UNPKG

wgc

Version:

The official CLI tool to manage the GraphQL Federation Platform Cosmo

140 lines 6.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
import { program } from 'commander'; import pc from 'picocolors'; import { config } from '../../core/config.js'; import { readConfigFile, updateConfigFile } from '../../utils.js'; export const performDeviceAuth = async () => { const headers = new Headers(); headers.append('Content-Type', 'application/x-www-form-urlencoded'); const requestBody = new URLSearchParams(); requestBody.append('scope', 'openid offline_access'); requestBody.append('client_id', config.kcClientId); const response = await fetch(`${config.kcApiURL}/realms/${config.kcRealm}/protocol/openid-connect/auth/device`, { method: 'POST', headers, body: requestBody, }); if (response.status !== 200) { return { success: false, errorMessage: 'Could not perform device authentication.', response: { deviceCode: '', userCode: '', verificationURI: '', interval: 0, }, }; } const body = await response.json(); return { success: true, response: { deviceCode: body.device_code, userCode: body.user_code, verificationURI: body.verification_uri_complete, interval: body.interval, }, }; }; export const startPollingForAccessToken = async ({ deviceCode, interval, }) => { const headers = new Headers(); headers.append('Content-Type', 'application/x-www-form-urlencoded'); const requestBody = new URLSearchParams(); requestBody.append('client_id', config.kcClientId); requestBody.append('grant_type', 'urn:ietf:params:oauth:grant-type:device_code'); requestBody.append('device_code', deviceCode); // Request an offline token https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/sessions/offline.html requestBody.append('scope', 'openid offline_access'); while (true) { const response = await fetch(`${config.kcApiURL}/realms/${config.kcRealm}/protocol/openid-connect/token`, { method: 'POST', headers, body: requestBody, }); if (response.status === 400) { // Sleep for the retry interval and print a dot for each second. for (let i = 0; i < interval; i++) { await new Promise((resolve) => setTimeout(resolve, 1000)); } continue; } if (response.status !== 200) { return { success: false, errorMessage: 'Could not fetch the access token.', }; } const body = await response.json(); const present = new Date(); return { success: true, response: { accessToken: body.access_token, refreshToken: body.refresh_token, expiresAt: new Date(new Date().setSeconds(present.getSeconds() + body.expires_in)), refreshExpiresAt: new Date(new Date().setSeconds(present.getSeconds() + body.refresh_expires_in)), }, }; } }; // checks if either of access token or api key are present // if not, it will try to refresh the access token export async function checkAuth() { const userConfig = readConfigFile(); if (config.apiKey && userConfig.accessToken) { console.error(`${pc.yellow('Warning')} ${pc.dim('Both COSMO_API_KEY and login credentials found. Environment variable has precedence.\n')}`); } // API Key is present and assumed to be valid if (config.apiKey) { return; } if (!userConfig.organizationSlug) { program.error(pc.red('Organization slug is not set. Please run `wgc auth login` to set the organization slug.')); } // Access token is present and does not expire in the next 60 seconds if ((userConfig === null || userConfig === void 0 ? void 0 : userConfig.accessToken) && (userConfig === null || userConfig === void 0 ? void 0 : userConfig.expiresAt) && new Date(userConfig.expiresAt) > new Date(Date.now() - 60 * 1000)) { // Update the api key to the current valid access token config.apiKey = userConfig.accessToken; return; } // Check if refresh token is expired if ((userConfig === null || userConfig === void 0 ? void 0 : userConfig.refreshToken) && (userConfig === null || userConfig === void 0 ? void 0 : userConfig.refreshExpiresAt) && new Date(userConfig.refreshExpiresAt) < new Date()) { program.error(pc.red('Refresh token has expired. Please login again with `wgc auth login`')); } // Refresh tokens with the offline token const resp = await fetch(`${config.kcApiURL}/realms/${config.kcRealm}/protocol/openid-connect/token`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, body: new URLSearchParams({ grant_type: 'refresh_token', client_id: config.kcClientId, refresh_token: userConfig.refreshToken, }), }); if (resp.status !== 200) { throw new Error('Failed to refresh access token. If the issue persists, please contact support. StatusCode: ' + resp.status); } try { const data = await resp.json(); const present = new Date(); // Update the config file with the new access token and refresh token updateConfigFile({ accessToken: data.access_token, refreshToken: data.refresh_token, expiresAt: new Date(new Date().setSeconds(present.getSeconds() + data.expires_in)), refreshExpiresAt: new Date(new Date().setSeconds(present.getSeconds() + data.refresh_expires_in)), organizationSlug: userConfig.organizationSlug, }); // Update the api key with the new access token config.apiKey = data.access_token; } catch (e) { throw new Error('Failed to parse the response from the identity server. If the issue persists, please contact support. Error: ' + e.toString()); } } //# sourceMappingURL=utils.js.map