@cantinasecurity/apex-cli 0.1.0

package/dist/auth.js

@@ -0,0 +1,143 @@
+import { openInBrowser } from "./browser.js";
+import { saveCredentials } from "./config.js";
+import { ApiError } from "./api-client.js";
+import { APEX_CLI_VERSION } from "./version.js";
+const DEVICE_CLIENT_NAME = "apex";
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function log(message, quiet = false) {
+    if (!quiet) {
+        process.stderr.write(`${message}\n`);
+    }
+}
+function toCredentials(poll) {
+    return {
+        accessToken: poll.accessToken,
+        refreshToken: poll.refreshToken,
+        accessTokenExpiresAt: poll.accessTokenExpiresAt,
+        refreshTokenExpiresAt: poll.refreshTokenExpiresAt,
+    };
+}
+export async function getMe(client) {
+    try {
+        return await client.request("/api/cli/v1/me");
+    }
+    catch (error) {
+        if (error instanceof ApiError && error.status === 401) {
+            return null;
+        }
+        throw error;
+    }
+}
+export async function startDeviceLogin(client) {
+    return client.request("/api/cli/v1/auth/device/start", {
+        method: "POST",
+        auth: false,
+        json: {
+            clientName: DEVICE_CLIENT_NAME,
+            clientVersion: APEX_CLI_VERSION,
+        },
+    });
+}
+export async function pollDeviceLogin(client, deviceCode) {
+    return client.request("/api/cli/v1/auth/device/poll", {
+        method: "POST",
+        auth: false,
+        json: { deviceCode },
+        retryOnUnauthorized: false,
+    });
+}
+export async function waitForDeviceLoginApproval(client, options) {
+    let intervalSeconds = Math.max(0, options.intervalSeconds ?? 5);
+    let expiresAt = options.expiresAt ?? null;
+    const timeoutAt = Date.now() + Math.max(0, options.timeoutMs ?? 5 * 60 * 1000);
+    function remainingTimeoutMs() {
+        return Math.max(0, timeoutAt - Date.now());
+    }
+    while (remainingTimeoutMs() > 0) {
+        const expiresAtTime = expiresAt ? new Date(expiresAt).getTime() : Number.POSITIVE_INFINITY;
+        if (Number.isFinite(expiresAtTime) && Date.now() >= expiresAtTime) {
+            return {
+                status: "expired",
+                expiresAt,
+            };
+        }
+        const sleepMs = Math.min(intervalSeconds * 1000, remainingTimeoutMs());
+        if (sleepMs > 0) {
+            await sleep(sleepMs);
+        }
+        if (remainingTimeoutMs() === 0) {
+            break;
+        }
+        try {
+            const polled = await pollDeviceLogin(client, options.deviceCode);
+            if (polled.status === "pending") {
+                intervalSeconds = Math.max(0, polled.intervalSeconds);
+                expiresAt = polled.expiresAt;
+                continue;
+            }
+            await saveCredentials(toCredentials(polled));
+            return {
+                status: "approved",
+                me: await client.request("/api/cli/v1/me"),
+            };
+        }
+        catch (error) {
+            if (error instanceof ApiError && [409, 410].includes(error.status)) {
+                return {
+                    status: "expired",
+                    expiresAt,
+                };
+            }
+            throw error;
+        }
+    }
+    return {
+        status: "pending",
+        retryAfterSeconds: intervalSeconds,
+        expiresAt,
+    };
+}
+export async function login(client, options) {
+    const existing = await getMe(client);
+    if (existing) {
+        return existing;
+    }
+    const started = await startDeviceLogin(client);
+    log(`Login code: ${started.userCode}`, options.quiet);
+    log(`Open: ${started.verificationUrl}`, options.quiet);
+    if (!options.noOpen) {
+        try {
+            await openInBrowser(started.verificationUrl);
+        }
+        catch (error) {
+            log(`Failed to open browser automatically: ${String(error)}`, options.quiet);
+        }
+    }
+    const result = await waitForDeviceLoginApproval(client, {
+        deviceCode: started.deviceCode,
+        intervalSeconds: started.intervalSeconds,
+        expiresAt: started.expiresAt,
+        timeoutMs: Math.max(0, new Date(started.expiresAt).getTime() - Date.now()),
+    });
+    if (result.status === "approved") {
+        return result.me;
+    }
+    throw new Error("CLI login timed out before approval completed");
+}
+export async function logout(client) {
+    const credentials = await client.getCredentials();
+    if (!credentials) {
+        return;
+    }
+    try {
+        await client.request("/api/cli/v1/auth/logout", {
+            method: "POST",
+            auth: true,
+        });
+    }
+    finally {
+        await client.clearCredentials();
+    }
+}

package/dist/browser.js

@@ -0,0 +1,18 @@
+import { spawn } from "node:child_process";
+export async function openInBrowser(url) {
+    const platform = process.platform;
+    const command = platform === "darwin"
+        ? ["open", url]
+        : platform === "win32"
+            ? ["cmd", "/c", "start", "", url]
+            : ["xdg-open", url];
+    await new Promise((resolve, reject) => {
+        const child = spawn(command[0], command.slice(1), {
+            detached: true,
+            stdio: "ignore",
+        });
+        child.on("error", reject);
+        child.unref();
+        resolve();
+    });
+}