From e612d57912b95fc2a246ecc16ec796c426b47b5b Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Tue, 23 Jul 2019 20:39:46 -0600
Subject: [PATCH] update docs and examples for auth

---
 README.md             |  12 ++++-
 example.env           |   1 +
 lib/index.js          |  13 +++---
 oauth2l-test-token.sh |  15 ++++---
 package-lock.json     | 101 +++++++++++++++++++-----------------------
 test.js               |   7 +--
 6 files changed, 77 insertions(+), 72 deletions(-)

diff --git a/README.md b/README.md
index 4f8ac1d..072452a 100644
--- a/README.md
+++ b/README.md
@@ -15,13 +15,21 @@ Implementation Details
 -   https://cloud.google.com/service-usage/docs/getting-started#api
 -   https://github.com/google/oauth2l
 
+## Authenticating
+
+Google has made things _way_ too complicated.
+
+-   Create a project
+-   Create a Service Account and download the `service_account.json`
+-   Create a managed public zone for your domain: <https://cloud.google.com/dns/docs/quickstart#create_a_managed_public_zone>
+
 # Test This First!
 
 Edit the file `oauth2l-test-token.sh`
 
 Change the location of `service_account.json` to whatever it needs to be.
 
-Change the `project` to the name of your project.
+Change the `PROJECT` to the name of your project.
 
 If that doesn't work, something is wrong with your credentials, nothing else will work.
 
@@ -33,7 +41,7 @@ First you create an instance with your credentials:
 var dns01 = require('acme-dns-01-googlecloud').create({
 	baseUrl: 'https://www.googleapis.com/dns/v1/', // default
 
-  // contains private_key, private_key_id, project_id, and client_email
+	// contains private_key, private_key_id, project_id, and client_email
 	serviceAccountPath: __dirname + '/service_account.json'
 });
 ```
diff --git a/example.env b/example.env
index a455a16..db4df1c 100644
--- a/example.env
+++ b/example.env
@@ -1,3 +1,4 @@
 # NOT credentials.json
 GOOGLE_APPLICATION_CREDENTIALS=/Users/me/service_account.json
+TOKEN=yyyy.a.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 ZONE=example.co.uk
diff --git a/lib/index.js b/lib/index.js
index daf8462..72c44db 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -1,6 +1,6 @@
 'use strict';
 
-var auth = require('./auth.js');
+//var auth = require('./auth.js');
 var defaults = {
 	baseUrl: 'https://www.googleapis.com/dns/v1/'
 };
@@ -8,6 +8,7 @@ var defaults = {
 module.exports.create = function(config) {
 	var request;
 	var baseUrl = (config.baseUrl || defaults.baseUrl).replace(/\/$/, '');
+	var token = config.token;
 	var sa = getServiceAccount(config);
 
 	return {
@@ -43,11 +44,11 @@ module.exports.create = function(config) {
 	};
 
 	function api(opts) {
-		return auth.getToken(sa).then(function(token) {
-			opts.headers = opts.headers || {};
-			opts.headers.Authorization = 'Bearer ' + token;
-			return request(opts);
-		});
+		//return auth.getToken(sa).then(function(token) {
+		opts.headers = opts.headers || {};
+		opts.headers.Authorization = 'Bearer ' + token;
+		return request(opts);
+		//});
 	}
 
 	function getServiceAccount(config) {
diff --git a/oauth2l-test-token.sh b/oauth2l-test-token.sh
index 129b916..6ace8d0 100644
--- a/oauth2l-test-token.sh
+++ b/oauth2l-test-token.sh
@@ -5,13 +5,16 @@
 
 set -e
 
+rm -f ~/.oauth2l
+
 export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json
-project=example-change-me
+PROJECT=even-flight-244020
 
 token=$(oauth2l fetch ndev.clouddns.readwrite)
-echo $token
-curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token"
+echo API Token: $token
+curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"
 
-token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
-echo $token
-curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token"
+#token=$(oauth2l fetch --jwt ndev.clouddns.readwrite)
+#token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
+#echo JWT: $token
+#curl -fL "https://www.googleapis.com/dns/v1/projects/$PROJECT/managedZones" -H "Authorization: Bearer $token"
diff --git a/package-lock.json b/package-lock.json
index 243b765..3fa70da 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,57 +1,48 @@
 {
-  "name": "acme-dns-01-googlecloud",
-  "version": "0.0.1",
-  "lockfileVersion": 1,
-  "requires": true,
-  "dependencies": {
-    "@root/request": {
-      "version": "1.3.11",
-      "resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",
-      "integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==",
-      "dev": true
-    },
-    "acme-challenge-test": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/acme-challenge-test/-/acme-challenge-test-3.3.2.tgz",
-      "integrity": "sha512-0AbMcaON20wpI5vzFDAqwcv2VerY4xIlNCqX0w1xEJUIu/EQtQNmkje+rKNuy2TUl2KBMdIaR6YBbJUdaEiC4w==",
-      "dev": true,
-      "requires": {
-        "@root/request": "^1.3.11"
-      }
-    },
-    "acme-dns-01-test": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/acme-dns-01-test/-/acme-dns-01-test-3.3.1.tgz",
-      "integrity": "sha512-di2/n19FDLc/pe4CDxd/FpxuuCZG7CHEQVjWr96vvtxe5XNNgdHi2eJqVP0z9WBf9s61zxslyRPrAWzTN8ZVWw==",
-      "dev": true,
-      "requires": {
-        "acme-challenge-test": "^3.3.1"
-      }
-    },
-    "dotenv": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz",
-      "integrity": "sha512-30xVGqjLjiUOArT4+M5q9sYdvuR4riM6yK9wMcas9Vbp6zZa+ocC9dp6QoftuhTPhFAiLK/0C5Ni2nou/Bk8lg==",
-      "dev": true
-    },
-    "eckles": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz",
-      "integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA=="
-    },
-    "keypairs": {
-      "version": "1.2.14",
-      "resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz",
-      "integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==",
-      "requires": {
-        "eckles": "^1.4.1",
-        "rasha": "^1.2.4"
-      }
-    },
-    "rasha": {
-      "version": "1.2.5",
-      "resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.5.tgz",
-      "integrity": "sha512-KxtX+/fBk+wM7O3CNgwjSh5elwFilLvqWajhr6wFr2Hd63JnKTTi43Tw+Jb1hxJQWOwoya+NZWR2xztn3hCrTw=="
-    }
-  }
+	"name": "acme-dns-01-googlecloud",
+	"version": "0.0.1",
+	"lockfileVersion": 1,
+	"requires": true,
+	"dependencies": {
+		"@root/request": {
+			"version": "1.3.11",
+			"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",
+			"integrity": "sha512-3a4Eeghcjsfe6zh7EJ+ni1l8OK9Fz2wL1OjP4UCa0YdvtH39kdXB9RGWuzyNv7dZi0+Ffkc83KfH0WbPMiuJFw==",
+			"dev": true
+		},
+		"acme-challenge-test": {
+			"version": "3.3.2",
+			"resolved": "https://registry.npmjs.org/acme-challenge-test/-/acme-challenge-test-3.3.2.tgz",
+			"integrity": "sha512-0AbMcaON20wpI5vzFDAqwcv2VerY4xIlNCqX0w1xEJUIu/EQtQNmkje+rKNuy2TUl2KBMdIaR6YBbJUdaEiC4w==",
+			"dev": true,
+			"requires": {
+				"@root/request": "^1.3.11"
+			}
+		},
+		"dotenv": {
+			"version": "8.0.0",
+			"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.0.0.tgz",
+			"integrity": "sha512-30xVGqjLjiUOArT4+M5q9sYdvuR4riM6yK9wMcas9Vbp6zZa+ocC9dp6QoftuhTPhFAiLK/0C5Ni2nou/Bk8lg==",
+			"dev": true
+		},
+		"eckles": {
+			"version": "1.4.1",
+			"resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz",
+			"integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA=="
+		},
+		"keypairs": {
+			"version": "1.2.14",
+			"resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz",
+			"integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==",
+			"requires": {
+				"eckles": "^1.4.1",
+				"rasha": "^1.2.4"
+			}
+		},
+		"rasha": {
+			"version": "1.2.5",
+			"resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.5.tgz",
+			"integrity": "sha512-KxtX+/fBk+wM7O3CNgwjSh5elwFilLvqWajhr6wFr2Hd63JnKTTi43Tw+Jb1hxJQWOwoya+NZWR2xztn3hCrTw=="
+		}
+	}
 }
diff --git a/test.js b/test.js
index c44b520..38398fb 100755
--- a/test.js
+++ b/test.js
@@ -9,7 +9,8 @@ require('dotenv').config();
 var zone = process.argv[2] || process.env.ZONE;
 var config = {
 	serviceAccountPath:
-		process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS
+		process.argv[3] || process.env.GOOGLE_APPLICATION_CREDENTIALS,
+	token: process.argv[4] || process.env.TOKEN
 };
 var challenger = require('./index.js').create(config);
 
@@ -17,8 +18,8 @@ var challenger = require('./index.js').create(config);
 var sa = require(config.serviceAccountPath);
 require('./lib/auth.js')
 	.getToken(sa)
-	.then(function(jwt) {
-		console.info('\nAuthorization: Bearer ' + jwt + '\n');
+	.then(function(/*jwt*/) {
+		//console.info('\nAuthorization: Bearer ' + jwt + '\n');
 
 		// The dry-run tests can pass on, literally, 'example.com'
 		// but the integration tests require that you have control over the domain