npm - @donebear/cli - Versions diffs - 0.1.0 - Mend

@donebear/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,46 @@
+//#region src/types.d.ts
+type OAuthProvider = "google" | "github";
+type OutputFormat = "text" | "json" | "csv" | "tsv";
+interface CliContext {
+  json: boolean;
+  color: boolean;
+  debug: boolean;
+  tokenOverride: string | null;
+  apiUrlOverride: string | null;
+  format: OutputFormat;
+  copy: boolean;
+  total: boolean;
+}
+interface SupabaseConfig {
+  url: string;
+  publishableKey: string;
+}
+interface StoredSessionUser {
+  id: string;
+  email: string | null;
+}
+interface StoredAuthSession {
+  accessToken: string;
+  refreshToken: string | null;
+  tokenType: string | null;
+  expiresAt: string | null;
+  provider: OAuthProvider;
+  user: StoredSessionUser | null;
+  createdAt: string;
+}
+type AuthSource = "flag" | "environment" | "stored";
+interface ResolvedAuthToken {
+  token: string;
+  source: AuthSource;
+  expiresAt: string | null;
+  user: StoredSessionUser | null;
+}
+//#endregion
+//#region src/auth-session.d.ts
+declare function resolveAuthToken(context: CliContext, config: SupabaseConfig | null): Promise<ResolvedAuthToken | null>;
+//#endregion
+//#region src/supabase.d.ts
+declare function resolveSupabaseConfig(): SupabaseConfig;
+//#endregion
+export { type AuthSource, type CliContext, type OAuthProvider, type ResolvedAuthToken, type StoredAuthSession, type SupabaseConfig, resolveAuthToken, resolveSupabaseConfig };
+//# sourceMappingURL=index.d.mts.map

package/dist/index.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.mts","names":[],"sources":["../src/types.ts","../src/auth-session.ts","../src/supabase.ts"],"mappings":";KAAY,aAAA;AAAA,KAEA,YAAA;AAAA,UAEK,UAAA;EACf,IAAA;EACA,KAAA;EACA,KAAA;EACA,aAAA;EACA,cAAA;EACA,MAAA,EAAQ,YAAA;EACR,IAAA;EACA,KAAA;AAAA;AAAA,UAGe,cAAA;EACf,GAAA;EACA,cAAA;AAAA;AAAA,UAGe,iBAAA;EACf,EAAA;EACA,KAAA;AAAA;AAAA,UAGe,iBAAA;EACf,WAAA;EACA,YAAA;EACA,SAAA;EACA,SAAA;EACA,QAAA,EAAU,aAAA;EACV,IAAA,EAAM,iBAAA;EACN,SAAA;AAAA;AAAA,KAQU,UAAA;AAAA,UAEK,iBAAA;EACf,KAAA;EACA,MAAA,EAAQ,UAAA;EACR,SAAA;EACA,IAAA,EAAM,iBAAA;AAAA;;;iBCyEc,gBAAA,CACpB,OAAA,EAAS,UAAA,EACT,MAAA,EAAQ,cAAA,UACP,OAAA,CAAQ,iBAAA;;;iBCzEK,qBAAA,CAAA,GAAyB,cAAA"}

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,263 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
+import { createClient } from "@supabase/supabase-js";
+import "dotenv";
+//#region src/constants.ts
+const CLI_NAME = "donebear";
+const DONEBEAR_TOKEN_ENV = "DONEBEAR_TOKEN";
+const DONEBEAR_CONFIG_DIR_ENV = "DONEBEAR_CONFIG_DIR";
+const DONEBEAR_SUPABASE_URL_ENV = "DONEBEAR_SUPABASE_URL";
+const DONEBEAR_SUPABASE_KEY_ENV = "DONEBEAR_SUPABASE_PUBLISHABLE_KEY";
+const FALLBACK_SUPABASE_URL_ENV_KEYS = ["NEXT_PUBLIC_SUPABASE_URL", "SUPABASE_URL"];
+const FALLBACK_SUPABASE_KEY_ENV_KEYS = ["NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY", "SUPABASE_ANON_KEY"];
+function getDefaultConfigBaseDir() {
+	if (process.platform === "win32") return process.env.APPDATA ?? join(homedir(), "AppData", "Roaming");
+	return process.env.XDG_CONFIG_HOME ?? join(homedir(), ".config");
+}
+const configBaseDir = getDefaultConfigBaseDir();
+const CONFIG_DIR = process.env[DONEBEAR_CONFIG_DIR_ENV] ?? join(configBaseDir, CLI_NAME);
+const AUTH_FILE_PATH = join(CONFIG_DIR, "auth.json");
+const CONTEXT_FILE_PATH = join(CONFIG_DIR, "context.json");
+//#endregion
+//#region src/errors.ts
+const EXIT_CODES = {
+	SUCCESS: 0,
+	ERROR: 1,
+	CANCELLED: 2,
+	AUTH_REQUIRED: 4
+};
+var CliError = class extends Error {
+	exitCode;
+	constructor(message, exitCode = EXIT_CODES.ERROR) {
+		super(message);
+		this.name = "CliError";
+		this.exitCode = exitCode;
+	}
+};
+//#endregion
+//#region src/storage.ts
+function isRecord(value) {
+	return typeof value === "object" && value !== null;
+}
+function isOAuthProvider(value) {
+	return value === "google" || value === "github";
+}
+function parseStoredAuthSession(value) {
+	if (!isRecord(value)) return null;
+	if (typeof value.accessToken !== "string") return null;
+	if (value.refreshToken !== null && typeof value.refreshToken !== "string") return null;
+	if (value.tokenType !== null && typeof value.tokenType !== "string") return null;
+	if (value.expiresAt !== null && typeof value.expiresAt !== "string") return null;
+	if (!isOAuthProvider(value.provider)) return null;
+	const user = value.user;
+	if (user !== null && (!isRecord(user) || typeof user.id !== "string" || user.email !== null && typeof user.email !== "string")) return null;
+	if (typeof value.createdAt !== "string") return null;
+	const parsedUser = user === null ? null : {
+		id: user.id,
+		email: user.email ?? null
+	};
+	return {
+		accessToken: value.accessToken,
+		refreshToken: value.refreshToken,
+		tokenType: value.tokenType,
+		expiresAt: value.expiresAt,
+		provider: value.provider,
+		user: parsedUser,
+		createdAt: value.createdAt
+	};
+}
+function parseAuthFile(payload) {
+	const parsed = JSON.parse(payload);
+	if (!isRecord(parsed) || parsed.version !== 1) throw new CliError(`Invalid auth cache format in ${AUTH_FILE_PATH}`, EXIT_CODES.ERROR);
+	const session = parseStoredAuthSession(parsed.session);
+	if (!session) throw new CliError(`Invalid auth session in ${AUTH_FILE_PATH}`, EXIT_CODES.ERROR);
+	return {
+		version: 1,
+		session
+	};
+}
+async function readStoredAuthSession() {
+	try {
+		return parseAuthFile(await readFile(AUTH_FILE_PATH, "utf8")).session;
+	} catch (error) {
+		if (isRecord(error) && error.code === "ENOENT") return null;
+		if (error instanceof CliError) throw error;
+		throw new CliError(`Failed to read credentials from ${AUTH_FILE_PATH}`, EXIT_CODES.ERROR);
+	}
+}
+async function writeStoredAuthSession(session) {
+	const payload = {
+		version: 1,
+		session
+	};
+	await mkdir(CONFIG_DIR, {
+		recursive: true,
+		mode: 448
+	});
+	await writeFile(AUTH_FILE_PATH, `${JSON.stringify(payload, null, 2)}\n`, {
+		encoding: "utf8",
+		mode: 384
+	});
+}
+async function clearStoredAuthSession() {
+	await rm(AUTH_FILE_PATH, { force: true });
+}
+//#endregion
+//#region src/env.ts
+function readEnvValue(key) {
+	const value = process.env[key];
+	if (typeof value !== "string") return;
+	const trimmed = value.trim();
+	return trimmed.length > 0 ? trimmed : void 0;
+}
+//#endregion
+//#region src/supabase.ts
+function firstDefined(keys) {
+	for (const key of keys) {
+		const value = readEnvValue(key);
+		if (value) return value;
+	}
+}
+function resolveSupabaseConfig() {
+	const url = readEnvValue(DONEBEAR_SUPABASE_URL_ENV) ?? firstDefined(FALLBACK_SUPABASE_URL_ENV_KEYS);
+	const publishableKey = readEnvValue(DONEBEAR_SUPABASE_KEY_ENV) ?? firstDefined(FALLBACK_SUPABASE_KEY_ENV_KEYS);
+	if (!(url && publishableKey)) throw new CliError([
+		"Supabase configuration is missing.",
+		`Set ${DONEBEAR_SUPABASE_URL_ENV} and ${DONEBEAR_SUPABASE_KEY_ENV}.`,
+		`Fallback keys are also supported: ${FALLBACK_SUPABASE_URL_ENV_KEYS.join(", ")} and ${FALLBACK_SUPABASE_KEY_ENV_KEYS.join(", ")}.`
+	].join(" "), EXIT_CODES.ERROR);
+	return {
+		url,
+		publishableKey
+	};
+}
+function createSupabaseClient(config, options) {
+	return createClient(config.url, config.publishableKey, { auth: {
+		flowType: "pkce",
+		autoRefreshToken: false,
+		detectSessionInUrl: false,
+		persistSession: options?.persistSession ?? false,
+		storage: options?.storage
+	} });
+}
+function toStoredAuthSession(session, provider) {
+	const expiresAt = typeof session.expires_at === "number" ? (/* @__PURE__ */ new Date(session.expires_at * 1e3)).toISOString() : null;
+	return {
+		accessToken: session.access_token,
+		refreshToken: session.refresh_token ?? null,
+		tokenType: session.token_type ?? null,
+		expiresAt,
+		provider,
+		user: session.user ? {
+			id: session.user.id,
+			email: session.user.email ?? null
+		} : null,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+}
+async function refreshSupabaseSession(config, refreshToken) {
+	const { data, error } = await createSupabaseClient(config).auth.refreshSession({ refresh_token: refreshToken });
+	if (error) throw new CliError(`Failed to refresh session: ${error.message}`, EXIT_CODES.AUTH_REQUIRED);
+	if (!data.session) throw new CliError("No session returned during refresh", EXIT_CODES.AUTH_REQUIRED);
+	return data.session;
+}
+//#endregion
+//#region src/auth-session.ts
+function parseJwtBase64Url(input) {
+	const normalized = input.replace(/-/g, "+").replace(/_/g, "/");
+	const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
+	return Buffer.from(padded, "base64").toString("utf8");
+}
+function parseJwtClaims(token) {
+	const payloadPart = token.split(".").at(1);
+	if (!payloadPart) return null;
+	try {
+		const payload = parseJwtBase64Url(payloadPart);
+		const parsed = JSON.parse(payload);
+		if (typeof parsed !== "object" || parsed === null) return null;
+		const claims = parsed;
+		return {
+			exp: typeof claims.exp === "number" ? claims.exp : void 0,
+			email: typeof claims.email === "string" ? claims.email : void 0,
+			sub: typeof claims.sub === "string" ? claims.sub : void 0
+		};
+	} catch {
+		return null;
+	}
+}
+function expiryFromClaims(claims) {
+	if (!claims || typeof claims.exp !== "number") return null;
+	return (/* @__PURE__ */ new Date(claims.exp * 1e3)).toISOString();
+}
+function userFromClaims(claims) {
+	if (!(claims?.sub || claims?.email)) return null;
+	return {
+		id: claims.sub ?? "unknown",
+		email: claims.email ?? null
+	};
+}
+function isExpired(session) {
+	if (!session.expiresAt) return false;
+	const expiresAtMs = Date.parse(session.expiresAt);
+	if (Number.isNaN(expiresAtMs)) return false;
+	return expiresAtMs <= Date.now();
+}
+function shouldRefresh(session) {
+	if (!session.expiresAt) return false;
+	const expiresAtMs = Date.parse(session.expiresAt);
+	if (Number.isNaN(expiresAtMs)) return false;
+	return expiresAtMs - Date.now() <= 6e4;
+}
+function tokenFromRaw(token, source) {
+	const claims = parseJwtClaims(token);
+	return {
+		token,
+		source,
+		expiresAt: expiryFromClaims(claims),
+		user: userFromClaims(claims)
+	};
+}
+async function resolveAuthToken(context, config) {
+	if (context.tokenOverride) return tokenFromRaw(context.tokenOverride, "flag");
+	const envToken = process.env[DONEBEAR_TOKEN_ENV]?.trim();
+	if (envToken) return tokenFromRaw(envToken, "environment");
+	const session = await readStoredAuthSession();
+	if (!session) return null;
+	if (!(shouldRefresh(session) || isExpired(session))) return {
+		token: session.accessToken,
+		source: "stored",
+		expiresAt: session.expiresAt,
+		user: session.user
+	};
+	if (!(session.refreshToken && config)) {
+		if (isExpired(session)) {
+			await clearStoredAuthSession();
+			return null;
+		}
+		return {
+			token: session.accessToken,
+			source: "stored",
+			expiresAt: session.expiresAt,
+			user: session.user
+		};
+	}
+	const updatedSession = toStoredAuthSession(await refreshSupabaseSession(config, session.refreshToken), session.provider);
+	await writeStoredAuthSession(updatedSession);
+	return {
+		token: updatedSession.accessToken,
+		source: "stored",
+		expiresAt: updatedSession.expiresAt,
+		user: updatedSession.user
+	};
+}
+//#endregion
+export { resolveAuthToken, resolveSupabaseConfig };
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.mjs","names":[],"sources":["../src/constants.ts","../src/errors.ts","../src/storage.ts","../src/env.ts","../src/supabase.ts","../src/auth-session.ts"],"sourcesContent":["import { homedir } from \"node:os\";\nimport { join } from \"node:path\";\n\nexport const CLI_NAME = \"donebear\";\n\nexport const DONEBEAR_TOKEN_ENV = \"DONEBEAR_TOKEN\";\nexport const DONEBEAR_DEBUG_ENV = \"DONEBEAR_DEBUG\";\nexport const DONEBEAR_CONFIG_DIR_ENV = \"DONEBEAR_CONFIG_DIR\";\nexport const DONEBEAR_SUPABASE_URL_ENV = \"DONEBEAR_SUPABASE_URL\";\nexport const DONEBEAR_SUPABASE_KEY_ENV = \"DONEBEAR_SUPABASE_PUBLISHABLE_KEY\";\nexport const DONEBEAR_API_URL_ENV = \"DONEBEAR_API_URL\";\n\nexport const FALLBACK_SUPABASE_URL_ENV_KEYS = [\n \"NEXT_PUBLIC_SUPABASE_URL\",\n \"SUPABASE_URL\",\n] as const;\n\nexport const FALLBACK_SUPABASE_KEY_ENV_KEYS = [\n \"NEXT_PUBLIC_SUPABASE_PUBLISHABLE_OR_ANON_KEY\",\n \"SUPABASE_ANON_KEY\",\n] as const;\nexport const FALLBACK_API_URL_ENV_KEYS = [\n \"NEXT_PUBLIC_RESERVE_MANAGE_API\",\n] as const;\nexport const DEFAULT_API_URL = \"http://127.0.0.1:3001\";\n\nexport const DEFAULT_OAUTH_PROVIDER = \"google\";\nexport const DEFAULT_OAUTH_CALLBACK_PORT = 8787;\nexport const DEFAULT_OAUTH_CALLBACK_PATH = \"/auth/callback\";\nexport const DEFAULT_OAUTH_TIMEOUT_SECONDS = 180;\n\nfunction getDefaultConfigBaseDir(): string {\n if (process.platform === \"win32\") {\n return process.env.APPDATA ?? join(homedir(), \"AppData\", \"Roaming\");\n }\n\n return process.env.XDG_CONFIG_HOME ?? join(homedir(), \".config\");\n}\n\nconst configBaseDir = getDefaultConfigBaseDir();\n\nexport const CONFIG_DIR =\n process.env[DONEBEAR_CONFIG_DIR_ENV] ?? join(configBaseDir, CLI_NAME);\n\nexport const AUTH_FILE_PATH = join(CONFIG_DIR, \"auth.json\");\nexport const CONTEXT_FILE_PATH = join(CONFIG_DIR, \"context.json\");\n","export const EXIT_CODES = {\n SUCCESS: 0,\n ERROR: 1,\n CANCELLED: 2,\n AUTH_REQUIRED: 4,\n} as const;\n\nexport type ExitCode = (typeof EXIT_CODES)[keyof typeof EXIT_CODES];\n\nexport class CliError extends Error {\n readonly exitCode: ExitCode;\n\n constructor(message: string, exitCode: ExitCode = EXIT_CODES.ERROR) {\n super(message);\n this.name = \"CliError\";\n this.exitCode = exitCode;\n }\n}\n\nexport function toCliError(error: unknown): CliError {\n if (error instanceof CliError) {\n return error;\n }\n\n if (error instanceof Error) {\n return new CliError(error.message, EXIT_CODES.ERROR);\n }\n\n return new CliError(\"Unknown error\", EXIT_CODES.ERROR);\n}\n","import { mkdir, readFile, rm, writeFile } from \"node:fs/promises\";\nimport { AUTH_FILE_PATH, CONFIG_DIR } from \"./constants.js\";\nimport { CliError, EXIT_CODES } from \"./errors.js\";\nimport type {\n AuthFileData,\n OAuthProvider,\n StoredAuthSession,\n} from \"./types.js\";\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null;\n}\n\nfunction isOAuthProvider(value: unknown): value is OAuthProvider {\n return value === \"google\" || value === \"github\";\n}\n\nfunction parseStoredAuthSession(value: unknown): StoredAuthSession | null {\n if (!isRecord(value)) {\n return null;\n }\n\n if (typeof value.accessToken !== \"string\") {\n return null;\n }\n\n if (value.refreshToken !== null && typeof value.refreshToken !== \"string\") {\n return null;\n }\n\n if (value.tokenType !== null && typeof value.tokenType !== \"string\") {\n return null;\n }\n\n if (value.expiresAt !== null && typeof value.expiresAt !== \"string\") {\n return null;\n }\n\n if (!isOAuthProvider(value.provider)) {\n return null;\n }\n\n const user = value.user;\n if (\n user !== null &&\n (!isRecord(user) ||\n typeof user.id !== \"string\" ||\n (user.email !== null && typeof user.email !== \"string\"))\n ) {\n return null;\n }\n\n if (typeof value.createdAt !== \"string\") {\n return null;\n }\n\n const parsedUser =\n user === null\n ? null\n : {\n id: user.id as string,\n email: (user.email as string | null) ?? null,\n };\n\n return {\n accessToken: value.accessToken,\n refreshToken: value.refreshToken,\n tokenType: value.tokenType,\n expiresAt: value.expiresAt,\n provider: value.provider,\n user: parsedUser,\n createdAt: value.createdAt,\n };\n}\n\nfunction parseAuthFile(payload: string): AuthFileData {\n const parsed = JSON.parse(payload) as unknown;\n\n if (!isRecord(parsed) || parsed.version !== 1) {\n throw new CliError(\n `Invalid auth cache format in ${AUTH_FILE_PATH}`,\n EXIT_CODES.ERROR\n );\n }\n\n const session = parseStoredAuthSession(parsed.session);\n\n if (!session) {\n throw new CliError(\n `Invalid auth session in ${AUTH_FILE_PATH}`,\n EXIT_CODES.ERROR\n );\n }\n\n return {\n version: 1,\n session,\n };\n}\n\nexport async function readStoredAuthSession(): Promise<StoredAuthSession | null> {\n try {\n const raw = await readFile(AUTH_FILE_PATH, \"utf8\");\n const parsed = parseAuthFile(raw);\n return parsed.session;\n } catch (error) {\n if (isRecord(error) && error.code === \"ENOENT\") {\n return null;\n }\n\n if (error instanceof CliError) {\n throw error;\n }\n\n throw new CliError(\n `Failed to read credentials from ${AUTH_FILE_PATH}`,\n EXIT_CODES.ERROR\n );\n }\n}\n\nexport async function writeStoredAuthSession(\n session: StoredAuthSession\n): Promise<void> {\n const payload: AuthFileData = {\n version: 1,\n session,\n };\n\n await mkdir(CONFIG_DIR, {\n recursive: true,\n mode: 0o700,\n });\n\n await writeFile(AUTH_FILE_PATH, `${JSON.stringify(payload, null, 2)}\\n`, {\n encoding: \"utf8\",\n mode: 0o600,\n });\n}\n\nexport async function clearStoredAuthSession(): Promise<void> {\n await rm(AUTH_FILE_PATH, {\n force: true,\n });\n}\n","import { existsSync } from \"node:fs\";\nimport { resolve } from \"node:path\";\nimport { config as loadDotEnvFile } from \"dotenv\";\n\nconst DEFAULT_ENV_FILES = [\n \".env.local\",\n \".env\",\n \"apps/manage-frontend/.env.local\",\n \"apps/manage-api/.env\",\n] as const;\n\nlet loaded = false;\n\nexport function loadCliEnvironmentFiles(): void {\n if (loaded) {\n return;\n }\n\n for (const relativePath of DEFAULT_ENV_FILES) {\n const absolutePath = resolve(process.cwd(), relativePath);\n\n if (!existsSync(absolutePath)) {\n continue;\n }\n\n loadDotEnvFile({\n path: absolutePath,\n override: false,\n quiet: true,\n });\n }\n\n loaded = true;\n}\n\nexport function readEnvValue(key: string): string | undefined {\n const value = process.env[key];\n\n if (typeof value !== \"string\") {\n return undefined;\n }\n\n const trimmed = value.trim();\n return trimmed.length > 0 ? trimmed : undefined;\n}\n","import {\n createClient,\n type Session,\n type SupabaseClient,\n type SupportedStorage,\n type User,\n} from \"@supabase/supabase-js\";\nimport {\n DONEBEAR_SUPABASE_KEY_ENV,\n DONEBEAR_SUPABASE_URL_ENV,\n FALLBACK_SUPABASE_KEY_ENV_KEYS,\n FALLBACK_SUPABASE_URL_ENV_KEYS,\n} from \"./constants.js\";\nimport { readEnvValue } from \"./env.js\";\nimport { CliError, EXIT_CODES } from \"./errors.js\";\nimport type {\n OAuthProvider,\n StoredAuthSession,\n SupabaseConfig,\n} from \"./types.js\";\n\nclass MemoryStorage implements SupportedStorage {\n private readonly values = new Map<string, string>();\n\n getItem(key: string): string | null {\n return this.values.get(key) ?? null;\n }\n\n setItem(key: string, value: string): void {\n this.values.set(key, value);\n }\n\n removeItem(key: string): void {\n this.values.delete(key);\n }\n}\n\nfunction firstDefined(keys: readonly string[]): string | undefined {\n for (const key of keys) {\n const value = readEnvValue(key);\n\n if (value) {\n return value;\n }\n }\n\n return undefined;\n}\n\nexport function resolveSupabaseConfig(): SupabaseConfig {\n const url =\n readEnvValue(DONEBEAR_SUPABASE_URL_ENV) ??\n firstDefined(FALLBACK_SUPABASE_URL_ENV_KEYS);\n\n const publishableKey =\n readEnvValue(DONEBEAR_SUPABASE_KEY_ENV) ??\n firstDefined(FALLBACK_SUPABASE_KEY_ENV_KEYS);\n\n if (!(url && publishableKey)) {\n throw new CliError(\n [\n \"Supabase configuration is missing.\",\n `Set ${DONEBEAR_SUPABASE_URL_ENV} and ${DONEBEAR_SUPABASE_KEY_ENV}.`,\n `Fallback keys are also supported: ${FALLBACK_SUPABASE_URL_ENV_KEYS.join(\n \", \"\n )} and ${FALLBACK_SUPABASE_KEY_ENV_KEYS.join(\", \")}.`,\n ].join(\" \"),\n EXIT_CODES.ERROR\n );\n }\n\n return {\n url,\n publishableKey,\n };\n}\n\nexport function createSupabaseClient(\n config: SupabaseConfig,\n options?: {\n storage?: SupportedStorage;\n persistSession?: boolean;\n }\n): SupabaseClient {\n return createClient(config.url, config.publishableKey, {\n auth: {\n flowType: \"pkce\",\n autoRefreshToken: false,\n detectSessionInUrl: false,\n persistSession: options?.persistSession ?? false,\n storage: options?.storage,\n },\n });\n}\n\nexport function createPkceSupabaseClient(\n config: SupabaseConfig\n): SupabaseClient {\n return createSupabaseClient(config, {\n storage: new MemoryStorage(),\n persistSession: true,\n });\n}\n\nexport function toStoredAuthSession(\n session: Session,\n provider: OAuthProvider\n): StoredAuthSession {\n const expiresAt =\n typeof session.expires_at === \"number\"\n ? new Date(session.expires_at * 1000).toISOString()\n : null;\n\n return {\n accessToken: session.access_token,\n refreshToken: session.refresh_token ?? null,\n tokenType: session.token_type ?? null,\n expiresAt,\n provider,\n user: session.user\n ? {\n id: session.user.id,\n email: session.user.email ?? null,\n }\n : null,\n createdAt: new Date().toISOString(),\n };\n}\n\nexport async function refreshSupabaseSession(\n config: SupabaseConfig,\n refreshToken: string\n): Promise<Session> {\n const client = createSupabaseClient(config);\n const { data, error } = await client.auth.refreshSession({\n refresh_token: refreshToken,\n });\n\n if (error) {\n throw new CliError(\n `Failed to refresh session: ${error.message}`,\n EXIT_CODES.AUTH_REQUIRED\n );\n }\n\n if (!data.session) {\n throw new CliError(\n \"No session returned during refresh\",\n EXIT_CODES.AUTH_REQUIRED\n );\n }\n\n return data.session;\n}\n\nexport async function getSupabaseUser(\n config: SupabaseConfig,\n accessToken: string\n): Promise<User> {\n const client = createSupabaseClient(config);\n const { data, error } = await client.auth.getUser(accessToken);\n\n if (error) {\n throw new CliError(\n `Failed to load user: ${error.message}`,\n EXIT_CODES.ERROR\n );\n }\n\n if (!data.user) {\n throw new CliError(\"No user returned for current token\", EXIT_CODES.ERROR);\n }\n\n return data.user;\n}\n","import { DONEBEAR_TOKEN_ENV } from \"./constants.js\";\nimport {\n clearStoredAuthSession,\n readStoredAuthSession,\n writeStoredAuthSession,\n} from \"./storage.js\";\nimport { refreshSupabaseSession, toStoredAuthSession } from \"./supabase.js\";\nimport type {\n CliContext,\n ResolvedAuthToken,\n StoredAuthSession,\n SupabaseConfig,\n} from \"./types.js\";\n\ninterface JwtClaims {\n exp?: number;\n email?: string;\n sub?: string;\n}\n\nfunction parseJwtBase64Url(input: string): string {\n const normalized = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, \"=\");\n return Buffer.from(padded, \"base64\").toString(\"utf8\");\n}\n\nexport function parseJwtClaims(token: string): JwtClaims | null {\n const parts = token.split(\".\");\n const payloadPart = parts.at(1);\n\n if (!payloadPart) {\n return null;\n }\n\n try {\n const payload = parseJwtBase64Url(payloadPart);\n const parsed = JSON.parse(payload) as unknown;\n\n if (typeof parsed !== \"object\" || parsed === null) {\n return null;\n }\n\n const claims = parsed as Record<string, unknown>;\n\n return {\n exp: typeof claims.exp === \"number\" ? claims.exp : undefined,\n email: typeof claims.email === \"string\" ? claims.email : undefined,\n sub: typeof claims.sub === \"string\" ? claims.sub : undefined,\n };\n } catch {\n return null;\n }\n}\n\nfunction expiryFromClaims(claims: JwtClaims | null): string | null {\n if (!claims || typeof claims.exp !== \"number\") {\n return null;\n }\n\n return new Date(claims.exp * 1000).toISOString();\n}\n\nfunction userFromClaims(claims: JwtClaims | null): ResolvedAuthToken[\"user\"] {\n if (!(claims?.sub || claims?.email)) {\n return null;\n }\n\n return {\n id: claims.sub ?? \"unknown\",\n email: claims.email ?? null,\n };\n}\n\nfunction nowUnixSeconds(): number {\n return Math.floor(Date.now() / 1000);\n}\n\nfunction isExpired(session: StoredAuthSession): boolean {\n if (!session.expiresAt) {\n return false;\n }\n\n const expiresAtMs = Date.parse(session.expiresAt);\n\n if (Number.isNaN(expiresAtMs)) {\n return false;\n }\n\n return expiresAtMs <= Date.now();\n}\n\nfunction shouldRefresh(session: StoredAuthSession): boolean {\n if (!session.expiresAt) {\n return false;\n }\n\n const expiresAtMs = Date.parse(session.expiresAt);\n\n if (Number.isNaN(expiresAtMs)) {\n return false;\n }\n\n return expiresAtMs - Date.now() <= 60_000;\n}\n\nfunction tokenFromRaw(\n token: string,\n source: ResolvedAuthToken[\"source\"]\n): ResolvedAuthToken {\n const claims = parseJwtClaims(token);\n\n return {\n token,\n source,\n expiresAt: expiryFromClaims(claims),\n user: userFromClaims(claims),\n };\n}\n\nexport async function resolveAuthToken(\n context: CliContext,\n config: SupabaseConfig | null\n): Promise<ResolvedAuthToken | null> {\n if (context.tokenOverride) {\n return tokenFromRaw(context.tokenOverride, \"flag\");\n }\n\n const envToken = process.env[DONEBEAR_TOKEN_ENV]?.trim();\n\n if (envToken) {\n return tokenFromRaw(envToken, \"environment\");\n }\n\n const session = await readStoredAuthSession();\n\n if (!session) {\n return null;\n }\n\n if (!(shouldRefresh(session) || isExpired(session))) {\n return {\n token: session.accessToken,\n source: \"stored\",\n expiresAt: session.expiresAt,\n user: session.user,\n };\n }\n\n if (!(session.refreshToken && config)) {\n if (isExpired(session)) {\n await clearStoredAuthSession();\n return null;\n }\n\n return {\n token: session.accessToken,\n source: \"stored\",\n expiresAt: session.expiresAt,\n user: session.user,\n };\n }\n\n const refreshedSession = await refreshSupabaseSession(\n config,\n session.refreshToken\n );\n const updatedSession = toStoredAuthSession(\n refreshedSession,\n session.provider\n );\n await writeStoredAuthSession(updatedSession);\n\n return {\n token: updatedSession.accessToken,\n source: \"stored\",\n expiresAt: updatedSession.expiresAt,\n user: updatedSession.user,\n };\n}\n\nexport function resolveTokenStatus(token: ResolvedAuthToken): {\n expiresInSeconds: number | null;\n expired: boolean;\n} {\n const claims = parseJwtClaims(token.token);\n\n if (!claims?.exp) {\n return {\n expiresInSeconds: null,\n expired: false,\n };\n }\n\n const expiresInSeconds = claims.exp - nowUnixSeconds();\n\n return {\n expiresInSeconds,\n expired: expiresInSeconds <= 0,\n };\n}\n"],"mappings":";;;;;;;AAGA,MAAa,WAAW;AAExB,MAAa,qBAAqB;AAElC,MAAa,0BAA0B;AACvC,MAAa,4BAA4B;AACzC,MAAa,4BAA4B;AAGzC,MAAa,iCAAiC,CAC5C,4BACA,eACD;AAED,MAAa,iCAAiC,CAC5C,gDACA,oBACD;AAWD,SAAS,0BAAkC;AACzC,KAAI,QAAQ,aAAa,QACvB,QAAO,QAAQ,IAAI,WAAW,KAAK,SAAS,EAAE,WAAW,UAAU;AAGrE,QAAO,QAAQ,IAAI,mBAAmB,KAAK,SAAS,EAAE,UAAU;;AAGlE,MAAM,gBAAgB,yBAAyB;AAE/C,MAAa,aACX,QAAQ,IAAI,4BAA4B,KAAK,eAAe,SAAS;AAEvE,MAAa,iBAAiB,KAAK,YAAY,YAAY;AAC3D,MAAa,oBAAoB,KAAK,YAAY,eAAe;;;;AC7CjE,MAAa,aAAa;CACxB,SAAS;CACT,OAAO;CACP,WAAW;CACX,eAAe;CAChB;AAID,IAAa,WAAb,cAA8B,MAAM;CAClC,AAAS;CAET,YAAY,SAAiB,WAAqB,WAAW,OAAO;AAClE,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,WAAW;;;;;;ACNpB,SAAS,SAAS,OAAkD;AAClE,QAAO,OAAO,UAAU,YAAY,UAAU;;AAGhD,SAAS,gBAAgB,OAAwC;AAC/D,QAAO,UAAU,YAAY,UAAU;;AAGzC,SAAS,uBAAuB,OAA0C;AACxE,KAAI,CAAC,SAAS,MAAM,CAClB,QAAO;AAGT,KAAI,OAAO,MAAM,gBAAgB,SAC/B,QAAO;AAGT,KAAI,MAAM,iBAAiB,QAAQ,OAAO,MAAM,iBAAiB,SAC/D,QAAO;AAGT,KAAI,MAAM,cAAc,QAAQ,OAAO,MAAM,cAAc,SACzD,QAAO;AAGT,KAAI,MAAM,cAAc,QAAQ,OAAO,MAAM,cAAc,SACzD,QAAO;AAGT,KAAI,CAAC,gBAAgB,MAAM,SAAS,CAClC,QAAO;CAGT,MAAM,OAAO,MAAM;AACnB,KACE,SAAS,SACR,CAAC,SAAS,KAAK,IACd,OAAO,KAAK,OAAO,YAClB,KAAK,UAAU,QAAQ,OAAO,KAAK,UAAU,UAEhD,QAAO;AAGT,KAAI,OAAO,MAAM,cAAc,SAC7B,QAAO;CAGT,MAAM,aACJ,SAAS,OACL,OACA;EACE,IAAI,KAAK;EACT,OAAQ,KAAK,SAA2B;EACzC;AAEP,QAAO;EACL,aAAa,MAAM;EACnB,cAAc,MAAM;EACpB,WAAW,MAAM;EACjB,WAAW,MAAM;EACjB,UAAU,MAAM;EAChB,MAAM;EACN,WAAW,MAAM;EAClB;;AAGH,SAAS,cAAc,SAA+B;CACpD,MAAM,SAAS,KAAK,MAAM,QAAQ;AAElC,KAAI,CAAC,SAAS,OAAO,IAAI,OAAO,YAAY,EAC1C,OAAM,IAAI,SACR,gCAAgC,kBAChC,WAAW,MACZ;CAGH,MAAM,UAAU,uBAAuB,OAAO,QAAQ;AAEtD,KAAI,CAAC,QACH,OAAM,IAAI,SACR,2BAA2B,kBAC3B,WAAW,MACZ;AAGH,QAAO;EACL,SAAS;EACT;EACD;;AAGH,eAAsB,wBAA2D;AAC/E,KAAI;AAGF,SADe,cADH,MAAM,SAAS,gBAAgB,OAAO,CACjB,CACnB;UACP,OAAO;AACd,MAAI,SAAS,MAAM,IAAI,MAAM,SAAS,SACpC,QAAO;AAGT,MAAI,iBAAiB,SACnB,OAAM;AAGR,QAAM,IAAI,SACR,mCAAmC,kBACnC,WAAW,MACZ;;;AAIL,eAAsB,uBACpB,SACe;CACf,MAAM,UAAwB;EAC5B,SAAS;EACT;EACD;AAED,OAAM,MAAM,YAAY;EACtB,WAAW;EACX,MAAM;EACP,CAAC;AAEF,OAAM,UAAU,gBAAgB,GAAG,KAAK,UAAU,SAAS,MAAM,EAAE,CAAC,KAAK;EACvE,UAAU;EACV,MAAM;EACP,CAAC;;AAGJ,eAAsB,yBAAwC;AAC5D,OAAM,GAAG,gBAAgB,EACvB,OAAO,MACR,CAAC;;;;;AC5GJ,SAAgB,aAAa,KAAiC;CAC5D,MAAM,QAAQ,QAAQ,IAAI;AAE1B,KAAI,OAAO,UAAU,SACnB;CAGF,MAAM,UAAU,MAAM,MAAM;AAC5B,QAAO,QAAQ,SAAS,IAAI,UAAU;;;;;ACNxC,SAAS,aAAa,MAA6C;AACjE,MAAK,MAAM,OAAO,MAAM;EACtB,MAAM,QAAQ,aAAa,IAAI;AAE/B,MAAI,MACF,QAAO;;;AAOb,SAAgB,wBAAwC;CACtD,MAAM,MACJ,aAAa,0BAA0B,IACvC,aAAa,+BAA+B;CAE9C,MAAM,iBACJ,aAAa,0BAA0B,IACvC,aAAa,+BAA+B;AAE9C,KAAI,EAAE,OAAO,gBACX,OAAM,IAAI,SACR;EACE;EACA,OAAO,0BAA0B,OAAO,0BAA0B;EAClE,qCAAqC,+BAA+B,KAClE,KACD,CAAC,OAAO,+BAA+B,KAAK,KAAK,CAAC;EACpD,CAAC,KAAK,IAAI,EACX,WAAW,MACZ;AAGH,QAAO;EACL;EACA;EACD;;AAGH,SAAgB,qBACd,QACA,SAIgB;AAChB,QAAO,aAAa,OAAO,KAAK,OAAO,gBAAgB,EACrD,MAAM;EACJ,UAAU;EACV,kBAAkB;EAClB,oBAAoB;EACpB,gBAAgB,SAAS,kBAAkB;EAC3C,SAAS,SAAS;EACnB,EACF,CAAC;;AAYJ,SAAgB,oBACd,SACA,UACmB;CACnB,MAAM,YACJ,OAAO,QAAQ,eAAe,4BAC1B,IAAI,KAAK,QAAQ,aAAa,IAAK,EAAC,aAAa,GACjD;AAEN,QAAO;EACL,aAAa,QAAQ;EACrB,cAAc,QAAQ,iBAAiB;EACvC,WAAW,QAAQ,cAAc;EACjC;EACA;EACA,MAAM,QAAQ,OACV;GACE,IAAI,QAAQ,KAAK;GACjB,OAAO,QAAQ,KAAK,SAAS;GAC9B,GACD;EACJ,4BAAW,IAAI,MAAM,EAAC,aAAa;EACpC;;AAGH,eAAsB,uBACpB,QACA,cACkB;CAElB,MAAM,EAAE,MAAM,UAAU,MADT,qBAAqB,OAAO,CACN,KAAK,eAAe,EACvD,eAAe,cAChB,CAAC;AAEF,KAAI,MACF,OAAM,IAAI,SACR,8BAA8B,MAAM,WACpC,WAAW,cACZ;AAGH,KAAI,CAAC,KAAK,QACR,OAAM,IAAI,SACR,sCACA,WAAW,cACZ;AAGH,QAAO,KAAK;;;;;ACpId,SAAS,kBAAkB,OAAuB;CAChD,MAAM,aAAa,MAAM,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;CAC9D,MAAM,SAAS,WAAW,OAAO,KAAK,KAAK,WAAW,SAAS,EAAE,GAAG,GAAG,IAAI;AAC3E,QAAO,OAAO,KAAK,QAAQ,SAAS,CAAC,SAAS,OAAO;;AAGvD,SAAgB,eAAe,OAAiC;CAE9D,MAAM,cADQ,MAAM,MAAM,IAAI,CACJ,GAAG,EAAE;AAE/B,KAAI,CAAC,YACH,QAAO;AAGT,KAAI;EACF,MAAM,UAAU,kBAAkB,YAAY;EAC9C,MAAM,SAAS,KAAK,MAAM,QAAQ;AAElC,MAAI,OAAO,WAAW,YAAY,WAAW,KAC3C,QAAO;EAGT,MAAM,SAAS;AAEf,SAAO;GACL,KAAK,OAAO,OAAO,QAAQ,WAAW,OAAO,MAAM;GACnD,OAAO,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ;GACzD,KAAK,OAAO,OAAO,QAAQ,WAAW,OAAO,MAAM;GACpD;SACK;AACN,SAAO;;;AAIX,SAAS,iBAAiB,QAAyC;AACjE,KAAI,CAAC,UAAU,OAAO,OAAO,QAAQ,SACnC,QAAO;AAGT,yBAAO,IAAI,KAAK,OAAO,MAAM,IAAK,EAAC,aAAa;;AAGlD,SAAS,eAAe,QAAqD;AAC3E,KAAI,EAAE,QAAQ,OAAO,QAAQ,OAC3B,QAAO;AAGT,QAAO;EACL,IAAI,OAAO,OAAO;EAClB,OAAO,OAAO,SAAS;EACxB;;AAOH,SAAS,UAAU,SAAqC;AACtD,KAAI,CAAC,QAAQ,UACX,QAAO;CAGT,MAAM,cAAc,KAAK,MAAM,QAAQ,UAAU;AAEjD,KAAI,OAAO,MAAM,YAAY,CAC3B,QAAO;AAGT,QAAO,eAAe,KAAK,KAAK;;AAGlC,SAAS,cAAc,SAAqC;AAC1D,KAAI,CAAC,QAAQ,UACX,QAAO;CAGT,MAAM,cAAc,KAAK,MAAM,QAAQ,UAAU;AAEjD,KAAI,OAAO,MAAM,YAAY,CAC3B,QAAO;AAGT,QAAO,cAAc,KAAK,KAAK,IAAI;;AAGrC,SAAS,aACP,OACA,QACmB;CACnB,MAAM,SAAS,eAAe,MAAM;AAEpC,QAAO;EACL;EACA;EACA,WAAW,iBAAiB,OAAO;EACnC,MAAM,eAAe,OAAO;EAC7B;;AAGH,eAAsB,iBACpB,SACA,QACmC;AACnC,KAAI,QAAQ,cACV,QAAO,aAAa,QAAQ,eAAe,OAAO;CAGpD,MAAM,WAAW,QAAQ,IAAI,qBAAqB,MAAM;AAExD,KAAI,SACF,QAAO,aAAa,UAAU,cAAc;CAG9C,MAAM,UAAU,MAAM,uBAAuB;AAE7C,KAAI,CAAC,QACH,QAAO;AAGT,KAAI,EAAE,cAAc,QAAQ,IAAI,UAAU,QAAQ,EAChD,QAAO;EACL,OAAO,QAAQ;EACf,QAAQ;EACR,WAAW,QAAQ;EACnB,MAAM,QAAQ;EACf;AAGH,KAAI,EAAE,QAAQ,gBAAgB,SAAS;AACrC,MAAI,UAAU,QAAQ,EAAE;AACtB,SAAM,wBAAwB;AAC9B,UAAO;;AAGT,SAAO;GACL,OAAO,QAAQ;GACf,QAAQ;GACR,WAAW,QAAQ;GACnB,MAAM,QAAQ;GACf;;CAOH,MAAM,iBAAiB,oBAJE,MAAM,uBAC7B,QACA,QAAQ,aACT,EAGC,QAAQ,SACT;AACD,OAAM,uBAAuB,eAAe;AAE5C,QAAO;EACL,OAAO,eAAe;EACtB,QAAQ;EACR,WAAW,eAAe;EAC1B,MAAM,eAAe;EACtB"}

package/package.json ADDED Viewed

@@ -0,0 +1,48 @@
+{
+  "name": "@donebear/cli",
+  "version": "0.1.0",
+  "description": "Done Bear CLI with OAuth authentication",
+  "type": "module",
+  "main": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
+  "bin": {
+    "donebear": "./dist/cli.mjs"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "AGENTS.md"
+  ],
+  "scripts": {
+    "build": "tsdown",
+    "dev": "tsdown --watch",
+    "start": "node dist/cli.mjs",
+    "lint": "biome lint .",
+    "check-types": "tsc --noEmit",
+    "test": "vitest run"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@supabase/supabase-js": "^2.93.3",
+    "commander": "^14.0.2",
+    "dotenv": "^17.2.3"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^2.3.13",
+    "@types/node": "^25.1.0",
+    "tsdown": "^0.20.3",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  }
+}