-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsocket-api-token.ts
More file actions
49 lines (44 loc) · 1.64 KB
/
socket-api-token.ts
File metadata and controls
49 lines (44 loc) · 1.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
/**
* @file Convenience helper for reading the Socket API token from the canonical
* env → keychain precedence order. Centralizes two constants every fleet
* consumer would otherwise hard-code: the keychain service name
* (`socket-cli`) and the env-var + account fallback list (`SOCKET_API_TOKEN`
* canonical, `SOCKET_API_KEY` legacy alias). Consumers like firewall and
* wheelhouse hooks call `readSocketApiToken()` instead of redoing the
* `resolve({ service, accounts })` boilerplate.
*/
import { resolve, resolveSync } from './find'
const SOCKET_CLI_SERVICE = 'socket-cli'
const TOKEN_ACCOUNTS = ['SOCKET_API_TOKEN', 'SOCKET_API_KEY'] as const
export interface ReadSocketApiTokenOptions {
/**
* When `true`, skip the keychain fallback entirely. The resolver checks
* `process.env.SOCKET_API_TOKEN` then `process.env.SOCKET_API_KEY` and
* returns `undefined` immediately if neither is set. Use this in headless
* contexts (CI, bootstrap hooks) where a Keychain auth prompt is
* unacceptable.
*
* @default false
*/
allowEnvOnly?: boolean | undefined
}
export async function readSocketApiToken(
options?: ReadSocketApiTokenOptions | undefined,
): Promise<string | undefined> {
const result = await resolve({
service: SOCKET_CLI_SERVICE,
accounts: TOKEN_ACCOUNTS,
allowEnvOnly: options?.allowEnvOnly,
})
return result?.value
}
export function readSocketApiTokenSync(
options?: ReadSocketApiTokenOptions | undefined,
): string | undefined {
const result = resolveSync({
service: SOCKET_CLI_SERVICE,
accounts: TOKEN_ACCOUNTS,
allowEnvOnly: options?.allowEnvOnly,
})
return result?.value
}