nix/infisical-node-sdk
1
0
Fork 0
Code Issues Pull Requests Activity

feat: less verbose errors

Browse Source
This commit is contained in:
Daniel Hougaard
2024-10-10 00:57:24 +04:00
parent b789129f3d
commit aefae1c470
1 changed files with 66 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
src/custom/auth.ts
View File

@@ -2,6 +2,7 @@ import { InfisicalSDK } from "..";
import { ApiV1AuthUniversalAuthLoginPostRequest } from "../infisicalapi_client"; import { ApiV1AuthUniversalAuthLoginPostRequest } from "../infisicalapi_client";
import { DefaultApi as InfisicalApi } from "../infisicalapi_client"; import { DefaultApi as InfisicalApi } from "../infisicalapi_client";
import { MACHINE_IDENTITY_ID_ENV_NAME } from "./constants"; import { MACHINE_IDENTITY_ID_ENV_NAME } from "./constants";
import { InfisicalSDKError, newInfisicalError } from "./errors";
import { getAwsRegion, performAwsIamLogin } from "./util"; import { getAwsRegion, performAwsIamLogin } from "./util";
type AuthenticatorFunction = (accessToken: string) => InfisicalSDK; type AuthenticatorFunction = (accessToken: string) => InfisicalSDK;
@@ -10,47 +11,90 @@ type AwsAuthLoginOptions = {
identityId?: string; identityId?: string;
}; };
export const renewToken = async (apiClient: InfisicalApi, token?: string) => {
try {
if (!token) {
throw new InfisicalSDKError("Unable to renew access token, no access token set. Are you sure you're authenticated?");
}
const res = await apiClient.apiV1AuthTokenRenewPost({
apiV1AuthTokenRenewPostRequest: {
accessToken: token
}
});
return res.data;
} catch (err) {
throw newInfisicalError(err);
}
};
export default class AuthClient { export default class AuthClient {
#sdkAuthenticator: AuthenticatorFunction; #sdkAuthenticator: AuthenticatorFunction;
#apiClient: InfisicalApi; #apiClient: InfisicalApi;
#baseUrl: string; #accessToken?: string;
constructor(authenticator: AuthenticatorFunction, apiInstance: InfisicalApi, baseUrl: string) { constructor(authenticator: AuthenticatorFunction, apiInstance: InfisicalApi, accessToken?: string) {
this.#sdkAuthenticator = authenticator; this.#sdkAuthenticator = authenticator;
this.#apiClient = apiInstance; this.#apiClient = apiInstance;
this.#baseUrl = baseUrl; this.#accessToken = accessToken;
} }
awsIamAuth = { awsIamAuth = {
login: async (options?: AwsAuthLoginOptions) => { login: async (options?: AwsAuthLoginOptions) => {
const identityId = options?.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME]; try {
const identityId = options?.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME];
if (!identityId) { if (!identityId) {
throw new Error("Identity ID is required for AWS IAM authentication"); throw new InfisicalSDKError("Identity ID is required for AWS IAM authentication");
}
const iamRequest = await performAwsIamLogin(await getAwsRegion());
const res = await this.#apiClient.apiV1AuthAwsAuthLoginPost({
apiV1AuthAwsAuthLoginPostRequest: {
iamHttpRequestMethod: iamRequest.iamHttpRequestMethod,
iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString("base64"),
iamRequestHeaders: Buffer.from(JSON.stringify(iamRequest.iamRequestHeaders)).toString("base64"),
identityId
} }
});
return this.#sdkAuthenticator(res.data.accessToken); const iamRequest = await performAwsIamLogin(await getAwsRegion());
const res = await this.#apiClient.apiV1AuthAwsAuthLoginPost({
apiV1AuthAwsAuthLoginPostRequest: {
iamHttpRequestMethod: iamRequest.iamHttpRequestMethod,
iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString("base64"),
iamRequestHeaders: Buffer.from(JSON.stringify(iamRequest.iamRequestHeaders)).toString("base64"),
identityId
}
});
return this.#sdkAuthenticator(res.data.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
},
renew: async () => {
try {
const refreshedToken = await renewToken(this.#apiClient, this.#accessToken);
return this.#sdkAuthenticator(refreshedToken.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
} }
}; };
universalAuth = { universalAuth = {
login: async (options: ApiV1AuthUniversalAuthLoginPostRequest) => { login: async (options: ApiV1AuthUniversalAuthLoginPostRequest) => {
const res = await this.#apiClient.apiV1AuthUniversalAuthLoginPost({ try {
apiV1AuthUniversalAuthLoginPostRequest: options const res = await this.#apiClient.apiV1AuthUniversalAuthLoginPost({
}); apiV1AuthUniversalAuthLoginPostRequest: options
});
return this.#sdkAuthenticator(res.data.accessToken); return this.#sdkAuthenticator(res.data.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
},
renew: async () => {
try {
const refreshedToken = await renewToken(this.#apiClient, this.#accessToken);
return this.#sdkAuthenticator(refreshedToken.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
} }
}; };