File Explorer

/proc/self/root/proc/self/root/var/runtime/node_modules/@aws-sdk/token-providers/dist-cjs
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
0 dirs
1 file
index.js6.8 KB
index.js6.8 KB · 157 lines
1'use strict';2 3var client = require('@aws-sdk/core/client');4var httpAuthSchemes = require('@aws-sdk/core/httpAuthSchemes');5var config = require('@smithy/core/config');6var node_fs = require('node:fs');7 8const fromEnvSigningName = ({ logger, signingName } = {}) => async () => {9    logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName");10    if (!signingName) {11        throw new config.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger });12    }13    const bearerTokenKey = httpAuthSchemes.getBearerTokenEnvKey(signingName);14    if (!(bearerTokenKey in process.env)) {15        throw new config.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger });16    }17    const token = { token: process.env[bearerTokenKey] };18    client.setTokenFeature(token, "BEARER_SERVICE_ENV_VARS", "3");19    return token;20};21 22const EXPIRE_WINDOW_MS = 5 * 60 * 1000;23const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;24 25const getSsoOidcClient = async (ssoRegion, init = {}, callerClientConfig) => {26    const { SSOOIDCClient } = await import('@aws-sdk/nested-clients/sso-oidc');27    const coalesce = (prop) => init.clientConfig?.[prop] ?? init.parentClientConfig?.[prop] ?? callerClientConfig?.[prop];28    const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {29        region: ssoRegion ?? init.clientConfig?.region,30        logger: coalesce("logger"),31        userAgentAppId: coalesce("userAgentAppId"),32    }));33    return ssoOidcClient;34};35 36const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}, callerClientConfig) => {37    const { CreateTokenCommand } = await import('@aws-sdk/nested-clients/sso-oidc');38    const ssoOidcClient = await getSsoOidcClient(ssoRegion, init, callerClientConfig);39    return ssoOidcClient.send(new CreateTokenCommand({40        clientId: ssoToken.clientId,41        clientSecret: ssoToken.clientSecret,42        refreshToken: ssoToken.refreshToken,43        grantType: "refresh_token",44    }));45};46 47const validateTokenExpiry = (token) => {48    if (token.expiration && token.expiration.getTime() < Date.now()) {49        throw new config.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);50    }51};52 53const validateTokenKey = (key, value, forRefresh = false) => {54    if (typeof value === "undefined") {55        throw new config.TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, false);56    }57};58 59const { writeFile } = node_fs.promises;60const writeSSOTokenToFile = (id, ssoToken) => {61    const tokenFilepath = config.getSSOTokenFilepath(id);62    const tokenString = JSON.stringify(ssoToken, null, 2);63    return writeFile(tokenFilepath, tokenString);64};65 66const lastRefreshAttemptTime = new Date(0);67const fromSso = (init = {}) => async ({ callerClientConfig } = {}) => {68    init.logger?.debug("@aws-sdk/token-providers - fromSso");69    const profiles = await config.parseKnownFiles(init);70    const profileName = config.getProfileName({71        profile: init.profile ?? callerClientConfig?.profile,72    });73    const profile = profiles[profileName];74    if (!profile) {75        throw new config.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);76    }77    else if (!profile["sso_session"]) {78        throw new config.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);79    }80    const ssoSessionName = profile["sso_session"];81    const ssoSessions = await config.loadSsoSessionData(init);82    const ssoSession = ssoSessions[ssoSessionName];83    if (!ssoSession) {84        throw new config.TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);85    }86    for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) {87        if (!ssoSession[ssoSessionRequiredKey]) {88            throw new config.TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);89        }90    }91    ssoSession["sso_start_url"];92    const ssoRegion = ssoSession["sso_region"];93    let ssoToken;94    try {95        ssoToken = await config.getSSOTokenFromFile(ssoSessionName);96    }97    catch (e) {98        throw new config.TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);99    }100    validateTokenKey("accessToken", ssoToken.accessToken);101    validateTokenKey("expiresAt", ssoToken.expiresAt);102    const { accessToken, expiresAt } = ssoToken;103    const existingToken = { token: accessToken, expiration: new Date(expiresAt) };104    if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {105        return existingToken;106    }107    if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {108        validateTokenExpiry(existingToken);109        return existingToken;110    }111    validateTokenKey("clientId", ssoToken.clientId, true);112    validateTokenKey("clientSecret", ssoToken.clientSecret, true);113    validateTokenKey("refreshToken", ssoToken.refreshToken, true);114    try {115        lastRefreshAttemptTime.setTime(Date.now());116        const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init, callerClientConfig);117        validateTokenKey("accessToken", newSsoOidcToken.accessToken);118        validateTokenKey("expiresIn", newSsoOidcToken.expiresIn);119        const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);120        try {121            await writeSSOTokenToFile(ssoSessionName, {122                ...ssoToken,123                accessToken: newSsoOidcToken.accessToken,124                expiresAt: newTokenExpiration.toISOString(),125                refreshToken: newSsoOidcToken.refreshToken,126            });127        }128        catch (error) {129        }130        return {131            token: newSsoOidcToken.accessToken,132            expiration: newTokenExpiration,133        };134    }135    catch (error) {136        validateTokenExpiry(existingToken);137        return existingToken;138    }139};140 141const fromStatic = ({ token, logger }) => async () => {142    logger?.debug("@aws-sdk/token-providers - fromStatic");143    if (!token || !token.token) {144        throw new config.TokenProviderError(`Please pass a valid token to fromStatic`, false);145    }146    return token;147};148 149const nodeProvider = (init = {}) => config.memoize(config.chain(fromSso(init), async () => {150    throw new config.TokenProviderError("Could not load token from any providers", false);151}), (token) => token.expiration !== undefined && token.expiration.getTime() - Date.now() < 300000, (token) => token.expiration !== undefined);152 153exports.fromEnvSigningName = fromEnvSigningName;154exports.fromSso = fromSso;155exports.fromStatic = fromStatic;156exports.nodeProvider = nodeProvider;157