Improve credential handling

[mwilde345]

Ticket(s): FE-6152

Probably most helpful to look in order:

• auth/credentials.mjs (middleware that runs buildCredentials)
• auth/accountKeys.mjs - Makes the AccountKeyStore and adds some methods for refreshing account keys
• auth/databaseKeys.mjs - Makes DatabaseKeyStore and has refresh methods
• Other changes are ripping out old authNZ stuff and using the new container.resolve("credentials")

Problem

• Existing auth middleware does too much, including a preflight api call to fauna and account api.

Solution

• Similar to dashboard short-lived keys, make them truly just-in-time by handling 401s with a single refresh and retry attempt.

• Build a singleton Credentials class that gets injected.

  • Tests will continue to mock filesystem and network requests, so shouldn't need any more injectables.

• Credentials class builds AccountKeys and DatabaseKeys classes.

  • These provide methods to interact with their respective local credential files (AccountKeyStore, DatabaseKeyStore), and also provide helpers to get and refresh keys when necessary

• Wrap up makeAccountRequest and client.query for the account api and fauna api, respectively

  • Check for 401s and refresh or prompt login

Result

• DB keys and account keys are refreshed behind the scenes and not before every single command
• The correct secret and account key are used, considering the various source of input
• Simple credential argument verification (no database and secret arg together)
• Commands don't have to worry about creds, they just init the client they need. If they want to interact with credentials, they can.

Example:

async function listDatabases(argv) {
  const logger = container.resolve("logger");

  // query the account api
  const accountClient = new FaunaAccountClient();
  const databases = await accountClient.listDatabases();
  logger.stdout(databases);

  // query the fauna api
  const dbClient = await container.resolve("getSimpleClient")(argv);
  const result = await performQuery(dbClient, "Database.all()", undefined, {
    ...argv,
    format: "json",
  });
  logger.stdout(result);

  // see what credentials are being used
  const credentials = container.resolve("credentials");
  logger.debug(
    `
    Account Key: ${credentials.accountKeys.key}\n
    Database Key: ${credentials.databaseKeys.key}`,
    "creds",
  );
}

Testing

Need to update login test and add new credentials test that verifies middleware sets things up properly

• Manual testing for now until I refactor the old authNZ test file.
• Did debug logging to verify that account keys and db keys are refreshed, saved, cleaned up correctly.
• Verified we don't make duplicate credential classes

[ecooper]

I don't think we need this .fauna files in source control unless I'm missing something.

Otherwise, the biggest thing I notice is this is OO heavy, but on the query side we're more functional + composition. I wouldn't block it now, but we should figure out what our bless pattern is here before release. Otherwise, some of the codebase will be very oo and the rest will be composition and it will be a pain later.