| 1 | ;
|
| 2 | // Copyright 2024 Google LLC
|
| 3 | //
|
| 4 | // Licensed under the Apache License, Version 2.0 (the "License");
|
| 5 | // you may not use this file except in compliance with the License.
|
| 6 | // You may obtain a copy of the License at
|
| 7 | //
|
| 8 | // http://www.apache.org/licenses/LICENSE-2.0
|
| 9 | //
|
| 10 | // Unless required by applicable law or agreed to in writing, software
|
| 11 | // distributed under the License is distributed on an "AS IS" BASIS,
|
| 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 13 | // See the License for the specific language governing permissions and
|
| 14 | // limitations under the License.
|
| 15 | var _a, _b, _c;
|
| 16 | Object.defineProperty(exports, "__esModule", { value: true });
|
| 17 | exports.FileSubjectTokenSupplier = void 0;
|
| 18 | const util_1 = require("util");
|
| 19 | const fs = require("fs");
|
| 20 | // fs.readfile is undefined in browser karma tests causing
|
| 21 | // `npm run browser-test` to fail as test.oauth2.ts imports this file via
|
| 22 | // src/index.ts.
|
| 23 | // Fallback to void function to avoid promisify throwing a TypeError.
|
| 24 | const readFile = (0, util_1.promisify)((_a = fs.readFile) !== null && _a !== void 0 ? _a : (() => { }));
|
| 25 | const realpath = (0, util_1.promisify)((_b = fs.realpath) !== null && _b !== void 0 ? _b : (() => { }));
|
| 26 | const lstat = (0, util_1.promisify)((_c = fs.lstat) !== null && _c !== void 0 ? _c : (() => { }));
|
| 27 | /**
|
| 28 | * Internal subject token supplier implementation used when a file location
|
| 29 | * is configured in the credential configuration used to build an {@link IdentityPoolClient}
|
| 30 | */
|
| 31 | class FileSubjectTokenSupplier {
|
| 32 | /**
|
| 33 | * Instantiates a new file based subject token supplier.
|
| 34 | * @param opts The file subject token supplier options to build the supplier
|
| 35 | * with.
|
| 36 | */
|
| 37 | constructor(opts) {
|
| 38 | this.filePath = opts.filePath;
|
| 39 | this.formatType = opts.formatType;
|
| 40 | this.subjectTokenFieldName = opts.subjectTokenFieldName;
|
| 41 | }
|
| 42 | /**
|
| 43 | * Returns the subject token stored at the file specified in the constructor.
|
| 44 | * @param context {@link ExternalAccountSupplierContext} from the calling
|
| 45 | * {@link IdentityPoolClient}, contains the requested audience and subject
|
| 46 | * token type for the external account identity. Not used.
|
| 47 | */
|
| 48 | async getSubjectToken(context) {
|
| 49 | // Make sure there is a file at the path. lstatSync will throw if there is
|
| 50 | // nothing there.
|
| 51 | let parsedFilePath = this.filePath;
|
| 52 | try {
|
| 53 | // Resolve path to actual file in case of symlink. Expect a thrown error
|
| 54 | // if not resolvable.
|
| 55 | parsedFilePath = await realpath(parsedFilePath);
|
| 56 | if (!(await lstat(parsedFilePath)).isFile()) {
|
| 57 | throw new Error();
|
| 58 | }
|
| 59 | }
|
| 60 | catch (err) {
|
| 61 | if (err instanceof Error) {
|
| 62 | err.message = `The file at ${parsedFilePath} does not exist, or it is not a file. ${err.message}`;
|
| 63 | }
|
| 64 | throw err;
|
| 65 | }
|
| 66 | let subjectToken;
|
| 67 | const rawText = await readFile(parsedFilePath, { encoding: 'utf8' });
|
| 68 | if (this.formatType === 'text') {
|
| 69 | subjectToken = rawText;
|
| 70 | }
|
| 71 | else if (this.formatType === 'json' && this.subjectTokenFieldName) {
|
| 72 | const json = JSON.parse(rawText);
|
| 73 | subjectToken = json[this.subjectTokenFieldName];
|
| 74 | }
|
| 75 | if (!subjectToken) {
|
| 76 | throw new Error('Unable to parse the subject_token from the credential_source file');
|
| 77 | }
|
| 78 | return subjectToken;
|
| 79 | }
|
| 80 | }
|
| 81 | exports.FileSubjectTokenSupplier = FileSubjectTokenSupplier;
|