mirror of
https://github.com/github/codeql-action.git
synced 2025-12-27 01:30:10 +08:00
99 lines
3.1 KiB
JavaScript
99 lines
3.1 KiB
JavaScript
import { getAuthentication } from "./get-authentication.js";
|
|
import {
|
|
checkToken,
|
|
deleteAuthorization,
|
|
deleteToken,
|
|
refreshToken,
|
|
resetToken
|
|
} from "@octokit/oauth-methods";
|
|
async function auth(state, options = {}) {
|
|
if (!state.authentication) {
|
|
state.authentication = state.clientType === "oauth-app" ? await getAuthentication(state) : await getAuthentication(state);
|
|
}
|
|
if (state.authentication.invalid) {
|
|
throw new Error("[@octokit/auth-oauth-user] Token is invalid");
|
|
}
|
|
const currentAuthentication = state.authentication;
|
|
if ("expiresAt" in currentAuthentication) {
|
|
if (options.type === "refresh" || new Date(currentAuthentication.expiresAt) < /* @__PURE__ */ new Date()) {
|
|
const { authentication } = await refreshToken({
|
|
clientType: "github-app",
|
|
clientId: state.clientId,
|
|
clientSecret: state.clientSecret,
|
|
refreshToken: currentAuthentication.refreshToken,
|
|
request: state.request
|
|
});
|
|
state.authentication = {
|
|
tokenType: "oauth",
|
|
type: "token",
|
|
...authentication
|
|
};
|
|
}
|
|
}
|
|
if (options.type === "refresh") {
|
|
if (state.clientType === "oauth-app") {
|
|
throw new Error(
|
|
"[@octokit/auth-oauth-user] OAuth Apps do not support expiring tokens"
|
|
);
|
|
}
|
|
if (!currentAuthentication.hasOwnProperty("expiresAt")) {
|
|
throw new Error("[@octokit/auth-oauth-user] Refresh token missing");
|
|
}
|
|
await state.onTokenCreated?.(state.authentication, {
|
|
type: options.type
|
|
});
|
|
}
|
|
if (options.type === "check" || options.type === "reset") {
|
|
const method = options.type === "check" ? checkToken : resetToken;
|
|
try {
|
|
const { authentication } = await method({
|
|
// @ts-expect-error making TS happy would require unnecessary code so no
|
|
clientType: state.clientType,
|
|
clientId: state.clientId,
|
|
clientSecret: state.clientSecret,
|
|
token: state.authentication.token,
|
|
request: state.request
|
|
});
|
|
state.authentication = {
|
|
tokenType: "oauth",
|
|
type: "token",
|
|
// @ts-expect-error TBD
|
|
...authentication
|
|
};
|
|
if (options.type === "reset") {
|
|
await state.onTokenCreated?.(state.authentication, {
|
|
type: options.type
|
|
});
|
|
}
|
|
return state.authentication;
|
|
} catch (error) {
|
|
if (error.status === 404) {
|
|
error.message = "[@octokit/auth-oauth-user] Token is invalid";
|
|
state.authentication.invalid = true;
|
|
}
|
|
throw error;
|
|
}
|
|
}
|
|
if (options.type === "delete" || options.type === "deleteAuthorization") {
|
|
const method = options.type === "delete" ? deleteToken : deleteAuthorization;
|
|
try {
|
|
await method({
|
|
// @ts-expect-error making TS happy would require unnecessary code so no
|
|
clientType: state.clientType,
|
|
clientId: state.clientId,
|
|
clientSecret: state.clientSecret,
|
|
token: state.authentication.token,
|
|
request: state.request
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 404) throw error;
|
|
}
|
|
state.authentication.invalid = true;
|
|
return state.authentication;
|
|
}
|
|
return state.authentication;
|
|
}
|
|
export {
|
|
auth
|
|
};
|