Load env from Secrets path with fallback
This commit is contained in:
@@ -3,12 +3,16 @@ import { Hono } from 'hono';
|
||||
import { serveStatic } from 'hono/bun';
|
||||
import { cors } from 'hono/cors';
|
||||
import PocketBase from 'pocketbase';
|
||||
import { ConfidentialClientApplication } from '@azure/msal-node';
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Config
|
||||
// ---------------------------------------------------------------------------
|
||||
config({ path: '/home/admin/secrets/.env' });
|
||||
const PRIMARY_ENV_PATH = 'C:\\Users\\AlfonsoEwing\\OneDrive - Cardoza Construction\\Apps\\Secrets\\.env';
|
||||
const FALLBACK_ENV_PATH = 'D:\\.env';
|
||||
const primaryEnv = config({ path: PRIMARY_ENV_PATH });
|
||||
if (primaryEnv.error) {
|
||||
config({ path: FALLBACK_ENV_PATH });
|
||||
}
|
||||
|
||||
// Known OneNote target
|
||||
// Section/page IDs must come from the OneNote Graph API (sites/{siteId}/onenote/sections),
|
||||
@@ -365,19 +369,39 @@ function findRecordFieldName(record: Record<string, unknown>, patterns: RegExp[]
|
||||
// ---------------------------------------------------------------------------
|
||||
// MSAL app-only (Graph status check)
|
||||
// ---------------------------------------------------------------------------
|
||||
const cca = new ConfidentialClientApplication({
|
||||
type ClientCredentialResult = {
|
||||
accessToken?: string;
|
||||
expiresOn?: Date | string | null;
|
||||
} | null;
|
||||
|
||||
type ClientCredentialApp = {
|
||||
acquireTokenByClientCredential: (request: { scopes: string[] }) => Promise<ClientCredentialResult>;
|
||||
};
|
||||
|
||||
let ccaPromise: Promise<ClientCredentialApp> | null = null;
|
||||
|
||||
async function getConfidentialClientApp(): Promise<ClientCredentialApp> {
|
||||
if (!ccaPromise) {
|
||||
ccaPromise = (async () => {
|
||||
const msal = await import('@azure/msal-node');
|
||||
return new msal.ConfidentialClientApplication({
|
||||
auth: {
|
||||
clientId: process.env.CLIENT_ID || '',
|
||||
authority: `https://login.microsoftonline.com/${process.env.TENANT_ID}`,
|
||||
clientSecret: process.env.CLIENT_SECRET || '',
|
||||
},
|
||||
});
|
||||
})();
|
||||
}
|
||||
return ccaPromise;
|
||||
}
|
||||
|
||||
let graphTokenCache: { token: string; expiresOn: number } | null = null;
|
||||
|
||||
async function getGraphToken() {
|
||||
const now = Date.now();
|
||||
if (graphTokenCache && graphTokenCache.expiresOn - 60_000 > now) return graphTokenCache;
|
||||
const cca = await getConfidentialClientApp();
|
||||
const result = await cca.acquireTokenByClientCredential({ scopes: ['https://graph.microsoft.com/.default'] });
|
||||
if (!result?.accessToken) throw new Error('Failed to acquire Graph token');
|
||||
graphTokenCache = {
|
||||
|
||||
Reference in New Issue
Block a user