manageengine-mdm/lib/auth/AuthManager.js

A TypeScript wrapper for the ManageEngine Mobile Device Manager Plus API

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthManager = void 0;
const axios_1 = __importDefault(require("axios"));
const types_1 = require("./types");
class AuthManager {
    constructor(config) {
        this.config = config;
        this.tokenStorage = config.tokenStorage || new types_1.InMemoryTokenStorage();
    }
    /**
     * Get the authorization URL that the user needs to visit to grant access
     */
    getAuthorizationUrl(accessType = 'offline', prompt) {
        const params = new URLSearchParams({
            client_id: this.config.clientId,
            response_type: 'code',
            redirect_uri: this.config.redirectUri,
            scope: this.config.scope.join(','),
            access_type: accessType,
        });
        if (prompt) {
            params.append('prompt', prompt);
        }
        return `${this.config.baseUrl}/oauth/v2/auth?${params.toString()}`;
    }
    /**
     * Initialize the client with an authorization code
     */
    authenticateWithCode(code, accountsServer) {
        return __awaiter(this, void 0, void 0, function* () {
            const params = new URLSearchParams({
                code,
                client_id: this.config.clientId,
                client_secret: this.config.clientSecret,
                redirect_uri: this.config.redirectUri,
                grant_type: 'authorization_code',
            });
            const response = yield axios_1.default.post(`${accountsServer}/oauth/v2/token?${params.toString()}`);
            const expiresAt = Date.now() + response.data.expires_in * 1000;
            const authState = {
                accessToken: response.data.access_token,
                refreshToken: response.data.refresh_token,
                expiresAt,
                apiDomain: this.config.baseUrl,
            };
            yield this.tokenStorage.saveToken(accountsServer, authState);
        });
    }
    /**
     * Initialize the client with a refresh token
     */
    authenticateWithRefreshToken(refreshToken, accountsServer) {
        var _a;
        return __awaiter(this, void 0, void 0, function* () {
            const params = new URLSearchParams({
                refresh_token: refreshToken,
                client_id: this.config.clientId,
                client_secret: this.config.clientSecret,
                grant_type: 'refresh_token',
            });
            const response = yield axios_1.default.post(`${accountsServer}/oauth/v2/token?${params.toString()}`);
            const expiresAt = Date.now() + response.data.expires_in * 1000;
            const authState = {
                accessToken: response.data.access_token,
                refreshToken: (_a = response.data.refresh_token) !== null && _a !== void 0 ? _a : refreshToken,
                expiresAt,
                apiDomain: this.config.baseUrl,
            };
            yield this.tokenStorage.saveToken(accountsServer, authState);
        });
    }
    /**
     * Get the current authentication state
     */
    getAuthState(accountsServer) {
        return __awaiter(this, void 0, void 0, function* () {
            return this.tokenStorage.getToken(accountsServer);
        });
    }
    /**
     * Get a valid access token, refreshing if necessary
     */
    getValidToken(accountsServer) {
        return __awaiter(this, void 0, void 0, function* () {
            const authState = yield this.tokenStorage.getToken(accountsServer);
            if (!authState) {
                throw new Error('Not authenticated');
            }
            // If token is expired or will expire in the next minute, refresh it
            if (authState.expiresAt <= Date.now() + 60000) {
                if (!authState.refreshToken) {
                    throw new Error('No refresh token available');
                }
                yield this.authenticateWithRefreshToken(authState.refreshToken, accountsServer);
                const newAuthState = yield this.tokenStorage.getToken(accountsServer);
                if (!newAuthState) {
                    throw new Error('Failed to refresh token');
                }
                return newAuthState.accessToken;
            }
            return authState.accessToken;
        });
    }
    /**
     * Clear the stored authentication state
     */
    clearAuthState(accountsServer) {
        return __awaiter(this, void 0, void 0, function* () {
            yield this.tokenStorage.clearToken(accountsServer);
        });
    }
}
exports.AuthManager = AuthManager;