feat: improve encryption logic

package.json

@@ -27,8 +27,6 @@
     "@azure/arm-resources": "^5.0.0",
     "@azure/arm-subscriptions": "^5.0.0",
     "@azure/identity": "^2.0.4",
-    "@azure/ms-rest-azure-env": "^2.0.0",
-    "@azure/ms-rest-js": "^2.6.1",
     "@azure/msal-common": "^6.2.0",
     "@types/globalyzer": "^0.1.1",
     "@types/globrex": "^0.1.1",

src/cli/commands/login.ts

@@ -7,22 +7,19 @@ import { configureOptions, logger } from "../../core";
 import { swaCLIEnv } from "../../core/env";
 import { azureLoginWithIdentitySDK, listResourceGroups, listStaticSites, listSubscriptions, listTenants } from "../../core/account";
 import { chooseResourceGroup, chooseStaticSite, chooseSubscription, chooseTenant } from "../../core/prompts";
+import { Environment } from "../../core/swa-cli-persistence-plugin/impl/azure-environment";
 
 export default function registerCommand(program: Command) {
   program
     .command("login")
     .usage("[options]")
     .description("login into Azure Static Web Apps")
-    .option("--persist <perist>", "Enable credentials cache persistence", DEFAULT_CONFIG.persist)
+    .option("--persist <persist>", "Enable credentials cache persistence", DEFAULT_CONFIG.persist)
     .action(async (_options: SWACLIConfig, command: Command) => {
-      const config = await configureOptions(undefined, command.optsWithGlobals(), command);
-      const { subscriptionId, resourceGroupName, staticSiteName } = await login(config.options);
-      logger.log(chalk.green(`✔ Logged in successfully!`));
-      logger.log({
-        subscriptionId,
-        resourceGroupName,
-        staticSiteName,
-      });
+      const config = await configureOptions("./", command.optsWithGlobals(), command);
+      await login(config.options);
+
+      logger.log(chalk.green(`✔ Logged in successfully to ${Environment.AzureCloud.name}!`));
     })
     .addHelpText(
       "after",
@@ -55,11 +52,8 @@ export async function login(options: SWACLIConfig) {
   let clientId: string | undefined = AZURE_CLIENT_ID ?? options.clientId;
   let clientSecret: string | undefined = AZURE_CLIENT_SECRET ?? options.clientSecret;
 
-  logger.silly({ options });
-
   try {
     credentialChain = await azureLoginWithIdentitySDK({ tenantId, clientId, clientSecret }, options.persist);
-    // await loginWithMsal({ tenantId, clientId, clientSecret }, options.persist);
 
     // If the user has not specified a tenantId, we will prompt them to choose one
     if (!tenantId) {

src/core/account.ts

@@ -7,27 +7,40 @@ import {
   DeviceCodeCredential,
   EnvironmentCredential,
   InteractiveBrowserCredential,
+  TokenCachePersistenceOptions,
   TokenCredential,
   useIdentityPlugin,
 } from "@azure/identity";
 import { swaCliPersistencePlugin } from "./swa-cli-persistence-plugin";
 import { logger } from "./utils";
 
-export async function azureLoginWithIdentitySDK(details: LoginDetails = {}, persist = false) {
-  let tokenCachePersistenceOptions = {
+export async function azureLoginWithIdentitySDK(details: LoginDetails = {}, persist = true) {
+  logger.silly("Executing azureLoginWithIdentitySDK");
+  logger.silly({ details, persist });
+
+  let tokenCachePersistenceOptions: TokenCachePersistenceOptions = {
     enabled: false,
+    name: "swa-cli-persistence-plugin",
+    unsafeAllowUnencryptedStorage: false,
   };
 
-  if (persist) {
+  if (persist === true) {
+    logger.silly("Persisting token cache is enabled");
+
     useIdentityPlugin(swaCliPersistencePlugin);
     tokenCachePersistenceOptions.enabled = true;
+  } else {
+    logger.silly("Persisting token cache is disabled");
+
+    tokenCachePersistenceOptions.enabled = false;
   }
 
   const browserCredential = new InteractiveBrowserCredential({
     redirectUri: "http://localhost:8888",
     tokenCachePersistenceOptions,
     tenantId: details.tenantId,
   });
+
   const deviceCredential = new DeviceCodeCredential({
     tokenCachePersistenceOptions,
     tenantId: details.tenantId,

src/core/swa-cli-persistence-plugin/impl/azure-environment.ts

@@ -0,0 +1,22 @@
+export const Environment = {
+  AzureCloud: {
+    name: "AzureCloud",
+    portalUrl: "https://portal.azure.com",
+    publishingProfileUrl: "https://go.microsoft.com/fwlink/?LinkId=254432",
+    managementEndpointUrl: "https://management.core.windows.net",
+    resourceManagerEndpointUrl: "https://management.azure.com/",
+    sqlManagementEndpointUrl: "https://management.core.windows.net:8443/",
+    sqlServerHostnameSuffix: ".database.windows.net",
+    galleryEndpointUrl: "https://gallery.azure.com/",
+    activeDirectoryEndpointUrl: "https://login.microsoftonline.com/",
+    activeDirectoryResourceId: "https://management.core.windows.net/",
+    activeDirectoryGraphResourceId: "https://graph.windows.net/",
+    batchResourceId: "https://batch.core.windows.net/",
+    activeDirectoryGraphApiVersion: "2013-04-05",
+    storageEndpointSuffix: "core.windows.net",
+    keyVaultDnsSuffix: ".vault.azure.net",
+    azureDataLakeStoreFileSystemEndpointSuffix: "azuredatalakestore.net",
+    azureDataLakeAnalyticsCatalogAndJobEndpointSuffix: "azuredatalakeanalytics.net",
+    validateAuthority: true,
+  },
+};