Class: Starship::AuthHelper

Inherits:

Object

• Object
• Starship::AuthHelper

Includes:

Logging

Defined in:

lib/starship/auth_helper.rb

Overview

AuthHelper handles authentication with Apple’s developer portal

Constant Summary

AUTH_ENDPOINT =

"https://idmsa.apple.com/appleauth/auth"

WIDGET_KEY_URL =

"https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com"

Instance Attribute Summary

• #csrf ⇒ Object readonly

  Returns the value of attribute csrf.

• #csrf_ts ⇒ Object readonly

  Returns the value of attribute csrf_ts.

• #session ⇒ Object readonly

  Returns the value of attribute session.

• #session_data ⇒ Object readonly

  Returns the value of attribute session_data.

Instance Method Summary

• #initialize ⇒ AuthHelper constructor

  A new instance of AuthHelper.

• #request(endpoint, method: :get, params: nil, body: nil, headers: nil) ⇒ Object
• #sign_in ⇒ Boolean

  Sign in to Apple Developer Portal.

• #two_factor_provider=(provider) ⇒ Object
• #validate_token ⇒ Boolean

  Check if the current session is valid.

Methods included from Logging

configure_logger_for, #logger, logger_for

Constructor Details

#initialize ⇒ AuthHelper

Returns a new instance of AuthHelper.

# File 'lib/starship/auth_helper.rb', line 34

def initialize()
  # Create session directory if it doesn't exist
  @session_directory = File.expand_path("~/.starship")
  FileUtils.mkdir_p(@session_directory)

  @widget_key = nil
  @csrf = nil
  @csrf_ts = nil
  @email = nil
  @session_data = {}

  # Initialize Faraday with cookie jar
  @session = Faraday.new do |builder|
    builder.use :cookie_jar, jar: HTTP::CookieJar.new
    builder.adapter Faraday.default_adapter
  end
end

Instance Attribute Details

#csrf ⇒ Object (readonly)

Returns the value of attribute csrf.

# File 'lib/starship/auth_helper.rb', line 24

def csrf
  @csrf
end

#csrf_ts ⇒ Object (readonly)

Returns the value of attribute csrf_ts.

# File 'lib/starship/auth_helper.rb', line 24

def csrf_ts
  @csrf_ts
end

#session ⇒ Object (readonly)

Returns the value of attribute session.

# File 'lib/starship/auth_helper.rb', line 24

def session
  @session
end

#session_data ⇒ Object (readonly)

Returns the value of attribute session_data.

# File 'lib/starship/auth_helper.rb', line 24

def session_data
  @session_data
end

Instance Method Details

#request(endpoint, method: :get, params: nil, body: nil, headers: nil) ⇒ Object

# File 'lib/starship/auth_helper.rb', line 143

def request(endpoint, method: :get, params: nil, body: nil, headers: nil)
  default_headers = {
    "Accept" => "application/json, text/plain, */*",
    "X-Requested-With" => "XMLHttpRequest",
    "X-HTTP-Method-Override" => "GET",
    "csrf" => @csrf,
    "csrf_ts" => @csrf_ts,
  }

  if headers
    default_headers = default_headers.merge(headers)
  end

  response = case method
    when :get
      @session.get(endpoint, params, default_headers)
    when :post
      @session.post(endpoint, body, default_headers)
    when :put
      @session.put(endpoint, body, default_headers)
    when :delete
      @session.delete(endpoint, default_headers)
    when :patch
      @session.patch(endpoint, body, default_headers)
    end

  if response.status == 401 || response.status == 403
    logger.warn "Session invalid or expired. Starting authentication from scratch..."

    self.sign_in

    response = self.request(endpoint, method: method, params: params, body: body, headers: headers)
  end

  return response
end

#sign_in ⇒ Boolean

Sign in to Apple Developer Portal

Returns:

• (Boolean) —

  Whether authentication was successful

# File 'lib/starship/auth_helper.rb', line 54

def sign_in
  email = ENV["APPLE_DEVELOPER_USERNAME"]
  password = ENV["APPLE_DEVELOPER_PASSWORD"]

  if !email || !password
    raise Error, "Email and password are required. Set APPLE_ID and APPLE_PASSWORD environment variables."
  end

  @email = email
  @client_id = generate_session_id(email)
  cookie_path, session_path = get_paths(email)

  # Try to load existing session
  if File.exist?(session_path)
    load_session
    if validate_token
      return true
    end
  end

  logger.warn "Session invalid or expired. Starting authentication from scratch..."
  @session_data = { "client_id" => @client_id, "email" => email }

  # Start authentication process
  auth_result = authenticate_with_srp(email, password)

  if auth_result == :two_factor_required
    handle_two_factor_auth
  elsif auth_result
    # After successful authentication, get CSRF tokens
    response = @session.get("https://developer.apple.com/account")
    if response.status == 200
      extract_csrf_tokens(response)

      if @csrf && @csrf_ts
        save_session
        return true
      end
    end
  end

  return auth_result
end

#two_factor_provider=(provider) ⇒ Object

# File 'lib/starship/auth_helper.rb', line 29

def two_factor_provider=(provider)
  @two_factor_provider = provider
  logger.info "Two-factor provider set to #{provider.class.name}"
end

#validate_token ⇒ Boolean

Check if the current session is valid

Returns:

• (Boolean) —

  Whether the session is valid

# File 'lib/starship/auth_helper.rb', line 100

def validate_token
  return false unless @session_data["session_id"] && @session_data["scnt"]

  begin
    headers = {
      "Accept" => "application/json, text/plain, */*",
      "Content-Type" => "application/vnd.api+json",
      "X-Requested-With" => "XMLHttpRequest",
      "X-Apple-ID-Session-Id" => @session_data["session_id"],
      "scnt" => @session_data["scnt"],
    }

    response = @session.get(
      "https://developer.apple.com/services-account/v1/certificates",
      nil,
      headers
    )

    if response.status == 403
      # Fetch CSRF tokens after confirming session is valid
      csrf_response = @session.get("https://developer.apple.com/account/resources/certificates/list")

      if csrf_response.status == 200
        extract_csrf_tokens(csrf_response)

        if @csrf && @csrf_ts
          return true
        else
          logger.error "Failed to retrieve CSRF tokens after validating session."
          return false
        end
      end
      return true
    else
      logger.warn "Session is invalid. Will reauthenticate."
      return false
    end
  rescue => e
    logger.error "Authentication status check failed: #{e.message}"
    return false
  end
end