@friggframework/devtools 2.0.0-next.7 → 2.0.0-next.70

package/frigg-cli/auth-command/auth-tester.js

@@ -0,0 +1,344 @@
+const chalk = require('chalk');
+
+async function runAuthTests(definition, ApiClass, credentials, options) {
+    console.log(chalk.blue('\n🧪 Running Authentication Tests\n'));
+
+    const moduleName = definition.moduleName || definition.getName?.() || 'unknown';
+    const results = {
+        testAuthRequest: { status: 'pending' },
+        getEntityDetails: { status: 'pending' },
+        getCredentialDetails: { status: 'pending' },
+        tokenRefresh: { status: 'pending' },
+        credentialProps: { set: 0, total: 0 },
+        entityProps: { set: 0, total: 0 },
+    };
+
+    // 1. Create fresh API instance with credentials
+    const apiParams = {
+        ...definition.env,
+        ...credentials.tokens,
+        ...credentials.apiParams,
+    };
+
+    const api = new ApiClass(apiParams);
+
+    // If API key, set it
+    if (credentials.apiKey) {
+        if (typeof api.setApiKey === 'function') {
+            api.setApiKey(credentials.apiKey);
+        } else {
+            api.api_key = credentials.apiKey;
+            api.access_token = credentials.apiKey;
+        }
+    }
+
+    // 2. Run testAuthRequest
+    console.log(chalk.gray('1. Running testAuthRequest...'));
+    try {
+        let testResult;
+        if (definition.requiredAuthMethods?.testAuthRequest) {
+            testResult = await definition.requiredAuthMethods.testAuthRequest(api);
+        } else {
+            testResult = await tryCommonTestMethods(api);
+        }
+
+        console.log(chalk.green('   ✓ testAuthRequest passed'));
+        results.testAuthRequest = { status: 'passed' };
+
+        if (options.verbose && testResult) {
+            console.log(chalk.gray('   Response preview:'));
+            const preview = JSON.stringify(testResult, null, 2);
+            const truncated = preview.length > 500 ? preview.slice(0, 500) + '\n   ...' : preview;
+            console.log(chalk.gray('   ' + truncated.split('\n').join('\n   ')));
+        }
+    } catch (error) {
+        console.log(chalk.red('   ✗ testAuthRequest failed'));
+        console.log(chalk.red(`   Error: ${error.message}`));
+        results.testAuthRequest = { status: 'failed', error: error.message };
+        if (options.verbose && error.stack) {
+            console.log(chalk.gray(`   Stack: ${error.stack.split('\n').slice(1, 4).join('\n   ')}`));
+        }
+        throw new Error(`Authentication test failed: ${error.message}`);
+    }
+
+    // 3. Test getEntityDetails
+    console.log(chalk.gray('\n2. Testing getEntityDetails...'));
+    const entityResult = await testGetEntityDetails(definition, api, credentials, options);
+    if (entityResult.skipped) {
+        console.log(chalk.yellow(`   ⚠ Skipped (${entityResult.reason})`));
+        results.getEntityDetails = { status: 'skipped', reason: entityResult.reason };
+    } else if (entityResult.error) {
+        console.log(chalk.red(`   ✗ Failed: ${entityResult.error}`));
+        results.getEntityDetails = { status: 'failed', error: entityResult.error };
+    } else if (!entityResult.consistent) {
+        console.log(chalk.yellow(`   ⚠ Entity mismatch (saved: ${entityResult.savedId}, fresh: ${entityResult.freshId})`));
+        results.getEntityDetails = { status: 'warning', message: 'entity mismatch' };
+    } else {
+        console.log(chalk.green(`   ✓ getEntityDetails returned consistent entity${entityResult.freshId ? ` (externalId: ${entityResult.freshId})` : ''}`));
+        results.getEntityDetails = { status: 'passed' };
+    }
+
+    // 4. Test getCredentialDetails
+    console.log(chalk.gray('\n3. Testing getCredentialDetails...'));
+    const credResult = await testGetCredentialDetails(definition, api, options);
+    if (credResult.skipped) {
+        console.log(chalk.yellow(`   ⚠ Skipped (${credResult.reason})`));
+        results.getCredentialDetails = { status: 'skipped', reason: credResult.reason };
+    } else if (credResult.error) {
+        console.log(chalk.red(`   ✗ Failed: ${credResult.error}`));
+        results.getCredentialDetails = { status: 'failed', error: credResult.error };
+    } else if (!credResult.valid) {
+        console.log(chalk.yellow('   ⚠ getCredentialDetails did not return valid identifiers'));
+        results.getCredentialDetails = { status: 'warning', message: 'invalid structure' };
+    } else {
+        console.log(chalk.green('   ✓ getCredentialDetails returned valid identifiers'));
+        results.getCredentialDetails = { status: 'passed' };
+        if (options.verbose && credResult.credentials?.identifiers) {
+            const ids = credResult.credentials.identifiers;
+            console.log(chalk.gray(`   Identifiers: ${JSON.stringify(ids)}`));
+        }
+    }
+
+    // 5. Test token refresh
+    console.log(chalk.gray('\n4. Testing token refresh...'));
+    const refreshResult = await testTokenRefresh(api, credentials, options);
+    if (refreshResult.skipped) {
+        console.log(chalk.yellow(`   ⚠ Skipped (${refreshResult.reason})`));
+        results.tokenRefresh = { status: 'skipped', reason: refreshResult.reason };
+    } else if (refreshResult.error) {
+        console.log(chalk.red(`   ✗ Failed: ${refreshResult.error}`));
+        results.tokenRefresh = { status: 'failed', error: refreshResult.error };
+    } else {
+        const tokenMsg = refreshResult.tokenChanged ? 'token refreshed successfully' : 'refresh called but token unchanged';
+        console.log(chalk.green(`   ✓ ${tokenMsg}`));
+        results.tokenRefresh = { status: 'passed', tokenChanged: refreshResult.tokenChanged };
+    }
+
+    // 6. Verify credential persistence properties
+    console.log(chalk.gray('\n5. Verifying credential properties (apiPropertiesToPersist.credential)...'));
+    const credProps = definition.requiredAuthMethods?.apiPropertiesToPersist?.credential || [];
+    results.credentialProps.total = credProps.length;
+
+    if (credProps.length === 0) {
+        console.log(chalk.gray('   (no credential properties defined)'));
+    } else {
+        for (const prop of credProps) {
+            const value = api[prop];
+            if (value !== undefined && value !== null && value !== '') {
+                console.log(chalk.green(`   ✓ ${prop}: ${maskSensitive(prop, value)}`));
+                results.credentialProps.set++;
+            } else {
+                console.log(chalk.yellow(`   ⚠ ${prop}: not set or empty`));
+            }
+        }
+    }
+
+    // 7. Verify entity persistence properties
+    console.log(chalk.gray('\n6. Verifying entity properties (apiPropertiesToPersist.entity)...'));
+    const entityProps = definition.requiredAuthMethods?.apiPropertiesToPersist?.entity || [];
+    results.entityProps.total = entityProps.length;
+
+    if (entityProps.length === 0) {
+        console.log(chalk.gray('   (no entity properties defined)'));
+    } else {
+        for (const prop of entityProps) {
+            const value = api[prop];
+            if (value !== undefined && value !== null && value !== '') {
+                console.log(chalk.green(`   ✓ ${prop}: ${maskSensitive(prop, value)}`));
+                results.entityProps.set++;
+            } else {
+                console.log(chalk.yellow(`   ⚠ ${prop}: not set or empty`));
+            }
+        }
+    }
+
+    // 8. Summary
+    console.log(chalk.blue('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+    console.log(chalk.blue('Summary'));
+    console.log(chalk.blue('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n'));
+
+    printSummaryLine('testAuthRequest', results.testAuthRequest);
+    printSummaryLine('getEntityDetails', results.getEntityDetails);
+    printSummaryLine('getCredentialDetails', results.getCredentialDetails);
+    printSummaryLine('tokenRefresh', results.tokenRefresh);
+
+    const credPropsStatus = results.credentialProps.total === 0
+        ? chalk.gray('n/a')
+        : (results.credentialProps.set === results.credentialProps.total
+            ? chalk.green(`${results.credentialProps.set}/${results.credentialProps.total} set`)
+            : chalk.yellow(`${results.credentialProps.set}/${results.credentialProps.total} set`));
+    console.log(`  credentialProps:      ${credPropsStatus}`);
+
+    const entityPropsStatus = results.entityProps.total === 0
+        ? chalk.gray('n/a')
+        : (results.entityProps.set === results.entityProps.total
+            ? chalk.green(`${results.entityProps.set}/${results.entityProps.total} set`)
+            : chalk.yellow(`${results.entityProps.set}/${results.entityProps.total} set`));
+    console.log(`  entityProps:          ${entityPropsStatus}`);
+
+    console.log('');
+
+    // Check if any critical tests failed
+    const criticalFailed = results.testAuthRequest.status === 'failed';
+    if (criticalFailed) {
+        throw new Error('Critical authentication tests failed');
+    }
+
+    console.log(chalk.green('✓ All authentication tests passed'));
+
+    return {
+        testAuthRequestPassed: results.testAuthRequest.status === 'passed',
+        getEntityDetailsPassed: results.getEntityDetails.status === 'passed',
+        getCredentialDetailsPassed: results.getCredentialDetails.status === 'passed',
+        tokenRefreshPassed: results.tokenRefresh.status === 'passed',
+        credentialPropertiesValid: results.credentialProps.set === results.credentialProps.total,
+        entityPropertiesValid: results.entityProps.set === results.entityProps.total,
+    };
+}
+
+function printSummaryLine(name, result) {
+    const paddedName = (name + ':').padEnd(22);
+    let statusText;
+
+    switch (result.status) {
+        case 'passed':
+            statusText = chalk.green('✓ passed');
+            break;
+        case 'failed':
+            statusText = chalk.red('✗ failed');
+            break;
+        case 'skipped':
+            statusText = chalk.yellow(`⚠ skipped${result.reason ? ` (${result.reason})` : ''}`);
+            break;
+        case 'warning':
+            statusText = chalk.yellow(`⚠ ${result.message || 'warning'}`);
+            break;
+        default:
+            statusText = chalk.gray('pending');
+    }
+
+    console.log(`  ${paddedName}${statusText}`);
+}
+
+async function testGetEntityDetails(definition, api, savedCredentials, options) {
+    if (!definition.requiredAuthMethods?.getEntityDetails) {
+        return { skipped: true, reason: 'not defined' };
+    }
+
+    try {
+        const freshEntity = await definition.requiredAuthMethods.getEntityDetails(
+            api,
+            {},  // callbackParams
+            {},  // tokenResponse
+            'cli-test-user'
+        );
+
+        const savedId = savedCredentials.entity?.identifiers?.externalId;
+        const freshId = freshEntity?.identifiers?.externalId;
+        const consistent = !savedId || !freshId || savedId === freshId;
+
+        return {
+            success: true,
+            consistent,
+            freshId,
+            savedId,
+            freshEntity
+        };
+    } catch (error) {
+        return { error: error.message };
+    }
+}
+
+async function testGetCredentialDetails(definition, api, options) {
+    if (!definition.requiredAuthMethods?.getCredentialDetails) {
+        return { skipped: true, reason: 'not defined' };
+    }
+
+    try {
+        const credentials = await definition.requiredAuthMethods.getCredentialDetails(
+            api,
+            'cli-test-user'
+        );
+
+        const valid = credentials && typeof credentials.identifiers === 'object';
+        return { success: true, valid, credentials };
+    } catch (error) {
+        return { error: error.message };
+    }
+}
+
+async function testTokenRefresh(api, savedCredentials, options) {
+    // Check if refresh token exists
+    if (!savedCredentials.tokens?.refresh_token) {
+        return { skipped: true, reason: 'no refresh token' };
+    }
+
+    // Check if API supports refresh
+    if (typeof api.refreshAccessToken !== 'function') {
+        return { skipped: true, reason: 'refreshAccessToken not implemented' };
+    }
+
+    try {
+        const oldToken = api.access_token;
+        await api.refreshAccessToken({ refresh_token: api.refresh_token });
+        const newToken = api.access_token;
+
+        return {
+            success: true,
+            tokenChanged: newToken !== oldToken
+        };
+    } catch (error) {
+        return { error: error.message };
+    }
+}
+
+async function tryCommonTestMethods(api) {
+    const methodsToTry = [
+        'getUserDetails',
+        'getUser',
+        'getCurrentUser',
+        'getMe',
+        'getAccount',
+        'getProfile',
+    ];
+
+    for (const method of methodsToTry) {
+        if (typeof api[method] === 'function') {
+            return await api[method]();
+        }
+    }
+
+    throw new Error('No testAuthRequest method defined and no common test methods available');
+}
+
+function maskSensitive(prop, value) {
+    const sensitiveProps = [
+        'access_token',
+        'refresh_token',
+        'api_key',
+        'apiKey',
+        'client_secret',
+        'password',
+        'secret',
+        'token',
+    ];
+
+    const propLower = prop.toLowerCase();
+    const isSensitive = sensitiveProps.some(sp => propLower.includes(sp.toLowerCase()));
+
+    if (isSensitive && typeof value === 'string') {
+        if (value.length <= 8) {
+            return '***';
+        }
+        return value.slice(0, 4) + '...' + value.slice(-4);
+    }
+
+    const strValue = String(value);
+    if (strValue.length > 50) {
+        return strValue.slice(0, 47) + '...';
+    }
+
+    return strValue;
+}
+
+module.exports = { runAuthTests };

package/frigg-cli/auth-command/credential-storage.js

@@ -0,0 +1,182 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+class CredentialStorage {
+    constructor(options = {}) {
+        // Global storage in user home directory
+        this.globalPath = path.join(os.homedir(), '.frigg-credentials.json');
+        // Project-local storage (if in a Frigg project)
+        this.localPath = path.join(process.cwd(), '.frigg-credentials.json');
+        // Allow override via options
+        this.customPath = options.path || null;
+    }
+
+    getStoragePath() {
+        // Priority: custom > local (if exists) > global
+        if (this.customPath) {
+            return this.customPath;
+        }
+        if (fs.existsSync(this.localPath)) {
+            return this.localPath;
+        }
+        return this.globalPath;
+    }
+
+    getWritePath() {
+        // Priority: custom > local (if in project) > global
+        if (this.customPath) {
+            return this.customPath;
+        }
+        if (this.isInProject()) {
+            return this.localPath;
+        }
+        return this.globalPath;
+    }
+
+    async load() {
+        const filePath = this.getStoragePath();
+
+        if (!fs.existsSync(filePath)) {
+            return {
+                _meta: {
+                    version: 1,
+                    warning: 'DO NOT COMMIT THIS FILE - contains sensitive credentials'
+                },
+                modules: {}
+            };
+        }
+
+        try {
+            const content = fs.readFileSync(filePath, 'utf8');
+            return JSON.parse(content);
+        } catch (err) {
+            console.warn(`Warning: Could not read credentials file: ${err.message}`);
+            return { _meta: { version: 1 }, modules: {} };
+        }
+    }
+
+    async save(moduleName, credentials, authType) {
+        const data = await this.load();
+
+        data.modules[moduleName] = {
+            ...credentials,
+            authType,
+            savedAt: new Date().toISOString(),
+        };
+
+        const targetPath = this.getWritePath();
+
+        // Ensure directory exists
+        const dir = path.dirname(targetPath);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true });
+        }
+
+        fs.writeFileSync(targetPath, JSON.stringify(data, null, 2));
+
+        // Add to .gitignore if saving locally
+        if (targetPath === this.localPath) {
+            this.ensureGitIgnore();
+        }
+
+        return targetPath;
+    }
+
+    async get(moduleName) {
+        const data = await this.load();
+        return data.modules[moduleName] || null;
+    }
+
+    async list() {
+        const data = await this.load();
+        return Object.entries(data.modules).map(([name, creds]) => ({
+            module: name,
+            authType: creds.authType,
+            savedAt: creds.savedAt,
+            entity: creds.entity?.details?.name || creds.entity?.identifiers?.externalId || 'Unknown',
+            hasAccessToken: !!(creds.tokens?.access_token || creds.apiKey),
+            hasRefreshToken: !!creds.tokens?.refresh_token,
+        }));
+    }
+
+    async delete(moduleName) {
+        const data = await this.load();
+
+        if (!data.modules[moduleName]) {
+            return false;
+        }
+
+        delete data.modules[moduleName];
+
+        const targetPath = this.getStoragePath();
+        fs.writeFileSync(targetPath, JSON.stringify(data, null, 2));
+        return true;
+    }
+
+    async deleteAll() {
+        const data = {
+            _meta: {
+                version: 1,
+                warning: 'DO NOT COMMIT THIS FILE - contains sensitive credentials'
+            },
+            modules: {}
+        };
+
+        const targetPath = this.getStoragePath();
+        fs.writeFileSync(targetPath, JSON.stringify(data, null, 2));
+    }
+
+    isInProject() {
+        // Check for indicators of a Frigg project
+        const indicators = [
+            path.join(process.cwd(), 'backend', 'index.js'),
+            path.join(process.cwd(), 'infrastructure.js'),
+            path.join(process.cwd(), 'backend', 'infrastructure.js'),
+            path.join(process.cwd(), 'package.json'),
+        ];
+
+        for (const indicator of indicators) {
+            if (fs.existsSync(indicator)) {
+                // Additional check: look for frigg-related content in package.json
+                if (indicator.endsWith('package.json')) {
+                    try {
+                        const pkg = JSON.parse(fs.readFileSync(indicator, 'utf8'));
+                        if (pkg.dependencies?.['@friggframework/core'] ||
+                            pkg.devDependencies?.['@friggframework/core'] ||
+                            pkg.name?.includes('frigg')) {
+                            return true;
+                        }
+                    } catch {
+                        // Ignore parse errors
+                    }
+                } else {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    ensureGitIgnore() {
+        const gitignorePath = path.join(process.cwd(), '.gitignore');
+        const entry = '.frigg-credentials.json';
+
+        try {
+            if (fs.existsSync(gitignorePath)) {
+                const content = fs.readFileSync(gitignorePath, 'utf8');
+                if (!content.includes(entry)) {
+                    fs.appendFileSync(gitignorePath, `\n# Frigg auth credentials (DO NOT COMMIT)\n${entry}\n`);
+                }
+            } else {
+                // Create new .gitignore
+                fs.writeFileSync(gitignorePath, `# Frigg auth credentials (DO NOT COMMIT)\n${entry}\n`);
+            }
+        } catch (err) {
+            console.warn(`Warning: Could not update .gitignore: ${err.message}`);
+        }
+    }
+}
+
+module.exports = { CredentialStorage };