@atomist/skill/lib/secrets.js

"use strict";
/*
 * Copyright © 2020 Atomist, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
Object.defineProperty(exports, "__esModule", { value: true });
const payload_1 = require("./payload");
function isGitHubCredential(spec) {
    return !!spec.token && !!spec.scopes;
}
exports.isGitHubCredential = isGitHubCredential;
function isGitHubAppCredential(spec) {
    return !!spec.token && !!spec.permissions;
}
exports.isGitHubAppCredential = isGitHubAppCredential;
const ResourceUserQuery = `query ResourceUser($id: String!) {
  ChatId(userId: $id) {
    person {
      gitHubId {
        login
        credential {
          secret
          scopes
        }
      }
    }
  }
}
`;
function gitHubUserToken() {
    return async (graph, payload) => {
        var _a, _b, _c, _d, _e, _f;
        if (payload_1.isCommandIncoming(payload)) {
            const chatId = (_c = (_b = (_a = payload.source) === null || _a === void 0 ? void 0 : _a.slack) === null || _b === void 0 ? void 0 : _b.user) === null || _c === void 0 ? void 0 : _c.id;
            if (chatId) {
                const response = await graph.query(ResourceUserQuery, { id: chatId });
                const credential = (_f = (_e = (_d = response === null || response === void 0 ? void 0 : response.ChatId[0]) === null || _d === void 0 ? void 0 : _d.person) === null || _e === void 0 ? void 0 : _e.gitHubId) === null || _f === void 0 ? void 0 : _f.credential;
                if (credential) {
                    return {
                        scopes: credential.scopes,
                        token: credential.secret,
                    };
                }
            }
        }
        return undefined;
    };
}
exports.gitHubUserToken = gitHubUserToken;
const ProviderQuery = `query Provider($owner: String, $repo: String, $apiUrl: String) {
  Repo(owner: $owner, name: $repo) {
    org @required {
      provider(apiUrl: $apiUrl) @required {
        id
      }
    }
  }
}
`;
const ProviderByRepoIdQuery = `query ProviderByRepoId($id: ID!) {
  Repo(id: $id) {
    org @required {
      provider @required {
        id
      }
    }
  }
}
`;
const GitHubAppTokenQuery = `query GitHubAppToken($id: ID!, $owner: String!) {
  GitHubAppResourceProvider(id: $id) {
    gitHubAppInstallations(owner: $owner) {
      token {
        secret
        permissions
      }
    }
  }
}
`;
const ScmProviderQuery = `query ScmProvider($id: ID!) {
  SCMProvider(id: $id) {
    credential {
      secret
      scopes
    }
  }
}`;
function gitHubAppToken(id) {
    return async (graph) => {
        var _a, _b, _c, _d, _e, _f, _g, _h;
        let repo;
        let owner;
        let apiUrl;
        let providerId;
        if (typeof id === "string") {
            const provider = await graph.query(ProviderByRepoIdQuery, { id });
            providerId = (_c = (_b = (_a = provider === null || provider === void 0 ? void 0 : provider.Repo[0]) === null || _a === void 0 ? void 0 : _a.org) === null || _b === void 0 ? void 0 : _b.provider) === null || _c === void 0 ? void 0 : _c.id;
        }
        else {
            repo = id.repo;
            owner = id.owner;
            apiUrl = id.apiUrl;
            const provider = await graph.query(ProviderQuery, { apiUrl: apiUrl || "https://api.github.com/", owner, repo });
            providerId = (_f = (_e = (_d = provider === null || provider === void 0 ? void 0 : provider.Repo[0]) === null || _d === void 0 ? void 0 : _d.org) === null || _e === void 0 ? void 0 : _e.provider) === null || _f === void 0 ? void 0 : _f.id;
        }
        if (providerId) {
            const installations = await graph.query(GitHubAppTokenQuery, {
                id: providerId,
                owner,
            });
            const token = (_g = installations === null || installations === void 0 ? void 0 : installations.GitHubAppResourceProvider[0]) === null || _g === void 0 ? void 0 : _g.gitHubAppInstallations[0].token;
            if (token) {
                return {
                    token: token.secret,
                    permissions: JSON.parse(token.permissions || ""),
                };
            }
            // Fallback to old SCMProvider for backwards compatibility
            const scmProvider = await graph.query(ScmProviderQuery, { id: providerId });
            const credential = (_h = scmProvider === null || scmProvider === void 0 ? void 0 : scmProvider.SCMProvider[0]) === null || _h === void 0 ? void 0 : _h.credential;
            if (credential) {
                return {
                    token: credential.secret,
                    scopes: credential.scopes,
                };
            }
        }
        return undefined;
    };
}
exports.gitHubAppToken = gitHubAppToken;
class DefaultCredentialProvider {
    constructor(graphClient, payload) {
        this.graphClient = graphClient;
        this.payload = payload;
    }
    async resolve(spec) {
        return spec(this.graphClient, this.payload);
    }
}
exports.DefaultCredentialProvider = DefaultCredentialProvider;
//# sourceMappingURL=secrets.js.map