@bearer/cli/lib/commands/login.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const get_port_1 = require("get-port");
const http = require("http");
const axios_1 = require("axios");
// @ts-ignore
const opn = require("open");
const crypto = require("crypto");
const base_command_1 = require("../base-command");
const helpers_1 = require("../utils/helpers");
const constants_1 = require("../utils/constants");
class Login extends base_command_1.default {
    constructor() {
        super(...arguments);
        this.on = (event, callback) => {
            this._listerners[event] = [...this._listerners[event], callback];
        };
        this.stopServer = () => {
            this.debug('stopping server');
            if (this._server) {
                this._server.close(() => {
                    this.debug('server stopped');
                    this._listerners['shutdown'].map(cb => cb());
                });
            }
            this.ux.action.stop();
        };
        this.startServer = async () => {
            const port = await get_port_1.default({ port: constants_1.BEARER_LOGIN_PORT });
            return new Promise((resolve, reject) => {
                if (port !== constants_1.BEARER_LOGIN_PORT) {
                    this.error(`bearer login requires port ${constants_1.BEARER_LOGIN_PORT} to be available`);
                    reject();
                }
                this.debug('starting server');
                const server = http
                    .createServer((request, response) => {
                    let body = '';
                    request.on('data', chunk => {
                        body += chunk;
                    });
                    request.on('end', () => {
                        try {
                            const data = JSON.parse(body);
                            this.debug(data);
                            response.setHeader('Access-Control-Allow-Origin', process.env.LOGIN_ALLOWED_ORIGIN || this.constants.DeveloperPortalUrl);
                            response.setHeader('Connection', 'close');
                            response.write('OK');
                            response.end();
                            this.stopServer();
                            this.getToken(data.code);
                        }
                        catch (e) {
                            this.debug(e);
                        }
                    });
                })
                    .listen(constants_1.BEARER_LOGIN_PORT, () => resolve(server));
            });
        };
        this.getToken = async (code) => {
            try {
                const { data: token } = await axios_1.default.post(`${this.constants.LoginDomain}/oauth/token`, {
                    code,
                    grant_type: 'authorization_code',
                    client_id: `${constants_1.LOGIN_CLIENT_ID}`,
                    code_verifier: `${this._verifier}`,
                    redirect_uri: this.callbackUrl
                });
                this.debug(token);
                await this.bearerConfig.storeToken(token);
                this.success('Successfully logged in!! 🐻');
                this._listerners['success'].map(cb => cb());
            }
            catch (e) {
                this.error(e);
            }
        };
    }
    async run() {
        this._listerners = {
            success: [],
            error: [],
            shutdown: []
        };
        this._server = await this.startServer();
        this._verifier = base64URLEncode(crypto.randomBytes(32));
        this._challenge = base64URLEncode(sha256(this._verifier));
        this.ux.action.start('Logging you in');
        const scopes = 'offline_access email openid';
        const audience = `cli-${constants_1.BEARER_ENV}`;
        const params = {
            audience,
            scope: scopes,
            response_type: 'code',
            client_id: constants_1.LOGIN_CLIENT_ID,
            code_challenge: this._challenge,
            code_challenge_method: 'S256',
            redirect_uri: this.callbackUrl
        };
        this.debug('authoriwe params %j', params);
        const url = `${this.constants.LoginDomain}/authorize?${helpers_1.toParams(params)}`;
        const spawned = await opn(url);
        await Promise.race([
            new Promise((resolve, reject) => {
                spawned.on('close', async (code, signal) => {
                    if (code !== 0) {
                        this.stopServer();
                        this.warn(this.colors.yellow(`Unable to open a browser. If you want to retrieve a token please follow these steps\n`));
                        this.log(this.colors.bold('1/ access the url below  and follow the login process:\n\n'), url);
                        this.log();
                        this.log(this.colors.bold(`2/ when you access the success page copy the token and paste it here`));
                        const token = await this.askForString('Token');
                        await this.getToken(token);
                    }
                });
            }),
            Promise.all([
                new Promise((resolve, reject) => {
                    this.on('success', resolve);
                    this.on('error', reject);
                }),
                new Promise((resolve, reject) => {
                    this.on('shutdown', resolve);
                    this.on('error', reject);
                })
            ])
        ]);
    }
    get callbackUrl() {
        return process.env.BEARER_LOGIN_CALLBACK_URL || `${this.constants.DeveloperPortalUrl}cli-login-callback`;
    }
}
Login.description = 'login using Bearer credentials';
Login.flags = Object.assign({}, base_command_1.default.flags);
Login.args = [];
exports.default = Login;
function base64URLEncode(str) {
    return str
        .toString('base64')
        .replace(/\+/g, '-')
        .replace(/\//g, '_')
        .replace(/=/g, '');
}
function sha256(str) {
    return crypto
        .createHash('sha256')
        .update(str)
        .digest();
}