Merge pull request #1989 from github/robertbrignull/credentials_in_app

Add credentials to App

Author: robertbrignull

extensions/ql-vscode/src/authentication.ts

@@ -1,6 +1,7 @@
 import * as vscode from "vscode";
 import * as Octokit from "@octokit/rest";
 import { retry } from "@octokit/plugin-retry";
+import { Credentials } from "./common/authentication";
 
 const GITHUB_AUTH_PROVIDER_ID = "github";
 
@@ -13,41 +14,12 @@ const SCOPES = ["repo", "gist", "read:packages"];
 /**
  * Handles authentication to GitHub, using the VS Code [authentication API](https://code.visualstudio.com/api/references/vscode-api#authentication).
  */
-export class Credentials {
+export class VSCodeCredentials implements Credentials {
   /**
    * A specific octokit to return, otherwise a new authenticated octokit will be created when needed.
    */
   private octokit: Octokit.Octokit | undefined;
 
-  // Explicitly make the constructor private, so that we can't accidentally call the constructor from outside the class
-  // without also initializing the class.
-  private constructor(octokit?: Octokit.Octokit) {
-    this.octokit = octokit;
-  }
-
-  /**
-   * Initializes a Credentials instance. This will generate octokit instances
-   * authenticated as the user. If there is not already an authenticated GitHub
-   * session available then the user will be prompted to log in.
-   *
-   * @returns An instance of credentials.
-   */
-  static async initialize(): Promise<Credentials> {
-    return new Credentials();
-  }
-
-  /**
-   * Initializes an instance of credentials with an octokit instance using
-   * a specific known token. This method is meant to be used in
-   * non-interactive environments such as tests.
-   *
-   * @param overrideToken The GitHub token to use for authentication.
-   * @returns An instance of credentials.
-   */
-  static async initializeWithToken(overrideToken: string) {
-    return new Credentials(new Octokit.Octokit({ auth: overrideToken, retry }));
-  }
-
   /**
    * Creates or returns an instance of Octokit.
    *

extensions/ql-vscode/src/cli.ts

@@ -27,7 +27,7 @@ import { Logger, ProgressReporter } from "./common";
 import { CompilationMessage } from "./pure/legacy-messages";
 import { sarifParser } from "./sarif-parser";
 import { dbSchemeToLanguage, walkDirectory } from "./helpers";
-import { Credentials } from "./authentication";
+import { App } from "./common/app";
 
 /**
  * The version of the SARIF format that we are using.
@@ -197,6 +197,7 @@ export class CodeQLCliServer implements Disposable {
   public quiet = false;
 
   constructor(
+    private readonly app: App,
     private distributionProvider: DistributionProvider,
     private cliConfig: CliConfig,
     private logger: Logger,
@@ -618,9 +619,7 @@ export class CodeQLCliServer implements Disposable {
     addFormat = true,
     progressReporter?: ProgressReporter,
   ): Promise<OutputType> {
-    const credentials = await Credentials.initialize();
-
-    const accessToken = await credentials.getExistingAccessToken();
+    const accessToken = await this.app.credentials.getExistingAccessToken();
 
     const extraArgs = accessToken ? ["--github-auth-stdin"] : [];
 
@@ -633,7 +632,7 @@ export class CodeQLCliServer implements Disposable {
       async (line) => {
         if (line.startsWith("Enter value for --github-auth-stdin")) {
           try {
-            return await credentials.getAccessToken();
+            return await this.app.credentials.getAccessToken();
           } catch (e) {
             // If the user cancels the authentication prompt, we still need to give a value to the CLI.
             // By giving a potentially invalid value, the user will just get a 401/403 when they try to access a

extensions/ql-vscode/src/common/app.ts

@@ -1,3 +1,4 @@
+import { Credentials } from "./authentication";
 import { Disposable } from "../pure/disposable-object";
 import { AppEventEmitter } from "./events";
 import { Logger } from "./logging";
@@ -13,6 +14,7 @@ export interface App {
   readonly globalStoragePath: string;
   readonly workspaceStoragePath?: string;
   readonly workspaceState: Memento;
+  readonly credentials: Credentials;
 }
 
 export enum AppMode {

extensions/ql-vscode/src/common/authentication.ts

@@ -0,0 +1,34 @@
+import * as Octokit from "@octokit/rest";
+
+/**
+ * An interface providing methods for obtaining access tokens
+ * or an octokit instance for making HTTP requests.
+ */
+export interface Credentials {
+  /**
+   * Returns an authenticated instance of Octokit.
+   * May prompt the user to log in and grant permission to use their
+   * token, if they have not already done so.
+   *
+   * @returns An instance of Octokit.
+   */
+  getOctokit(): Promise<Octokit.Octokit>;
+
+  /**
+   * Returns an OAuth access token.
+   * May prompt the user to log in and grant permission to use their
+   * token, if they have not already done so.
+   *
+   * @returns An OAuth access token.
+   */
+  getAccessToken(): Promise<string>;
+
+  /**
+   * Returns an OAuth access token if one is available.
+   * If a token is not available this will return undefined and
+   * will not prompt the user to log in.
+   *
+   * @returns An OAuth access token, or undefined.
+   */
+  getExistingAccessToken(): Promise<string | undefined>;
+}

extensions/ql-vscode/src/common/vscode/vscode-app.ts

@@ -1,4 +1,5 @@
 import * as vscode from "vscode";
+import { VSCodeCredentials } from "../../authentication";
 import { Disposable } from "../../pure/disposable-object";
 import { App, AppMode } from "../app";
 import { AppEventEmitter } from "../events";
@@ -7,9 +8,13 @@ import { Memento } from "../memento";
 import { VSCodeAppEventEmitter } from "./events";
 
 export class ExtensionApp implements App {
+  public readonly credentials: VSCodeCredentials;
+
   public constructor(
     public readonly extensionContext: vscode.ExtensionContext,
-  ) {}
+  ) {
+    this.credentials = new VSCodeCredentials();
+  }
 
   public get extensionPath(): string {
     return this.extensionContext.extensionPath;

extensions/ql-vscode/src/databaseFetcher.ts

@@ -20,12 +20,12 @@ import { DatabaseManager, DatabaseItem } from "./databases";
 import { showAndLogInformationMessage, tmpDir } from "./helpers";
 import { reportStreamProgress, ProgressCallback } from "./commandRunner";
 import { extLogger } from "./common";
-import { Credentials } from "./authentication";
 import { getErrorMessage } from "./pure/helpers-pure";
 import {
   getNwoFromGitHubUrl,
   isValidGitHubNwo,
 } from "./common/github-url-identifier-helper";
+import { Credentials } from "./common/authentication";
 
 /**
  * Prompts a user to fetch a database from a remote location. Database is assumed to be an archive file.

extensions/ql-vscode/src/databases-ui.ts

@@ -35,9 +35,10 @@ import {
   promptImportInternetDatabase,
 } from "./databaseFetcher";
 import { asyncFilter, getErrorMessage } from "./pure/helpers-pure";
-import { Credentials } from "./authentication";
 import { QueryRunner } from "./queryRunner";
 import { isCanary } from "./config";
+import { App } from "./common/app";
+import { Credentials } from "./common/authentication";
 
 type ThemableIconPath = { light: string; dark: string } | string;
 
@@ -220,11 +221,11 @@ export class DatabaseUI extends DisposableObject {
   private treeDataProvider: DatabaseTreeDataProvider;
 
   public constructor(
+    private app: App,
     private databaseManager: DatabaseManager,
     private readonly queryServer: QueryRunner | undefined,
     private readonly storagePath: string,
     readonly extensionPath: string,
-    private readonly getCredentials: () => Promise<Credentials>,
   ) {
     super();
 
@@ -297,9 +298,7 @@ export class DatabaseUI extends DisposableObject {
       commandRunnerWithProgress(
         "codeQLDatabases.chooseDatabaseGithub",
         async (progress: ProgressCallback, token: CancellationToken) => {
-          const credentials = isCanary()
-            ? await this.getCredentials()
-            : undefined;
+          const credentials = isCanary() ? this.app.credentials : undefined;
           await this.handleChooseDatabaseGithub(credentials, progress, token);
         },
         {

extensions/ql-vscode/src/extension.ts

@@ -102,7 +102,6 @@ import {
 } from "./commandRunner";
 import { CodeQlStatusBarHandler } from "./status-bar";
 
-import { Credentials } from "./authentication";
 import { RemoteQueriesManager } from "./remote-queries/remote-queries-manager";
 import { RemoteQueryResult } from "./remote-queries/remote-query-result";
 import { URLSearchParams } from "url";
@@ -546,6 +545,8 @@ async function activateWithInstalledDistribution(
   // of activation.
   errorStubs.forEach((stub) => stub.dispose());
 
+  const app = new ExtensionApp(ctx);
+
   void extLogger.log("Initializing configuration listener...");
   const qlConfigurationListener =
     await QueryServerConfigListener.createQueryServerConfigListener(
@@ -555,6 +556,7 @@ async function activateWithInstalledDistribution(
 
   void extLogger.log("Initializing CodeQL cli server...");
   const cliServer = new CodeQLCliServer(
+    app,
     distributionManager,
     new CliConfigListener(),
     extLogger,
@@ -587,11 +589,11 @@ async function activateWithInstalledDistribution(
   ctx.subscriptions.push(dbm);
   void extLogger.log("Initializing database panel.");
   const databaseUI = new DatabaseUI(
+    app,
     dbm,
     qs,
     getContextStoragePath(ctx),
     ctx.extensionPath,
-    () => Credentials.initialize(),
   );
   databaseUI.init();
   ctx.subscriptions.push(databaseUI);
@@ -623,8 +625,6 @@ async function activateWithInstalledDistribution(
 
   void extLogger.log("Initializing variant analysis manager.");
 
-  const app = new ExtensionApp(ctx);
-
   const dbModule = await DbModule.initialize(app);
 
   const variantAnalysisStorageDir = join(
@@ -633,12 +633,14 @@ async function activateWithInstalledDistribution(
   );
   await ensureDir(variantAnalysisStorageDir);
   const variantAnalysisResultsManager = new VariantAnalysisResultsManager(
+    app.credentials,
     cliServer,
     extLogger,
   );
 
   const variantAnalysisManager = new VariantAnalysisManager(
     ctx,
+    app,
     cliServer,
     variantAnalysisStorageDir,
     variantAnalysisResultsManager,
@@ -656,6 +658,7 @@ async function activateWithInstalledDistribution(
   void extLogger.log("Initializing remote queries manager.");
   const rqm = new RemoteQueriesManager(
     ctx,
+    app,
     cliServer,
     queryStorageDir,
     extLogger,
@@ -664,6 +667,7 @@ async function activateWithInstalledDistribution(
 
   void extLogger.log("Initializing query history.");
   const qhm = new QueryHistoryManager(
+    app,
     qs,
     dbm,
     localQueryResultsView,
@@ -1224,7 +1228,7 @@ async function activateWithInstalledDistribution(
     commandRunner(
       "codeQL.exportRemoteQueryResults",
       async (queryId: string) => {
-        await exportRemoteQueryResults(qhm, rqm, queryId);
+        await exportRemoteQueryResults(qhm, rqm, queryId, app.credentials);
       },
     ),
   );
@@ -1242,6 +1246,7 @@ async function activateWithInstalledDistribution(
           variantAnalysisManager,
           variantAnalysisId,
           filterSort,
+          app.credentials,
           progress,
           token,
         );
@@ -1342,9 +1347,7 @@ async function activateWithInstalledDistribution(
     commandRunnerWithProgress(
       "codeQL.chooseDatabaseGithub",
       async (progress: ProgressCallback, token: CancellationToken) => {
-        const credentials = isCanary()
-          ? await Credentials.initialize()
-          : undefined;
+        const credentials = isCanary() ? app.credentials : undefined;
         await databaseUI.handleChooseDatabaseGithub(
           credentials,
           progress,
@@ -1398,8 +1401,7 @@ async function activateWithInstalledDistribution(
        * Credentials for authenticating to GitHub.
        * These are used when making API calls.
        */
-      const credentials = await Credentials.initialize();
-      const octokit = await credentials.getOctokit();
+      const octokit = await app.credentials.getOctokit();
       const userInfo = await octokit.users.getAuthenticated();
       void showAndLogInformationMessage(
         `Authenticated to GitHub as user: ${userInfo.data.login}`,

extensions/ql-vscode/src/query-history/query-history.ts

@@ -56,7 +56,6 @@ import {
 import { pathExists } from "fs-extra";
 import { CliVersionConstraint } from "../cli";
 import { HistoryItemLabelProvider } from "./history-item-label-provider";
-import { Credentials } from "../authentication";
 import { cancelRemoteQuery } from "../remote-queries/gh-api/gh-actions-api-client";
 import { RemoteQueriesManager } from "../remote-queries/remote-queries-manager";
 import { RemoteQueryHistoryItem } from "../remote-queries/remote-query-history-item";
@@ -70,6 +69,7 @@ import { QueryRunner } from "../queryRunner";
 import { VariantAnalysisManager } from "../remote-queries/variant-analysis-manager";
 import { VariantAnalysisHistoryItem } from "./variant-analysis-history-item";
 import { getTotalResultCount } from "../remote-queries/shared/variant-analysis";
+import { App } from "../common/app";
 
 /**
  * query-history.ts
@@ -362,6 +362,7 @@ export class QueryHistoryManager extends DisposableObject {
   readonly onDidCompleteQuery = this._onDidCompleteQuery.event;
 
   constructor(
+    private readonly app: App,
     private readonly qs: QueryRunner,
     private readonly dbm: DatabaseManager,
     private readonly localQueriesResultsView: ResultsView,
@@ -604,10 +605,6 @@ export class QueryHistoryManager extends DisposableObject {
     this._onDidCompleteQuery.fire(info);
   }
 
-  private getCredentials() {
-    return Credentials.initialize();
-  }
-
   /**
    * Register and create the history scrubber.
    */
@@ -1314,8 +1311,7 @@ export class QueryHistoryManager extends DisposableObject {
           void showAndLogInformationMessage(
             "Cancelling variant analysis. This may take a while.",
           );
-          const credentials = await this.getCredentials();
-          await cancelRemoteQuery(credentials, item.remoteQuery);
+          await cancelRemoteQuery(this.app.credentials, item.remoteQuery);
         } else if (item.t === "variant-analysis") {
           await commands.executeCommand(
             "codeQL.cancelVariantAnalysis",