refactor(verify-auth): extract token verification logic to intent-revealing functions

travi · travi · commit e75c6200f155 · 2025-10-14T14:00:05.000-05:00
to improve readability for #958
diff --git a/lib/verify-auth.js b/lib/verify-auth.js
@@ -11,6 +11,48 @@ function registryIsDefault(registry, DEFAULT_NPM_REGISTRY) {
   return normalizeUrl(registry) === normalizeUrl(DEFAULT_NPM_REGISTRY);
 }
 
+async function verifyAuthContextAgainstRegistry(npmrc, registry, cwd, env, stdout, stderr) {
+  try {
+    const whoamiResult = execa("npm", ["whoami", "--userconfig", npmrc, "--registry", registry], {
+      cwd,
+      env,
+      preferLocal: true,
+    });
+
+    whoamiResult.stdout.pipe(stdout, { end: false });
+    whoamiResult.stderr.pipe(stderr, { end: false });
+
+    await whoamiResult;
+  } catch {
+    throw new AggregateError([getError("EINVALIDNPMTOKEN", { registry })]);
+  }
+}
+
+async function attemptPublishDryRun(npmrc, registry, cwd, env) {
+  const publishDryRunResult = execa(
+    "npm",
+    ["publish", "--dry-run", "--tag=semantic-release-auth-check", "--userconfig", npmrc, "--registry", registry],
+    { cwd, env, preferLocal: true, lines: true }
+  );
+
+  // publishDryRunResult.stdout.pipe(stdout, { end: false });
+  // publishDryRunResult.stderr.pipe(stderr, { end: false });
+
+  (await publishDryRunResult).stderr.forEach((line) => {
+    if (line.includes("This command requires you to be logged in to ")) {
+      throw new AggregateError([getError("EINVALIDNPMAUTH", { registry })]);
+    }
+  });
+}
+
+async function verifyTokenAuth(registry, DEFAULT_NPM_REGISTRY, npmrc, cwd, env, stdout, stderr) {
+  if (registryIsDefault(registry, DEFAULT_NPM_REGISTRY)) {
+    await verifyAuthContextAgainstRegistry(npmrc, registry, cwd, env, stdout, stderr);
+  } else {
+    await attemptPublishDryRun(npmrc, registry, cwd, env);
+  }
+}
+
 export default async function (npmrc, pkg, context) {
   const {
     cwd,
@@ -26,33 +68,5 @@ export default async function (npmrc, pkg, context) {
 
   await setNpmrcAuth(npmrc, registry, context);
 
-  if (registryIsDefault(registry, DEFAULT_NPM_REGISTRY)) {
-    try {
-      const whoamiResult = execa("npm", ["whoami", "--userconfig", npmrc, "--registry", registry], {
-        cwd,
-        env,
-        preferLocal: true,
-      });
-      whoamiResult.stdout.pipe(stdout, { end: false });
-      whoamiResult.stderr.pipe(stderr, { end: false });
-      await whoamiResult;
-    } catch {
-      throw new AggregateError([getError("EINVALIDNPMTOKEN", { registry })]);
-    }
-  } else {
-    const publishDryRunResult = execa(
-      "npm",
-      ["publish", "--dry-run", "--tag=semantic-release-auth-check", "--userconfig", npmrc, "--registry", registry],
-      { cwd, env, preferLocal: true, lines: true }
-    );
-
-    // publishDryRunResult.stdout.pipe(stdout, { end: false });
-    // publishDryRunResult.stderr.pipe(stderr, { end: false });
-
-    (await publishDryRunResult).stderr.forEach((line) => {
-      if (line.includes("This command requires you to be logged in to ")) {
-        throw new AggregateError([getError("EINVALIDNPMAUTH", { registry })]);
-      }
-    });
-  }
+  await verifyTokenAuth(registry, DEFAULT_NPM_REGISTRY, npmrc, cwd, env, stdout, stderr);
 }
