npm - @instafy/cli - Versions diffs - 0.1.8-staging.348 → 0.1.8-staging.351 - Mend

@instafy/cli 0.1.8-staging.348 → 0.1.8-staging.351

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -7,6 +7,7 @@ Run Instafy projects locally and connect them back to Instafy Studio — from an
 ## Quickstart
 0. Log in once: `instafy login`
+   - Opens a Studio URL; the CLI continues automatically after you sign in.
    - Also enables Git auth (credential helper) for Instafy Git Service. Disable with `instafy login --no-git-setup`.
    - Optional: set defaults with `instafy config set controller-url <url>` / `instafy config set studio-url <url>`
 1. Link a folder to a project:

package/dist/auth.js CHANGED Viewed

@@ -1,4 +1,6 @@
 import kleur from "kleur";
+import { randomBytes } from "node:crypto";
+import * as http from "node:http";
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { clearInstafyCliConfig, getInstafyConfigPath, resolveConfiguredStudioUrl, resolveControllerUrl, resolveUserAccessToken, writeInstafyCliConfig, } from "./config.js";
@@ -37,6 +39,150 @@ function deriveDefaultStudioUrl(controllerUrl) {
     }
     return "https://staging.instafy.dev";
 }
+function readRequestBody(request, maxBytes = 1000000) {
+    return new Promise((resolve, reject) => {
+        let buffer = "";
+        request.setEncoding("utf8");
+        request.on("data", (chunk) => {
+            buffer += chunk;
+            if (buffer.length > maxBytes) {
+                reject(new Error("Request body too large."));
+                request.destroy();
+            }
+        });
+        request.on("end", () => resolve(buffer));
+        request.on("error", (error) => reject(error));
+    });
+}
+function applyCorsHeaders(request, response) {
+    const origin = typeof request.headers.origin === "string" ? request.headers.origin : "";
+    if (origin) {
+        response.setHeader("access-control-allow-origin", origin);
+        response.setHeader("vary", "origin");
+    }
+    else {
+        response.setHeader("access-control-allow-origin", "*");
+    }
+    response.setHeader("access-control-allow-methods", "POST, OPTIONS");
+    response.setHeader("access-control-allow-headers", "content-type");
+    // Private Network Access preflight (Chrome): allow https -> http://127.0.0.1 callbacks.
+    if (request.headers["access-control-request-private-network"] === "true") {
+        response.setHeader("access-control-allow-private-network", "true");
+    }
+}
+async function startCliLoginCallbackServer() {
+    const state = randomBytes(16).toString("hex");
+    let resolved = false;
+    let resolveToken = null;
+    let rejectToken = null;
+    const tokenPromise = new Promise((resolve, reject) => {
+        resolveToken = resolve;
+        rejectToken = reject;
+    });
+    const server = http.createServer(async (request, response) => {
+        applyCorsHeaders(request, response);
+        if (request.method === "OPTIONS") {
+            response.statusCode = 204;
+            response.end();
+            return;
+        }
+        const url = new URL(request.url ?? "/", "http://127.0.0.1");
+        if (request.method !== "POST" || url.pathname !== "/callback") {
+            response.statusCode = 404;
+            response.setHeader("content-type", "application/json");
+            response.end(JSON.stringify({ ok: false, error: "Not found" }));
+            return;
+        }
+        if (resolved) {
+            response.statusCode = 409;
+            response.setHeader("content-type", "application/json");
+            response.end(JSON.stringify({ ok: false, error: "Already completed" }));
+            return;
+        }
+        try {
+            const body = await readRequestBody(request);
+            const contentType = typeof request.headers["content-type"] === "string" ? request.headers["content-type"] : "";
+            let parsedToken = null;
+            let parsedState = null;
+            if (contentType.includes("application/json")) {
+                const json = JSON.parse(body);
+                parsedToken = typeof json.token === "string" ? json.token : null;
+                parsedState = typeof json.state === "string" ? json.state : null;
+            }
+            else {
+                const params = new URLSearchParams(body);
+                parsedToken = params.get("token");
+                parsedState = params.get("state");
+            }
+            const token = normalizeToken(parsedToken);
+            const receivedState = normalizeToken(parsedState);
+            if (!token) {
+                response.statusCode = 400;
+                response.setHeader("content-type", "application/json");
+                response.end(JSON.stringify({ ok: false, error: "Missing token" }));
+                return;
+            }
+            if (!receivedState || receivedState !== state) {
+                response.statusCode = 403;
+                response.setHeader("content-type", "application/json");
+                response.end(JSON.stringify({ ok: false, error: "Invalid state" }));
+                return;
+            }
+            resolved = true;
+            response.statusCode = 200;
+            response.setHeader("content-type", "application/json");
+            response.end(JSON.stringify({ ok: true }));
+            resolveToken?.(token);
+            resolveToken = null;
+        }
+        catch (error) {
+            response.statusCode = 500;
+            response.setHeader("content-type", "application/json");
+            response.end(JSON.stringify({ ok: false, error: error instanceof Error ? error.message : String(error) }));
+        }
+    });
+    await new Promise((resolve, reject) => {
+        server.once("error", reject);
+        server.listen(0, "127.0.0.1", () => resolve());
+    });
+    const address = server.address();
+    if (!address || typeof address !== "object" || typeof address.port !== "number") {
+        server.close();
+        throw new Error("Failed to start login callback server.");
+    }
+    return {
+        callbackUrl: `http://127.0.0.1:${address.port}/callback`,
+        state,
+        waitForToken: async (timeoutMs) => {
+            if (!Number.isFinite(timeoutMs) || timeoutMs <= 0) {
+                return tokenPromise;
+            }
+            const timeout = setTimeout(() => {
+                if (resolved)
+                    return;
+                resolved = true;
+                rejectToken?.(new Error("Timed out waiting for browser login. Copy the token and paste it into the CLI instead."));
+                rejectToken = null;
+            }, timeoutMs);
+            timeout.unref?.();
+            try {
+                return await tokenPromise;
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        },
+        cancel: () => {
+            if (resolved)
+                return;
+            resolved = true;
+            rejectToken?.(new Error("Login cancelled."));
+            rejectToken = null;
+            resolveToken = null;
+        },
+        close: () => server.close(),
+    };
+}
 export async function login(options) {
     const controllerUrl = resolveControllerUrl({ controllerUrl: options.controllerUrl ?? null });
     const studioUrl = normalizeUrl(options.studioUrl ?? null) ??
@@ -49,17 +195,97 @@ export async function login(options) {
         console.log(JSON.stringify({ url: url.toString(), configPath: getInstafyConfigPath() }));
         return;
     }
+    let callbackServer = null;
+    const provided = normalizeToken(options.token ?? null);
+    if (!provided) {
+        try {
+            callbackServer = await startCliLoginCallbackServer();
+            url.searchParams.set("cliCallbackUrl", callbackServer.callbackUrl);
+            url.searchParams.set("cliState", callbackServer.state);
+        }
+        catch {
+            callbackServer = null;
+        }
+    }
     console.log(kleur.green("Instafy CLI login"));
     console.log("");
     console.log("1) Open this URL in your browser:");
     console.log(kleur.cyan(url.toString()));
     console.log("");
-    console.log("2) After you sign in, copy the token shown on that page.");
+    if (callbackServer) {
+        console.log("2) Sign in — this terminal should continue automatically.");
+        console.log(kleur.gray("If it doesn't, copy the token shown on that page and paste it here."));
+    }
+    else {
+        console.log("2) After you sign in, copy the token shown on that page.");
+    }
     console.log("");
-    const provided = normalizeToken(options.token ?? null);
     const existing = resolveUserAccessToken();
     let token = provided;
+    if (!token && callbackServer) {
+        if (input.isTTY) {
+            console.log(kleur.gray("Waiting for browser login…"));
+            console.log(kleur.gray("If it doesn't continue, paste the token here and press Enter."));
+            console.log("");
+            const rl = createInterface({ input, output });
+            const abort = new AbortController();
+            const manualTokenPromise = (async () => {
+                while (true) {
+                    const answer = await rl.question("Paste token (or wait): ", { signal: abort.signal });
+                    const candidate = normalizeToken(answer);
+                    if (candidate) {
+                        return candidate;
+                    }
+                }
+            })();
+            try {
+                const result = await Promise.race([
+                    callbackServer
+                        .waitForToken(10 * 60000)
+                        .then((tokenValue) => ({ source: "browser", token: tokenValue })),
+                    manualTokenPromise.then((tokenValue) => ({ source: "manual", token: tokenValue })),
+                ]);
+                token = result.token;
+                if (result.source === "browser") {
+                    abort.abort();
+                }
+                else {
+                    callbackServer.cancel();
+                }
+            }
+            catch (_error) {
+                // If browser login fails, keep waiting for a pasted token.
+                token = await manualTokenPromise;
+                callbackServer.cancel();
+            }
+            finally {
+                try {
+                    rl.close();
+                }
+                catch {
+                    // ignore
+                }
+                callbackServer.close();
+                callbackServer = null;
+            }
+        }
+        else {
+            try {
+                token = await callbackServer.waitForToken(10 * 60000);
+            }
+            catch (_error) {
+                // Ignore and fall back to manual copy/paste if possible.
+            }
+            finally {
+                callbackServer.close();
+                callbackServer = null;
+            }
+        }
+    }
     if (!token) {
+        if (!input.isTTY) {
+            throw new Error("No token provided.");
+        }
         const rl = createInterface({ input, output });
         try {
             token = normalizeToken(await rl.question("Paste token: "));

package/dist/config.js CHANGED Viewed

@@ -106,6 +106,7 @@ export function resolveUserAccessToken(params) {
     return (normalizeToken(params?.accessToken ?? null) ??
         normalizeToken(process.env["INSTAFY_ACCESS_TOKEN"] ?? null) ??
         normalizeToken(process.env["CONTROLLER_ACCESS_TOKEN"] ?? null) ??
+        normalizeToken(process.env["RUNTIME_ACCESS_TOKEN"] ?? null) ??
         normalizeToken(process.env["SUPABASE_ACCESS_TOKEN"] ?? null) ??
         normalizeToken(config.accessToken ?? null));
 }

package/dist/git.js CHANGED Viewed

@@ -25,6 +25,7 @@ function resolveControllerAccessToken(options) {
     return (normalizeToken(options.controllerAccessToken) ??
         normalizeToken(process.env["INSTAFY_ACCESS_TOKEN"]) ??
         normalizeToken(process.env["CONTROLLER_ACCESS_TOKEN"]) ??
+        normalizeToken(process.env["RUNTIME_ACCESS_TOKEN"]) ??
         normalizeToken(options.supabaseAccessToken) ??
         readTokenFromFile(options.supabaseAccessTokenFile) ??
         normalizeToken(process.env["SUPABASE_ACCESS_TOKEN"]) ??

package/dist/index.js CHANGED Viewed

@@ -73,6 +73,38 @@ program
         process.exit(1);
     }
 });
+const projectInitCommand = program
+    .command("project:init")
+    .description("Create an Instafy project and link this folder (.instafy/project.json)")
+    .option("--path <dir>", "Directory where the manifest should be written (default: cwd)");
+addServerUrlOptions(projectInitCommand);
+projectInitCommand
+    .option("--access-token <token>", "Instafy or Supabase access token")
+    .option("--project-type <type>", "Project type (customer|sandbox)")
+    .option("--org-id <uuid>", "Optional organization id")
+    .option("--org-name <name>", "Optional organization name")
+    .option("--org-slug <slug>", "Optional organization slug")
+    .option("--owner-user-id <uuid>", "Explicit owner user id (defaults to caller)")
+    .option("--json", "Output JSON")
+    .action(async (opts) => {
+    try {
+        await projectInit({
+            path: opts.path,
+            controllerUrl: opts.serverUrl ?? opts.controllerUrl,
+            accessToken: opts.accessToken,
+            projectType: opts.projectType,
+            orgId: opts.orgId,
+            orgName: opts.orgName,
+            orgSlug: opts.orgSlug,
+            ownerUserId: opts.ownerUserId,
+            json: opts.json,
+        });
+    }
+    catch (error) {
+        console.error(kleur.red(String(error)));
+        process.exit(1);
+    }
+});
 const configCommand = program.command("config").description("Get/set saved CLI configuration");
 configCommand
     .command("path")
@@ -295,38 +327,6 @@ program
         process.exit(1);
     }
 });
-const projectInitCommand = program
-    .command("project:init")
-    .description("Create an Instafy project and link this folder (.instafy/project.json)")
-    .option("--path <dir>", "Directory where the manifest should be written (default: cwd)");
-addServerUrlOptions(projectInitCommand);
-projectInitCommand
-    .option("--access-token <token>", "Instafy or Supabase access token")
-    .option("--project-type <type>", "Project type (customer|sandbox)")
-    .option("--org-id <uuid>", "Optional organization id")
-    .option("--org-name <name>", "Optional organization name")
-    .option("--org-slug <slug>", "Optional organization slug")
-    .option("--owner-user-id <uuid>", "Explicit owner user id (defaults to caller)")
-    .option("--json", "Output JSON")
-    .action(async (opts) => {
-    try {
-        await projectInit({
-            path: opts.path,
-            controllerUrl: opts.serverUrl ?? opts.controllerUrl,
-            accessToken: opts.accessToken,
-            projectType: opts.projectType,
-            orgId: opts.orgId,
-            orgName: opts.orgName,
-            orgSlug: opts.orgSlug,
-            ownerUserId: opts.ownerUserId,
-            json: opts.json,
-        });
-    }
-    catch (error) {
-        console.error(kleur.red(String(error)));
-        process.exit(1);
-    }
-});
 const tunnelCommand = program
     .command("tunnel")
     .description("Start a shareable tunnel URL for a local port (defaults to detached)")

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@instafy/cli",
-  "version": "0.1.8-staging.348",
+  "version": "0.1.8-staging.351",
   "description": "Run Instafy projects locally, link folders to Studio, and share previews/webhooks via tunnels.",
   "private": false,
   "publishConfig": {