@invizi/cli 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.js +13 -23
- package/package.json +1 -1
package/dist/auth.js
CHANGED
|
@@ -3,14 +3,17 @@ const DEFAULT_SCOPE = 'openid profile email offline_access';
|
|
|
3
3
|
function sleep(ms) {
|
|
4
4
|
return new Promise(resolve => setTimeout(resolve, ms));
|
|
5
5
|
}
|
|
6
|
+
// Defaults — public client-side values, not secrets
|
|
7
|
+
const AUTH0_DEFAULTS = {
|
|
8
|
+
domain: 'dev-u1fgwppsg73adwpc.us.auth0.com',
|
|
9
|
+
audience: 'https://api-dev.invizi.co',
|
|
10
|
+
clientId: 'RK5mtxCZygkrBkQr9n2CkgSkjFFsYSsI',
|
|
11
|
+
};
|
|
6
12
|
function getAuth0Config(config = loadConfig()) {
|
|
7
13
|
const auth = config.auth;
|
|
8
|
-
const domain = process.env.AUTH0_DOMAIN || config.auth0Domain || auth?.domain;
|
|
9
|
-
const audience = process.env.AUTH0_AUDIENCE || config.auth0Audience || auth?.audience;
|
|
10
|
-
const clientId = process.env.AUTH0_CLIENT_ID || config.auth0ClientId || auth?.clientId;
|
|
11
|
-
if (!domain || !audience || !clientId) {
|
|
12
|
-
throw new Error('Missing AUTH0_DOMAIN, AUTH0_AUDIENCE, or AUTH0_CLIENT_ID. Set env vars or save them in config.');
|
|
13
|
-
}
|
|
14
|
+
const domain = process.env.AUTH0_DOMAIN || config.auth0Domain || auth?.domain || AUTH0_DEFAULTS.domain;
|
|
15
|
+
const audience = process.env.AUTH0_AUDIENCE || config.auth0Audience || auth?.audience || AUTH0_DEFAULTS.audience;
|
|
16
|
+
const clientId = process.env.AUTH0_CLIENT_ID || config.auth0ClientId || auth?.clientId || AUTH0_DEFAULTS.clientId;
|
|
14
17
|
return { domain, audience, clientId };
|
|
15
18
|
}
|
|
16
19
|
function getStoredAuth() {
|
|
@@ -165,23 +168,9 @@ async function login() {
|
|
|
165
168
|
throw new Error('Login timed out before authorization completed.');
|
|
166
169
|
}
|
|
167
170
|
async function status() {
|
|
168
|
-
const auth = getStoredAuth();
|
|
169
|
-
if (!auth) {
|
|
170
|
-
if (process.env.INVIZI_API_KEY) {
|
|
171
|
-
console.log('No Auth0 token stored. Using INVIZI_API_KEY fallback.');
|
|
172
|
-
}
|
|
173
|
-
else {
|
|
174
|
-
console.log('Not logged in. Run: invizi auth login');
|
|
175
|
-
return 1;
|
|
176
|
-
}
|
|
177
|
-
}
|
|
178
|
-
else {
|
|
179
|
-
const ttlSec = Math.max(0, Math.floor((auth.expiresAt - Date.now()) / 1000));
|
|
180
|
-
console.log(`Token: present (expires in ~${ttlSec}s)`);
|
|
181
|
-
}
|
|
182
171
|
const header = await getAuthorizationHeader();
|
|
183
172
|
if (!header) {
|
|
184
|
-
console.log('
|
|
173
|
+
console.log('Not logged in. Run: invizi auth login');
|
|
185
174
|
return 1;
|
|
186
175
|
}
|
|
187
176
|
// Use v1 protocol (auth.me) instead of /api/me (not exposed via nginx)
|
|
@@ -202,8 +191,9 @@ async function status() {
|
|
|
202
191
|
const me = response.result;
|
|
203
192
|
console.log(`User: ${me.id} (${me.role}) via ${me.authProvider}`);
|
|
204
193
|
let email = me.email || null;
|
|
205
|
-
|
|
206
|
-
|
|
194
|
+
const storedAuth = getStoredAuth();
|
|
195
|
+
if (!email && storedAuth?.accessToken && storedAuth?.domain) {
|
|
196
|
+
const profile = await fetchAuth0UserProfile(storedAuth.accessToken, storedAuth.domain);
|
|
207
197
|
email = inferEmail(profile);
|
|
208
198
|
}
|
|
209
199
|
if (email) {
|