Add schemas for basic credential types

Author: mbg

lib/start-proxy-action.js

@@ -111,9 +111,10 @@ test("credentialToStr - hides passwords", (t) => {
   const secret = "password123";
   const credential = {
     type: "maven_credential",
+    username: null,
     password: secret,
     url: "https://localhost",
-  };
+  } satisfies types.Credential;
 
   const str = types.credentialToStr(credential);
 
@@ -125,9 +126,10 @@ test("credentialToStr - hides tokens", (t) => {
   const secret = "password123";
   const credential = {
     type: "maven_credential",
+    username: null,
     token: secret,
     url: "https://localhost",
-  };
+  } satisfies types.Credential;
 
   const str = types.credentialToStr(credential);
 

src/start-proxy/types.test.ts

@@ -9,53 +9,60 @@ import { isDefined } from "../util";
  */
 export type RawCredential = UnvalidatedObject<Credential>;
 
-/** Usernames may be present for both authentication with tokens or passwords. */
-export type Username = {
+/** A schema for credential objects with a username. */
+export const usernameSchema = {
   /** The username needed to authenticate to the package registry, if any. */
-  username?: string;
-};
+  username: json.optional(json.string),
+} as const satisfies json.Schema;
+
+/** Usernames may be present for both authentication with tokens or passwords. */
+export type Username = json.FromSchema<typeof usernameSchema>;
 
 /** Decides whether `config` has a username. */
-export function hasUsername(config: AuthConfig): config is Username {
-  return "username" in config;
+export function hasUsername(
+  config: UnvalidatedObject<unknown>,
+): config is Username {
+  return json.validateSchema(usernameSchema, config);
 }
 
+/** A schema for credential objects with a username and password. */
+export const usernamePasswordSchema = {
+  /** The password needed to authenticate to the package registry, if any. */
+  password: json.optional(json.string),
+  ...usernameSchema,
+} as const satisfies json.Schema;
+
 /**
  * Fields expected for authentication based on a username and password.
  * Both username and password are optional.
  */
-export type UsernamePassword = {
-  /** The password needed to authenticate to the package registry, if any. */
-  password?: string;
-} & Username;
+export type UsernamePassword = json.FromSchema<typeof usernamePasswordSchema>;
 
 /** Decides whether `config` is based on a username and password. */
 export function isUsernamePassword(
   config: AuthConfig,
 ): config is UsernamePassword {
-  return hasUsername(config) && "password" in config;
+  return json.validateSchema(usernamePasswordSchema, config);
 }
 
+/** A schema for credential objects for token-based authentication. */
+export const tokenSchema = {
+  /** The token needed to authenticate to the package registry, if any. */
+  token: json.string,
+  ...usernameSchema,
+} as const satisfies json.Schema;
+
 /**
  * Fields expected for token-based authentication.
  * Both username and token are optional.
  */
-export type Token = {
-  /** The token needed to authenticate to the package registry, if any. */
-  token?: string;
-} & Username;
+export type Token = json.FromSchema<typeof tokenSchema>;
 
 /** Decides whether `config` is token-based. */
 export function isToken(
   config: UnvalidatedObject<AuthConfig>,
 ): config is Token {
-  // The "username" field is optional, but should be a string if present.
-  if ("username" in config && !json.isStringOrUndefined(config.username)) {
-    return false;
-  }
-
-  // The "token" field is required, and must be a string or undefined.
-  return "token" in config && json.isStringOrUndefined(config.token);
+  return json.validateSchema(tokenSchema, config);
 }
 
 /** A schema for Azure OIDC configurations. */

src/start-proxy/types.ts

@@ -3,7 +3,7 @@ import * as core from "@actions/core";
 import * as json from "../json";
 import { isDefined } from "../util";
 
-import type { AuthConfig, Token, UsernamePassword } from "./types";
+import type { AuthConfig, UsernamePassword } from "./types";
 import * as types from "./types";
 
 /** Constructs a new object from `obj` with only keys that exist in `schema`. */
@@ -55,7 +55,7 @@ export function getAuthConfig(
       core.setSecret(config.token);
     }
 
-    return { username: config.username, token: config.token } satisfies Token;
+    return cloneCredential(types.tokenSchema, config);
   } else {
     let username: string | undefined = undefined;
     let password: string | undefined = undefined;