@aifabrix/builder 2.31.1 → 2.32.1

package/lib/utils/secrets-helpers.js

@@ -11,7 +11,7 @@
 const fs = require('fs');
 const path = require('path');
 const yaml = require('js-yaml');
-const config = require('../config');
+const config = require('../core/config');
 const { buildHostnameToServiceMap, resolveUrlPort } = require('./secrets-utils');
 const { rewriteInfraEndpoints, getEnvHosts, getServicePort, getServiceHost, getLocalhostOverride } = require('./env-endpoints');
 const { loadEnvConfig } = require('./env-config-loader');
@@ -130,6 +130,65 @@ function loadEnvTemplate(templatePath) {
   return fs.readFileSync(templatePath, 'utf8');
 }
 
+/**
+ * Gets port from local environment config
+ * @function getPortFromLocalEnv
+ * @param {Object} localEnv - Local environment config
+ * @returns {number|null} Port value or null
+ */
+function getPortFromLocalEnv(localEnv) {
+  if (localEnv.PORT === undefined || localEnv.PORT === null) {
+    return null;
+  }
+  const portVal = typeof localEnv.PORT === 'number' ? localEnv.PORT : parseInt(localEnv.PORT, 10);
+  return Number.isNaN(portVal) ? null : portVal;
+}
+
+/**
+ * Gets port from variables.yaml file
+ * @function getPortFromVariablesFile
+ * @param {string} variablesPath - Path to variables.yaml
+ * @returns {number|null} Port value or null
+ */
+function getPortFromVariablesFile(variablesPath) {
+  if (!variablesPath || !fs.existsSync(variablesPath)) {
+    return null;
+  }
+  try {
+    const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+    const variables = yaml.load(variablesContent);
+    const localPort = variables?.build?.localPort;
+    if (typeof localPort === 'number' && localPort > 0) {
+      return localPort;
+    }
+    return variables?.port || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Gets port from environment content fallback
+ * @function getPortFromEnvContent
+ * @param {string} envContent - Environment content
+ * @returns {number} Port value (defaults to 3000)
+ */
+function getPortFromEnvContent(envContent) {
+  const portMatch = envContent.match(/^PORT\s*=\s*(\d+)/m);
+  return portMatch ? parseInt(portMatch[1], 10) : 3000;
+}
+
+/**
+ * Applies developer-id adjustment to port
+ * @function applyDeveloperIdAdjustment
+ * @param {number} baseAppPort - Base application port
+ * @param {number} devIdNum - Developer ID number
+ * @returns {number} Adjusted port
+ */
+function applyDeveloperIdAdjustment(baseAppPort, devIdNum) {
+  return devIdNum === 0 ? baseAppPort : (baseAppPort + (devIdNum * 100));
+}
+
 /**
  * Calculate application port following override chain and developer-id adjustment
  * Override chain: env-config.yaml → config.yaml → variables.yaml build.localPort → variables.yaml port
@@ -143,43 +202,21 @@ function loadEnvTemplate(templatePath) {
  */
 async function calculateAppPort(variablesPath, localEnv, envContent, devIdNum) {
   // Start with env-config value
-  let baseAppPort = null;
-  if (localEnv.PORT !== undefined && localEnv.PORT !== null) {
-    const portVal = typeof localEnv.PORT === 'number' ? localEnv.PORT : parseInt(localEnv.PORT, 10);
-    if (!Number.isNaN(portVal)) {
-      baseAppPort = portVal;
-    }
-  }
+  let baseAppPort = getPortFromLocalEnv(localEnv);
 
   // Override with variables.yaml → build.localPort (strongest)
-  if (variablesPath && fs.existsSync(variablesPath)) {
-    try {
-      const variablesContent = fs.readFileSync(variablesPath, 'utf8');
-      const variables = yaml.load(variablesContent);
-      const localPort = variables?.build?.localPort;
-      if (typeof localPort === 'number' && localPort > 0) {
-        baseAppPort = localPort;
-      } else if (baseAppPort === null || baseAppPort === undefined) {
-        // Fallback to variables.yaml → port
-        baseAppPort = variables?.port || 3000;
-      }
-    } catch {
-      // Fallback to reading from env content if variables.yaml read fails
-      if (baseAppPort === null || baseAppPort === undefined) {
-        const portMatch = envContent.match(/^PORT\s*=\s*(\d+)/m);
-        baseAppPort = portMatch ? parseInt(portMatch[1], 10) : 3000;
-      }
-    }
-  } else {
-    // Fallback if variablesPath not provided
-    if (baseAppPort === null || baseAppPort === undefined) {
-      const portMatch = envContent.match(/^PORT\s*=\s*(\d+)/m);
-      baseAppPort = portMatch ? parseInt(portMatch[1], 10) : 3000;
-    }
+  const variablesPort = getPortFromVariablesFile(variablesPath);
+  if (variablesPort !== null) {
+    baseAppPort = variablesPort;
+  }
+
+  // Fallback to env content if still no port
+  if (baseAppPort === null || baseAppPort === undefined) {
+    baseAppPort = getPortFromEnvContent(envContent);
   }
 
   // Apply developer-id adjustment
-  return devIdNum === 0 ? baseAppPort : (baseAppPort + (devIdNum * 100));
+  return applyDeveloperIdAdjustment(baseAppPort, devIdNum);
 }
 
 /**
@@ -211,21 +248,32 @@ function updateLocalhostUrls(content, baseAppPort, appPort) {
  * @param {string} [variablesPath] - Path to variables.yaml (to read build.localPort)
  * @returns {Promise<string>} Updated content with local ports
  */
-async function adjustLocalEnvPortsInContent(envContent, variablesPath) {
-  // Get developer-id for port adjustment
+/**
+ * Gets developer ID number
+ * @async
+ * @function getDeveloperIdNumber
+ * @returns {Promise<number>} Developer ID number
+ */
+async function getDeveloperIdNumber() {
   const devId = await config.getDeveloperId();
-  let devIdNum = 0;
   if (devId !== null && devId !== undefined) {
     const parsed = parseInt(devId, 10);
     if (!Number.isNaN(parsed)) {
-      devIdNum = parsed;
+      return parsed;
     }
   }
+  return 0;
+}
 
-  // Get base config from env-config.yaml (includes user env-config file if configured)
+/**
+ * Gets local environment configuration with overrides
+ * @async
+ * @function getLocalEnvWithOverrides
+ * @returns {Promise<Object>} Local environment configuration
+ */
+async function getLocalEnvWithOverrides() {
   let localEnv = await getEnvHosts('local');
 
-  // Apply config.yaml → environments.local override (if exists)
   try {
     const os = require('os');
     const cfgPath = path.join(os.homedir(), '.aifabrix', 'config.yaml');
@@ -237,33 +285,34 @@ async function adjustLocalEnvPortsInContent(envContent, variablesPath) {
       }
     }
   } catch {
-    // Ignore config.yaml read errors, continue with env-config values
+    // Ignore config.yaml read errors
   }
 
-  // Calculate base port (without developer-id adjustment) for URL matching
-  const baseAppPort = await calculateAppPort(variablesPath, localEnv, envContent, 0);
-  // Calculate final port with developer-id adjustment
-  const appPort = await calculateAppPort(variablesPath, localEnv, envContent, devIdNum);
-
-  // Update .env content - only handle PORT variable
-  // Other port variables (DB_PORT, REDIS_PORT, etc.) are handled by interpolation
-  let updated = envContent;
+  return localEnv;
+}
 
-  // Update PORT
-  if (/^PORT\s*=.*$/m.test(updated)) {
-    updated = updated.replace(/^PORT\s*=\s*.*$/m, `PORT=${appPort}`);
-  } else {
-    updated = `${updated}\nPORT=${appPort}\n`;
+/**
+ * Updates PORT variable in content
+ * @function updatePortVariable
+ * @param {string} envContent - Environment content
+ * @param {number} appPort - Application port
+ * @returns {string} Updated content
+ */
+function updatePortVariable(envContent, appPort) {
+  if (/^PORT\s*=.*$/m.test(envContent)) {
+    return envContent.replace(/^PORT\s*=\s*.*$/m, `PORT=${appPort}`);
   }
+  return `${envContent}\nPORT=${appPort}\n`;
+}
 
-  // Update localhost URLs
-  updated = updateLocalhostUrls(updated, baseAppPort, appPort);
-
-  // Update infra endpoints with developer-id adjusted ports for local context
-  updated = await rewriteInfraEndpoints(updated, 'local');
-
-  // Interpolate ${VAR} references created by rewriteInfraEndpoints
-  // Get the ports that were just set by rewriteInfraEndpoints for interpolation
+/**
+ * Builds environment variables for interpolation
+ * @async
+ * @function buildEnvVarsForInterpolation
+ * @param {number} devIdNum - Developer ID number
+ * @returns {Promise<Object>} Environment variables object
+ */
+async function buildEnvVarsForInterpolation(devIdNum) {
   const hostsForPorts = await getEnvHosts('local');
   const redisPort = await getServicePort('REDIS_PORT', 'redis', hostsForPorts, 'local');
   const dbPort = await getServicePort('DB_PORT', 'postgres', hostsForPorts, 'local');
@@ -271,13 +320,27 @@ async function adjustLocalEnvPortsInContent(envContent, variablesPath) {
   const redisHost = getServiceHost(hostsForPorts.REDIS_HOST, 'local', 'localhost', localhostOverride);
   const dbHost = getServiceHost(hostsForPorts.DB_HOST, 'local', 'localhost', localhostOverride);
 
-  // Build envVars map and ensure it has the correct values
   const envVars = await buildEnvVarMap('local', null, devIdNum);
-  // Override with the actual values that were just set by rewriteInfraEndpoints
   envVars.REDIS_HOST = redisHost;
   envVars.REDIS_PORT = String(redisPort);
   envVars.DB_HOST = dbHost;
   envVars.DB_PORT = String(dbPort);
+
+  return envVars;
+}
+
+async function adjustLocalEnvPortsInContent(envContent, variablesPath) {
+  const devIdNum = await getDeveloperIdNumber();
+  const localEnv = await getLocalEnvWithOverrides();
+
+  const baseAppPort = await calculateAppPort(variablesPath, localEnv, envContent, 0);
+  const appPort = await calculateAppPort(variablesPath, localEnv, envContent, devIdNum);
+
+  let updated = updatePortVariable(envContent, appPort);
+  updated = updateLocalhostUrls(updated, baseAppPort, appPort);
+  updated = await rewriteInfraEndpoints(updated, 'local');
+
+  const envVars = await buildEnvVarsForInterpolation(devIdNum);
   updated = interpolateEnvVars(updated, envVars);
 
   return updated;

package/lib/utils/secrets-path.js

@@ -10,7 +10,7 @@
  */
 
 const path = require('path');
-const config = require('../config');
+const config = require('../core/config');
 const paths = require('./paths');
 
 /**

package/lib/utils/secrets-url.js

@@ -26,7 +26,7 @@ async function resolveServicePortsInEnvContent(envContent, environment) {
   const envConfig = await loadEnvConfig();
   const dockerHosts = envConfig.environments.docker || {};
   const hostnameToService = buildHostnameToServiceMap(dockerHosts);
-  const urlPattern = /(https?:\/\/)([a-zA-Z0-9-]+):(\d+)([^\s\n]*)?/g;
+  const urlPattern = /(https?:\/\/)([a-zA-Z0-9.-]+):(\d+)([^\s\n]*)?/g;
   return envContent.replace(urlPattern, (match, protocol, hostname, port, urlPath = '') => {
     return resolveUrlPort(protocol, hostname, port, urlPath || '', hostnameToService);
   });

package/lib/utils/token-manager-refresh.js

@@ -0,0 +1,181 @@
+/**
+ * Token Manager Refresh Utilities
+ *
+ * Token refresh functions for device and client tokens
+ *
+ * @fileoverview Token refresh utilities for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+const config = require('../core/config');
+const { refreshDeviceToken: apiRefreshDeviceToken } = require('./api');
+
+/**
+ * Validates refresh token parameters
+ * @function validateRefreshTokenParams
+ * @param {string} environment - Environment key
+ * @param {string} appName - Application name
+ * @param {string} controllerUrl - Controller URL
+ * @throws {Error} If validation fails
+ */
+function validateRefreshTokenParams(environment, appName, controllerUrl) {
+  if (!environment || typeof environment !== 'string') {
+    throw new Error('Environment is required and must be a string');
+  }
+  if (!appName || typeof appName !== 'string') {
+    throw new Error('App name is required and must be a string');
+  }
+  if (!controllerUrl || typeof controllerUrl !== 'string') {
+    throw new Error('Controller URL is required and must be a string');
+  }
+}
+
+/**
+ * Loads client credentials from parameters or secrets file
+ * @async
+ * @function loadClientCredentialsForRefresh
+ * @param {string} appName - Application name
+ * @param {string} [clientId] - Optional client ID
+ * @param {string} [clientSecret] - Optional client secret
+ * @returns {Promise<Object>} Credentials object with clientId and clientSecret
+ * @throws {Error} If credentials cannot be loaded
+ */
+async function loadClientCredentialsForRefresh(appName, clientId, clientSecret) {
+  const { loadClientCredentials } = require('./token-manager');
+  if (clientId && clientSecret) {
+    return { clientId, clientSecret };
+  }
+  const credentials = await loadClientCredentials(appName);
+  if (!credentials) {
+    throw new Error(`Client credentials not found for app '${appName}'. Add them to ~/.aifabrix/secrets.local.yaml as '${appName}-client-idKeyVault' and '${appName}-client-secretKeyVault'`);
+  }
+  return credentials;
+}
+
+/**
+ * Calls token API to get new token
+ * @async
+ * @function callTokenApi
+ * @param {string} controllerUrl - Controller URL
+ * @param {Object} credentials - Credentials object
+ * @returns {Promise<Object>} API response
+ * @throws {Error} If API call fails
+ */
+async function callTokenApi(controllerUrl, credentials) {
+  const { makeApiCall: _makeApiCall } = require('./api');
+  const response = await _makeApiCall(`${controllerUrl}/api/v1/auth/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-client-id': credentials.clientId,
+      'x-client-secret': credentials.clientSecret
+    }
+  });
+
+  if (!response.success) {
+    throw new Error(`Failed to refresh token: ${response.error || 'Unknown error'}`);
+  }
+
+  const responseData = response.data;
+  if (!responseData || !responseData.token) {
+    throw new Error('Invalid response: missing token');
+  }
+
+  return responseData;
+}
+
+/**
+ * Calculates token expiration timestamp
+ * @function calculateTokenExpiration
+ * @param {Object} responseData - API response data
+ * @returns {string} ISO timestamp of expiration
+ */
+function calculateTokenExpiration(responseData) {
+  const expiresIn = responseData.expiresIn || 86400;
+  return responseData.expiresAt || new Date(Date.now() + expiresIn * 1000).toISOString();
+}
+
+/**
+ * Refresh client token using credentials
+ * @async
+ * @function refreshClientToken
+ * @param {string} environment - Environment key
+ * @param {string} appName - Application name
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} [clientId] - Optional client ID override
+ * @param {string} [clientSecret] - Optional client secret override
+ * @returns {Promise<{token: string, expiresAt: string}>} New token info
+ * @throws {Error} If credentials are missing or token refresh fails
+ */
+async function refreshClientToken(environment, appName, controllerUrl, clientId, clientSecret) {
+  validateRefreshTokenParams(environment, appName, controllerUrl);
+
+  const credentials = await loadClientCredentialsForRefresh(appName, clientId, clientSecret);
+  const responseData = await callTokenApi(controllerUrl, credentials);
+
+  const token = responseData.token;
+  const expiresAt = calculateTokenExpiration(responseData);
+
+  // Save token to config.yaml (NEVER save credentials)
+  await config.saveClientToken(environment, appName, controllerUrl, token, expiresAt);
+
+  return { token, expiresAt };
+}
+
+/**
+ * Refresh device token using refresh token
+ * Calls API refresh endpoint and saves new token to config
+ * @param {string} controllerUrl - Controller URL
+ * @param {string} refreshToken - Refresh token
+ * @returns {Promise<{token: string, refreshToken: string, expiresAt: string}>} New token info
+ * @throws {Error} If refresh fails or refresh token is expired/invalid
+ */
+async function refreshDeviceToken(controllerUrl, refreshToken) {
+  if (!controllerUrl || typeof controllerUrl !== 'string') {
+    throw new Error('Controller URL is required');
+  }
+  if (!refreshToken || typeof refreshToken !== 'string') {
+    throw new Error('Refresh token is required');
+  }
+
+  try {
+    // Call API refresh endpoint
+    const tokenResponse = await apiRefreshDeviceToken(controllerUrl, refreshToken);
+
+    const token = tokenResponse.access_token;
+    const newRefreshToken = tokenResponse.refresh_token || refreshToken; // Use new refresh token if provided, otherwise keep old one
+    const expiresIn = tokenResponse.expires_in || 3600;
+    const expiresAt = new Date(Date.now() + expiresIn * 1000).toISOString();
+
+    // Save new token and refresh token to config
+    await config.saveDeviceToken(controllerUrl, token, newRefreshToken, expiresAt);
+
+    return {
+      token,
+      refreshToken: newRefreshToken,
+      expiresAt
+    };
+  } catch (error) {
+    // Check if error indicates refresh token expiry (case-insensitive)
+    const errorMessage = (error.message || String(error)).toLowerCase();
+    if (errorMessage.includes('expired') ||
+        errorMessage.includes('invalid') ||
+        errorMessage.includes('401') ||
+        errorMessage.includes('unauthorized')) {
+      throw new Error('Refresh token has expired. Please login again using: aifabrix login');
+    }
+    // Re-throw other errors as-is
+    throw error;
+  }
+}
+
+module.exports = {
+  refreshClientToken,
+  refreshDeviceToken,
+  validateRefreshTokenParams,
+  loadClientCredentialsForRefresh,
+  callTokenApi,
+  calculateTokenExpiration
+};
+