@aifabrix/builder 2.4.0 → 2.5.0

package/lib/utils/device-code.js

@@ -0,0 +1,349 @@
+/**
+ * AI Fabrix Builder Device Code Flow Utilities
+ *
+ * Handles OAuth2 Device Code Flow (RFC 8628) authentication
+ * Supports device code initiation, token polling, and token refresh
+ *
+ * @fileoverview Device code flow utilities for AI Fabrix Builder
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+// Lazy require to avoid circular dependency
+let makeApiCall;
+function getMakeApiCall() {
+  if (!makeApiCall) {
+    const api = require('./api');
+    makeApiCall = api.makeApiCall;
+  }
+  return makeApiCall;
+}
+
+/**
+ * Parses device code response from API
+ * Matches OpenAPI DeviceCodeResponse schema (camelCase)
+ * @function parseDeviceCodeResponse
+ * @param {Object} response - API response object
+ * @returns {Object} Parsed device code response
+ * @throws {Error} If response is invalid
+ */
+function parseDeviceCodeResponse(response) {
+  // OpenAPI spec: { success: boolean, data: DeviceCodeResponse, timestamp: string }
+  const apiResponse = response.data;
+  const responseData = apiResponse.data || apiResponse;
+
+  // OpenAPI spec uses camelCase: deviceCode, userCode, verificationUri, expiresIn, interval
+  const deviceCode = responseData.deviceCode;
+  const userCode = responseData.userCode;
+  const verificationUri = responseData.verificationUri;
+  const expiresIn = responseData.expiresIn || 600;
+  const interval = responseData.interval || 5;
+
+  if (!deviceCode || !userCode || !verificationUri) {
+    throw new Error('Invalid device code response: missing required fields');
+  }
+
+  // Return in snake_case for internal consistency (used by existing code)
+  return {
+    device_code: deviceCode,
+    user_code: userCode,
+    verification_uri: verificationUri,
+    expires_in: expiresIn,
+    interval: interval
+  };
+}
+
+/**
+ * Initiates OAuth2 Device Code Flow
+ * Calls the device code endpoint to get device_code and user_code
+ *
+ * @async
+ * @function initiateDeviceCodeFlow
+ * @param {string} controllerUrl - Base URL of the controller
+ * @param {string} environment - Environment key (e.g., 'miso', 'dev', 'tst', 'pro')
+ * @returns {Promise<Object>} Device code response with device_code, user_code, verification_uri, expires_in, interval
+ * @throws {Error} If initiation fails
+ */
+async function initiateDeviceCodeFlow(controllerUrl, environment) {
+  if (!environment || typeof environment !== 'string') {
+    throw new Error('Environment key is required');
+  }
+
+  const url = `${controllerUrl}/api/v1/auth/login?environment=${encodeURIComponent(environment)}`;
+  const response = await getMakeApiCall()(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json'
+    }
+  });
+
+  if (!response.success) {
+    throw new Error(`Device code initiation failed: ${response.error || 'Unknown error'}`);
+  }
+
+  return parseDeviceCodeResponse(response);
+}
+
+/**
+ * Checks if token has expired based on elapsed time
+ * @function checkTokenExpiration
+ * @param {number} startTime - Start time in milliseconds
+ * @param {number} expiresIn - Expiration time in seconds
+ * @throws {Error} If token has expired
+ */
+function checkTokenExpiration(startTime, expiresIn) {
+  const maxWaitTime = (expiresIn + 30) * 1000;
+  if (Date.now() - startTime > maxWaitTime) {
+    throw new Error('Device code expired: Maximum polling time exceeded');
+  }
+}
+
+/**
+ * Parses token response from API
+ * Matches OpenAPI DeviceCodeTokenResponse schema (camelCase)
+ * @function parseTokenResponse
+ * @param {Object} response - API response object
+ * @returns {Object|null} Parsed token response or null if pending
+ */
+function parseTokenResponse(response) {
+  // OpenAPI spec: { success: boolean, data: DeviceCodeTokenResponse, timestamp: string }
+  const apiResponse = response.data;
+  const responseData = apiResponse.data || apiResponse;
+
+  const error = responseData.error || apiResponse.error;
+  if (error === 'authorization_pending' || error === 'slow_down') {
+    return null;
+  }
+
+  // OpenAPI spec uses camelCase: accessToken, refreshToken, expiresIn
+  const accessToken = responseData.accessToken;
+  const refreshToken = responseData.refreshToken;
+  const expiresIn = responseData.expiresIn || 3600;
+
+  if (!accessToken) {
+    throw new Error('Invalid token response: missing accessToken');
+  }
+
+  // Return in snake_case for internal consistency (used by existing code)
+  return {
+    access_token: accessToken,
+    refresh_token: refreshToken,
+    expires_in: expiresIn
+  };
+}
+
+/**
+ * Handles polling errors
+ * @function handlePollingErrors
+ * @param {string} error - Error code
+ * @param {number} status - HTTP status code
+ * @throws {Error} For fatal errors
+ * @returns {boolean} True if should continue polling
+ */
+function handlePollingErrors(error, status) {
+  if (error === 'authorization_pending' || status === 202) {
+    return true;
+  }
+
+  // Check error field first, then status code
+  if (error === 'authorization_declined') {
+    throw new Error('Authorization declined: User denied the request');
+  }
+
+  if (error === 'expired_token' || status === 410) {
+    throw new Error('Device code expired: Please restart the authentication process');
+  }
+
+  if (error === 'slow_down') {
+    return true;
+  }
+
+  throw new Error(`Token polling failed: ${error}`);
+}
+
+/**
+ * Waits for next polling interval
+ * @async
+ * @function waitForNextPoll
+ * @param {number} interval - Polling interval in seconds
+ * @param {boolean} slowDown - Whether to slow down
+ */
+async function waitForNextPoll(interval, slowDown) {
+  const waitInterval = slowDown ? interval * 2 : interval;
+  await new Promise(resolve => setTimeout(resolve, waitInterval * 1000));
+}
+
+/**
+ * Extracts error from API response
+ * @param {Object} response - API response object
+ * @returns {string} Error code or 'Unknown error'
+ */
+function extractPollingError(response) {
+  const apiResponse = response.data || {};
+  const errorData = typeof apiResponse === 'object' ? apiResponse : {};
+  return errorData.error || response.error || 'Unknown error';
+}
+
+/**
+ * Handles successful polling response
+ * @param {Object} response - API response object
+ * @returns {Object|null} Token response or null if pending
+ */
+function handleSuccessfulPoll(response) {
+  const tokenResponse = parseTokenResponse(response);
+  if (tokenResponse) {
+    return tokenResponse;
+  }
+  return null;
+}
+
+/**
+ * Processes polling response and determines next action
+ * @async
+ * @function processPollingResponse
+ * @param {Object} response - API response object
+ * @param {number} interval - Polling interval in seconds
+ * @returns {Promise<Object|null>} Token response if complete, null if should continue
+ */
+async function processPollingResponse(response, interval) {
+  if (response.success) {
+    const tokenResponse = handleSuccessfulPoll(response);
+    if (tokenResponse) {
+      return tokenResponse;
+    }
+
+    const apiResponse = response.data;
+    const responseData = apiResponse.data || apiResponse;
+    const error = responseData.error || apiResponse.error;
+    const slowDown = error === 'slow_down';
+    await waitForNextPoll(interval, slowDown);
+    return null;
+  }
+
+  const error = extractPollingError(response);
+  const shouldContinue = handlePollingErrors(error, response.status);
+
+  if (shouldContinue) {
+    const slowDown = error === 'slow_down';
+    await waitForNextPoll(interval, slowDown);
+    return null;
+  }
+
+  return null;
+}
+
+/**
+ * Polls for token during Device Code Flow
+ * Continuously polls the token endpoint until user approves or flow expires
+ *
+ * @async
+ * @function pollDeviceCodeToken
+ * @param {string} controllerUrl - Base URL of the controller
+ * @param {string} deviceCode - Device code from initiation
+ * @param {number} interval - Polling interval in seconds
+ * @param {number} expiresIn - Expiration time in seconds
+ * @param {Function} [onPoll] - Optional callback called on each poll attempt
+ * @returns {Promise<Object>} Token response with access_token, refresh_token, expires_in
+ * @throws {Error} If polling fails or token is expired/declined
+ */
+async function pollDeviceCodeToken(controllerUrl, deviceCode, interval, expiresIn, onPoll) {
+  if (!deviceCode || typeof deviceCode !== 'string') {
+    throw new Error('Device code is required');
+  }
+
+  const url = `${controllerUrl}/api/v1/auth/login/device/token`;
+  const startTime = Date.now();
+
+  // eslint-disable-next-line no-constant-condition
+  while (true) {
+    checkTokenExpiration(startTime, expiresIn);
+
+    if (onPoll) {
+      onPoll();
+    }
+
+    const response = await getMakeApiCall()(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        deviceCode: deviceCode
+      })
+    });
+
+    const tokenResponse = await processPollingResponse(response, interval);
+    if (tokenResponse) {
+      return tokenResponse;
+    }
+  }
+}
+
+/**
+ * Displays device code information to the user
+ * Formats user code and verification URL for easy reading
+ *
+ * @function displayDeviceCodeInfo
+ * @param {string} userCode - User code to display
+ * @param {string} verificationUri - Verification URL
+ * @param {Object} logger - Logger instance with log method
+ * @param {Object} chalk - Chalk instance for colored output
+ */
+function displayDeviceCodeInfo(userCode, verificationUri, logger, chalk) {
+  logger.log(chalk.cyan('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+  logger.log(chalk.cyan('  Device Code Flow Authentication'));
+  logger.log(chalk.cyan('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n'));
+  logger.log(chalk.yellow('To complete authentication:'));
+  logger.log(chalk.gray('  1. Visit: ') + chalk.blue.underline(verificationUri));
+  logger.log(chalk.gray('  2. Enter code: ') + chalk.bold.cyan(userCode));
+  logger.log(chalk.gray('  3. Approve the request\n'));
+  logger.log(chalk.gray('Waiting for approval...'));
+}
+
+/**
+ * Refresh device code access token using refresh token
+ * Uses OpenAPI /api/v1/auth/login/device/refresh endpoint
+ *
+ * @async
+ * @function refreshDeviceToken
+ * @param {string} controllerUrl - Base URL of the controller
+ * @param {string} refreshToken - Refresh token from previous authentication
+ * @returns {Promise<Object>} Token response with access_token, refresh_token, expires_in
+ * @throws {Error} If refresh fails or refresh token is invalid/expired
+ */
+async function refreshDeviceToken(controllerUrl, refreshToken) {
+  if (!refreshToken || typeof refreshToken !== 'string') {
+    throw new Error('Refresh token is required');
+  }
+
+  const url = `${controllerUrl}/api/v1/auth/login/device/refresh`;
+  const response = await makeApiCall(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json'
+    },
+    body: JSON.stringify({ refreshToken })
+  });
+
+  if (!response.success) {
+    const errorMsg = response.error || 'Unknown error';
+    throw new Error(`Failed to refresh token: ${errorMsg}`);
+  }
+
+  // Parse response using existing parseTokenResponse function
+  const tokenResponse = parseTokenResponse(response);
+  if (!tokenResponse) {
+    throw new Error('Invalid refresh token response');
+  }
+
+  return tokenResponse;
+}
+
+module.exports = {
+  initiateDeviceCodeFlow,
+  pollDeviceCodeToken,
+  displayDeviceCodeInfo,
+  refreshDeviceToken,
+  parseTokenResponse
+};
+

package/lib/utils/env-config-loader.js

@@ -0,0 +1,102 @@
+/**
+ * Environment config loader
+ *
+ * @fileoverview Loads lib/schema/env-config.yaml for env variable interpolation
+ * Merges with user's env-config file if configured in ~/.aifabrix/config.yaml
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const config = require('../config');
+
+/**
+ * Loads user env-config file if configured
+ * @async
+ * @function loadUserEnvConfig
+ * @returns {Promise<Object|null>} Parsed user env-config or null if not configured
+ */
+async function loadUserEnvConfig() {
+  try {
+    const userEnvConfigPath = await config.getAifabrixEnvConfigPath();
+    if (!userEnvConfigPath) {
+      return null;
+    }
+
+    // Resolve path (support absolute and relative paths)
+    const resolvedPath = path.isAbsolute(userEnvConfigPath)
+      ? userEnvConfigPath
+      : path.resolve(process.cwd(), userEnvConfigPath);
+
+    if (!fs.existsSync(resolvedPath)) {
+      return null;
+    }
+
+    const content = fs.readFileSync(resolvedPath, 'utf8');
+    const userConfig = yaml.load(content);
+    return userConfig && typeof userConfig === 'object' ? userConfig : null;
+  } catch (error) {
+    // Gracefully handle errors - fallback to base config only
+    return null;
+  }
+}
+
+/**
+ * Merges user env-config with base env-config
+ * User values override/extend base values
+ * @function mergeEnvConfigs
+ * @param {Object} baseConfig - Base env-config from lib/schema/env-config.yaml
+ * @param {Object|null} userConfig - User env-config or null
+ * @returns {Object} Merged env-config
+ */
+function mergeEnvConfigs(baseConfig, userConfig) {
+  if (!userConfig || typeof userConfig !== 'object') {
+    return baseConfig || {};
+  }
+
+  // Deep merge environments
+  const merged = { ...baseConfig };
+  if (userConfig.environments && typeof userConfig.environments === 'object') {
+    merged.environments = { ...(baseConfig.environments || {}) };
+    for (const [env, envVars] of Object.entries(userConfig.environments)) {
+      if (envVars && typeof envVars === 'object') {
+        merged.environments[env] = {
+          ...(merged.environments[env] || {}),
+          ...envVars
+        };
+      }
+    }
+  }
+
+  return merged;
+}
+
+/**
+ * Load env config YAML used for environment variable interpolation
+ * Loads base config from lib/schema/env-config.yaml and merges with user config if configured
+ * @async
+ * @function loadEnvConfig
+ * @returns {Promise<Object>} Parsed and merged env-config YAML
+ * @throws {Error} If base file cannot be read or parsed
+ */
+async function loadEnvConfig() {
+  // Load base env-config.yaml
+  const envConfigPath = path.join(__dirname, '..', 'schema', 'env-config.yaml');
+  const content = fs.readFileSync(envConfigPath, 'utf8');
+  const baseConfig = yaml.load(content) || {};
+
+  // Load user env-config if configured
+  const userConfig = await loadUserEnvConfig();
+
+  // Merge user config with base (user overrides/extends base)
+  return mergeEnvConfigs(baseConfig, userConfig);
+}
+
+module.exports = {
+  loadEnvConfig
+};
+

package/lib/utils/env-copy.js

@@ -0,0 +1,131 @@
+/**
+ * Environment copy and port update utilities
+ *
+ * @fileoverview Copy .env to app output and apply local/dockerside port rules with dev offsets
+ * @author AI Fabrix Team
+ * @version 2.0.0
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+const chalk = require('chalk');
+const logger = require('./logger');
+const config = require('../config');
+const devConfig = require('../utils/dev-config');
+const { rewriteInfraEndpoints } = require('./env-endpoints');
+
+/**
+ * Process and optionally copy env file to envOutputPath if configured
+ * Regenerates .env file with env=local for local development (apps/.env)
+ * @async
+ * @function processEnvVariables
+ * @param {string} envPath - Path to generated .env file
+ * @param {string} variablesPath - Path to variables.yaml
+ * @param {string} appName - Application name (for regenerating with local env)
+ * @param {string} [secretsPath] - Path to secrets file (optional, for regenerating)
+ */
+async function processEnvVariables(envPath, variablesPath, appName, secretsPath) {
+  if (!fs.existsSync(variablesPath)) {
+    return;
+  }
+  const variablesContent = fs.readFileSync(variablesPath, 'utf8');
+  const variables = yaml.load(variablesContent);
+  if (!variables?.build?.envOutputPath || variables.build.envOutputPath === null) {
+    return;
+  }
+  // Resolve output path: absolute stays as-is; relative is resolved against variables.yaml directory
+  const rawOutputPath = variables.build.envOutputPath;
+  let outputPath;
+  if (path.isAbsolute(rawOutputPath)) {
+    outputPath = rawOutputPath;
+  } else {
+    const variablesDir = path.dirname(variablesPath);
+    outputPath = path.resolve(variablesDir, rawOutputPath);
+  }
+  if (!outputPath.endsWith('.env')) {
+    if (fs.existsSync(outputPath) && fs.statSync(outputPath).isDirectory()) {
+      outputPath = path.join(outputPath, '.env');
+    } else {
+      outputPath = path.join(outputPath, '.env');
+    }
+  }
+  const outputDir = path.dirname(outputPath);
+  if (!fs.existsSync(outputDir)) {
+    fs.mkdirSync(outputDir, { recursive: true });
+  }
+
+  // Regenerate .env file with env=local instead of copying docker-generated file
+  // This ensures all variables use localhost instead of docker service names
+  if (appName) {
+    const { generateEnvContent } = require('../secrets');
+    // Generate local .env content (without writing to builder/.env to avoid overwriting docker version)
+    const localEnvContent = await generateEnvContent(appName, secretsPath, 'local', false);
+    // Write to output path
+    fs.writeFileSync(outputPath, localEnvContent, { mode: 0o600 });
+    logger.log(chalk.green(`✓ Generated local .env at: ${variables.build.envOutputPath}`));
+  } else {
+    // Fallback: if appName not provided, use old patching approach
+    let envContent = fs.readFileSync(envPath, 'utf8');
+    // Determine base app port and compute developer-specific app port
+    const baseAppPort = variables.build?.localPort || variables.port || 3000;
+    const devIdRaw = process.env.AIFABRIX_DEVELOPERID;
+    // Best effort: parse from env first, otherwise rely on config (may throw if async, so guarded below)
+    let devIdNum = Number.isFinite(parseInt(devIdRaw, 10)) ? parseInt(devIdRaw, 10) : null;
+    try {
+      if (devIdNum === null) {
+        // Try to read developer-id from config file synchronously if present
+        const configPath = config && config.CONFIG_FILE ? config.CONFIG_FILE : null;
+        if (configPath && fs.existsSync(configPath)) {
+          try {
+            const cfgContent = fs.readFileSync(configPath, 'utf8');
+            const cfg = yaml.load(cfgContent) || {};
+            const raw = cfg['developer-id'];
+            if (typeof raw === 'number') {
+              devIdNum = raw;
+            } else if (typeof raw === 'string' && /^[0-9]+$/.test(raw)) {
+              devIdNum = parseInt(raw, 10);
+            }
+          } catch {
+            // ignore, will fallback to 0
+          }
+        }
+        if (devIdNum === null || Number.isNaN(devIdNum)) {
+          devIdNum = 0;
+        }
+      }
+    } catch {
+      devIdNum = 0;
+    }
+    const appPort = devIdNum === 0 ? baseAppPort : (baseAppPort + (devIdNum * 100));
+    const infraPorts = devConfig.getDevPorts(devIdNum);
+
+    // Update PORT (replace or append)
+    if (/^PORT\s*=.*$/m.test(envContent)) {
+      envContent = envContent.replace(/^PORT\s*=\s*.*$/m, `PORT=${appPort}`);
+    } else {
+      envContent = `${envContent}\nPORT=${appPort}\n`;
+    }
+
+    // Update localhost URLs that point to the base app port to the dev-specific app port
+    const localhostUrlPattern = /(https?:\/\/localhost:)(\d+)(\b[^ \n]*)?/g;
+    envContent = envContent.replace(localhostUrlPattern, (match, prefix, portNum, rest = '') => {
+      const num = parseInt(portNum, 10);
+      if (num === baseAppPort) {
+        return `${prefix}${appPort}${rest || ''}`;
+      }
+      return match;
+    });
+    // Rewrite infra endpoints using env-config mapping for local context
+    envContent = await rewriteInfraEndpoints(envContent, 'local', infraPorts);
+    fs.writeFileSync(outputPath, envContent, { mode: 0o600 });
+    logger.log(chalk.green(`✓ Copied .env to: ${variables.build.envOutputPath}`));
+  }
+}
+
+module.exports = {
+  processEnvVariables
+};
+