Chore/modified peer dependencies

.eslintignore

@@ -0,0 +1,3 @@
+**/dist
+packages/core
+packages/node

.eslintrc.js

@@ -1,4 +1,3 @@
-
 require("@rushstack/eslint-patch/modern-module-resolution");
 
 module.exports = {
@@ -24,4 +23,7 @@ module.exports = {
     "@typescript-eslint/no-floating-promises": "off",
     "consistent-return": "off"
   },
+  "env": {
+    "jest": true
+  }
 }

.github/workflows/audit.yml

@@ -0,0 +1,14 @@
+name: Audit
+
+on:
+  push:
+  schedule:
+    - cron: "40 10 * * *"
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  audit:
+    uses: inrupt/typescript-sdk-tools/.github/workflows/[email protected]
+    secrets:
+      WEBHOOK_E2E_FAILURE: ${{ secrets.WEBHOOK_E2E_FAILURE }}

.github/workflows/ci.yml

@@ -0,0 +1,65 @@
+name: CI
+
+on: [push]
+
+env:
+  CI: true
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  lint:
+    uses: inrupt/typescript-sdk-tools/.github/workflows/[email protected]
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18.x, 16.x, 14.x]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+      - run: npm ci
+      - run: npm run build
+      - run: npm run test
+      # Upload coverage for sonarcube (only matching OS and one node version required)
+      - uses: actions/upload-artifact@v3
+        if: ${{ matrix.node-version == '18.x' }}
+        with:
+          name: code-coverage-ubuntu-latest-${{matrix.node-version}}
+          path: coverage/
+
+  sonar-scan:
+    needs: [test]
+    runs-on: ubuntu-latest
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    strategy:
+      matrix:
+        # Since this is a monorepo, the Sonar scan must be run on each of the packages but this will pull in the test
+        # coverage information produced by the tests already run.
+        project-root:
+          [
+            "packages/solid-vscode-auth",
+            "extensions/solidauth",
+            "extensions/solidfs",
+          ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # Sonar analysis needs the full history for features like automatic assignment of bugs. If the following step
+          # is not included the project will show a warning about incomplete information.
+          fetch-depth: 0
+      - uses: actions/download-artifact@v3
+        with:
+          name: code-coverage-ubuntu-latest-18.x
+          path: coverage/
+      - name: SonarCloud Scan
+        uses: SonarSource/[email protected]
+        with:
+          projectBaseDir: ${{ matrix.project-root }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,68 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "Static Application security Testing (CodeQL)"
+
+on:
+  push:
+    branches:
+      - "*"
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - main
+  schedule:
+    - cron: "0 12 * * 6"
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    # Re-enable this when repo is public
+    if: false
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["javascript", "python"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/config.yml
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.gitignore

@@ -1,3 +1,4 @@
 node_modules/
 license.csv
-
+dist/
+.vscode-test/

.prettierignore

@@ -0,0 +1,2 @@
+**/.vscode-test
+**/dist

README.md

@@ -49,3 +49,35 @@ code ./extensions/solidfs/
 ```
 
 and then press `fn`+`F5` in the new vscode window that is opened.
+
+_or_
+
+```shell
+gh repo clone inrupt/vscode-extension-solidfs
+cd ./vscode-extension-solidfs
+npm run predev:solidfs
+```
+
+and then press `fn`+`F5` in the new vscode window that is opened.
+
+## authn dependencies
+
+We have had to customise the authentication libraries to handle session management in vscode. The following 2 files
+have been modified compared to the source code for the authn libraries
+
+core/src/authenticatedFetch/fetchFactory - removed token refreshing functionality
+node/src/login/oidc/incomingRedirectHandler/AuthCodeRedirectHandler -
+ensure refresh token and access_token are saved to storage
+
+In each case comments starting with "===" have been added to indicate where the files deviate from the original authn
+libraries
+
+## Installation warning
+
+_Note_ there is the following deprecation warning when installing the extension in the command line
+
+```bash
+(node:57198) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
+```
+
+It occurs due to the use of `cross-fetch` in a nested dependency which uses a deprecated version of `node-fetch` and in turn `whatwg-url`.

extensions/solidauth/README.md

@@ -2,7 +2,26 @@
 
 Provides Authentication for the Solid Ecosystem.
 
-## Features
+## Using the authentication provider `@inrupt/solid-vscode-auth`
+
+We currently recommend using `@inrupt/solid-vscode-auth` to get a solid authentication session and build a fetch function. It's usage is as follows:
+
+```ts
+import { getSolidFetch } from "@inrupt/solid-vscode-auth";
+import { getSolidDataset } from "@inrupt/solid-client";
+
+function loginAndFetch() {
+  // Get the existing login session if the user is logged into a
+  // solid Pod provider, or triggers the login flow otherwise
+  const { fetch, account } = getSolidFetch([], { createIfNone: true });
+  const webid = account.id;
+
+  // Fetching the dataset of the WebId
+  const dataset = await getSolidDataset(webid, { fetch });
+}
+```
+
+## Using the authentication provider directly (not currently recommended)
 
 This extension should be used via the `vscode.authentication` API. To get a Solid Session for your extension - do the following
 

extensions/solidauth/package.json

@@ -71,5 +71,9 @@
     "@inrupt/solid-client-authn-node": "^1.12.2",
     "@inrupt/solid-vscode-auth": "^0.0.0",
     "solid-node-interactive-auth": "1.1.0"
+  },
+  "overrides": {
+    "@inrupt/solid-client-authn-node": "$@inrupt/solid-client-authn-node",
+    "@inrupt/solid-client-authn-core": "$@inrupt/solid-client-authn-core"
   }
 }