mirror of
synced 2025-03-12 16:55:46 +00:00
282 lines
13 KiB
282 lines
13 KiB
"use strict";
var __extends = (this && this.__extends) || (function () {
var extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
return function (d, b) {
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = y[op[0] & 2 ? "return" : op[0] ? "throw" : "next"]) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [0, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
Object.defineProperty(exports, "__esModule", { value: true });
var axios_1 = require("axios");
var fs = require("fs");
var jws = require("jws");
var mime = require("mime");
var pify = require("pify");
var querystring = require("querystring");
var readFile = pify(fs.readFile);
var GOOGLE_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token';
var GOOGLE_REVOKE_TOKEN_URL = 'https://accounts.google.com/o/oauth2/revoke?token=';
var ErrorWithCode = /** @class */ (function (_super) {
__extends(ErrorWithCode, _super);
function ErrorWithCode(message, code) {
var _this = _super.call(this, message) || this;
_this.code = code;
return _this;
return ErrorWithCode;
var getPem;
var GoogleToken = /** @class */ (function () {
* Create a GoogleToken.
* @param options Configuration object.
function GoogleToken(options) {
this.token = null;
this.expiresAt = null;
this.rawToken = null;
this.tokenExpires = null;
* Returns whether the token has expired.
* @return true if the token has expired, false otherwise.
GoogleToken.prototype.hasExpired = function () {
var now = (new Date()).getTime();
if (this.token && this.expiresAt) {
return now >= this.expiresAt;
else {
return true;
GoogleToken.prototype.getToken = function (callback) {
if (callback) {
.then(function (t) {
callback(null, t);
return this.getTokenAsync();
* Given a keyFile, extract the key and client email if available
* @param keyFile Path to a json, pem, or p12 file that contains the key.
* @returns an object with privateKey and clientEmail properties
GoogleToken.prototype.getCredentials = function (keyFile) {
return __awaiter(this, void 0, void 0, function () {
var mimeType, _a, key, body, privateKey, clientEmail, privateKey, privateKey;
return __generator(this, function (_b) {
switch (_b.label) {
case 0:
mimeType = mime.getType(keyFile);
_a = mimeType;
switch (_a) {
case 'application/json': return [3 /*break*/, 1];
case 'application/x-x509-ca-cert': return [3 /*break*/, 3];
case 'application/x-pkcs12': return [3 /*break*/, 5];
return [3 /*break*/, 9];
case 1: return [4 /*yield*/, readFile(keyFile, 'utf8')];
case 2:
key = _b.sent();
body = JSON.parse(key);
privateKey = body.private_key;
clientEmail = body.client_email;
if (!privateKey || !clientEmail) {
throw new ErrorWithCode('private_key and client_email are required.', 'MISSING_CREDENTIALS');
return [2 /*return*/, { privateKey: privateKey, clientEmail: clientEmail }];
case 3: return [4 /*yield*/, readFile(keyFile, 'utf8')];
case 4:
privateKey = _b.sent();
return [2 /*return*/, { privateKey: privateKey }];
case 5:
if (!!getPem) return [3 /*break*/, 7];
return [4 /*yield*/, Promise.resolve().then(function () { return require('google-p12-pem'); })];
case 6:
getPem = (_b.sent()).getPem;
_b.label = 7;
case 7: return [4 /*yield*/, getPem(keyFile)];
case 8:
privateKey = _b.sent();
return [2 /*return*/, { privateKey: privateKey }];
case 9: throw new ErrorWithCode('Unknown certificate type. Type is determined based on file extension. ' +
'Current supported extensions are *.json, *.pem, and *.p12.', 'UNKNOWN_CERTIFICATE_TYPE');
GoogleToken.prototype.getTokenAsync = function () {
return __awaiter(this, void 0, void 0, function () {
var creds;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!this.hasExpired()) {
return [2 /*return*/, Promise.resolve(this.token)];
if (!this.key && !this.keyFile) {
throw new Error('No key or keyFile set.');
if (!(!this.key && this.keyFile)) return [3 /*break*/, 2];
return [4 /*yield*/, this.getCredentials(this.keyFile)];
case 1:
creds = _a.sent();
this.key = creds.privateKey;
this.iss = creds.clientEmail || this.iss;
if (!creds.clientEmail) {
_a.label = 2;
case 2: return [2 /*return*/, this.requestToken()];
GoogleToken.prototype.ensureEmail = function () {
if (!this.iss) {
throw new ErrorWithCode('email is required.', 'MISSING_CREDENTIALS');
GoogleToken.prototype.revokeToken = function (callback) {
if (callback) {
this.revokeTokenAsync().then(function () { return callback(); }).catch(callback);
return this.revokeTokenAsync();
GoogleToken.prototype.revokeTokenAsync = function () {
return __awaiter(this, void 0, void 0, function () {
var _this = this;
return __generator(this, function (_a) {
if (!this.token) {
throw new Error('No token to revoke.');
return [2 /*return*/, axios_1.default.get(GOOGLE_REVOKE_TOKEN_URL + this.token).then(function (r) {
email: _this.iss,
sub: _this.sub,
key: _this.key,
keyFile: _this.keyFile,
scope: _this.scope,
additionalClaims: _this.additionalClaims,
* Configure the GoogleToken for re-use.
* @param {object} options Configuration object.
GoogleToken.prototype.configure = function (options) {
if (options === void 0) { options = {}; }
this.keyFile = options.keyFile;
this.key = options.key;
this.token = this.expiresAt = this.rawToken = null;
this.iss = options.email || options.iss;
this.sub = options.sub;
this.additionalClaims = options.additionalClaims;
if (typeof options.scope === 'object') {
this.scope = options.scope.join(' ');
else {
this.scope = options.scope;
* Request the token from Google.
GoogleToken.prototype.requestToken = function () {
return __awaiter(this, void 0, void 0, function () {
var _this = this;
var iat, additionalClaims, payload, signedJWT;
return __generator(this, function (_a) {
iat = Math.floor(new Date().getTime() / 1000);
additionalClaims = this.additionalClaims || {};
payload = Object.assign({
iss: this.iss,
scope: this.scope,
exp: iat + 3600,
iat: iat,
sub: this.sub
}, additionalClaims);
signedJWT = jws.sign({ header: { alg: 'RS256' }, payload: payload, secret: this.key });
return [2 /*return*/, axios_1.default
.post(GOOGLE_TOKEN_URL, querystring.stringify({
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
assertion: signedJWT
}), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } })
.then(function (r) {
_this.rawToken = r.data;
_this.token = r.data.access_token;
_this.expiresAt =
(r.data.expires_in === null || r.data.expires_in === undefined) ?
null :
(iat + r.data.expires_in) * 1000;
return _this.token;
.catch(function (e) {
_this.token = null;
_this.tokenExpires = null;
var body = (e.response && e.response.data) ? e.response.data : {};
var err = e;
if (body.error) {
var desc = body.error_description ? ": " + body.error_description : '';
err = new Error("" + body.error + desc);
throw err;
return GoogleToken;
exports.GoogleToken = GoogleToken;
//# sourceMappingURL=index.js.map