forked from nodejs/node-core-utils
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.js
More file actions
156 lines (141 loc) · 4.3 KB
/
auth.js
File metadata and controls
156 lines (141 loc) · 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
import fs from 'node:fs';
import { ClientRequest } from 'node:http';
import ghauth from 'ghauth';
import { clearCachedConfig, encryptValue, getMergedConfig, getNcurcPath } from './config.js';
export default lazy(auth);
function errorExit(message) {
process.stderr.write(`${message}\n`);
process.exit(1);
}
function check(username, token) {
if (typeof username !== 'string') {
errorExit(`username must be a string, received ${typeof username}`);
}
if (!/^[a-zA-Z0-9-]+$/.test(username)) {
errorExit(
'username may only contain alphanumeric characters or hyphens, ' +
`received ${username}`
);
}
if (typeof token !== 'string') {
errorExit(`token must be a string, received ${typeof token}`);
}
if (!/^[A-Za-z0-9_]+$/.test(token)) {
errorExit(`token is misformatted: ${token}`);
}
}
function lazy(fn) {
let cachedValue;
return function(...args) {
if (cachedValue !== undefined) {
return cachedValue;
}
cachedValue = fn(...args);
return cachedValue;
};
}
async function tryCreateGitHubToken(githubAuth) {
let credentials;
try {
credentials = await githubAuth({
noSave: true,
scopes: ['user:email', 'read:org'],
note: 'node-core-utils CLI tools',
noDeviceFlow: true
});
} catch (e) {
errorExit(`Could not get token: ${e.message}`);
}
return credentials;
}
function encode(name, token) {
return Buffer.from(`${name}:${token}`).toString('base64');
}
function setOwnProperty(target, key, value) {
return Object.defineProperty(target, key, {
__proto__: null,
configurable: true,
enumerable: true,
value
});
}
// TODO: support jenkins only...or not necessary?
// TODO: make this a class with dependency (CLI) injectable for testing
async function auth(
options = { github: true },
githubAuth = ghauth) {
const result = {
get github() {
let username;
let token;
try {
({ username, token } = getMergedConfig());
} catch (e) {
// Ignore error and prompt
}
check(username, token);
const github = encode(username, token);
setOwnProperty(result, 'github', github);
return github;
},
get jenkins() {
const { username, jenkins_token } = getMergedConfig();
if (!username || !jenkins_token) {
errorExit(
'Get your Jenkins API token in https://ci.nodejs.org/me/security ' +
'and run the following command to add it to your ncu config: ' +
'ncu-config --global set -x jenkins_token'
);
};
check(username, jenkins_token);
const jenkins = encode(username, jenkins_token);
setOwnProperty(result, 'jenkins', jenkins);
return jenkins;
},
get h1() {
const { h1_username, h1_token } = getMergedConfig();
check(h1_username, h1_token);
const h1 = encode(h1_username, h1_token);
setOwnProperty(result, 'h1', h1);
return h1;
}
};
if (options.github) {
let config;
try {
config = getMergedConfig();
} catch {
config = {};
}
if (!Object.hasOwn(config, 'token') || !Object.hasOwn(config, 'username')) {
process.stdout.write(
'If this is your first time running this command, ' +
'follow the instructions to create an access token' +
'. If you prefer to create it yourself on Github, ' +
'see https://github.com/nodejs/node-core-utils/blob/main/README.md.\n');
const credentials = await tryCreateGitHubToken(githubAuth);
const username = credentials.user;
let token;
try {
token = await encryptValue(credentials.token);
} catch (err) {
console.warn('Failed encrypt token, storing unencrypted instead');
token = credentials.token;
}
const json = JSON.stringify({ username, token }, null, 2);
fs.writeFileSync(getNcurcPath(), json, {
mode: 0o600 /* owner read/write */
});
// Try again reading the file
clearCachedConfig();
}
}
return result;
}
// This is an ugly hack to get around a bug in hyperquest & ghauth
// which are not currently maintained
const originalSetTimeout = ClientRequest.prototype.setTimeout;
ClientRequest.prototype.setTimeout = function(msecs, ...args) {
msecs = Math.min(msecs, Math.pow(2, 31) - 1);
return originalSetTimeout.call(this, msecs, ...args);
};