@geekmidas/cli 0.12.0 → 0.14.0

package/src/auth/__tests__/index.spec.ts

@@ -166,3 +166,72 @@ describe('URL normalization', () => {
 		expect(() => new URL('invalid-url')).toThrow();
 	});
 });
+
+describe('logoutCommand', () => {
+	let tempDir: string;
+
+	beforeEach(async () => {
+		tempDir = join(tmpdir(), `gkm-logout-test-${Date.now()}`);
+		await mkdir(tempDir, { recursive: true });
+	});
+
+	afterEach(async () => {
+		if (existsSync(tempDir)) {
+			await rm(tempDir, { recursive: true });
+		}
+	});
+
+	it('should remove dokploy credentials', async () => {
+		// First store credentials
+		await storeDokployCredentials('my-token', 'https://dokploy.example.com', {
+			root: tempDir,
+		});
+
+		// Verify they exist
+		let creds = await getDokployCredentials({ root: tempDir });
+		expect(creds).not.toBeNull();
+
+		// Remove credentials
+		const removed = await removeDokployCredentials({ root: tempDir });
+		expect(removed).toBe(true);
+
+		// Verify they're gone
+		creds = await getDokployCredentials({ root: tempDir });
+		expect(creds).toBeNull();
+	});
+
+	it('should return false when no credentials to remove', async () => {
+		const removed = await removeDokployCredentials({ root: tempDir });
+		expect(removed).toBe(false);
+	});
+});
+
+describe('whoamiCommand helpers', () => {
+	let tempDir: string;
+
+	beforeEach(async () => {
+		tempDir = join(tmpdir(), `gkm-whoami-test-${Date.now()}`);
+		await mkdir(tempDir, { recursive: true });
+	});
+
+	afterEach(async () => {
+		if (existsSync(tempDir)) {
+			await rm(tempDir, { recursive: true });
+		}
+	});
+
+	it('should return null when no credentials stored', async () => {
+		const creds = await getDokployCredentials({ root: tempDir });
+		expect(creds).toBeNull();
+	});
+
+	it('should return credentials when stored', async () => {
+		await storeDokployCredentials('test-token', 'https://test.example.com', {
+			root: tempDir,
+		});
+
+		const creds = await getDokployCredentials({ root: tempDir });
+		expect(creds).not.toBeNull();
+		expect(creds!.endpoint).toBe('https://test.example.com');
+	});
+});

package/src/auth/credentials.ts

@@ -12,6 +12,8 @@ export interface StoredCredentials {
 		token: string;
 		/** Dokploy endpoint URL */
 		endpoint: string;
+		/** Registry ID in Dokploy (for Docker image pulls) */
+		registryId?: string;
 		/** When the credentials were stored */
 		storedAt: string;
 	};
@@ -112,6 +114,7 @@ export async function getDokployCredentials(
 ): Promise<{
 	token: string;
 	endpoint: string;
+	registryId?: string;
 } | null> {
 	const credentials = await readCredentials(options);
 
@@ -122,6 +125,7 @@ export async function getDokployCredentials(
 	return {
 		token: credentials.dokploy.token,
 		endpoint: credentials.dokploy.endpoint,
+		registryId: credentials.dokploy.registryId,
 	};
 }
 
@@ -185,3 +189,32 @@ export async function getDokployEndpoint(
 	const stored = await getDokployCredentials(options);
 	return stored?.endpoint ?? null;
 }
+
+/**
+ * Store Dokploy registry ID
+ */
+export async function storeDokployRegistryId(
+	registryId: string,
+	options?: CredentialOptions,
+): Promise<void> {
+	const credentials = await readCredentials(options);
+
+	if (!credentials.dokploy) {
+		throw new Error(
+			'Dokploy credentials not found. Run "gkm login --service dokploy" first.',
+		);
+	}
+
+	credentials.dokploy.registryId = registryId;
+	await writeCredentials(credentials, options);
+}
+
+/**
+ * Get Dokploy registry ID from stored credentials
+ */
+export async function getDokployRegistryId(
+	options?: CredentialOptions,
+): Promise<string | undefined> {
+	const stored = await getDokployCredentials(options);
+	return stored?.registryId ?? undefined;
+}

package/src/auth/index.ts

@@ -30,19 +30,9 @@ export async function validateDokployToken(
 	endpoint: string,
 	token: string,
 ): Promise<boolean> {
-	try {
-		const response = await fetch(`${endpoint}/api/project.all`, {
-			method: 'GET',
-			headers: {
-				'Content-Type': 'application/json',
-				Authorization: `Bearer ${token}`,
-			},
-		});
-
-		return response.ok;
-	} catch {
-		return false;
-	}
+	const { DokployApi } = await import('../deploy/dokploy-api');
+	const api = new DokployApi({ baseUrl: endpoint, token });
+	return api.validateToken();
 }
 
 /**
@@ -55,46 +45,60 @@ async function prompt(message: string, hidden = false): Promise<string> {
 		);
 	}
 
-	const rl = readline.createInterface({ input, output });
-
-	try {
-		if (hidden) {
-			// For hidden input, we need to handle it differently
-			process.stdout.write(message);
-
-			return new Promise((resolve) => {
-				let value = '';
-
-				const onData = (char: Buffer) => {
-					const c = char.toString();
-
-					if (c === '\n' || c === '\r') {
-						process.stdin.removeListener('data', onData);
-						process.stdin.setRawMode(false);
-						process.stdout.write('\n');
-						resolve(value);
-					} else if (c === '\u0003') {
-						// Ctrl+C
-						process.exit(1);
-					} else if (c === '\u007F' || c === '\b') {
-						// Backspace
-						if (value.length > 0) {
-							value = value.slice(0, -1);
-						}
-					} else {
-						value += c;
+	if (hidden) {
+		// For hidden input, use raw mode directly without readline
+		process.stdout.write(message);
+
+		return new Promise((resolve, reject) => {
+			let value = '';
+
+			const cleanup = () => {
+				process.stdin.setRawMode(false);
+				process.stdin.pause();
+				process.stdin.removeListener('data', onData);
+				process.stdin.removeListener('error', onError);
+			};
+
+			const onError = (err: Error) => {
+				cleanup();
+				reject(err);
+			};
+
+			const onData = (char: Buffer) => {
+				const c = char.toString();
+
+				if (c === '\n' || c === '\r') {
+					cleanup();
+					process.stdout.write('\n');
+					resolve(value);
+				} else if (c === '\u0003') {
+					// Ctrl+C
+					cleanup();
+					process.stdout.write('\n');
+					process.exit(1);
+				} else if (c === '\u007F' || c === '\b') {
+					// Backspace
+					if (value.length > 0) {
+						value = value.slice(0, -1);
 					}
-				};
-
-				process.stdin.setRawMode(true);
-				process.stdin.resume();
-				process.stdin.on('data', onData);
-			});
-		} else {
+				} else {
+					value += c;
+				}
+			};
+
+			process.stdin.setRawMode(true);
+			process.stdin.resume();
+			process.stdin.on('data', onData);
+			process.stdin.on('error', onError);
+		});
+	} else {
+		// For visible input, use readline
+		const rl = readline.createInterface({ input, output });
+		try {
 			return await rl.question(message);
+		} finally {
+			rl.close();
 		}
-	} finally {
-		rl.close();
 	}
 }
 
@@ -222,5 +226,8 @@ export function maskToken(token: string): string {
 export {
 	getDokployCredentials,
 	getDokployEndpoint,
+	getDokployRegistryId,
 	getDokployToken,
+	storeDokployCredentials,
+	storeDokployRegistryId,
 } from './credentials';

package/src/build/__tests__/bundler.spec.ts

@@ -0,0 +1,444 @@
+import { mkdir, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import type { Construct } from '@geekmidas/constructs';
+import { itWithDir } from '@geekmidas/testkit/os';
+import { beforeEach, describe, expect, vi } from 'vitest';
+import type { StageSecrets } from '../../secrets/types';
+import { bundleServer } from '../bundler';
+
+// Mock child_process to avoid actually running tsdown
+vi.mock('node:child_process', () => ({
+	spawnSync: vi.fn().mockReturnValue({ status: 0, error: null }),
+}));
+
+// Mock construct that returns specific environment variables
+function createMockConstruct(envVars: string[]): Construct {
+	return {
+		getEnvironment: vi.fn().mockResolvedValue(envVars),
+	} as unknown as Construct;
+}
+
+// Helper to create a minimal secrets file
+async function createSecretsFile(
+	dir: string,
+	stage: string,
+	secrets: Partial<StageSecrets>,
+): Promise<void> {
+	const secretsDir = join(dir, '.gkm', 'secrets');
+	await mkdir(secretsDir, { recursive: true });
+
+	const fullSecrets: StageSecrets = {
+		stage,
+		createdAt: new Date().toISOString(),
+		updatedAt: new Date().toISOString(),
+		services: {},
+		urls: {},
+		custom: {},
+		...secrets,
+	};
+
+	await writeFile(
+		join(secretsDir, `${stage}.json`),
+		JSON.stringify(fullSecrets, null, 2),
+	);
+}
+
+// Helper to create a minimal entry point file and mock the bundle output
+async function createEntryPoint(dir: string): Promise<string> {
+	const outputDir = join(dir, '.gkm', 'server');
+	const distDir = join(outputDir, 'dist');
+	await mkdir(outputDir, { recursive: true });
+	await mkdir(distDir, { recursive: true });
+
+	const entryPoint = join(outputDir, 'server.ts');
+	await writeFile(entryPoint, 'console.log("hello");');
+
+	// Create the output file that tsdown would normally create
+	// (since we're mocking execSync, the file won't be created automatically)
+	await writeFile(join(distDir, 'server.js'), 'console.log("bundled");');
+
+	return entryPoint;
+}
+
+describe('bundleServer environment validation', () => {
+	beforeEach(() => {
+		vi.clearAllMocks();
+	});
+
+	itWithDir(
+		'should pass validation when all required env vars are present',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				urls: { DATABASE_URL: 'postgresql://localhost/db' },
+				custom: { API_KEY: 'sk_test_123' },
+			});
+
+			const constructs = [
+				createMockConstruct(['DATABASE_URL']),
+				createMockConstruct(['API_KEY']),
+			];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				// Should not throw
+				const result = await bundleServer({
+					entryPoint,
+					outputDir: join(dir, '.gkm', 'server', 'dist'),
+					minify: false,
+					sourcemap: false,
+					external: [],
+					stage: 'production',
+					constructs,
+				});
+
+				expect(result.masterKey).toBeDefined();
+				expect(constructs[0].getEnvironment).toHaveBeenCalled();
+				expect(constructs[1].getEnvironment).toHaveBeenCalled();
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should throw error when required env vars are missing',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				urls: { DATABASE_URL: 'postgresql://localhost/db' },
+				custom: {},
+			});
+
+			const constructs = [
+				createMockConstruct(['DATABASE_URL', 'API_KEY', 'JWT_SECRET']),
+			];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				await expect(
+					bundleServer({
+						entryPoint,
+						outputDir: join(dir, '.gkm', 'server', 'dist'),
+						minify: false,
+						sourcemap: false,
+						external: [],
+						stage: 'production',
+						constructs,
+					}),
+				).rejects.toThrow('Missing environment variables');
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should include missing variables in error message',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'staging', {
+				custom: { EXISTING_VAR: 'value' },
+			});
+
+			const constructs = [
+				createMockConstruct(['EXISTING_VAR', 'MISSING_VAR_1', 'MISSING_VAR_2']),
+			];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				await expect(
+					bundleServer({
+						entryPoint,
+						outputDir: join(dir, '.gkm', 'server', 'dist'),
+						minify: false,
+						sourcemap: false,
+						external: [],
+						stage: 'staging',
+						constructs,
+					}),
+				).rejects.toThrow(/MISSING_VAR_1/);
+
+				await expect(
+					bundleServer({
+						entryPoint,
+						outputDir: join(dir, '.gkm', 'server', 'dist'),
+						minify: false,
+						sourcemap: false,
+						external: [],
+						stage: 'staging',
+						constructs,
+					}),
+				).rejects.toThrow(/MISSING_VAR_2/);
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should collect env vars from multiple constructs',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				urls: { DATABASE_URL: 'postgresql://localhost/db' },
+				custom: {
+					API_KEY: 'key',
+					REDIS_URL: 'redis://localhost',
+					JWT_SECRET: 'secret',
+				},
+			});
+
+			const constructs = [
+				createMockConstruct(['DATABASE_URL']),
+				createMockConstruct(['API_KEY', 'REDIS_URL']),
+				createMockConstruct(['JWT_SECRET']),
+			];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				const result = await bundleServer({
+					entryPoint,
+					outputDir: join(dir, '.gkm', 'server', 'dist'),
+					minify: false,
+					sourcemap: false,
+					external: [],
+					stage: 'production',
+					constructs,
+				});
+
+				expect(result.masterKey).toBeDefined();
+
+				// All constructs should have been checked
+				for (const construct of constructs) {
+					expect(construct.getEnvironment).toHaveBeenCalled();
+				}
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should deduplicate env vars from multiple constructs',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				custom: { SHARED_VAR: 'value' },
+			});
+
+			// Multiple constructs requiring the same variable
+			const constructs = [
+				createMockConstruct(['SHARED_VAR']),
+				createMockConstruct(['SHARED_VAR']),
+				createMockConstruct(['SHARED_VAR']),
+			];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				// Should pass since SHARED_VAR is provided once
+				const result = await bundleServer({
+					entryPoint,
+					outputDir: join(dir, '.gkm', 'server', 'dist'),
+					minify: false,
+					sourcemap: false,
+					external: [],
+					stage: 'production',
+					constructs,
+				});
+
+				expect(result.masterKey).toBeDefined();
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should skip validation when no constructs provided',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				custom: {},
+			});
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				// Should not throw even with empty secrets
+				const result = await bundleServer({
+					entryPoint,
+					outputDir: join(dir, '.gkm', 'server', 'dist'),
+					minify: false,
+					sourcemap: false,
+					external: [],
+					stage: 'production',
+					constructs: [],
+				});
+
+				expect(result.masterKey).toBeDefined();
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should skip validation when constructs is undefined',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				custom: {},
+			});
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				const result = await bundleServer({
+					entryPoint,
+					outputDir: join(dir, '.gkm', 'server', 'dist'),
+					minify: false,
+					sourcemap: false,
+					external: [],
+					stage: 'production',
+					// No constructs provided
+				});
+
+				expect(result.masterKey).toBeDefined();
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should recognize service credentials as provided',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'production', {
+				services: {
+					postgres: {
+						host: 'localhost',
+						port: 5432,
+						username: 'app',
+						password: 'secret',
+						database: 'mydb',
+					},
+				},
+			});
+
+			const constructs = [
+				createMockConstruct([
+					'POSTGRES_HOST',
+					'POSTGRES_PORT',
+					'POSTGRES_USER',
+					'POSTGRES_PASSWORD',
+					'POSTGRES_DB',
+				]),
+			];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				const result = await bundleServer({
+					entryPoint,
+					outputDir: join(dir, '.gkm', 'server', 'dist'),
+					minify: false,
+					sourcemap: false,
+					external: [],
+					stage: 'production',
+					constructs,
+				});
+
+				expect(result.masterKey).toBeDefined();
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should throw when secrets file does not exist',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			// Don't create secrets file
+
+			const constructs = [createMockConstruct(['DATABASE_URL'])];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				await expect(
+					bundleServer({
+						entryPoint,
+						outputDir: join(dir, '.gkm', 'server', 'dist'),
+						minify: false,
+						sourcemap: false,
+						external: [],
+						stage: 'production',
+						constructs,
+					}),
+				).rejects.toThrow('No secrets found for stage "production"');
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+
+	itWithDir(
+		'should include helpful instructions in error message',
+		async ({ dir }) => {
+			const entryPoint = await createEntryPoint(dir);
+			await createSecretsFile(dir, 'myapp', {
+				custom: {},
+			});
+
+			const constructs = [createMockConstruct(['MISSING_VAR'])];
+
+			const originalCwd = process.cwd();
+			process.chdir(dir);
+
+			try {
+				await expect(
+					bundleServer({
+						entryPoint,
+						outputDir: join(dir, '.gkm', 'server', 'dist'),
+						minify: false,
+						sourcemap: false,
+						external: [],
+						stage: 'myapp',
+						constructs,
+					}),
+				).rejects.toThrow(/gkm secrets:set/);
+
+				await expect(
+					bundleServer({
+						entryPoint,
+						outputDir: join(dir, '.gkm', 'server', 'dist'),
+						minify: false,
+						sourcemap: false,
+						external: [],
+						stage: 'myapp',
+						constructs,
+					}),
+				).rejects.toThrow(/gkm secrets:import/);
+			} finally {
+				process.chdir(originalCwd);
+			}
+		},
+	);
+});