Load env from Secrets path with fallback
This commit is contained in:
@@ -3,12 +3,16 @@ import { Hono } from 'hono';
|
|||||||
import { serveStatic } from 'hono/bun';
|
import { serveStatic } from 'hono/bun';
|
||||||
import { cors } from 'hono/cors';
|
import { cors } from 'hono/cors';
|
||||||
import PocketBase from 'pocketbase';
|
import PocketBase from 'pocketbase';
|
||||||
import { ConfidentialClientApplication } from '@azure/msal-node';
|
|
||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
// Config
|
// Config
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
config({ path: '/home/admin/secrets/.env' });
|
const PRIMARY_ENV_PATH = 'C:\\Users\\AlfonsoEwing\\OneDrive - Cardoza Construction\\Apps\\Secrets\\.env';
|
||||||
|
const FALLBACK_ENV_PATH = 'D:\\.env';
|
||||||
|
const primaryEnv = config({ path: PRIMARY_ENV_PATH });
|
||||||
|
if (primaryEnv.error) {
|
||||||
|
config({ path: FALLBACK_ENV_PATH });
|
||||||
|
}
|
||||||
|
|
||||||
// Known OneNote target
|
// Known OneNote target
|
||||||
// Section/page IDs must come from the OneNote Graph API (sites/{siteId}/onenote/sections),
|
// Section/page IDs must come from the OneNote Graph API (sites/{siteId}/onenote/sections),
|
||||||
@@ -365,19 +369,39 @@ function findRecordFieldName(record: Record<string, unknown>, patterns: RegExp[]
|
|||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
// MSAL app-only (Graph status check)
|
// MSAL app-only (Graph status check)
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
const cca = new ConfidentialClientApplication({
|
type ClientCredentialResult = {
|
||||||
|
accessToken?: string;
|
||||||
|
expiresOn?: Date | string | null;
|
||||||
|
} | null;
|
||||||
|
|
||||||
|
type ClientCredentialApp = {
|
||||||
|
acquireTokenByClientCredential: (request: { scopes: string[] }) => Promise<ClientCredentialResult>;
|
||||||
|
};
|
||||||
|
|
||||||
|
let ccaPromise: Promise<ClientCredentialApp> | null = null;
|
||||||
|
|
||||||
|
async function getConfidentialClientApp(): Promise<ClientCredentialApp> {
|
||||||
|
if (!ccaPromise) {
|
||||||
|
ccaPromise = (async () => {
|
||||||
|
const msal = await import('@azure/msal-node');
|
||||||
|
return new msal.ConfidentialClientApplication({
|
||||||
auth: {
|
auth: {
|
||||||
clientId: process.env.CLIENT_ID || '',
|
clientId: process.env.CLIENT_ID || '',
|
||||||
authority: `https://login.microsoftonline.com/${process.env.TENANT_ID}`,
|
authority: `https://login.microsoftonline.com/${process.env.TENANT_ID}`,
|
||||||
clientSecret: process.env.CLIENT_SECRET || '',
|
clientSecret: process.env.CLIENT_SECRET || '',
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
})();
|
||||||
|
}
|
||||||
|
return ccaPromise;
|
||||||
|
}
|
||||||
|
|
||||||
let graphTokenCache: { token: string; expiresOn: number } | null = null;
|
let graphTokenCache: { token: string; expiresOn: number } | null = null;
|
||||||
|
|
||||||
async function getGraphToken() {
|
async function getGraphToken() {
|
||||||
const now = Date.now();
|
const now = Date.now();
|
||||||
if (graphTokenCache && graphTokenCache.expiresOn - 60_000 > now) return graphTokenCache;
|
if (graphTokenCache && graphTokenCache.expiresOn - 60_000 > now) return graphTokenCache;
|
||||||
|
const cca = await getConfidentialClientApp();
|
||||||
const result = await cca.acquireTokenByClientCredential({ scopes: ['https://graph.microsoft.com/.default'] });
|
const result = await cca.acquireTokenByClientCredential({ scopes: ['https://graph.microsoft.com/.default'] });
|
||||||
if (!result?.accessToken) throw new Error('Failed to acquire Graph token');
|
if (!result?.accessToken) throw new Error('Failed to acquire Graph token');
|
||||||
graphTokenCache = {
|
graphTokenCache = {
|
||||||
|
|||||||
Reference in New Issue
Block a user