File Explorer

1"use strict";2var __create = Object.create;3var __defProp = Object.defineProperty;4var __getOwnPropDesc = Object.getOwnPropertyDescriptor;5var __getOwnPropNames = Object.getOwnPropertyNames;6var __getProtoOf = Object.getPrototypeOf;7var __hasOwnProp = Object.prototype.hasOwnProperty;8var __name = (target, value) => __defProp(target, "name", { value, configurable: true });9var __export = (target, all) => {10  for (var name in all)11    __defProp(target, name, { get: all[name], enumerable: true });12};13var __copyProps = (to, from, except, desc) => {14  if (from && typeof from === "object" || typeof from === "function") {15    for (let key of __getOwnPropNames(from))16      if (!__hasOwnProp.call(to, key) && key !== except)17        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });18  }19  return to;20};21var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(22  // If the importer is in node compatibility mode or this is not an ESM23  // file that has been converted to a CommonJS file using a Babel-24  // compatible transform (i.e. "__esModule" has not been set), then set25  // "default" to the CommonJS "module.exports" for node compatibility.26  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,27  mod28));29var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);30 31// src/index.ts32var index_exports = {};33__export(index_exports, {34  fromEnvSigningName: () => fromEnvSigningName,35  fromSso: () => fromSso,36  fromStatic: () => fromStatic,37  nodeProvider: () => nodeProvider38});39module.exports = __toCommonJS(index_exports);40 41// src/fromEnvSigningName.ts42var import_client = require("@aws-sdk/core/client");43var import_httpAuthSchemes = require("@aws-sdk/core/httpAuthSchemes");44var import_property_provider = require("@smithy/property-provider");45var fromEnvSigningName = /* @__PURE__ */ __name(({ logger, signingName } = {}) => async () => {46  logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName");47  if (!signingName) {48    throw new import_property_provider.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger });49  }50  const bearerTokenKey = (0, import_httpAuthSchemes.getBearerTokenEnvKey)(signingName);51  if (!(bearerTokenKey in process.env)) {52    throw new import_property_provider.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger });53  }54  const token = { token: process.env[bearerTokenKey] };55  (0, import_client.setTokenFeature)(token, "BEARER_SERVICE_ENV_VARS", "3");56  return token;57}, "fromEnvSigningName");58 59// src/fromSso.ts60 61 62 63// src/constants.ts64var EXPIRE_WINDOW_MS = 5 * 60 * 1e3;65var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;66 67// src/getSsoOidcClient.ts68var getSsoOidcClient = /* @__PURE__ */ __name(async (ssoRegion, init = {}) => {69  const { SSOOIDCClient } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/nested-clients/sso-oidc")));70  const ssoOidcClient = new SSOOIDCClient(71    Object.assign({}, init.clientConfig ?? {}, {72      region: ssoRegion ?? init.clientConfig?.region,73      logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger74    })75  );76  return ssoOidcClient;77}, "getSsoOidcClient");78 79// src/getNewSsoOidcToken.ts80var getNewSsoOidcToken = /* @__PURE__ */ __name(async (ssoToken, ssoRegion, init = {}) => {81  const { CreateTokenCommand } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/nested-clients/sso-oidc")));82  const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);83  return ssoOidcClient.send(84    new CreateTokenCommand({85      clientId: ssoToken.clientId,86      clientSecret: ssoToken.clientSecret,87      refreshToken: ssoToken.refreshToken,88      grantType: "refresh_token"89    })90  );91}, "getNewSsoOidcToken");92 93// src/validateTokenExpiry.ts94 95var validateTokenExpiry = /* @__PURE__ */ __name((token) => {96  if (token.expiration && token.expiration.getTime() < Date.now()) {97    throw new import_property_provider.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);98  }99}, "validateTokenExpiry");100 101// src/validateTokenKey.ts102 103var validateTokenKey = /* @__PURE__ */ __name((key, value, forRefresh = false) => {104  if (typeof value === "undefined") {105    throw new import_property_provider.TokenProviderError(106      `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`,107      false108    );109  }110}, "validateTokenKey");111 112// src/writeSSOTokenToFile.ts113var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");114var import_fs = require("fs");115var { writeFile } = import_fs.promises;116var writeSSOTokenToFile = /* @__PURE__ */ __name((id, ssoToken) => {117  const tokenFilepath = (0, import_shared_ini_file_loader.getSSOTokenFilepath)(id);118  const tokenString = JSON.stringify(ssoToken, null, 2);119  return writeFile(tokenFilepath, tokenString);120}, "writeSSOTokenToFile");121 122// src/fromSso.ts123var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0);124var fromSso = /* @__PURE__ */ __name((_init = {}) => async ({ callerClientConfig } = {}) => {125  const init = {126    ..._init,127    parentClientConfig: {128      ...callerClientConfig,129      ..._init.parentClientConfig130    }131  };132  init.logger?.debug("@aws-sdk/token-providers - fromSso");133  const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);134  const profileName = (0, import_shared_ini_file_loader.getProfileName)({135    profile: init.profile ?? callerClientConfig?.profile136  });137  const profile = profiles[profileName];138  if (!profile) {139    throw new import_property_provider.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);140  } else if (!profile["sso_session"]) {141    throw new import_property_provider.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);142  }143  const ssoSessionName = profile["sso_session"];144  const ssoSessions = await (0, import_shared_ini_file_loader.loadSsoSessionData)(init);145  const ssoSession = ssoSessions[ssoSessionName];146  if (!ssoSession) {147    throw new import_property_provider.TokenProviderError(148      `Sso session '${ssoSessionName}' could not be found in shared credentials file.`,149      false150    );151  }152  for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) {153    if (!ssoSession[ssoSessionRequiredKey]) {154      throw new import_property_provider.TokenProviderError(155        `Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`,156        false157      );158    }159  }160  const ssoStartUrl = ssoSession["sso_start_url"];161  const ssoRegion = ssoSession["sso_region"];162  let ssoToken;163  try {164    ssoToken = await (0, import_shared_ini_file_loader.getSSOTokenFromFile)(ssoSessionName);165  } catch (e) {166    throw new import_property_provider.TokenProviderError(167      `The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`,168      false169    );170  }171  validateTokenKey("accessToken", ssoToken.accessToken);172  validateTokenKey("expiresAt", ssoToken.expiresAt);173  const { accessToken, expiresAt } = ssoToken;174  const existingToken = { token: accessToken, expiration: new Date(expiresAt) };175  if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {176    return existingToken;177  }178  if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) {179    validateTokenExpiry(existingToken);180    return existingToken;181  }182  validateTokenKey("clientId", ssoToken.clientId, true);183  validateTokenKey("clientSecret", ssoToken.clientSecret, true);184  validateTokenKey("refreshToken", ssoToken.refreshToken, true);185  try {186    lastRefreshAttemptTime.setTime(Date.now());187    const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);188    validateTokenKey("accessToken", newSsoOidcToken.accessToken);189    validateTokenKey("expiresIn", newSsoOidcToken.expiresIn);190    const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3);191    try {192      await writeSSOTokenToFile(ssoSessionName, {193        ...ssoToken,194        accessToken: newSsoOidcToken.accessToken,195        expiresAt: newTokenExpiration.toISOString(),196        refreshToken: newSsoOidcToken.refreshToken197      });198    } catch (error) {199    }200    return {201      token: newSsoOidcToken.accessToken,202      expiration: newTokenExpiration203    };204  } catch (error) {205    validateTokenExpiry(existingToken);206    return existingToken;207  }208}, "fromSso");209 210// src/fromStatic.ts211 212var fromStatic = /* @__PURE__ */ __name(({ token, logger }) => async () => {213  logger?.debug("@aws-sdk/token-providers - fromStatic");214  if (!token || !token.token) {215    throw new import_property_provider.TokenProviderError(`Please pass a valid token to fromStatic`, false);216  }217  return token;218}, "fromStatic");219 220// src/nodeProvider.ts221 222var nodeProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)(223  (0, import_property_provider.chain)(fromSso(init), async () => {224    throw new import_property_provider.TokenProviderError("Could not load token from any providers", false);225  }),226  (token) => token.expiration !== void 0 && token.expiration.getTime() - Date.now() < 3e5,227  (token) => token.expiration !== void 0228), "nodeProvider");229// Annotate the CommonJS export names for ESM import in node:230 2310 && (module.exports = {232  fromEnvSigningName,233  fromSso,234  fromStatic,235  nodeProvider236});237 238