angular-docs-cn/dev-infra/utils/git/authenticated-git-client.ts

128 lines
5.0 KiB
TypeScript
Raw Normal View History

/**
* @license
* Copyright Google LLC All Rights Reserved.
*
* Use of this source code is governed by an MIT-style license that can be
* found in the LICENSE file at https://angular.io/license
*/
import {Octokit} from '@octokit/rest';
import {NgDevConfig} from '../config';
import {yellow} from '../console';
import {GitClient} from './git-client';
import {AuthenticatedGithubClient} from './github';
import {getRepositoryGitUrl, GITHUB_TOKEN_GENERATE_URL, GITHUB_TOKEN_SETTINGS_URL} from './github-urls';
/** Github response type extended to include the `x-oauth-scopes` headers presence. */
type RateLimitResponseWithOAuthScopeHeader = Octokit.Response<Octokit.RateLimitGetResponse>&{
headers: {'x-oauth-scopes': string|undefined};
};
/** Describes a function that can be used to test for given Github OAuth scopes. */
export type OAuthScopeTestFunction = (scopes: string[], missing: string[]) => void;
/**
* Extension of the `GitClient` with additional utilities which are useful for
* authenticated Git client instances.
*/
export class AuthenticatedGitClient extends GitClient {
/**
* Regular expression that matches the provided Github token. Used for
* sanitizing the token from Git child process output.
*/
private readonly _githubTokenRegex: RegExp = new RegExp(this.githubToken, 'g');
/** The OAuth scopes available for the provided Github token. */
private _cachedOauthScopes: Promise<string[]>|null = null;
/** Instance of an authenticated github client. */
readonly github = new AuthenticatedGithubClient(this.githubToken);
protected constructor(readonly githubToken: string, baseDir?: string, config?: NgDevConfig) {
super(baseDir, config);
}
/** Sanitizes a given message by omitting the provided Github token if present. */
sanitizeConsoleOutput(value: string): string {
return value.replace(this._githubTokenRegex, '<TOKEN>');
}
/** Git URL that resolves to the configured repository. */
getRepoGitUrl() {
return getRepositoryGitUrl(this.remoteConfig, this.githubToken);
}
/**
* Assert the GitClient instance is using a token with permissions for the all of the
* provided OAuth scopes.
*/
async hasOauthScopes(testFn: OAuthScopeTestFunction): Promise<true|{error: string}> {
const scopes = await this._fetchAuthScopesForToken();
const missingScopes: string[] = [];
// Test Github OAuth scopes and collect missing ones.
testFn(scopes, missingScopes);
// If no missing scopes are found, return true to indicate all OAuth Scopes are available.
if (missingScopes.length === 0) {
return true;
}
// Pre-constructed error message to log to the user, providing missing scopes and
// remediation instructions.
const error =
`The provided <TOKEN> does not have required permissions due to missing scope(s): ` +
`${yellow(missingScopes.join(', '))}\n\n` +
`Update the token in use at:\n` +
` ${GITHUB_TOKEN_SETTINGS_URL}\n\n` +
`Alternatively, a new token can be created at: ${GITHUB_TOKEN_GENERATE_URL}\n`;
return {error};
}
/** Fetch the OAuth scopes for the loaded Github token. */
private _fetchAuthScopesForToken() {
// If the OAuth scopes have already been loaded, return the Promise containing them.
if (this._cachedOauthScopes !== null) {
return this._cachedOauthScopes;
}
// OAuth scopes are loaded via the /rate_limit endpoint to prevent
// usage of a request against that rate_limit for this lookup.
return this._cachedOauthScopes = this.github.rateLimit.get().then(_response => {
const response = _response as RateLimitResponseWithOAuthScopeHeader;
const scopes = response.headers['x-oauth-scopes'];
// If no token is provided, or if the Github client is authenticated incorrectly,
// the `x-oauth-scopes` response header is not set. We error in such cases as it
// signifies a faulty of the
if (scopes === undefined) {
throw Error('Unable to retrieve OAuth scopes for token provided to Git client.');
}
return scopes.split(',').map(scope => scope.trim()).filter(scope => scope !== '');
});
}
/** The singleton instance of the `AuthenticatedGitClient`. */
private static _authenticatedInstance: AuthenticatedGitClient;
/**
* Static method to get the singleton instance of the `AuthenticatedGitClient`,
* creating it if it has not yet been created.
*/
static get(): AuthenticatedGitClient {
if (!AuthenticatedGitClient._authenticatedInstance) {
throw new Error('No instance of `AuthenticatedGitClient` has been set up yet.');
}
return AuthenticatedGitClient._authenticatedInstance;
}
/** Configures an authenticated git client. */
static configure(token: string): void {
if (AuthenticatedGitClient._authenticatedInstance) {
throw Error(
'Unable to configure `AuthenticatedGitClient` as it has been configured already.');
}
AuthenticatedGitClient._authenticatedInstance = new AuthenticatedGitClient(token);
}
}