npm - @insforge/cli - Versions diffs - 0.1.57 → 0.1.58 - Mend

@insforge/cli 0.1.57 → 0.1.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -539,6 +539,9 @@ To sign in, open this URL in your browser:
 // src/lib/credentials.ts
 import * as clack3 from "@clack/prompts";
+function isPatLogin(creds) {
+  return creds?.refresh_token?.startsWith("uak_") ?? false;
+}
 async function requireAuth(apiUrl, allowOssBypass = true) {
   const projConfig = getProjectConfig();
   if (allowOssBypass && projConfig?.project_id === FAKE_PROJECT_ID) {
@@ -556,6 +559,10 @@ async function requireAuth(apiUrl, allowOssBypass = true) {
   }
   const creds = getCredentials();
   if (creds && creds.access_token) return creds;
+  if (isPatLogin(creds)) {
+    await refreshAccessToken(apiUrl);
+    return getCredentials();
+  }
   clack3.log.info("You need to log in to continue.");
   for (; ; ) {
     try {
@@ -573,10 +580,43 @@ async function requireAuth(apiUrl, allowOssBypass = true) {
 }
 async function refreshAccessToken(apiUrl) {
   const creds = getCredentials();
-  if (!creds?.refresh_token) {
-    throw new AuthError("Refresh token not found. Run `npx @insforge/cli login` again.");
+  if (!creds) {
+    throw new AuthError("Not logged in. Run `npx @insforge/cli login` first.");
   }
   const platformUrl = getPlatformApiUrl(apiUrl);
+  if (isPatLogin(creds)) {
+    let res;
+    try {
+      res = await fetch(`${platformUrl}/auth/v1/exchange-api-key`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ apiKey: creds.refresh_token })
+      });
+    } catch {
+      throw new AuthError(
+        `Unable to reach auth server at ${platformUrl}. Check your network connection.`
+      );
+    }
+    if (!res.ok) {
+      if (res.status === 401 || res.status === 403 || res.status === 404) {
+        throw new AuthError(
+          "API key is invalid or revoked. Run `npx @insforge/cli login --user-api-key <new-key>` again."
+        );
+      }
+      throw new AuthError(
+        `Auth server returned HTTP ${res.status} while refreshing session. Please retry shortly.`
+      );
+    }
+    const data = await res.json().catch(() => ({}));
+    if (typeof data.token !== "string" || data.token.length === 0) {
+      throw new AuthError("Exchange endpoint returned an invalid response (missing token).");
+    }
+    saveCredentials({ ...creds, access_token: data.token });
+    return data.token;
+  }
+  if (!creds.refresh_token) {
+    throw new AuthError("Refresh token not found. Run `npx @insforge/cli login` again.");
+  }
   const config = getGlobalConfig();
   const clientId = config.oauth_client_id ?? DEFAULT_CLIENT_ID;
   try {
@@ -774,10 +814,12 @@ async function createProject(orgId, name, region, apiUrl) {
 // src/commands/login.ts
 function registerLoginCommand(program2) {
-  program2.command("login").description("Authenticate with InsForge platform").option("--email", "Login with email and password instead of browser").option("--client-id <id>", "OAuth client ID (defaults to insforge-cli)").action(async (opts, cmd) => {
+  program2.command("login").description("Authenticate with InsForge platform").option("--email", "Login with email and password instead of browser").option("--client-id <id>", "OAuth client ID (defaults to insforge-cli)").option("--user-api-key <key>", "Authenticate with a uak_ personal access token").action(async (opts, cmd) => {
     const { json, apiUrl } = getRootOpts(cmd);
     try {
-      if (opts.email) {
+      if (opts.userApiKey) {
+        await loginWithUserApiKey(opts.userApiKey, json, apiUrl);
+      } else if (opts.email) {
         await loginWithEmail(json, apiUrl);
       } else {
         await loginWithOAuth(json, apiUrl);
@@ -846,6 +888,78 @@ async function loginWithOAuth(json, apiUrl) {
     console.log(JSON.stringify({ success: true, user: creds.user }));
   }
 }
+async function loginWithUserApiKey(key, json, apiUrl) {
+  if (!json) {
+    clack4.intro("InsForge CLI");
+  }
+  if (!key.startsWith("uak_")) {
+    throw new CLIError('Invalid API key \u2014 must start with "uak_".');
+  }
+  const s = !json ? clack4.spinner() : null;
+  s?.start("Verifying API key...");
+  let jwt;
+  let user;
+  try {
+    const exchanged = await exchangePatForJwt(key, apiUrl);
+    jwt = exchanged.token;
+    user = exchanged.user;
+  } catch (err) {
+    s?.stop("API key verification failed");
+    throw err instanceof CLIError ? err : new CLIError(err instanceof Error ? err.message : String(err));
+  }
+  saveCredentials({
+    access_token: jwt,
+    refresh_token: key,
+    user
+  });
+  if (!json) {
+    s?.stop(`Authenticated as ${user.email}`);
+    clack4.outro("Done");
+  } else {
+    console.log(JSON.stringify({ success: true, user }));
+  }
+}
+async function exchangePatForJwt(apiKey, apiUrl) {
+  const baseUrl = getPlatformApiUrl(apiUrl);
+  const fullUrl = `${baseUrl}/auth/v1/exchange-api-key`;
+  let res;
+  try {
+    res = await fetch(fullUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ apiKey })
+    });
+  } catch (err) {
+    throw new CLIError(formatFetchError(err, fullUrl));
+  }
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({}));
+    const msg = body.message ?? body.error ?? `HTTP ${res.status}`;
+    throw new CLIError(`API key is invalid or revoked: ${msg}`);
+  }
+  const data = await res.json().catch(() => ({}));
+  if (typeof data.token !== "string" || data.token.length === 0) {
+    throw new CLIError("Exchange endpoint returned an invalid response (missing token).");
+  }
+  const jwt = data.token;
+  let profileRes;
+  try {
+    profileRes = await fetch(`${baseUrl}/auth/v1/profile`, {
+      headers: { Authorization: `Bearer ${jwt}` }
+    });
+  } catch (err) {
+    throw new CLIError(formatFetchError(err, `${baseUrl}/auth/v1/profile`));
+  }
+  if (!profileRes.ok) {
+    throw new CLIError(`Exchange succeeded but could not fetch profile: HTTP ${profileRes.status}`);
+  }
+  const profile = await profileRes.json().catch(() => null);
+  const user = profile && typeof profile === "object" && "user" in profile ? profile.user : profile ?? void 0;
+  if (!user) {
+    throw new CLIError("Exchange succeeded but profile response was empty");
+  }
+  return { token: jwt, user };
+}
 // src/lib/output.ts
 import Table from "cli-table3";
@@ -1208,10 +1322,11 @@ async function ossFetch(path5, options = {}) {
       message += `
 ${err.nextActions}`;
     }
-    if (res.status === 404 && path5.startsWith("/api/compute")) {
+    const isRouteLevel404 = !err.error || err.error === "NOT_FOUND";
+    if (res.status === 404 && isRouteLevel404 && path5.startsWith("/api/compute")) {
       message = "Compute services are not available on this backend.\nSelf-hosted: upgrade your InsForge instance. Cloud: contact your InsForge admin to enable compute.";
     }
-    if (res.status === 404 && path5 === "/api/database/migrations") {
+    if (res.status === 404 && isRouteLevel404 && path5 === "/api/database/migrations") {
       message = "Database migrations are not available on this backend.\nSelf-hosted: upgrade your InsForge instance. Cloud: contact your InsForge admin about database migration support.";
     }
     throw new CLIError(message);
@@ -5602,7 +5717,7 @@ function registerDiagnoseCommands(diagnoseCmd2) {
         const s = !json ? clack10.spinner() : null;
         s?.start("Collecting diagnostic data...");
         const data2 = await collectDiagnosticData(projectId, ossMode, apiUrl);
-        const cliVersion = "0.1.57";
+        const cliVersion = "0.1.58";
         s?.stop("Data collected");
         if (!json) {
           console.log(`