npm - @createlex/createlexgenai - Versions diffs - 1.0.0 → 1.0.1 - Mend

@createlex/createlexgenai 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/commands/login.js +79 -51

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@createlex/createlexgenai",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "CLI tool and MCP server for CreatelexGenAI — Unreal Engine AI integration",
   "bin": {
     "createlex": "./bin/createlex.js"

package/src/commands/login.js CHANGED Viewed

@@ -1,11 +1,13 @@
 'use strict';
 const http = require('http');
-const crypto = require('crypto');
+const url = require('url');
 const log = require('../utils/logger');
 const authManager = require('../core/auth-manager');
 const configStore = require('../core/config-store');
+const CALLBACK_PORT = 7891; // Same port as VS Code extension & Bridge app
 async function login() {
   const existing = authManager.getToken();
   if (existing) {
@@ -17,79 +19,105 @@ async function login() {
     log.warn('Existing token is expired or invalid. Starting fresh login...');
   }
-  const state = crypto.randomBytes(16).toString('hex');
   const webBaseUrl = configStore.get('webBaseUrl') || 'https://createlex.com';
-  // Start a temporary local server to receive the auth callback
-  const server = http.createServer((req, res) => {
-    const url = new URL(req.url, 'http://localhost');
-    if (url.pathname === '/callback') {
-      const token = url.searchParams.get('token');
-      const returnedState = url.searchParams.get('state');
-      if (returnedState !== state) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h2>Authentication failed: state mismatch</h2></body></html>');
-        return;
-      }
-      if (!token) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h2>Authentication failed: no token received</h2></body></html>');
-        return;
-      }
+  // Start local callback server (same as VS Code extension / Bridge app)
+  const server = http.createServer(async (req, res) => {
+    // CORS headers (bridge-callback page does cross-origin fetch)
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
-      const validation = authManager.validateTokenFormat(token);
-      if (!validation.valid) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end(`<html><body><h2>Authentication failed: ${validation.reason}</h2></body></html>`);
-        return;
-      }
+    if (req.method === 'OPTIONS') {
+      res.writeHead(200);
+      res.end();
+      return;
+    }
-      // Store the token
-      authManager.setToken(token, {
-        email: validation.payload?.email,
-        userId: validation.payload?.sub || validation.payload?.userId
+    const parsedUrl = url.parse(req.url, true);
+    // POST /auth/success — same endpoint as VS Code extension & Bridge app
+    if (req.method === 'POST' && parsedUrl.pathname === '/auth/success') {
+      let body = '';
+      req.on('data', chunk => body += chunk.toString());
+      req.on('end', () => {
+        try {
+          const { token, userId, email, hasSubscription } = JSON.parse(body);
+          if (!token || !userId) {
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: false, error: 'Missing token or userId' }));
+            return;
+          }
+          const validation = authManager.validateTokenFormat(token);
+          if (!validation.valid) {
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ success: false, error: validation.reason }));
+            return;
+          }
+          // Store the token
+          authManager.setToken(token, {
+            email: email || validation.payload?.email,
+            userId: userId || validation.payload?.sub
+          });
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ success: true }));
+          log.blank();
+          log.success('Login successful!');
+          if (email) {
+            log.keyValue('Email', email);
+          }
+          if (hasSubscription !== undefined) {
+            log.keyValue('Subscription', hasSubscription ? 'Active' : 'Inactive');
+          }
+          server.close();
+        } catch (err) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ success: false, error: err.message }));
+        }
       });
-      res.writeHead(200, { 'Content-Type': 'text/html' });
-      res.end('<html><body><h2>Authentication successful!</h2><p>You can close this window and return to the terminal.</p></body></html>');
-      log.blank();
-      log.success('Login successful!');
-      if (validation.payload?.email) {
-        log.keyValue('Email', validation.payload.email);
-      }
-      server.close();
     } else {
       res.writeHead(404);
       res.end();
     }
   });
-  // Find an available port
+  // Listen on the same port as VS Code extension / Bridge app
   await new Promise((resolve, reject) => {
-    server.listen(0, '127.0.0.1', () => resolve());
-    server.on('error', reject);
+    server.listen(CALLBACK_PORT, 'localhost', () => resolve());
+    server.on('error', (err) => {
+      if (err.code === 'EADDRINUSE') {
+        log.error(`Port ${CALLBACK_PORT} is already in use.`);
+        log.info('Close the VS Code extension or Bridge app and try again,');
+        log.info('or use `createlex config set token <your-jwt>` to set the token manually.');
+        reject(err);
+      } else {
+        reject(err);
+      }
+    });
   });
-  const port = server.address().port;
-  const callbackUrl = encodeURIComponent(`http://localhost:${port}/callback`);
-  const authUrl = `${webBaseUrl}/auth/cli?callback=${callbackUrl}&state=${state}`;
+  // Use same OAuth flow as VS Code extension: /login?redirect=bridge-callback&source=bridge
+  const frontendCallbackUrl = `${webBaseUrl}/bridge-callback`;
+  const loginUrl = new URL('/login', webBaseUrl);
+  loginUrl.searchParams.set('redirect', encodeURIComponent(frontendCallbackUrl));
+  loginUrl.searchParams.set('source', 'bridge');
   log.header('CreateLex Login');
   log.info('Opening browser for authentication...');
   log.blank();
   log.info(`If the browser doesn't open, visit:`);
-  log.info(authUrl);
+  log.info(loginUrl.toString());
   log.blank();
   try {
     const open = require('open');
-    await open(authUrl);
+    await open(loginUrl.toString());
   } catch {
     log.warn('Could not open browser automatically. Please visit the URL above.');
   }