Fixed eslint & cloned auth strategies from octokit

Author: Artem Shteltser

.eslintignore

@@ -4,3 +4,4 @@ lib
 
 # Dependency directories
 node_modules
+src/authentication/**/*

package-lock.json

@@ -49,6 +49,7 @@
     "validate:types:index": "tsc --noEmit lib/index.d.ts",
     "validate:types:minimal": "tsc --noEmit lib/minimal.d.ts",
     "validate:types:plugin:authenticate": "tsc --noEmit lib/plugins/authenticate.d.ts",
+    "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json}\"",
     "test": "jest"
   },
   "dependencies": {
@@ -78,7 +79,7 @@
     "eslint-plugin-import": "^2.20.1",
     "eslint-plugin-jest": "^23.8.2",
     "eslint-plugin-node": "^11.0.0",
-    "eslint-plugin-prettier": "^3.1.2",
+    "eslint-plugin-prettier": "^3.3.1",
     "eslint-plugin-promise": "^4.2.1",
     "eslint-plugin-standard": "^4.0.1",
     "husky": "^4.2.5",
@@ -89,7 +90,7 @@
     "mkdirp": "^1.0.4",
     "mustache": "^4.0.1",
     "npm-run-all": "^4.1.5",
-    "prettier": "^2.0.5",
+    "prettier": "^2.2.1",
     "pretty-quick": "^2.0.1",
     "rimraf": "^3.0.2",
     "rollup-plugin-typescript2": "^0.27.1",

package.json

@@ -0,0 +1,22 @@
+import { AuthOptions, Authentication, State } from './types'
+import { getAppAuthentication } from './get-app-authentication'
+import { getInstallationAuthentication } from './get-installation-authentication'
+import { getOAuthAuthentication } from './get-oauth-authentication'
+
+export async function auth(
+  state: State,
+  options: AuthOptions
+): Promise<Authentication> {
+  const { type } = options
+
+  switch (type) {
+    case 'app':
+      return getAppAuthentication(state)
+    case 'installation':
+      return getInstallationAuthentication(state, options)
+    case 'oauth':
+      return getOAuthAuthentication(state, options)
+    default:
+      throw new Error(`Invalid auth type: ${type}`)
+  }
+}

src/authentication/auth-app/auth.ts

@@ -0,0 +1,107 @@
+// https://github.com/isaacs/node-lru-cache#readme
+import LRU from 'lru-cache'
+
+/* istanbul ignore next */
+import {
+  InstallationAuthOptions,
+  Cache,
+  CacheData,
+  Permissions,
+  InstallationAccessTokenData,
+  REPOSITORY_SELECTION,
+} from './types'
+
+export function getCache() {
+  return new LRU<number, string>({
+    // cache max. 15000 tokens, that will use less than 10mb memory
+    max: 15000,
+    // Cache for 1 minute less than GitHub expiry
+    maxAge: 1000 * 60 * 59,
+  })
+}
+
+export async function get(
+  cache: Cache,
+  options: InstallationAuthOptions
+): Promise<InstallationAccessTokenData | void> {
+  const cacheKey = optionsToCacheKey(options)
+  const result = await cache.get(cacheKey)
+
+  if (!result) {
+    return
+  }
+
+  const [
+    token,
+    createdAt,
+    expiresAt,
+    repositorySelection,
+    permissionsString,
+    singleFileName,
+  ] = result.split('|')
+
+  const permissions =
+    options.permissions ||
+    permissionsString.split(/,/).reduce((permissions: Permissions, string) => {
+      if (/!$/.test(string)) {
+        permissions[string.slice(0, -1)] = 'write'
+      } else {
+        permissions[string] = 'read'
+      }
+
+      return permissions
+    }, {} as Permissions)
+
+  return {
+    token,
+    createdAt,
+    expiresAt,
+    permissions,
+    repositoryIds: options.repositoryIds,
+    singleFileName,
+    repositorySelection: repositorySelection as REPOSITORY_SELECTION,
+  }
+}
+export async function set(
+  cache: Cache,
+  options: InstallationAuthOptions,
+  data: CacheData
+): Promise<void> {
+  const key = optionsToCacheKey(options)
+
+  const permissionsString = options.permissions
+    ? ''
+    : Object.keys(data.permissions)
+        .map(
+          (name) => `${name}${data.permissions[name] === 'write' ? '!' : ''}`
+        )
+        .join(',')
+
+  const value = [
+    data.token,
+    data.createdAt,
+    data.expiresAt,
+    data.repositorySelection,
+    permissionsString,
+    data.singleFileName,
+  ].join('|')
+
+  await cache.set(key, value)
+}
+
+function optionsToCacheKey({
+  installationId,
+  permissions = {},
+  repositoryIds = [],
+}: InstallationAuthOptions) {
+  const permissionsString = Object.keys(permissions)
+    .sort()
+    .map((name) => (permissions[name] === 'read' ? name : `${name}!`))
+    .join(',')
+
+  const repositoryIdsString = repositoryIds.sort().join(',')
+
+  return [installationId, repositoryIdsString, permissionsString]
+    .filter(Boolean)
+    .join('|')
+}

src/authentication/auth-app/cache.ts

@@ -0,0 +1,22 @@
+import { githubAppJwt } from 'universal-github-app-jwt'
+
+import { AppAuthentication, State } from './types'
+
+export async function getAppAuthentication({
+  appId,
+  privateKey,
+  timeDifference,
+}: State): Promise<AppAuthentication> {
+  const appAuthentication = await githubAppJwt({
+    id: +appId,
+    privateKey,
+    now: timeDifference && Math.floor(Date.now() / 1000) + timeDifference,
+  })
+
+  return {
+    type: 'app',
+    token: appAuthentication.token,
+    appId: appAuthentication.appId,
+    expiresAt: new Date(appAuthentication.expiration * 1000).toISOString(),
+  }
+}

src/authentication/auth-app/get-app-authentication.ts

@@ -0,0 +1,112 @@
+import { get, set } from './cache'
+import { getAppAuthentication } from './get-app-authentication'
+import { toTokenAuthentication } from './to-token-authentication'
+import {
+  InstallationAuthOptions,
+  InstallationAccessTokenAuthentication,
+  RequestInterface,
+  State,
+} from './types'
+
+export async function getInstallationAuthentication(
+  state: State,
+  options: InstallationAuthOptions,
+  customRequest?: RequestInterface
+): Promise<InstallationAccessTokenAuthentication> {
+  const installationId = Number(options.installationId || state.installationId)
+
+  if (!installationId) {
+    throw new Error(
+      '[@octokit/auth-app] installationId option is required for installation authentication.'
+    )
+  }
+
+  if (options.factory) {
+    const { type, factory, ...factoryAuthOptions } = options
+    // @ts-ignore if `options.factory` is set, the return type for `auth()` should be `Promise<ReturnType<options.factory>>`
+    return factory(Object.assign({}, state, factoryAuthOptions))
+  }
+
+  const optionsWithInstallationTokenFromState = Object.assign(
+    { installationId },
+    options
+  )
+
+  if (!options.refresh) {
+    const result = await get(state.cache, optionsWithInstallationTokenFromState)
+    if (result) {
+      const {
+        token,
+        createdAt,
+        expiresAt,
+        permissions,
+        repositoryIds,
+        singleFileName,
+        repositorySelection,
+      } = result
+
+      return toTokenAuthentication({
+        installationId,
+        token,
+        createdAt,
+        expiresAt,
+        permissions,
+        repositorySelection,
+        repositoryIds,
+        singleFileName,
+      })
+    }
+  }
+
+  const appAuthentication = await getAppAuthentication(state)
+  const request = customRequest || state.request
+
+  const {
+    data: {
+      token,
+      expires_at: expiresAt,
+      repositories,
+      permissions,
+      // @ts-ignore
+      repository_selection: repositorySelection,
+      // @ts-ignore
+      single_file: singleFileName,
+    },
+  } = await request('POST /app/installations/{installation_id}/access_tokens', {
+    installation_id: installationId,
+    repository_ids: options.repositoryIds,
+    permissions: options.permissions,
+    mediaType: {
+      previews: ['machine-man'],
+    },
+    headers: {
+      authorization: `bearer ${appAuthentication.token}`,
+    },
+  })
+
+  const repositoryIds = repositories
+    ? repositories.map((r: { id: number }) => r.id)
+    : void 0
+
+  const createdAt = new Date().toISOString()
+  await set(state.cache, optionsWithInstallationTokenFromState, {
+    token,
+    createdAt,
+    expiresAt,
+    repositorySelection,
+    permissions,
+    repositoryIds,
+    singleFileName,
+  })
+
+  return toTokenAuthentication({
+    installationId,
+    token,
+    createdAt,
+    expiresAt,
+    repositorySelection,
+    permissions,
+    repositoryIds,
+    singleFileName,
+  })
+}

src/authentication/auth-app/get-installation-authentication.ts

@@ -0,0 +1,61 @@
+import {
+  RequestInterface,
+  OAuthOptions,
+  StrategyOptionsWithDefaults,
+  OAuthAccesTokenAuthentication,
+} from './types'
+import { RequestError } from '@octokit/request-error'
+
+export async function getOAuthAuthentication(
+  state: StrategyOptionsWithDefaults,
+  options: OAuthOptions,
+  customRequest?: RequestInterface
+): Promise<OAuthAccesTokenAuthentication> {
+  const request = customRequest || state.request
+
+  // The "/login/oauth/access_token" is not part of the REST API hosted on api.github.com,
+  // instead it’s using the github.com domain.
+  const route = /^https:\/\/(api\.)?github\.com$/.test(
+    state.request.endpoint.DEFAULTS.baseUrl
+  )
+    ? 'POST https://github.com/login/oauth/access_token'
+    : `POST ${state.request.endpoint.DEFAULTS.baseUrl.replace(
+        '/api/v3',
+        '/login/oauth/access_token'
+      )}`
+
+  const parameters = {
+    headers: {
+      accept: `application/json`,
+    },
+    client_id: state.clientId,
+    client_secret: state.clientSecret,
+    code: options.code,
+    state: options.state,
+    redirect_uri: options.redirectUrl,
+  }
+
+  const response = await request(route, parameters)
+
+  if (response.data.error !== undefined) {
+    throw new RequestError(
+      `${response.data.error_description} (${response.data.error})`,
+      response.status,
+      {
+        headers: response.headers,
+        request: request.endpoint(route, parameters),
+      }
+    )
+  }
+
+  const {
+    data: { access_token: token, scope },
+  } = response
+
+  return {
+    type: 'token',
+    tokenType: 'oauth',
+    token,
+    scopes: scope.split(/,\s*/).filter(Boolean),
+  }
+}