@geekmidas/cli 0.10.0 → 0.13.0

package/src/auth/credentials.ts

@@ -0,0 +1,187 @@
+import { existsSync, mkdirSync } from 'node:fs';
+import { readFile, unlink, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+/**
+ * Stored credentials for various services
+ */
+export interface StoredCredentials {
+	dokploy?: {
+		/** API token */
+		token: string;
+		/** Dokploy endpoint URL */
+		endpoint: string;
+		/** When the credentials were stored */
+		storedAt: string;
+	};
+}
+
+/**
+ * Options for credential operations
+ */
+export interface CredentialOptions {
+	/** Root directory for credentials storage (default: user home directory) */
+	root?: string;
+}
+
+/**
+ * Get the path to the credentials directory
+ */
+export function getCredentialsDir(options?: CredentialOptions): string {
+	const root = options?.root ?? homedir();
+	return join(root, '.gkm');
+}
+
+/**
+ * Get the path to the credentials file
+ */
+export function getCredentialsPath(options?: CredentialOptions): string {
+	return join(getCredentialsDir(options), 'credentials.json');
+}
+
+/**
+ * Ensure the credentials directory exists
+ */
+function ensureCredentialsDir(options?: CredentialOptions): void {
+	const dir = getCredentialsDir(options);
+	if (!existsSync(dir)) {
+		mkdirSync(dir, { recursive: true, mode: 0o700 });
+	}
+}
+
+/**
+ * Read stored credentials from disk
+ */
+export async function readCredentials(
+	options?: CredentialOptions,
+): Promise<StoredCredentials> {
+	const path = getCredentialsPath(options);
+
+	if (!existsSync(path)) {
+		return {};
+	}
+
+	try {
+		const content = await readFile(path, 'utf-8');
+		return JSON.parse(content) as StoredCredentials;
+	} catch {
+		return {};
+	}
+}
+
+/**
+ * Write credentials to disk
+ */
+export async function writeCredentials(
+	credentials: StoredCredentials,
+	options?: CredentialOptions,
+): Promise<void> {
+	ensureCredentialsDir(options);
+	const path = getCredentialsPath(options);
+
+	await writeFile(path, JSON.stringify(credentials, null, 2), {
+		mode: 0o600, // Owner read/write only
+	});
+}
+
+/**
+ * Store Dokploy credentials
+ */
+export async function storeDokployCredentials(
+	token: string,
+	endpoint: string,
+	options?: CredentialOptions,
+): Promise<void> {
+	const credentials = await readCredentials(options);
+
+	credentials.dokploy = {
+		token,
+		endpoint,
+		storedAt: new Date().toISOString(),
+	};
+
+	await writeCredentials(credentials, options);
+}
+
+/**
+ * Get stored Dokploy credentials
+ */
+export async function getDokployCredentials(
+	options?: CredentialOptions,
+): Promise<{
+	token: string;
+	endpoint: string;
+} | null> {
+	const credentials = await readCredentials(options);
+
+	if (!credentials.dokploy) {
+		return null;
+	}
+
+	return {
+		token: credentials.dokploy.token,
+		endpoint: credentials.dokploy.endpoint,
+	};
+}
+
+/**
+ * Remove Dokploy credentials
+ */
+export async function removeDokployCredentials(
+	options?: CredentialOptions,
+): Promise<boolean> {
+	const credentials = await readCredentials(options);
+
+	if (!credentials.dokploy) {
+		return false;
+	}
+
+	delete credentials.dokploy;
+	await writeCredentials(credentials, options);
+	return true;
+}
+
+/**
+ * Remove all stored credentials
+ */
+export async function removeAllCredentials(
+	options?: CredentialOptions,
+): Promise<void> {
+	const path = getCredentialsPath(options);
+
+	if (existsSync(path)) {
+		await unlink(path);
+	}
+}
+
+/**
+ * Get Dokploy API token, checking stored credentials first, then environment
+ */
+export async function getDokployToken(
+	options?: CredentialOptions,
+): Promise<string | null> {
+	// First check environment variable (takes precedence)
+	const envToken = process.env.DOKPLOY_API_TOKEN;
+	if (envToken) {
+		return envToken;
+	}
+
+	// Then check stored credentials
+	const stored = await getDokployCredentials(options);
+	if (stored) {
+		return stored.token;
+	}
+
+	return null;
+}
+
+/**
+ * Get Dokploy endpoint from stored credentials
+ */
+export async function getDokployEndpoint(
+	options?: CredentialOptions,
+): Promise<string | null> {
+	const stored = await getDokployCredentials(options);
+	return stored?.endpoint ?? null;
+}

package/src/auth/index.ts

@@ -0,0 +1,226 @@
+import { stdin as input, stdout as output } from 'node:process';
+import * as readline from 'node:readline/promises';
+import {
+	getCredentialsPath,
+	getDokployCredentials,
+	removeDokployCredentials,
+	storeDokployCredentials,
+} from './credentials';
+
+const logger = console;
+
+export interface LoginOptions {
+	/** Service to login to */
+	service: 'dokploy';
+	/** API token (if not provided, will prompt) */
+	token?: string;
+	/** Endpoint URL */
+	endpoint?: string;
+}
+
+export interface LogoutOptions {
+	/** Service to logout from */
+	service?: 'dokploy' | 'all';
+}
+
+/**
+ * Validate Dokploy token by making a test API call
+ */
+export async function validateDokployToken(
+	endpoint: string,
+	token: string,
+): Promise<boolean> {
+	try {
+		const response = await fetch(`${endpoint}/api/project.all`, {
+			method: 'GET',
+			headers: {
+				'Content-Type': 'application/json',
+				Authorization: `Bearer ${token}`,
+			},
+		});
+
+		return response.ok;
+	} catch {
+		return false;
+	}
+}
+
+/**
+ * Prompt for input (handles both TTY and non-TTY)
+ */
+async function prompt(message: string, hidden = false): Promise<string> {
+	if (!process.stdin.isTTY) {
+		throw new Error(
+			'Interactive input required. Please provide --token option.',
+		);
+	}
+
+	const rl = readline.createInterface({ input, output });
+
+	try {
+		if (hidden) {
+			// For hidden input, we need to handle it differently
+			process.stdout.write(message);
+
+			return new Promise((resolve) => {
+				let value = '';
+
+				const onData = (char: Buffer) => {
+					const c = char.toString();
+
+					if (c === '\n' || c === '\r') {
+						process.stdin.removeListener('data', onData);
+						process.stdin.setRawMode(false);
+						process.stdout.write('\n');
+						resolve(value);
+					} else if (c === '\u0003') {
+						// Ctrl+C
+						process.exit(1);
+					} else if (c === '\u007F' || c === '\b') {
+						// Backspace
+						if (value.length > 0) {
+							value = value.slice(0, -1);
+						}
+					} else {
+						value += c;
+					}
+				};
+
+				process.stdin.setRawMode(true);
+				process.stdin.resume();
+				process.stdin.on('data', onData);
+			});
+		} else {
+			return await rl.question(message);
+		}
+	} finally {
+		rl.close();
+	}
+}
+
+/**
+ * Login to a service
+ */
+export async function loginCommand(options: LoginOptions): Promise<void> {
+	const { service, token: providedToken, endpoint: providedEndpoint } = options;
+
+	if (service === 'dokploy') {
+		logger.log('\n🔐 Logging in to Dokploy...\n');
+
+		// Get endpoint
+		let endpoint = providedEndpoint;
+		if (!endpoint) {
+			endpoint = await prompt(
+				'Dokploy URL (e.g., https://dokploy.example.com): ',
+			);
+		}
+
+		// Normalize endpoint (remove trailing slash)
+		endpoint = endpoint.replace(/\/$/, '');
+
+		// Validate endpoint format
+		try {
+			new URL(endpoint);
+		} catch {
+			logger.error('Invalid URL format');
+			process.exit(1);
+		}
+
+		// Get token
+		let token = providedToken;
+		if (!token) {
+			logger.log(`\nGenerate a token at: ${endpoint}/settings/profile\n`);
+			token = await prompt('API Token: ', true);
+		}
+
+		if (!token) {
+			logger.error('Token is required');
+			process.exit(1);
+		}
+
+		// Validate token
+		logger.log('\nValidating credentials...');
+		const isValid = await validateDokployToken(endpoint, token);
+
+		if (!isValid) {
+			logger.error(
+				'\n✗ Invalid credentials. Please check your token and try again.',
+			);
+			process.exit(1);
+		}
+
+		// Store credentials
+		await storeDokployCredentials(token, endpoint);
+
+		logger.log('\n✓ Successfully logged in to Dokploy!');
+		logger.log(`  Endpoint: ${endpoint}`);
+		logger.log(`  Credentials stored in: ${getCredentialsPath()}`);
+		logger.log(
+			'\nYou can now use deploy commands without setting DOKPLOY_API_TOKEN.',
+		);
+	}
+}
+
+/**
+ * Logout from a service
+ */
+export async function logoutCommand(options: LogoutOptions): Promise<void> {
+	const { service = 'dokploy' } = options;
+
+	if (service === 'all') {
+		const dokployRemoved = await removeDokployCredentials();
+
+		if (dokployRemoved) {
+			logger.log('\n✓ Logged out from all services');
+		} else {
+			logger.log('\nNo stored credentials found');
+		}
+		return;
+	}
+
+	if (service === 'dokploy') {
+		const removed = await removeDokployCredentials();
+
+		if (removed) {
+			logger.log('\n✓ Logged out from Dokploy');
+		} else {
+			logger.log('\nNo Dokploy credentials found');
+		}
+	}
+}
+
+/**
+ * Show current login status
+ */
+export async function whoamiCommand(): Promise<void> {
+	logger.log('\n📋 Current credentials:\n');
+
+	const dokploy = await getDokployCredentials();
+
+	if (dokploy) {
+		logger.log('  Dokploy:');
+		logger.log(`    Endpoint: ${dokploy.endpoint}`);
+		logger.log(`    Token: ${maskToken(dokploy.token)}`);
+	} else {
+		logger.log('  Dokploy: Not logged in');
+	}
+
+	logger.log(`\n  Credentials file: ${getCredentialsPath()}`);
+}
+
+/**
+ * Mask a token for display
+ */
+export function maskToken(token: string): string {
+	if (token.length <= 8) {
+		return '****';
+	}
+	return `${token.slice(0, 4)}...${token.slice(-4)}`;
+}
+
+// Re-export credentials utilities for use in other modules
+export {
+	getDokployCredentials,
+	getDokployEndpoint,
+	getDokployToken,
+} from './credentials';