feat: implement functionality to fetch scorecard using api key

Author: AlbinaBlazhko17

packages/cli/src/commands/scorecard-classic/auth/login-handler.ts

@@ -1,5 +1,3 @@
-import { logger } from '@redocly/openapi-core';
-import { blue } from 'colorette';
 import { RedoclyOAuthClient } from '../../../auth/oauth-client.js';
 import { getReuniteUrl } from '../../../reunite/api/index.js';
 import { exitWithError } from '../../../utils/error.js';
@@ -8,13 +6,11 @@ import type { Config } from '@redocly/openapi-core';
 
 export async function handleLoginAndFetchToken(config: Config): Promise<string | undefined> {
   const reuniteUrl = getReuniteUrl(config, config.resolvedConfig?.residency);
+
   const oauthClient = new RedoclyOAuthClient();
   let accessToken = await oauthClient.getAccessToken(reuniteUrl);
 
   if (!accessToken) {
-    logger.info(`\n${blue('Authentication required to fetch remote scorecard configuration.')}\n`);
-    logger.info(`Please login to continue:\n`);
-
     try {
       await oauthClient.login(reuniteUrl);
       accessToken = await oauthClient.getAccessToken(reuniteUrl);

packages/cli/src/commands/scorecard-classic/index.ts

@@ -14,26 +14,23 @@ export async function handleScorecardClassic({ argv, config }: CommandArgs<Score
   const externalRefResolver = new BaseResolver(config.resolve);
   const { bundle: document } = await bundle({ config, ref: path });
   const projectUrl = argv['project-url'] || config.resolvedConfig.scorecard?.fromProjectUrl;
+  const apiKey = process.env.REDOCLY_AUTHORIZATION;
 
   if (!projectUrl) {
     exitWithError(
-      'scorecard.fromProjectUrl is not configured. Please provide it via --project-url flag or configure it in redocly.yaml. Learn more: https://redocly.com/docs/realm/config/scorecard#fromprojecturl-example'
+      'Scorecard is not configured. Please provide it via --project-url flag or configure it in redocly.yaml. Learn more: https://redocly.com/docs/realm/config/scorecard#fromprojecturl-example'
     );
   }
 
-  const accessToken = await handleLoginAndFetchToken(config);
+  const auth = apiKey || (await handleLoginAndFetchToken(config));
 
-  if (!accessToken) {
-    exitWithError('Failed to obtain access token.');
+  if (!auth) {
+    exitWithError('Failed to obtain access token or API key.');
   }
 
-  const remoteScorecardAndPlugins = await fetchRemoteScorecardAndPlugins(projectUrl, accessToken);
-
-  const scorecard =
-    remoteScorecardAndPlugins?.scorecard ||
-    config.resolvedConfig.scorecardClassic ||
-    config.resolvedConfig.scorecard;
+  const remoteScorecardAndPlugins = await fetchRemoteScorecardAndPlugins(projectUrl, auth);
 
+  const scorecard = remoteScorecardAndPlugins?.scorecard;
   if (!scorecard) {
     exitWithError(
       'No scorecard configuration found. Please configure scorecard in your redocly.yaml or ensure remote scorecard is accessible.'

packages/cli/src/commands/scorecard-classic/remote/fetch-scorecard.ts

@@ -1,49 +1,39 @@
-import { logger } from '@redocly/openapi-core';
+import { exitWithError } from 'cli/src/utils/error.js';
 
-import type { RemoteScorecardAndPlugins, Organization, Project, PaginatedList } from '../types.js';
+import type { RemoteScorecardAndPlugins, Project } from '../types.js';
 
 export async function fetchRemoteScorecardAndPlugins(
   projectUrl: string,
-  accessToken: string
+  auth: string
 ): Promise<RemoteScorecardAndPlugins | undefined> {
   const parsedProjectUrl = parseProjectUrl(projectUrl);
 
   if (!parsedProjectUrl) {
-    logger.warn(`Invalid project URL format: ${projectUrl}`);
-    return;
+    exitWithError(`Invalid project URL format: ${projectUrl}`);
   }
 
   const { residency, orgSlug, projectSlug } = parsedProjectUrl;
-
-  const organization = await fetchOrganizationBySlug(residency, orgSlug, accessToken);
-
-  if (!organization) {
-    logger.warn(`Organization not found: ${orgSlug}`);
-    return;
-  }
-
-  const project = await fetchProjectBySlug(residency, organization.id, projectSlug, accessToken);
-
-  if (!project) {
-    logger.warn(`Project not found: ${projectSlug}`);
-    return;
-  }
-
-  const scorecard = project?.config.scorecard;
-
-  if (!scorecard) {
-    logger.warn('No scorecard configuration found in the remote project.');
-    return;
+  const apiKey = process.env.REDOCLY_AUTHORIZATION;
+
+  try {
+    const project = await fetchProjectConfigBySlugs(residency, orgSlug, projectSlug, apiKey, auth);
+    const scorecard = project?.config.scorecard;
+
+    if (!scorecard) {
+      throw new Error('No scorecard configuration found.');
+    }
+
+    const plugins = project.config.pluginsUrl
+      ? await fetchPlugins(project.config.pluginsUrl)
+      : undefined;
+
+    return {
+      scorecard,
+      plugins,
+    };
+  } catch (error) {
+    exitWithError(error.message);
   }
-
-  const plugins = project.config.pluginsUrl
-    ? await fetchPlugins(project.config.pluginsUrl)
-    : undefined;
-
-  return {
-    scorecard,
-    plugins,
-  };
 }
 
 function parseProjectUrl(
@@ -65,47 +55,29 @@ function parseProjectUrl(
   };
 }
 
-async function fetchOrganizationBySlug(
+async function fetchProjectConfigBySlugs(
   residency: string,
   orgSlug: string,
-  accessToken: string
-): Promise<Organization | undefined> {
-  const orgsUrl = new URL(`${residency}/api/orgs`);
-  orgsUrl.searchParams.set('filter', `slug:${orgSlug}`);
-  orgsUrl.searchParams.set('limit', '1');
-
-  const authHeaders = createAuthHeaders(accessToken);
-  const organizationResponse = await fetch(orgsUrl, { headers: authHeaders });
-
-  if (organizationResponse.status !== 200) {
-    return;
-  }
-
-  const organizations: PaginatedList<Organization> = await organizationResponse.json();
-
-  return organizations.items[0];
-}
-
-async function fetchProjectBySlug(
-  residency: string,
-  orgId: string,
   projectSlug: string,
+  apiKey: string | undefined,
   accessToken: string
 ): Promise<Project | undefined> {
-  const projectsUrl = new URL(`${residency}/api/orgs/${orgId}/projects`);
-  projectsUrl.searchParams.set('filter', `slug:${projectSlug}`);
-  projectsUrl.searchParams.set('limit', '1');
+  const authHeaders = createAuthHeaders(apiKey, accessToken);
+  const projectUrl = new URL(`${residency}/api/orgs/${orgSlug}/projects/${projectSlug}`);
 
-  const authHeaders = createAuthHeaders(accessToken);
-  const projectsResponse = await fetch(projectsUrl, { headers: authHeaders });
+  const projectResponse = await fetch(projectUrl, { headers: authHeaders });
 
-  if (projectsResponse.status !== 200) {
-    return;
+  if (projectResponse.status === 401 || projectResponse.status === 403) {
+    throw new Error(
+      `Unauthorized access to project: ${projectSlug}. Please check your credentials.`
+    );
   }
 
-  const projects: PaginatedList<Project> = await projectsResponse.json();
+  if (projectResponse.status !== 200) {
+    throw new Error(`Failed to fetch project: ${projectSlug}. Status: ${projectResponse.status}`);
+  }
 
-  return projects.items[0];
+  return projectResponse.json();
 }
 
 async function fetchPlugins(pluginsUrl: string): Promise<string | undefined> {
@@ -118,6 +90,13 @@ async function fetchPlugins(pluginsUrl: string): Promise<string | undefined> {
   return pluginsResponse.text();
 }
 
-function createAuthHeaders(accessToken: string) {
+function createAuthHeaders(
+  apiKey: string | undefined,
+  accessToken: string
+): Record<string, string> {
+  if (apiKey) {
+    return { Authorization: `Bearer ${apiKey}` };
+  }
+
   return { Cookie: `accessToken=${accessToken}` };
 }

packages/cli/src/commands/scorecard-classic/types.ts

@@ -14,17 +14,8 @@ export type RemoteScorecardAndPlugins = {
   plugins: string | undefined;
 };
 
-export type Organization = {
-  id: `org_${string}`;
-  slug: string;
-};
-
 export type Project = {
   id: `prj_${string}`;
   slug: string;
   config: ResolvedConfig & { pluginsUrl?: string; scorecardClassic?: ResolvedConfig['scorecard'] };
 };
-
-export type PaginatedList<T> = {
-  items: T[];
-};

packages/cli/src/commands/scorecard-classic/validation/plugin-evaluator.ts

@@ -12,12 +12,9 @@ export async function evaluatePluginsFromCode(pluginsCode?: string): Promise<Plu
   }
 
   try {
-    const normalizedDirname =
-      typeof __dirname === 'undefined' ? '' : __dirname.replaceAll(/\\/g, '/');
-    const pluginsCodeWithDirname = pluginsCode.replaceAll(
-      '__redocly_dirname',
-      `"${normalizedDirname}"`
-    );
+    const dirname = import.meta.url;
+    const pluginsCodeWithDirname = pluginsCode.replaceAll('__redocly_dirname', `"${dirname}"`);
+
     const base64 = btoa(pluginsCodeWithDirname);
     const dataUri = `data:text/javascript;base64,${base64}`;
     const module: PluginsModule = await import(dataUri);