Add auth support (#21)

* Updates

* Update

* Update

* Update

* Update

* Yarn sometimes prefers npmrc, so use same token

* Description

* Update readme

* Feedback

* Add type

* new toolkit and scoped registries

* npmrc in RUNNER_TEMP

* Dont always auth

* Try exporting blank token

* Get auth working for now pending runner changes

* Fix string interpolation for auth token.

* Don't export both userconfigs

* Update authutil.js

* Add single quotes for authString

* Fix the registry string.

* Use userconfig and append trailing slash

* Keep in root of repo

* Try just adding auth token

* Remove auth token

* Try changes again

* Add tests

* Npm and GPR samples

* Add types

node_modules/@octokit/rest/plugins/authentication-deprecated/authenticate.js

@@ -0,0 +1,41 @@
+module.exports = authenticate
+
+const { Deprecation } = require('deprecation')
+const once = require('once')
+
+const deprecateAuthenticate = once((log, deprecation) => log.warn(deprecation))
+
+function authenticate (state, options) {
+  deprecateAuthenticate(state.octokit.log, new Deprecation('[@octokit/rest] octokit.authenticate() is deprecated. Use "auth" constructor option instead.'))
+
+  if (!options) {
+    state.auth = false
+    return
+  }
+
+  switch (options.type) {
+    case 'basic':
+      if (!options.username || !options.password) {
+        throw new Error('Basic authentication requires both a username and password to be set')
+      }
+      break
+
+    case 'oauth':
+      if (!options.token && !(options.key && options.secret)) {
+        throw new Error('OAuth2 authentication requires a token or key & secret to be set')
+      }
+      break
+
+    case 'token':
+    case 'app':
+      if (!options.token) {
+        throw new Error('Token authentication requires a token to be set')
+      }
+      break
+
+    default:
+      throw new Error("Invalid authentication type, must be 'basic', 'oauth', 'token' or 'app'")
+  }
+
+  state.auth = options
+}

node_modules/@octokit/rest/plugins/authentication-deprecated/before-request.js

@@ -0,0 +1,40 @@
+module.exports = authenticationBeforeRequest
+
+const btoa = require('btoa-lite')
+const uniq = require('lodash.uniq')
+
+function authenticationBeforeRequest (state, options) {
+  if (!state.auth.type) {
+    return
+  }
+
+  if (state.auth.type === 'basic') {
+    const hash = btoa(`${state.auth.username}:${state.auth.password}`)
+    options.headers['authorization'] = `Basic ${hash}`
+    return
+  }
+
+  if (state.auth.type === 'token') {
+    options.headers['authorization'] = `token ${state.auth.token}`
+    return
+  }
+
+  if (state.auth.type === 'app') {
+    options.headers['authorization'] = `Bearer ${state.auth.token}`
+    const acceptHeaders = options.headers['accept'].split(',')
+      .concat('application/vnd.github.machine-man-preview+json')
+    options.headers['accept'] = uniq(acceptHeaders).filter(Boolean).join(',')
+    return
+  }
+
+  options.url += options.url.indexOf('?') === -1 ? '?' : '&'
+
+  if (state.auth.token) {
+    options.url += `access_token=${encodeURIComponent(state.auth.token)}`
+    return
+  }
+
+  const key = encodeURIComponent(state.auth.key)
+  const secret = encodeURIComponent(state.auth.secret)
+  options.url += `client_id=${key}&client_secret=${secret}`
+}

node_modules/@octokit/rest/plugins/authentication-deprecated/index.js

@@ -0,0 +1,26 @@
+module.exports = authenticationPlugin
+
+const { Deprecation } = require('deprecation')
+const once = require('once')
+
+const deprecateAuthenticate = once((log, deprecation) => log.warn(deprecation))
+
+const authenticate = require('./authenticate')
+const beforeRequest = require('./before-request')
+const requestError = require('./request-error')
+
+function authenticationPlugin (octokit, options) {
+  if (options.auth) {
+    octokit.authenticate = () => {
+      deprecateAuthenticate(octokit.log, new Deprecation('[@octokit/rest] octokit.authenticate() is deprecated and has no effect when "auth" option is set on Octokit constructor'))
+    }
+    return
+  }
+  const state = {
+    octokit,
+    auth: false
+  }
+  octokit.authenticate = authenticate.bind(null, state)
+  octokit.hook.before('request', beforeRequest.bind(null, state))
+  octokit.hook.error('request', requestError.bind(null, state))
+}

node_modules/@octokit/rest/plugins/authentication-deprecated/request-error.js

@@ -0,0 +1,39 @@
+module.exports = authenticationRequestError
+
+const { RequestError } = require('@octokit/request-error')
+
+function authenticationRequestError (state, error, options) {
+  /* istanbul ignore next */
+  if (!error.headers) throw error
+
+  const otpRequired = /required/.test(error.headers['x-github-otp'] || '')
+  // handle "2FA required" error only
+  if (error.status !== 401 || !otpRequired) {
+    throw error
+  }
+
+  if (error.status === 401 && otpRequired && error.request && error.request.headers['x-github-otp']) {
+    throw new RequestError('Invalid one-time password for two-factor authentication', 401, {
+      headers: error.headers,
+      request: options
+    })
+  }
+
+  if (typeof state.auth.on2fa !== 'function') {
+    throw new RequestError('2FA required, but options.on2fa is not a function. See https://github.com/octokit/rest.js#authentication', 401, {
+      headers: error.headers,
+      request: options
+    })
+  }
+
+  return Promise.resolve()
+    .then(() => {
+      return state.auth.on2fa()
+    })
+    .then((oneTimePassword) => {
+      const newOptions = Object.assign(options, {
+        headers: Object.assign({ 'x-github-otp': oneTimePassword }, options.headers)
+      })
+      return state.octokit.request(newOptions)
+    })
+}