/
gh-auth.ts
58 lines (52 loc) · 1.75 KB
/
gh-auth.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
import { Octokit } from '@octokit/rest';
import { request } from '@octokit/request';
import { createAppAuth } from '@octokit/auth-app';
import { Authentication, StrategyOptions } from '@octokit/auth-app/dist-types/types';
import { OctokitOptions } from '@octokit/core/dist-types/types';
import { decrypt } from './kms';
export async function createOctoClient(token: string, ghesApiUrl: string = ''): Promise<Octokit> {
const ocktokitOptions: OctokitOptions = {
auth: token,
};
if (ghesApiUrl) {
ocktokitOptions.baseUrl = ghesApiUrl;
}
return new Octokit(ocktokitOptions);
}
export async function createGithubAuth(
installationId: number | undefined,
authType: 'app' | 'installation',
ghesApiUrl: string = '',
): Promise<Authentication> {
const clientSecret = await decrypt(
process.env.GITHUB_APP_CLIENT_SECRET as string,
process.env.KMS_KEY_ID as string,
process.env.ENVIRONMENT as string,
);
const privateKeyBase64 = await decrypt(
process.env.GITHUB_APP_KEY_BASE64 as string,
process.env.KMS_KEY_ID as string,
process.env.ENVIRONMENT as string,
);
if (clientSecret === undefined || privateKeyBase64 === undefined) {
throw Error('Cannot decrypt.');
}
const privateKey = Buffer.from(privateKeyBase64, 'base64').toString();
const appId: number = parseInt(process.env.GITHUB_APP_ID as string);
const clientId = process.env.GITHUB_APP_CLIENT_ID as string;
const authOptions: StrategyOptions = {
appId,
privateKey,
installationId,
clientId,
clientSecret,
};
console.debug(ghesApiUrl);
if (ghesApiUrl) {
authOptions.request = request.defaults({
baseUrl: ghesApiUrl,
mediaType: { previews: ['antiope'] }
});
}
return await createAppAuth(authOptions)({ type: authType });
}