) { if (state.clientType === "oauth-app") { throw new Error( "[@octokit/oauth-app] app.scopeToken() is not supported for OAuth Apps" ); } const response = await OAuthMethods5.scopeToken({ clientType: "github-app", clientId: state.clientId, clientSecret: state.clientSecret, request: state.octokit.request, ...options }); const authentication = Object.assign(response.authentication, { type: "token", tokenType: "oauth" }); await emitEvent(state, { name: "token", action: "scoped", token: response.authentication.token, authentication, octokit: new state.Octokit({ authStrategy: import_auth_oauth_user4.createOAuthUserAuth, auth: { clientType: state.clientType, clientId: state.clientId, clientSecret: state.clientSecret, token: response.authentication.token } }) }); return { ...response, authentication }; } // pkg/dist-src/methods/delete-token.js var OAuthMethods6 = __toESM(require("@octokit/oauth-methods")); var import_auth_unauthenticated = require("@octokit/auth-unauthenticated"); async function deleteTokenWithState(state, options) { const optionsWithDefaults = { clientId: state.clientId, clientSecret: state.clientSecret, request: state.octokit.request, ...options }; const response = state.clientType === "oauth-app" ? await OAuthMethods6.deleteToken({ clientType: "oauth-app", ...optionsWithDefaults }) : ( // istanbul ignore next await OAuthMethods6.deleteToken({ clientType: "github-app", ...optionsWithDefaults }) ); await emitEvent(state, { name: "token", action: "deleted", token: options.token, octokit: new state.Octokit({ authStrategy: import_auth_unauthenticated.createUnauthenticatedAuth, auth: { reason: `Handling "token.deleted" event. The access for the token has been revoked.` } }) }); return response; } // pkg/dist-src/methods/delete-authorization.js var OAuthMethods7 = __toESM(require("@octokit/oauth-methods")); var import_auth_unauthenticated2 = require("@octokit/auth-unauthenticated"); async function deleteAuthorizationWithState(state, options) { const optionsWithDefaults = { clientId: state.clientId, clientSecret: state.clientSecret, request: state.octokit.request, ...options }; const response = state.clientType === "oauth-app" ? await OAuthMethods7.deleteAuthorization({ clientType: "oauth-app", ...optionsWithDefaults }) : ( // istanbul ignore next await OAuthMethods7.deleteAuthorization({ clientType: "github-app", ...optionsWithDefaults }) ); await emitEvent(state, { name: "token", action: "deleted", token: options.token, octokit: new state.Octokit({ authStrategy: import_auth_unauthenticated2.createUnauthenticatedAuth, auth: { reason: `Handling "token.deleted" event. The access for the token has been revoked.` } }) }); await emitEvent(state, { name: "authorization", action: "deleted", token: options.token, octokit: new state.Octokit({ authStrategy: import_auth_unauthenticated2.createUnauthenticatedAuth, auth: { reason: `Handling "authorization.deleted" event. The access for the app has been revoked.` } }) }); return response; } // pkg/dist-src/middleware/handle-request.js var import_fromentries = __toESM(require("fromentries")); async function handleRequest(app, { pathPrefix = "/api/github/oauth" }, request) { var _a, _b, _c, _d, _e, _f; if (request.method === "OPTIONS") { return { status: 200, headers: { "access-control-allow-origin": "*", "access-control-allow-methods": "*", "access-control-allow-headers": "Content-Type, User-Agent, Authorization" } }; } const { pathname } = new URL(request.url, "http://localhost"); const route = [request.method, pathname].join(" "); const routes = { getLogin: `GET ${pathPrefix}/login`, getCallback: `GET ${pathPrefix}/callback`, createToken: `POST ${pathPrefix}/token`, getToken: `GET ${pathPrefix}/token`, patchToken: `PATCH ${pathPrefix}/token`, patchRefreshToken: `PATCH ${pathPrefix}/refresh-token`, scopeToken: `POST ${pathPrefix}/token/scoped`, deleteToken: `DELETE ${pathPrefix}/token`, deleteGrant: `DELETE ${pathPrefix}/grant` }; if (!Object.values(routes).includes(route)) { return null; } let json; try { const text = await request.text(); json = text ? JSON.parse(text) : {}; } catch (error) { return { status: 400, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify({ error: "[@octokit/oauth-app] request error" }) }; } const { searchParams } = new URL(request.url, "http://localhost"); const query = (0, import_fromentries.default)(searchParams); const headers = request.headers; try { if (route === routes.getLogin) { const { url } = app.getWebFlowAuthorizationUrl({ state: query.state, scopes: query.scopes ? query.scopes.split(",") : void 0, allowSignup: query.allowSignup ? query.allowSignup === "true" : void 0, redirectUrl: query.redirectUrl }); return { status: 302, headers: { location: url } }; } if (route === routes.getCallback) { if (query.error) { throw new Error( `[@octokit/oauth-app] ${query.error} ${query.error_description}` ); } if (!query.code) { throw new Error('[@octokit/oauth-app] "code" parameter is required'); } const { authentication: { token: token2 } } = await app.createToken({ code: query.code }); return { status: 200, headers: { "content-type": "text/html" }, text: `<h1>Token created successfully</h1> <p>Your token is: <strong>${token2}</strong>. Copy it now as it cannot be shown again.</p>` }; } if (route === routes.createToken) { const { code, redirectUrl } = json; if (!code) { throw new Error('[@octokit/oauth-app] "code" parameter is required'); } const result = await app.createToken({ code, redirectUrl }); delete result.authentication.clientSecret; return { status: 201, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify(result) }; } if (route === routes.getToken) { const token2 = (_a = headers.authorization) == null ? void 0 : _a.substr("token ".length); if (!token2) { throw new Error( '[@octokit/oauth-app] "Authorization" header is required' ); } const result = await app.checkToken({ token: token2 }); delete result.authentication.clientSecret; return { status: 200, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify(result) }; } if (route === routes.patchToken) { const token2 = (_b = headers.authorization) == null ? void 0 : _b.substr("token ".length); if (!token2) { throw new Error( '[@octokit/oauth-app] "Authorization" header is required' ); } const result = await app.resetToken({ token: token2 }); delete result.authentication.clientSecret; return { status: 200, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify(result) }; } if (route === routes.patchRefreshToken) { const token2 = (_c = headers.authorization) == null ? void 0 : _c.substr("token ".length); if (!token2) { throw new Error( '[@octokit/oauth-app] "Authorization" header is required' ); } const { refreshToken: refreshToken2 } = json; if (!refreshToken2) { throw new Error( "[@octokit/oauth-app] refreshToken must be sent in request body" ); } const result = await app.refreshToken({ refreshToken: refreshToken2 }); delete result.authentication.clientSecret; return { status: 200, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify(result) }; } if (route === routes.scopeToken) { const token2 = (_d = headers.authorization) == null ? void 0 : _d.substr("token ".length); if (!token2) { throw new Error( '[@octokit/oauth-app] "Authorization" header is required' ); } const result = await app.scopeToken({ token: token2, ...json }); delete result.authentication.clientSecret; return { status: 200, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify(result) }; } if (route === routes.deleteToken) { const token2 = (_e = headers.authorization) == null ? void 0 : _e.substr("token ".length); if (!token2) { throw new Error( '[@octokit/oauth-app] "Authorization" header is required' ); } await app.deleteToken({ token: token2 }); return { status: 204, headers: { "access-control-allow-origin": "*" } }; } const token = (_f = headers.authorization) == null ? void 0 : _f.substr("token ".length); if (!token) { throw new Error( '[@octokit/oauth-app] "Authorization" header is required' ); } await app.deleteAuthorization({ token }); return { status: 204, headers: { "access-control-allow-origin": "*" } }; } catch (error) { return { status: 400, headers: { "content-type": "application/json", "access-control-allow-origin": "*" }, text: JSON.stringify({ error: error.message }) }; } } // pkg/dist-src/middleware/node/parse-request.js function parseRequest(request) { const { method, url, headers } = request; async function text() { const text2 = await new Promise((resolve, reject) => { let bodyChunks = []; request.on("error", reject).on("data", (chunk) => bodyChunks.push(chunk)).on("end", () => resolve(Buffer.concat(bodyChunks).toString())); }); return text2; } return { method, url, headers, text }; } // pkg/dist-src/middleware/node/send-response.js function sendResponse(octokitResponse, response) { response.writeHead(octokitResponse.status, octokitResponse.headers); response.end(octokitResponse.text); } // pkg/dist-src/middleware/on-unhandled-request-default.js function onUnhandledRequestDefault(request) { return { status: 404, headers: { "content-type": "application/json" }, text: JSON.stringify({ error: `Unknown route: ${request.method} ${request.url}` }) }; } // pkg/dist-src/middleware/node/index.js function onUnhandledRequestDefaultNode(request, response) { const octokitRequest = parseRequest(request); const octokitResponse = onUnhandledRequestDefault(octokitRequest); sendResponse(octokitResponse, response); } function createNodeMiddleware(app, { pathPrefix, onUnhandledRequest } = {}) { if (onUnhandledRequest) { app.octokit.log.warn( "[@octokit/oauth-app] `onUnhandledRequest` is deprecated and will be removed from the next major version." ); } onUnhandledRequest ?? (onUnhandledRequest = onUnhandledRequestDefaultNode); return async function(request, response, next) { const octokitRequest = parseRequest(request); const octokitResponse = await handleRequest( app, { pathPrefix }, octokitRequest ); if (octokitResponse) { sendResponse(octokitResponse, response); } else if (typeof next === "function") { next(); } else { onUnhandledRequest(request, response); } }; } // pkg/dist-src/middleware/web-worker/parse-request.js function parseRequest2(request) { const headers = Object.fromEntries(request.headers.entries()); return { method: request.method, url: request.url, headers, text: () => request.text() }; } // pkg/dist-src/middleware/web-worker/send-response.js function sendResponse2(octokitResponse) { return new Response(octokitResponse.text, { status: octokitResponse.status, headers: octokitResponse.headers }); } // pkg/dist-src/middleware/web-worker/index.js async function onUnhandledRequestDefaultWebWorker(request) { const octokitRequest = parseRequest2(request); const octokitResponse = onUnhandledRequestDefault(octokitRequest); return sendResponse2(octokitResponse); } function createWebWorkerHandler(app, { pathPrefix, onUnhandledRequest } = {}) { if (onUnhandledRequest) { app.octokit.log.warn( "[@octokit/oauth-app] `onUnhandledRequest` is deprecated and will be removed from the next major version." ); } onUnhandledRequest ?? (onUnhandledRequest = onUnhandledRequestDefaultWebWorker); return async function(request) { const octokitRequest = parseRequest2(request); const octokitResponse = await handleRequest( app, { pathPrefix }, octokitRequest ); return octokitResponse ? sendResponse2(octokitResponse) : await onUnhandledRequest(request); }; } function createCloudflareHandler(...args) { args[0].octokit.log.warn( "[@octokit/oauth-app] `createCloudflareHandler` is deprecated, use `createWebWorkerHandler` instead" ); return createWebWorkerHandler(...args); } // pkg/dist-src/middleware/aws-lambda/api-gateway-v2-parse-request.js function parseRequest3(request) { const { method } = request.requestContext.http; let url = request.rawPath; const { stage } = request.requestContext; if (url.startsWith("/" + stage)) url = url.substring(stage.length + 1); if (request.rawQueryString) url += "?" + request.rawQueryString; const headers = request.headers; const text = async () => request.body || ""; return { method, url, headers, text }; } // pkg/dist-src/middleware/aws-lambda/api-gateway-v2-send-response.js function sendResponse3(octokitResponse) { return { statusCode: octokitResponse.status, headers: octokitResponse.headers, body: octokitResponse.text }; } // pkg/dist-src/middleware/aws-lambda/api-gateway-v2.js async function onUnhandledRequestDefaultAWSAPIGatewayV2(event) { const request = parseRequest3(event); const response = onUnhandledRequestDefault(request); return sendResponse3(response); } function createAWSLambdaAPIGatewayV2Handler(app, { pathPrefix, onUnhandledRequest } = {}) { if (onUnhandledRequest) { app.octokit.log.warn( "[@octokit/oauth-app] `onUnhandledRequest` is deprecated and will be removed from the next major version." ); } onUnhandledRequest ?? (onUnhandledRequest = onUnhandledRequestDefaultAWSAPIGatewayV2); return async function(event) { const request = parseRequest3(event); const response = await handleRequest(app, { pathPrefix }, request); return response ? sendResponse3(response) : onUnhandledRequest(event); }; } // pkg/dist-src/index.js var OAuthApp = class { static defaults(defaults) { const OAuthAppWithDefaults = class extends this { constructor(...args) { super({ ...defaults, ...args[0] }); } }; return OAuthAppWithDefaults; } constructor(options) { const Octokit2 = options.Octokit || OAuthAppOctokit; this.type = options.clientType || "oauth-app"; const octokit = new Octokit2({ authStrategy: import_auth_oauth_app.createOAuthAppAuth, auth: { clientType: this.type, clientId: options.clientId, clientSecret: options.clientSecret } }); const state = { clientType: this.type, clientId: options.clientId, clientSecret: options.clientSecret, // @ts-expect-error defaultScopes not permitted for GitHub Apps defaultScopes: options.defaultScopes || [], allowSignup: options.allowSignup, baseUrl: options.baseUrl, redirectUrl: options.redirectUrl, log: options.log, Octokit: Octokit2, octokit, eventHandlers: {} }; this.on = addEventHandler.bind(null, state); this.octokit = octokit; this.getUserOctokit = getUserOctokitWithState.bind(null, state); this.getWebFlowAuthorizationUrl = getWebFlowAuthorizationUrlWithState.bind( null, state ); this.createToken = createTokenWithState.bind( null, state ); this.checkToken = checkTokenWithState.bind( null, state ); this.resetToken = resetTokenWithState.bind( null, state ); this.refreshToken = refreshTokenWithState.bind( null, state ); this.scopeToken = scopeTokenWithState.bind( null, state ); this.deleteToken = deleteTokenWithState.bind(null, state); this.deleteAuthorization = deleteAuthorizationWithState.bind(null, state); } }; OAuthApp.VERSION = VERSION; // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { OAuthApp, createAWSLambdaAPIGatewayV2Handler, createCloudflareHandler, createNodeMiddleware, createWebWorkerHandler, handleRequest });