Login + sync (#12)

* wip login * fix * use remote settings * remove redundant settings * use latest API changes * fix types * working login settings sync * patches Co-authored-by: Bradley Farias <[email protected]> --------- Co-authored-by: Bradley Farias <[email protected]>
SocketDev · Jul 6, 2023 · 51ccf49 · 51ccf49
1 parent ddc096f
commit 51ccf49
Show file tree

Hide file tree

Showing 9 changed files with 387 additions and 99 deletions.
diff --git a/package.json b/package.json
@@ -56,12 +56,6 @@
         "configuration": {
             "title": "Socket Security",
             "properties": {
-                "socket-security.showAllIssueTypes": {
-                    "order": 0,
-                    "type": "boolean",
-                    "default": false,
-                    "description": "Show all issue types, even issues hidden by default."
-                },
                 "socket-security.minIssueLevel": {
                     "order": 1,
                     "type": "string",
@@ -72,7 +66,7 @@
                         "middle",
                         "low"
                     ],
-                    "description": "Hide all issues that are less important than this level, note some issues are hidden by default so you may also wish to enable showing all issue types still."
+                    "description": "Hide all issues that are less important than this level. Note some issues are hidden by default so you may also wish to enable showing all issue types still."
                 },
                 "socket-security.errorOverlayThreshold": {
                     "order": 2,
@@ -91,7 +85,7 @@
                     "default": 80,
                     "minimum": 0,
                     "maximum": 100,
-                    "description": "Show error overlay for any import of a package with a summary score less than this value.",
+                    "description": "Show overlay for any import of a package with a summary score less than this value.",
                     "examples": [
                         80
                     ]

diff --git a/src/data/editor-config.ts b/src/data/editor-config.ts
@@ -5,7 +5,7 @@ import * as vscode from 'vscode'
  * 
  * ```js
  * const api = activate(ctx)
- * const [minIssueLevel, showAllIssueTypes] = api.getConfigValues([`${EXTENSION_PREFIX}.minIssueLevel`, `${EXTENSION_PREFIX}.showAllIssueTypes`])
+ * const [minIssueLevel, pythonInterpreter] = api.getConfigValues([`${EXTENSION_PREFIX}.minIssueLevel`, `${EXTENSION_PREFIX}.pythonInterpreter`])
  * ```
  * @param context 
  * @returns 

diff --git a/src/data/github.ts b/src/data/github.ts
@@ -18,7 +18,7 @@ function orgOrUserFromString(url: string): string | undefined {
  * install the github app against rather than asking for too much permissions
  * @param workspaceRootURI
  */
-async function sniffForGithubOrgOrUser(workspaceRootURI: vscode.Uri): Promise<string | undefined> {
+export async function sniffForGithubOrgOrUser(workspaceRootURI: vscode.Uri): Promise<string | undefined> {
     // package.json repository
     try {
         const pkg = JSON.parse(

diff --git a/src/data/report.ts b/src/data/report.ts
@@ -12,7 +12,8 @@ import { EXTENSION_PREFIX, addDisposablesTo, getWorkspaceFolderURI, WorkspaceDat
 import * as stableStringify from 'safe-stable-stringify';
 import watch, { SharedFilesystemWatcherHandler } from '../fs-watch'
 import { GlobPatterns, getGlobPatterns } from './glob-patterns';
-import { getStaticTOMLValue, parseTOML } from "toml-eslint-parser";
+import { getStaticTOMLValue, parseTOML } from 'toml-eslint-parser';
+import * as socketAPIConfig from './socket-api-config'
 
 export type SocketReport = {
     issues: Array<{
@@ -88,28 +89,10 @@ export async function activate(context: vscode.ExtensionContext, disposables?: A
     }
     const { workspace } = vscode
 
-    const editorConfig = workspace.getConfiguration(EXTENSION_PREFIX)
-    let apiKey: string | undefined
-    let authorizationHeaderValue: string = ''
-    function syncWorkspaceConfiguration() {
-        // early adopter release given big quota
-        // hidden settings for testing
-        apiKey = editorConfig.get('socketSecurityAPIKey') ?? 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api'
-        if (typeof apiKey !== 'string' || !apiKey) {
-            apiKey = process.env.SOCKET_SECURITY_API_KEY
-        }
-        if (apiKey) {
-            authorizationHeaderValue = `Basic ${Buffer.from(`${apiKey}:`).toString('base64url')}`
-        }
-        reportData.recalculateAll()
-    }
-    workspace.onDidChangeConfiguration((e) => {
-        if (
-            e.affectsConfiguration(`${EXTENSION_PREFIX}.socketSecurityAPIKey`)
-        ) {
-            syncWorkspaceConfiguration()
-        }
-    })
+    addDisposablesTo(
+        disposables,
+        socketAPIConfig.onAPIConfChange(() => reportData.recalculateAll())
+    )
 
     const reportWatcher: SharedFilesystemWatcherHandler = {
         onDidChange(uri) {
@@ -228,15 +211,41 @@ export async function activate(context: vscode.ExtensionContext, disposables?: A
         return vscode.Uri.joinPath(uri, '..').fsPath;
     }
 
+    let warnedLogin = false
+
     async function runReport(uri: vscode.Uri, force: boolean = false) {
         if (!force) {
             if (!vscode.workspace.getConfiguration(EXTENSION_PREFIX).get('reportsEnabled')) {
                 return
             }
+            const result = await socketAPIConfig.getExistingAPIConfig()
+            if (!result) {
+                if (!warnedLogin) {
+                    warnedLogin = true
+                    const realLogin = 'Log in'
+                    const publicLogin = 'Use public token'
+                    const res = await vscode.window.showErrorMessage(
+                        'Please log into Socket or use the free, public demo to run reports on your dependency tree.',
+                        realLogin,
+                        publicLogin
+                    )
+                    if (res === publicLogin) {
+                        await socketAPIConfig.usePublicConfig(true)
+                    } else if (res === realLogin) {
+                        await socketAPIConfig.getAPIConfig(true)
+                    }
+                }
+
+                if (!(await socketAPIConfig.getExistingAPIConfig())) {
+                    return
+                }
+            }
         }
-        if (!apiKey) {
+        const apiConfig = await socketAPIConfig.getAPIConfig()
+        if (!apiConfig) {
             return
         }
+        const authorizationHeaderValue = socketAPIConfig.toAuthHeader(apiConfig.apiKey)
         const workspaceFolderURI = getWorkspaceFolderURI(uri)
         if (!workspaceFolderURI) {
             return
@@ -385,7 +394,7 @@ export async function activate(context: vscode.ExtensionContext, disposables?: A
         (uri) => runReport(uri),
         () => getDefaultReport()
     )
-    syncWorkspaceConfiguration()
+    reportData.recalculateAll()
     const api = {
         effectiveReportForUri: (uri: vscode.Uri) => reportData.get(uri),
         onReport(...params: Parameters<typeof reportData.on>) {