@blinkdotnew/cli 0.4.3 → 0.5.0

package/dist/cli.js

@@ -2074,12 +2074,113 @@ After linking, most commands work without specifying a project_id:
 
 // src/commands/auth.ts
 import chalk10 from "chalk";
+import { createServer } from "http";
+var TIMEOUT_MS = 12e4;
+function getBaseUrl() {
+  return process.env.BLINK_APP_URL || "https://blink.new";
+}
+function generateState() {
+  return Math.random().toString(36).slice(2) + Date.now().toString(36);
+}
+function findFreePort() {
+  return new Promise((resolve, reject) => {
+    const srv = createServer();
+    srv.listen(0, "127.0.0.1", () => {
+      const port = srv.address().port;
+      srv.close(() => resolve(port));
+    });
+    srv.on("error", reject);
+  });
+}
+function callbackHtml() {
+  return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Blink CLI</title>
+<style>body{font-family:system-ui,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;margin:0;background:#fafafa;color:#111}
+.card{text-align:center;padding:3rem;border-radius:12px;background:#fff;box-shadow:0 1px 3px rgba(0,0,0,.08)}
+h1{font-size:1.5rem;margin:0 0 .5rem}p{color:#666;margin:0}</style></head>
+<body><div class="card"><h1>\u2713 CLI authorized</h1><p>You can close this tab.</p></div></body></html>`;
+}
+function parseCallback(url) {
+  const params = new URL(url, "http://localhost").searchParams;
+  const key = params.get("key");
+  const workspace_id = params.get("workspace_id");
+  const workspace_name = params.get("workspace_name");
+  const email = params.get("email");
+  if (!key || !workspace_id || !workspace_name || !email) return null;
+  return { key, workspace_id, workspace_name, email };
+}
+function startCallbackServer(port, expectedState) {
+  let resolveCb;
+  let rejectCb;
+  const promise = new Promise((res, rej) => {
+    resolveCb = res;
+    rejectCb = rej;
+  });
+  const server = createServer((req, res) => {
+    if (!req.url?.startsWith("/callback")) {
+      res.writeHead(404).end();
+      return;
+    }
+    const state = new URL(req.url, "http://localhost").searchParams.get("state");
+    if (state !== expectedState) {
+      res.writeHead(403).end("State mismatch");
+      rejectCb(new Error("State mismatch \u2014 possible CSRF. Try again."));
+      return;
+    }
+    const result = parseCallback(req.url);
+    if (!result) {
+      res.writeHead(400).end("Missing parameters");
+      rejectCb(new Error("Incomplete callback \u2014 missing parameters."));
+      return;
+    }
+    res.writeHead(200, { "Content-Type": "text/html" }).end(callbackHtml());
+    resolveCb(result);
+  });
+  server.listen(port, "127.0.0.1");
+  return { promise, close: () => server.close() };
+}
+async function openBrowserLogin(port, state) {
+  const url = `${getBaseUrl()}/auth/cli?port=${port}&state=${state}`;
+  const open = await import("open").then((m) => m.default).catch(() => null);
+  if (open) await open(url).catch(() => {
+  });
+  console.log(chalk10.dim(`  ${url}
+`));
+}
+async function waitForCallback(promise) {
+  return Promise.race([
+    promise,
+    new Promise(
+      (_, reject) => setTimeout(() => reject(new Error("Timed out after 120s \u2014 no callback received.")), TIMEOUT_MS)
+    )
+  ]);
+}
+async function browserLogin() {
+  const state = generateState();
+  const port = await findFreePort();
+  const { promise, close } = startCallbackServer(port, state);
+  console.log(chalk10.bold("\n  Opening browser to authorize...\n"));
+  await openBrowserLogin(port, state);
+  const result = await waitForCallback(promise).finally(close);
+  writeConfig({ api_key: result.key, workspace_id: result.workspace_id });
+  console.log(chalk10.green("\u2713") + ` Logged in as ${chalk10.bold(result.email)} (${result.workspace_name})`);
+}
+async function interactiveLogin() {
+  const { password } = await import("@clack/prompts");
+  const apiKey = await password({ message: "Paste your API key (blnk_ak_...):" });
+  if (!apiKey?.startsWith("blnk_ak_")) {
+    console.error("Error: API key must start with blnk_ak_");
+    process.exit(1);
+  }
+  writeConfig({ api_key: apiKey });
+  console.log(chalk10.green("\u2713") + " Saved to ~/.config/blink/config.toml");
+}
 function registerAuthCommands(program2) {
   program2.command("login").description("Authenticate with your Blink API key").option("--interactive", "Prompt for API key (for headless/SSH/CI environments)").addHelpText("after", `
 Get your API key at: blink.new \u2192 Settings \u2192 API Keys  (starts with blnk_ak_)
 
 Examples:
-  $ blink login --interactive          Saves key to ~/.config/blink/config.toml
+  $ blink login                     Opens browser for one-click auth
+  $ blink login --interactive       Paste key manually (headless/SSH/CI)
   $ export BLINK_API_KEY=blnk_ak_...  Alternative: set env var directly (no login needed)
 
 In Blink Claw agents: BLINK_API_KEY is already set \u2014 login is not needed.
@@ -2089,28 +2190,8 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
       console.log(chalk10.green("\u2713") + " Already authenticated via BLINK_API_KEY env var.");
       return;
     }
-    const url = "https://blink.new/settings?tab=api-keys";
-    if (!opts.interactive) {
-      console.log(chalk10.bold("\n  Open this page to get your API key:\n"));
-      console.log(`  ${chalk10.cyan(url)}
-`);
-      const open = await import("open").then((m) => m.default).catch(() => null);
-      if (open) {
-        await open(url).catch(() => {
-        });
-        console.log(chalk10.dim("  (opened in browser)"));
-      }
-      console.log(chalk10.dim("  Then run: blink login --interactive\n"));
-      return;
-    }
-    const { password } = await import("@clack/prompts");
-    const apiKey = await password({ message: "Paste your API key (blnk_ak_...):" });
-    if (!apiKey?.startsWith("blnk_ak_")) {
-      console.error("Error: API key must start with blnk_ak_");
-      process.exit(1);
-    }
-    writeConfig({ api_key: apiKey });
-    console.log(chalk10.green("\u2713") + " Saved to ~/.config/blink/config.toml");
+    if (opts.interactive) return interactiveLogin();
+    return browserLogin();
   });
   program2.command("logout").description("Remove stored credentials").action(() => {
     clearConfig();
@@ -2119,7 +2200,7 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
   program2.command("whoami").description("Show current authentication status and key info").action(async () => {
     const token = resolveToken();
     if (!token) {
-      console.error("Error: Not authenticated. Run `blink login --interactive` or set BLINK_API_KEY.");
+      console.error("Error: Not authenticated. Run `blink login` or set BLINK_API_KEY.");
       process.exit(1);
     }
     if (isJsonMode()) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blinkdotnew/cli",
-  "version": "0.4.3",
+  "version": "0.5.0",
   "description": "Blink CLI — full-stack cloud infrastructure from your terminal. Deploy, database, auth, storage, backend, domains, and more.",
   "bin": {
     "blink": "dist/cli.js"

package/src/commands/auth.ts

@@ -1,9 +1,132 @@
 import { Command } from 'commander'
-import { appRequest } from '../lib/api-app.js'
-import { requireToken, resolveToken } from '../lib/auth.js'
+import { resolveToken } from '../lib/auth.js'
 import { writeConfig, clearConfig } from '../lib/config.js'
 import { printJson, isJsonMode } from '../lib/output.js'
 import chalk from 'chalk'
+import { createServer, type IncomingMessage, type ServerResponse } from 'node:http'
+import type { AddressInfo } from 'node:net'
+
+const TIMEOUT_MS = 120_000
+
+interface CallbackResult {
+  key: string
+  workspace_id: string
+  workspace_name: string
+  email: string
+}
+
+function getBaseUrl(): string {
+  return process.env.BLINK_APP_URL || 'https://blink.new'
+}
+
+function generateState(): string {
+  return Math.random().toString(36).slice(2) + Date.now().toString(36)
+}
+
+function findFreePort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const srv = createServer()
+    srv.listen(0, '127.0.0.1', () => {
+      const port = (srv.address() as AddressInfo).port
+      srv.close(() => resolve(port))
+    })
+    srv.on('error', reject)
+  })
+}
+
+function callbackHtml(): string {
+  return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Blink CLI</title>
+<style>body{font-family:system-ui,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;margin:0;background:#fafafa;color:#111}
+.card{text-align:center;padding:3rem;border-radius:12px;background:#fff;box-shadow:0 1px 3px rgba(0,0,0,.08)}
+h1{font-size:1.5rem;margin:0 0 .5rem}p{color:#666;margin:0}</style></head>
+<body><div class="card"><h1>✓ CLI authorized</h1><p>You can close this tab.</p></div></body></html>`
+}
+
+function parseCallback(url: string): CallbackResult | null {
+  const params = new URL(url, 'http://localhost').searchParams
+  const key = params.get('key')
+  const workspace_id = params.get('workspace_id')
+  const workspace_name = params.get('workspace_name')
+  const email = params.get('email')
+  if (!key || !workspace_id || !workspace_name || !email) return null
+  return { key, workspace_id, workspace_name, email }
+}
+
+function startCallbackServer(
+  port: number,
+  expectedState: string,
+): { promise: Promise<CallbackResult>; close: () => void } {
+  let resolveCb: (v: CallbackResult) => void
+  let rejectCb: (e: Error) => void
+  const promise = new Promise<CallbackResult>((res, rej) => { resolveCb = res; rejectCb = rej })
+
+  const server = createServer((req: IncomingMessage, res: ServerResponse) => {
+    if (!req.url?.startsWith('/callback')) {
+      res.writeHead(404).end()
+      return
+    }
+    const state = new URL(req.url, 'http://localhost').searchParams.get('state')
+    if (state !== expectedState) {
+      res.writeHead(403).end('State mismatch')
+      rejectCb(new Error('State mismatch — possible CSRF. Try again.'))
+      return
+    }
+    const result = parseCallback(req.url)
+    if (!result) {
+      res.writeHead(400).end('Missing parameters')
+      rejectCb(new Error('Incomplete callback — missing parameters.'))
+      return
+    }
+    res.writeHead(200, { 'Content-Type': 'text/html' }).end(callbackHtml())
+    resolveCb(result)
+  })
+
+  server.listen(port, '127.0.0.1')
+  return { promise, close: () => server.close() }
+}
+
+async function openBrowserLogin(port: number, state: string) {
+  const url = `${getBaseUrl()}/auth/cli?port=${port}&state=${state}`
+  const open = await import('open').then(m => m.default).catch(() => null)
+  if (open) await open(url).catch(() => {})
+  console.log(chalk.dim(`  ${url}\n`))
+}
+
+async function waitForCallback(
+  promise: Promise<CallbackResult>,
+): Promise<CallbackResult> {
+  return Promise.race([
+    promise,
+    new Promise<never>((_, reject) =>
+      setTimeout(() => reject(new Error('Timed out after 120s — no callback received.')), TIMEOUT_MS),
+    ),
+  ])
+}
+
+async function browserLogin() {
+  const state = generateState()
+  const port = await findFreePort()
+  const { promise, close } = startCallbackServer(port, state)
+
+  console.log(chalk.bold('\n  Opening browser to authorize...\n'))
+  await openBrowserLogin(port, state)
+
+  const result = await waitForCallback(promise).finally(close)
+
+  writeConfig({ api_key: result.key, workspace_id: result.workspace_id })
+  console.log(chalk.green('✓') + ` Logged in as ${chalk.bold(result.email)} (${result.workspace_name})`)
+}
+
+async function interactiveLogin() {
+  const { password } = await import('@clack/prompts')
+  const apiKey = await password({ message: 'Paste your API key (blnk_ak_...):' }) as string
+  if (!apiKey?.startsWith('blnk_ak_')) {
+    console.error('Error: API key must start with blnk_ak_')
+    process.exit(1)
+  }
+  writeConfig({ api_key: apiKey })
+  console.log(chalk.green('✓') + ' Saved to ~/.config/blink/config.toml')
+}
 
 export function registerAuthCommands(program: Command) {
   program.command('login')
@@ -13,7 +136,8 @@ export function registerAuthCommands(program: Command) {
 Get your API key at: blink.new → Settings → API Keys  (starts with blnk_ak_)
 
 Examples:
-  $ blink login --interactive          Saves key to ~/.config/blink/config.toml
+  $ blink login                     Opens browser for one-click auth
+  $ blink login --interactive       Paste key manually (headless/SSH/CI)
   $ export BLINK_API_KEY=blnk_ak_...  Alternative: set env var directly (no login needed)
 
 In Blink Claw agents: BLINK_API_KEY is already set — login is not needed.
@@ -24,28 +148,8 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
         console.log(chalk.green('✓') + ' Already authenticated via BLINK_API_KEY env var.')
         return
       }
-
-      const url = 'https://blink.new/settings?tab=api-keys'
-      if (!opts.interactive) {
-        console.log(chalk.bold('\n  Open this page to get your API key:\n'))
-        console.log(`  ${chalk.cyan(url)}\n`)
-        const open = await import('open').then(m => m.default).catch(() => null)
-        if (open) {
-          await open(url).catch(() => {})
-          console.log(chalk.dim('  (opened in browser)'))
-        }
-        console.log(chalk.dim('  Then run: blink login --interactive\n'))
-        return
-      }
-
-      const { password } = await import('@clack/prompts')
-      const apiKey = await password({ message: 'Paste your API key (blnk_ak_...):' }) as string
-      if (!apiKey?.startsWith('blnk_ak_')) {
-        console.error('Error: API key must start with blnk_ak_')
-        process.exit(1)
-      }
-      writeConfig({ api_key: apiKey })
-      console.log(chalk.green('✓') + ' Saved to ~/.config/blink/config.toml')
+      if (opts.interactive) return interactiveLogin()
+      return browserLogin()
     })
 
   program.command('logout')
@@ -60,7 +164,7 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
     .action(async () => {
       const token = resolveToken()
       if (!token) {
-        console.error('Error: Not authenticated. Run `blink login --interactive` or set BLINK_API_KEY.')
+        console.error('Error: Not authenticated. Run `blink login` or set BLINK_API_KEY.')
         process.exit(1)
       }