new toolkit and scoped registries

node_modules/@octokit/rest/plugins/authentication/before-request.js

@@ -0,0 +1,61 @@
+module.exports = authenticationBeforeRequest
+
+const btoa = require('btoa-lite')
+
+const withAuthorizationPrefix = require('./with-authorization-prefix')
+
+function authenticationBeforeRequest (state, options) {
+  if (typeof state.auth === 'string') {
+    options.headers['authorization'] = withAuthorizationPrefix(state.auth)
+
+    // https://developer.github.com/v3/previews/#integrations
+    if (/^bearer /i.test(state.auth) && !/machine-man/.test(options.headers['accept'])) {
+      const acceptHeaders = options.headers['accept'].split(',')
+        .concat('application/vnd.github.machine-man-preview+json')
+      options.headers['accept'] = acceptHeaders.filter(Boolean).join(',')
+    }
+
+    return
+  }
+
+  if (state.auth.username) {
+    const hash = btoa(`${state.auth.username}:${state.auth.password}`)
+    options.headers['authorization'] = `Basic ${hash}`
+    if (state.otp) {
+      options.headers['x-github-otp'] = state.otp
+    }
+    return
+  }
+
+  if (state.auth.clientId) {
+    // There is a special case for OAuth applications, when `clientId` and `clientSecret` is passed as
+    // Basic Authorization instead of query parameters. The only routes where that applies share the same
+    // URL though: `/applications/:client_id/tokens/:access_token`.
+    //
+    //  1. [Check an authorization](https://developer.github.com/v3/oauth_authorizations/#check-an-authorization)
+    //  2. [Reset an authorization](https://developer.github.com/v3/oauth_authorizations/#reset-an-authorization)
+    //  3. [Revoke an authorization for an application](https://developer.github.com/v3/oauth_authorizations/#revoke-an-authorization-for-an-application)
+    //
+    // We identify by checking the URL. It must merge both "/applications/:client_id/tokens/:access_token"
+    // as well as "/applications/123/tokens/token456"
+    if (/\/applications\/:?[\w_]+\/tokens\/:?[\w_]+($|\?)/.test(options.url)) {
+      const hash = btoa(`${state.auth.clientId}:${state.auth.clientSecret}`)
+      options.headers['authorization'] = `Basic ${hash}`
+      return
+    }
+
+    options.url += options.url.indexOf('?') === -1 ? '?' : '&'
+    options.url += `client_id=${state.auth.clientId}&client_secret=${state.auth.clientSecret}`
+    return
+  }
+
+  return Promise.resolve()
+
+    .then(() => {
+      return state.auth()
+    })
+
+    .then((authorization) => {
+      options.headers['authorization'] = withAuthorizationPrefix(authorization)
+    })
+}

node_modules/@octokit/rest/plugins/authentication/index.js

@@ -0,0 +1,21 @@
+module.exports = authenticationPlugin
+
+const beforeRequest = require('./before-request')
+const requestError = require('./request-error')
+const validate = require('./validate')
+
+function authenticationPlugin (octokit, options) {
+  if (!options.auth) {
+    return
+  }
+
+  validate(options.auth)
+
+  const state = {
+    octokit,
+    auth: options.auth
+  }
+
+  octokit.hook.before('request', beforeRequest.bind(null, state))
+  octokit.hook.error('request', requestError.bind(null, state))
+}

node_modules/@octokit/rest/plugins/authentication/request-error.js

@@ -0,0 +1,47 @@
+module.exports = authenticationRequestError
+
+const { RequestError } = require('@octokit/request-error')
+
+function authenticationRequestError (state, error, options) {
+  if (!error.headers) throw error
+
+  const otpRequired = /required/.test(error.headers['x-github-otp'] || '')
+  // handle "2FA required" error only
+  if (error.status !== 401 || !otpRequired) {
+    throw error
+  }
+
+  if (error.status === 401 && otpRequired && error.request && error.request.headers['x-github-otp']) {
+    if (state.otp) {
+      delete state.otp // no longer valid, request again
+    } else {
+      throw new RequestError('Invalid one-time password for two-factor authentication', 401, {
+        headers: error.headers,
+        request: options
+      })
+    }
+  }
+
+  if (typeof state.auth.on2fa !== 'function') {
+    throw new RequestError('2FA required, but options.on2fa is not a function. See https://github.com/octokit/rest.js#authentication', 401, {
+      headers: error.headers,
+      request: options
+    })
+  }
+
+  return Promise.resolve()
+    .then(() => {
+      return state.auth.on2fa()
+    })
+    .then((oneTimePassword) => {
+      const newOptions = Object.assign(options, {
+        headers: Object.assign(options.headers, { 'x-github-otp': oneTimePassword })
+      })
+      return state.octokit.request(newOptions)
+        .then(response => {
+          // If OTP still valid, then persist it for following requests
+          state.otp = oneTimePassword
+          return response
+        })
+    })
+}

node_modules/@octokit/rest/plugins/authentication/validate.js

@@ -0,0 +1,21 @@
+module.exports = validateAuth
+
+function validateAuth (auth) {
+  if (typeof auth === 'string') {
+    return
+  }
+
+  if (typeof auth === 'function') {
+    return
+  }
+
+  if (auth.username && auth.password) {
+    return
+  }
+
+  if (auth.clientId && auth.clientSecret) {
+    return
+  }
+
+  throw new Error(`Invalid "auth" option: ${JSON.stringify(auth)}`)
+}

node_modules/@octokit/rest/plugins/authentication/with-authorization-prefix.js

@@ -0,0 +1,23 @@
+module.exports = withAuthorizationPrefix
+
+const atob = require('atob-lite')
+
+const REGEX_IS_BASIC_AUTH = /^[\w-]+:/
+
+function withAuthorizationPrefix (authorization) {
+  if (/^(basic|bearer|token) /i.test(authorization)) {
+    return authorization
+  }
+
+  try {
+    if (REGEX_IS_BASIC_AUTH.test(atob(authorization))) {
+      return `basic ${authorization}`
+    }
+  } catch (error) { }
+
+  if (authorization.split(/\./).length === 3) {
+    return `bearer ${authorization}`
+  }
+
+  return `token ${authorization}`
+}