@basetisia/skill-manager 0.1.0

package/src/utils/auth.js

@@ -0,0 +1,287 @@
+import { createServer } from "node:http";
+import { randomBytes } from "node:crypto";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { readFile, writeFile, unlink, mkdir, chmod } from "node:fs/promises";
+import { exec } from "node:child_process";
+
+// ── Cognito config ──
+
+const COGNITO_DOMAIN = "ppm-basetis";
+const COGNITO_REGION = "eu-north-1";
+const CLIENT_ID = "28jssr3bg1vsl8io9e503tniuu";
+const BASE_URL = `https://${COGNITO_DOMAIN}.auth.${COGNITO_REGION}.amazoncognito.com`;
+const CALLBACK_PORT = 9876;
+const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}/callback`;
+const LOGIN_TIMEOUT_MS = 120_000;
+
+const CONFIG_DIR = join(homedir(), ".skill-manager");
+const CREDENTIALS_FILE = join(CONFIG_DIR, "credentials.json");
+
+// ── PKCE helpers ──
+
+function generateRandomString(length) {
+  return randomBytes(length).toString("hex");
+}
+
+async function sha256(plain) {
+  const encoder = new TextEncoder();
+  return crypto.subtle.digest("SHA-256", encoder.encode(plain));
+}
+
+function base64UrlEncode(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let str = "";
+  bytes.forEach((b) => (str += String.fromCharCode(b)));
+  return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+// ── Credential storage ──
+
+export async function loadCredentials() {
+  try {
+    const raw = await readFile(CREDENTIALS_FILE, "utf-8");
+    return JSON.parse(raw);
+  } catch (err) {
+    if (err.code === "ENOENT") return null;
+    throw err;
+  }
+}
+
+async function saveCredentials(tokens) {
+  await mkdir(CONFIG_DIR, { recursive: true });
+  const data = {
+    id_token: tokens.id_token,
+    access_token: tokens.access_token,
+    refresh_token: tokens.refresh_token,
+    expires_at: Date.now() + tokens.expires_in * 1000,
+  };
+  await writeFile(CREDENTIALS_FILE, JSON.stringify(data, null, 2) + "\n");
+  await chmod(CREDENTIALS_FILE, 0o600);
+}
+
+export async function clearCredentials() {
+  try {
+    await unlink(CREDENTIALS_FILE);
+  } catch (err) {
+    if (err.code !== "ENOENT") throw err;
+  }
+}
+
+// ── Token validation & refresh ──
+
+function isTokenFresh(creds) {
+  return creds && creds.expires_at > Date.now() + 5 * 60 * 1000;
+}
+
+async function refreshTokens(creds) {
+  const body = new URLSearchParams({
+    grant_type: "refresh_token",
+    client_id: CLIENT_ID,
+    refresh_token: creds.refresh_token,
+  });
+
+  const response = await fetch(`${BASE_URL}/oauth2/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body,
+  });
+
+  if (!response.ok) {
+    await clearCredentials();
+    return null;
+  }
+
+  const tokens = await response.json();
+  // Preserve existing refresh_token if not returned
+  if (!tokens.refresh_token) {
+    tokens.refresh_token = creds.refresh_token;
+  }
+  await saveCredentials(tokens);
+  return await loadCredentials();
+}
+
+export async function getValidToken() {
+  let creds = await loadCredentials();
+  if (!creds) {
+    throw new Error(
+      "No estás autenticado. Ejecuta primero: skill-manager login"
+    );
+  }
+
+  if (isTokenFresh(creds)) {
+    return creds.id_token;
+  }
+
+  if (creds.refresh_token) {
+    creds = await refreshTokens(creds);
+    if (creds) return creds.id_token;
+  }
+
+  await clearCredentials();
+  throw new Error("Sesión expirada. Ejecuta: skill-manager login");
+}
+
+// ── Parse id_token ──
+
+export function parseIdToken(token) {
+  try {
+    const payload = JSON.parse(
+      Buffer.from(token.split(".")[1], "base64url").toString()
+    );
+    const name =
+      payload.name ||
+      [payload.given_name, payload.family_name].filter(Boolean).join(" ") ||
+      payload.email?.split("@")[0] ||
+      "User";
+    return { email: payload.email, name, sub: payload.sub };
+  } catch {
+    return null;
+  }
+}
+
+// ── Open browser ──
+
+function openBrowser(url) {
+  const cmd =
+    process.platform === "darwin"
+      ? `open "${url}"`
+      : process.platform === "win32"
+        ? `start "${url}"`
+        : `xdg-open "${url}"`;
+
+  return new Promise((resolve) => {
+    exec(cmd, (err) => {
+      if (err) {
+        // Browser didn't open, user will need to copy the URL
+        resolve(false);
+      } else {
+        resolve(true);
+      }
+    });
+  });
+}
+
+// ── Login flow ──
+
+export async function startLoginFlow() {
+  const verifier = generateRandomString(64);
+  const challenge = base64UrlEncode(await sha256(verifier));
+
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: CLIENT_ID,
+    redirect_uri: REDIRECT_URI,
+    scope: "email openid profile",
+    identity_provider: "Google",
+    code_challenge_method: "S256",
+    code_challenge: challenge,
+  });
+
+  const authorizeUrl = `${BASE_URL}/oauth2/authorize?${params}`;
+
+  return new Promise((resolve, reject) => {
+    let settled = false;
+
+    const server = createServer(async (req, res) => {
+      if (settled) return;
+
+      const url = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+
+      const code = url.searchParams.get("code");
+      const error = url.searchParams.get("error");
+
+      if (error || !code) {
+        settled = true;
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<html><body><h2>Error de autenticación</h2><p>Puedes cerrar esta pestaña.</p></body></html>"
+        );
+        server.close();
+        reject(
+          new Error(
+            error || "No se recibió código de autorización"
+          )
+        );
+        return;
+      }
+
+      // Exchange code for tokens
+      try {
+        const body = new URLSearchParams({
+          grant_type: "authorization_code",
+          client_id: CLIENT_ID,
+          redirect_uri: REDIRECT_URI,
+          code,
+          code_verifier: verifier,
+        });
+
+        const response = await fetch(`${BASE_URL}/oauth2/token`, {
+          method: "POST",
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          body,
+        });
+
+        if (!response.ok) {
+          throw new Error("Token exchange failed");
+        }
+
+        const tokens = await response.json();
+        await saveCredentials(tokens);
+
+        settled = true;
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<html><body style='font-family:system-ui;text-align:center;margin-top:80px'>" +
+            "<h2>✅ Autenticación correcta</h2>" +
+            "<p>Puedes cerrar esta pestaña y volver al terminal.</p></body></html>"
+        );
+        server.close();
+
+        const user = parseIdToken(tokens.id_token);
+        resolve(user);
+      } catch (err) {
+        settled = true;
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(
+          "<html><body><h2>Error</h2><p>Fallo en el intercambio de tokens.</p></body></html>"
+        );
+        server.close();
+        reject(err);
+      }
+    });
+
+    server.on("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        reject(
+          new Error(
+            `El puerto ${CALLBACK_PORT} está en uso. Cierra la aplicación que lo utiliza e inténtalo de nuevo.`
+          )
+        );
+      } else {
+        reject(err);
+      }
+    });
+
+    server.listen(CALLBACK_PORT, async () => {
+      const opened = await openBrowser(authorizeUrl);
+      if (!opened) {
+        console.log(`\nAbre esta URL en tu navegador:\n${authorizeUrl}\n`);
+      }
+    });
+
+    // Timeout
+    setTimeout(() => {
+      if (!settled) {
+        settled = true;
+        server.close();
+        reject(new Error("Timeout: no se completó la autenticación en 2 minutos."));
+      }
+    }, LOGIN_TIMEOUT_MS);
+  });
+}

package/src/utils/config.js

@@ -0,0 +1,35 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+
+const CONFIG_DIR = join(homedir(), ".skill-manager");
+const CONFIG_FILE = join(CONFIG_DIR, "config.json");
+
+export function getConfigPath() {
+  return CONFIG_FILE;
+}
+
+export async function loadConfig() {
+  try {
+    const raw = await readFile(CONFIG_FILE, "utf-8");
+    return JSON.parse(raw);
+  } catch (err) {
+    if (err.code === "ENOENT") return null;
+    throw err;
+  }
+}
+
+export async function saveConfig(config) {
+  await mkdir(CONFIG_DIR, { recursive: true });
+  await writeFile(CONFIG_FILE, JSON.stringify(config, null, 2) + "\n");
+}
+
+export async function requireConfig() {
+  const config = await loadConfig();
+  if (!config) {
+    throw new Error(
+      "No se encontró configuración. Ejecuta primero: skill-manager init"
+    );
+  }
+  return config;
+}

package/src/utils/fs.js

@@ -0,0 +1,39 @@
+import { homedir } from "node:os";
+import { readdir, mkdir, readFile as nodeReadFile, writeFile as nodeWriteFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+
+export async function ensureDir(dirPath) {
+  await mkdir(dirPath, { recursive: true });
+}
+
+export async function writeFile(filePath, content) {
+  await ensureDir(dirname(filePath));
+  await nodeWriteFile(filePath, content, "utf-8");
+}
+
+export async function readFile(filePath) {
+  try {
+    return await nodeReadFile(filePath, "utf-8");
+  } catch (err) {
+    if (err.code === "ENOENT") return null;
+    throw err;
+  }
+}
+
+export async function listDirs(dirPath) {
+  try {
+    const entries = await readdir(dirPath, { withFileTypes: true });
+    return entries.filter((e) => e.isDirectory()).map((e) => e.name);
+  } catch (err) {
+    if (err.code === "ENOENT") return [];
+    throw err;
+  }
+}
+
+export function homeDir() {
+  return homedir();
+}
+
+export function cwdDir() {
+  return process.cwd();
+}

package/src/utils/gitlab.js

@@ -0,0 +1,78 @@
+import { requireConfig } from "./config.js";
+
+export async function verifyConnection(registry) {
+  const { type, url, projectId, token } = registry;
+
+  if (type === "gitlab") {
+    const apiUrl = `${url.replace(/\/$/, "")}/api/v4/projects/${encodeURIComponent(projectId)}`;
+    const res = await fetch(apiUrl, {
+      headers: { "PRIVATE-TOKEN": token },
+    });
+    if (!res.ok) {
+      const body = await res.text().catch(() => "");
+      throw new Error(`GitLab API ${res.status}: ${body || res.statusText}`);
+    }
+    return await res.json();
+  }
+
+  if (type === "github") {
+    const apiUrl = `https://api.github.com/repos/${projectId}`;
+    const res = await fetch(apiUrl, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/vnd.github+json",
+      },
+    });
+    if (!res.ok) {
+      const body = await res.text().catch(() => "");
+      throw new Error(`GitHub API ${res.status}: ${body || res.statusText}`);
+    }
+    return await res.json();
+  }
+
+  throw new Error(`Tipo de registro no soportado para verificación: ${type}`);
+}
+
+export async function fetchFileContent(filePath, configOverride) {
+  const config = configOverride || (await requireConfig());
+  const { type, url, projectId, token, branch } = config.registry;
+
+  const encodedPath = encodeURIComponent(filePath);
+
+  if (type === "gitlab") {
+    const apiUrl = `${url.replace(/\/$/, "")}/api/v4/projects/${encodeURIComponent(projectId)}/repository/files/${encodedPath}/raw?ref=${branch}`;
+    const res = await fetch(apiUrl, {
+      headers: { Authorization: `Bearer ${token}` },
+    });
+    if (!res.ok) {
+      if (res.status === 404) {
+        throw new Error(`El archivo ${filePath} no existe en el repositorio.`);
+      }
+      throw new Error(
+        `No se puede conectar al repositorio. Verifica tu token y URL. (${res.status})`
+      );
+    }
+    return await res.text();
+  }
+
+  if (type === "github") {
+    const apiUrl = `https://api.github.com/repos/${projectId}/contents/${filePath}?ref=${branch}`;
+    const res = await fetch(apiUrl, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/vnd.github.raw+json",
+      },
+    });
+    if (!res.ok) {
+      if (res.status === 404) {
+        throw new Error(`El archivo ${filePath} no existe en el repositorio.`);
+      }
+      throw new Error(
+        `No se puede conectar al repositorio. Verifica tu token y URL. (${res.status})`
+      );
+    }
+    return await res.text();
+  }
+
+  throw new Error(`Tipo de registro no soportado: ${type}`);
+}