mirror of
https://github.com/github/codeql-action.git
synced 2025-12-27 17:50:07 +08:00
139 lines
4.2 KiB
JavaScript
139 lines
4.2 KiB
JavaScript
// pkg/dist-src/index.js
|
|
import { getUserAgent } from "universal-user-agent";
|
|
import { request as octokitRequest } from "@octokit/request";
|
|
|
|
// pkg/dist-src/get-oauth-access-token.js
|
|
import { createDeviceCode, exchangeDeviceCode } from "@octokit/oauth-methods";
|
|
async function getOAuthAccessToken(state, options) {
|
|
const cachedAuthentication = getCachedAuthentication(state, options.auth);
|
|
if (cachedAuthentication) return cachedAuthentication;
|
|
const { data: verification } = await createDeviceCode({
|
|
clientType: state.clientType,
|
|
clientId: state.clientId,
|
|
request: options.request || state.request,
|
|
// @ts-expect-error the extra code to make TS happy is not worth it
|
|
scopes: options.auth.scopes || state.scopes
|
|
});
|
|
await state.onVerification(verification);
|
|
const authentication = await waitForAccessToken(
|
|
options.request || state.request,
|
|
state.clientId,
|
|
state.clientType,
|
|
verification
|
|
);
|
|
state.authentication = authentication;
|
|
return authentication;
|
|
}
|
|
function getCachedAuthentication(state, auth2) {
|
|
if (auth2.refresh === true) return false;
|
|
if (!state.authentication) return false;
|
|
if (state.clientType === "github-app") {
|
|
return state.authentication;
|
|
}
|
|
const authentication = state.authentication;
|
|
const newScope = ("scopes" in auth2 && auth2.scopes || state.scopes).join(
|
|
" "
|
|
);
|
|
const currentScope = authentication.scopes.join(" ");
|
|
return newScope === currentScope ? authentication : false;
|
|
}
|
|
async function wait(seconds) {
|
|
await new Promise((resolve) => setTimeout(resolve, seconds * 1e3));
|
|
}
|
|
async function waitForAccessToken(request, clientId, clientType, verification) {
|
|
try {
|
|
const options = {
|
|
clientId,
|
|
request,
|
|
code: verification.device_code
|
|
};
|
|
const { authentication } = clientType === "oauth-app" ? await exchangeDeviceCode({
|
|
...options,
|
|
clientType: "oauth-app"
|
|
}) : await exchangeDeviceCode({
|
|
...options,
|
|
clientType: "github-app"
|
|
});
|
|
return {
|
|
type: "token",
|
|
tokenType: "oauth",
|
|
...authentication
|
|
};
|
|
} catch (error) {
|
|
if (!error.response) throw error;
|
|
const errorType = error.response.data.error;
|
|
if (errorType === "authorization_pending") {
|
|
await wait(verification.interval);
|
|
return waitForAccessToken(request, clientId, clientType, verification);
|
|
}
|
|
if (errorType === "slow_down") {
|
|
await wait(verification.interval + 5);
|
|
return waitForAccessToken(request, clientId, clientType, verification);
|
|
}
|
|
throw error;
|
|
}
|
|
}
|
|
|
|
// pkg/dist-src/auth.js
|
|
async function auth(state, authOptions) {
|
|
return getOAuthAccessToken(state, {
|
|
auth: authOptions
|
|
});
|
|
}
|
|
|
|
// pkg/dist-src/hook.js
|
|
async function hook(state, request, route, parameters) {
|
|
let endpoint = request.endpoint.merge(
|
|
route,
|
|
parameters
|
|
);
|
|
if (/\/login\/(oauth\/access_token|device\/code)$/.test(endpoint.url)) {
|
|
return request(endpoint);
|
|
}
|
|
const { token } = await getOAuthAccessToken(state, {
|
|
request,
|
|
auth: { type: "oauth" }
|
|
});
|
|
endpoint.headers.authorization = `token ${token}`;
|
|
return request(endpoint);
|
|
}
|
|
|
|
// pkg/dist-src/version.js
|
|
var VERSION = "0.0.0-development";
|
|
|
|
// pkg/dist-src/index.js
|
|
function createOAuthDeviceAuth(options) {
|
|
const requestWithDefaults = options.request || octokitRequest.defaults({
|
|
headers: {
|
|
"user-agent": `octokit-auth-oauth-device.js/${VERSION} ${getUserAgent()}`
|
|
}
|
|
});
|
|
const { request = requestWithDefaults, ...otherOptions } = options;
|
|
const state = options.clientType === "github-app" ? {
|
|
...otherOptions,
|
|
clientType: "github-app",
|
|
request
|
|
} : {
|
|
...otherOptions,
|
|
clientType: "oauth-app",
|
|
request,
|
|
scopes: options.scopes || []
|
|
};
|
|
if (!options.clientId) {
|
|
throw new Error(
|
|
'[@octokit/auth-oauth-device] "clientId" option must be set (https://github.com/octokit/auth-oauth-device.js#usage)'
|
|
);
|
|
}
|
|
if (!options.onVerification) {
|
|
throw new Error(
|
|
'[@octokit/auth-oauth-device] "onVerification" option must be a function (https://github.com/octokit/auth-oauth-device.js#usage)'
|
|
);
|
|
}
|
|
return Object.assign(auth.bind(null, state), {
|
|
hook: hook.bind(null, state)
|
|
});
|
|
}
|
|
export {
|
|
createOAuthDeviceAuth
|
|
};
|