(token: Token)
| 102 | } |
| 103 | |
| 104 | export const getTokenFromConfig = async (token: Token): Promise<string> => { |
| 105 | if ('env' in token) { |
| 106 | const envToken = process.env[token.env]; |
| 107 | if (!envToken) { |
| 108 | throw new Error(`Environment variable ${token.env} not found.`); |
| 109 | } |
| 110 | |
| 111 | return envToken.trim(); |
| 112 | } else if ('googleCloudSecret' in token) { |
| 113 | try { |
| 114 | const client = new SecretManagerServiceClient(); |
| 115 | const [response] = await client.accessSecretVersion({ |
| 116 | name: token.googleCloudSecret, |
| 117 | }); |
| 118 | |
| 119 | if (!response.payload?.data) { |
| 120 | throw new Error(`Secret ${token.googleCloudSecret} not found.`); |
| 121 | } |
| 122 | |
| 123 | return response.payload.data.toString().trim(); |
| 124 | } catch (error) { |
| 125 | throw new Error(`Failed to access Google Cloud secret ${token.googleCloudSecret}: ${error instanceof Error ? error.message : String(error)}`); |
| 126 | } |
| 127 | } else { |
| 128 | throw new Error('Invalid token configuration'); |
| 129 | } |
| 130 | }; |
| 131 | |
| 132 | // OAuth Token Encryption using AUTH_SECRET |
| 133 | // Encrypts OAuth tokens (access_token, refresh_token, id_token) before database storage. |
no outgoing calls
no test coverage detected