1 | ;
|
2 | // Copyright 2024 Google LLC
|
3 | //
|
4 | // Licensed under the Apache License, Version 2.0 (the "License");
|
5 | // you may not use this file except in compliance with the License.
|
6 | // You may obtain a copy of the License at
|
7 | //
|
8 | // http://www.apache.org/licenses/LICENSE-2.0
|
9 | //
|
10 | // Unless required by applicable law or agreed to in writing, software
|
11 | // distributed under the License is distributed on an "AS IS" BASIS,
|
12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13 | // See the License for the specific language governing permissions and
|
14 | // limitations under the License.
|
15 | var _a, _b, _c;
|
16 | Object.defineProperty(exports, "__esModule", { value: true });
|
17 | exports.FileSubjectTokenSupplier = void 0;
|
18 | const util_1 = require("util");
|
19 | const fs = require("fs");
|
20 | // fs.readfile is undefined in browser karma tests causing
|
21 | // `npm run browser-test` to fail as test.oauth2.ts imports this file via
|
22 | // src/index.ts.
|
23 | // Fallback to void function to avoid promisify throwing a TypeError.
|
24 | const readFile = (0, util_1.promisify)((_a = fs.readFile) !== null && _a !== void 0 ? _a : (() => { }));
|
25 | const realpath = (0, util_1.promisify)((_b = fs.realpath) !== null && _b !== void 0 ? _b : (() => { }));
|
26 | const lstat = (0, util_1.promisify)((_c = fs.lstat) !== null && _c !== void 0 ? _c : (() => { }));
|
27 | /**
|
28 | * Internal subject token supplier implementation used when a file location
|
29 | * is configured in the credential configuration used to build an {@link IdentityPoolClient}
|
30 | */
|
31 | class FileSubjectTokenSupplier {
|
32 | /**
|
33 | * Instantiates a new file based subject token supplier.
|
34 | * @param opts The file subject token supplier options to build the supplier
|
35 | * with.
|
36 | */
|
37 | constructor(opts) {
|
38 | this.filePath = opts.filePath;
|
39 | this.formatType = opts.formatType;
|
40 | this.subjectTokenFieldName = opts.subjectTokenFieldName;
|
41 | }
|
42 | /**
|
43 | * Returns the subject token stored at the file specified in the constructor.
|
44 | * @param context {@link ExternalAccountSupplierContext} from the calling
|
45 | * {@link IdentityPoolClient}, contains the requested audience and subject
|
46 | * token type for the external account identity. Not used.
|
47 | */
|
48 | async getSubjectToken(context) {
|
49 | // Make sure there is a file at the path. lstatSync will throw if there is
|
50 | // nothing there.
|
51 | let parsedFilePath = this.filePath;
|
52 | try {
|
53 | // Resolve path to actual file in case of symlink. Expect a thrown error
|
54 | // if not resolvable.
|
55 | parsedFilePath = await realpath(parsedFilePath);
|
56 | if (!(await lstat(parsedFilePath)).isFile()) {
|
57 | throw new Error();
|
58 | }
|
59 | }
|
60 | catch (err) {
|
61 | if (err instanceof Error) {
|
62 | err.message = `The file at ${parsedFilePath} does not exist, or it is not a file. ${err.message}`;
|
63 | }
|
64 | throw err;
|
65 | }
|
66 | let subjectToken;
|
67 | const rawText = await readFile(parsedFilePath, { encoding: 'utf8' });
|
68 | if (this.formatType === 'text') {
|
69 | subjectToken = rawText;
|
70 | }
|
71 | else if (this.formatType === 'json' && this.subjectTokenFieldName) {
|
72 | const json = JSON.parse(rawText);
|
73 | subjectToken = json[this.subjectTokenFieldName];
|
74 | }
|
75 | if (!subjectToken) {
|
76 | throw new Error('Unable to parse the subject_token from the credential_source file');
|
77 | }
|
78 | return subjectToken;
|
79 | }
|
80 | }
|
81 | exports.FileSubjectTokenSupplier = FileSubjectTokenSupplier;
|