@knocklabs/cli 0.1.23 → 0.2.1

package/bin/dev.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node_modules/.bin/ts-node
 // eslint-disable-next-line node/shebang, unicorn/prefer-top-level-await
-;(async () => {
-  const oclif = await import('@oclif/core')
-  await oclif.execute({development: true, dir: __dirname})
-})()
+(async () => {
+  const oclif = await import("@oclif/core");
+  await oclif.execute({ development: true, dir: __dirname });
+})();

package/dist/commands/branch/create.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "default", {
+    enumerable: true,
+    get: function() {
+        return BranchCreate;
+    }
+});
+const _basecommand = /*#__PURE__*/ _interop_require_default(require("../../lib/base-command"));
+const _arg = require("../../lib/helpers/arg");
+const _request = require("../../lib/helpers/request");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+class BranchCreate extends _basecommand.default {
+    async run() {
+        const { args, flags } = this.props;
+        const resp = await this.request(args.slug);
+        if (flags.json) return resp;
+        this.render(resp);
+    }
+    async request(slug) {
+        return (0, _request.withSpinnerV2)(()=>this.apiV1.mgmtClient.post(`/v1/branches/${slug}`));
+    }
+    async render(data) {
+        this.log(`‣ Successfully created branch \`${data.slug}\``);
+        this.log(`  Created at: ${data.created_at}`);
+    }
+}
+// Hide until branches are released in GA
+_define_property(BranchCreate, "hidden", true);
+_define_property(BranchCreate, "summary", "Creates a new branch off of the development environment.");
+_define_property(BranchCreate, "enableJsonFlag", true);
+_define_property(BranchCreate, "args", {
+    slug: _arg.CustomArgs.slugArg({
+        required: true,
+        description: "The slug for the new branch"
+    })
+});

package/dist/commands/branch/delete.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "default", {
+    enumerable: true,
+    get: function() {
+        return BranchDelete;
+    }
+});
+const _core = require("@oclif/core");
+const _basecommand = /*#__PURE__*/ _interop_require_default(require("../../lib/base-command"));
+const _arg = require("../../lib/helpers/arg");
+const _request = require("../../lib/helpers/request");
+const _ux = require("../../lib/helpers/ux");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+class BranchDelete extends _basecommand.default {
+    async run() {
+        const { args, flags } = this.props;
+        // Confirm before deleting the branch, unless forced
+        const prompt = `Delete branch \`${args.slug}\`?`;
+        const input = flags.force || await (0, _ux.promptToConfirm)(prompt);
+        if (!input) return;
+        await (0, _request.withSpinnerV2)(()=>this.apiV1.mgmtClient.delete(`/v1/branches/${args.slug}`), {
+            action: "‣ Deleting branch"
+        });
+        this.log(`‣ Successfully deleted branch \`${args.slug}\``);
+    }
+}
+// Hide until branches are released in GA
+_define_property(BranchDelete, "hidden", true);
+_define_property(BranchDelete, "summary", "Deletes an existing branch with the given slug.");
+_define_property(BranchDelete, "args", {
+    slug: _arg.CustomArgs.slugArg({
+        required: true,
+        description: "The slug of the branch to delete"
+    })
+});
+_define_property(BranchDelete, "flags", {
+    force: _core.Flags.boolean({
+        summary: "Remove the confirmation prompt."
+    })
+});

package/dist/commands/branch/list.js

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "default", {
+    enumerable: true,
+    get: function() {
+        return BranchList;
+    }
+});
+const _core = require("@oclif/core");
+const _basecommand = /*#__PURE__*/ _interop_require_default(require("../../lib/base-command"));
+const _date = require("../../lib/helpers/date");
+const _page = require("../../lib/helpers/page");
+const _request = require("../../lib/helpers/request");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+class BranchList extends _basecommand.default {
+    async run() {
+        const resp = await this.request();
+        const { flags } = this.props;
+        if (flags.json) return resp;
+        this.render(resp);
+    }
+    async request(pageParams = {}) {
+        const queryParams = (0, _page.toPageParams)({
+            ...this.props.flags,
+            ...pageParams
+        });
+        return (0, _request.withSpinnerV2)(()=>this.apiV1.mgmtClient.get("/v1/branches", {
+                query: queryParams
+            }));
+    }
+    async render(data) {
+        const { entries } = data;
+        this.log(`‣ Showing ${entries.length} branches off of the development environment\n`);
+        _core.ux.table(entries, {
+            slug: {
+                header: "Slug"
+            },
+            created_at: {
+                header: "Created at",
+                get: (entry)=>(0, _date.formatDate)(entry.created_at)
+            },
+            updated_at: {
+                header: "Updated at",
+                get: (entry)=>(0, _date.formatDate)(entry.updated_at)
+            },
+            last_commit_at: {
+                header: "Last commit at",
+                get: (entry)=>entry.last_commit_at ? (0, _date.formatDate)(entry.last_commit_at) : "Never"
+            }
+        });
+        return this.prompt(data);
+    }
+    async prompt(data) {
+        const { page_info } = data;
+        const pageAction = await (0, _page.maybePromptPageAction)(page_info);
+        const pageParams = pageAction && (0, _page.paramsForPageAction)(pageAction, page_info);
+        if (pageParams) {
+            this.log("\n");
+            const resp = await this.request(pageParams);
+            return this.render(resp);
+        }
+    }
+}
+// Hide until branches are released in GA
+_define_property(BranchList, "hidden", true);
+_define_property(BranchList, "summary", "Display all existing branches off of the development environment.");
+_define_property(BranchList, "flags", {
+    ..._page.pageFlags
+});
+_define_property(BranchList, "enableJsonFlag", true);

package/dist/commands/knock.js

@@ -112,6 +112,9 @@ class Knock extends _basecommand.default {
         this.log("");
         this.log("Thank you for using Knock, and have a nice day! 🙂");
     }
+    constructor(...args){
+        super(...args), _define_property(this, "requiresAuth", false);
+    }
 }
 // Because, it's a secret :)
 _define_property(Knock, "hidden", true);

package/dist/commands/login.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "default", {
+    enumerable: true,
+    get: function() {
+        return Login;
+    }
+});
+const _auth = /*#__PURE__*/ _interop_require_default(require("../lib/auth"));
+const _basecommand = /*#__PURE__*/ _interop_require_default(require("../lib/base-command"));
+const _ux = require("../lib/helpers/ux");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+class Login extends _basecommand.default {
+    async run() {
+        const { flags } = this.props;
+        if (flags["service-token"]) {
+            this.log("Service token provided, skipping login.");
+            return;
+        }
+        _ux.spinner.start("‣ Authenticating with Knock...");
+        const resp = await _auth.default.waitForAccessToken(this.sessionContext.dashboardOrigin, this.sessionContext.authOrigin);
+        _ux.spinner.stop();
+        await this.configStore.set({
+            userSession: resp
+        });
+        this.log("‣ Successfully authenticated with Knock.");
+    }
+    constructor(...args){
+        super(...args), _define_property(this, "requiresAuth", false);
+    }
+}

package/dist/commands/logout.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "default", {
+    enumerable: true,
+    get: function() {
+        return Logout;
+    }
+});
+const _basecommand = /*#__PURE__*/ _interop_require_default(require("../lib/base-command"));
+const _ux = require("../lib/helpers/ux");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+class Logout extends _basecommand.default {
+    async run() {
+        const { flags } = this.props;
+        if (flags["service-token"]) {
+            this.log("Service token provided, skipping logout.");
+            return;
+        }
+        _ux.spinner.start("‣ Logging out of Knock...");
+        await this.configStore.set({
+            userSession: undefined
+        });
+        _ux.spinner.stop();
+        this.log("‣ Successfully logged out of Knock. See you around.");
+    }
+    constructor(...args){
+        super(...args), _define_property(this, "requiresAuth", false);
+    }
+}

package/dist/commands/whoami.js

@@ -31,13 +31,16 @@ function _interop_require_default(obj) {
 }
 class Whoami extends _basecommand.default {
     async run() {
-        const resp = await (0, _request.withSpinner)(()=>this.apiV1.whoami());
+        const resp = await (0, _request.withSpinnerV2)(()=>this.apiV1.mgmtClient.auth.verify());
         const { flags } = this.props;
-        if (flags.json) return resp.data;
-        this.log(`‣ Successfully verified the provided service token:`);
-        const info = [
-            `Account name: ${resp.data.account_name}`,
-            `Service token name: ${resp.data.service_token_name}`
+        if (flags.json) return resp;
+        this.log(`‣ Successfully authenticated:`);
+        const info = resp.service_token_name ? [
+            `Account name: ${resp.account_name}`,
+            `Service token name: ${resp.service_token_name}`
+        ] : [
+            `Account name: ${resp.account_name}`,
+            `User ID: ${resp.user_id}`
         ];
         this.log((0, _string.indentString)(info.join("\n"), 4));
     }

package/dist/lib/api-v1.js

@@ -8,6 +8,7 @@ Object.defineProperty(exports, "default", {
         return ApiV1;
     }
 });
+const _mgmt = /*#__PURE__*/ _interop_require_default(require("@knocklabs/mgmt"));
 const _axios = /*#__PURE__*/ _interop_require_default(require("axios"));
 const _objectisomorphic = require("./helpers/object.isomorphic");
 const _page = require("./helpers/page");
@@ -29,9 +30,16 @@ function _interop_require_default(obj) {
         default: obj
     };
 }
-const DEFAULT_ORIGIN = "https://control.knock.app";
 const API_VERSION = "v1";
+/**
+ * KnockMgmt client requires a service token, but we set the Authorization
+ * request header directly, so use a placeholder when service token is not
+ * provided.
+ */ const PLACEHOLDER_SERVICE_TOKEN = "placeholder-service-token";
 class ApiV1 {
+    getToken(sessionContext) {
+        return sessionContext.session ? sessionContext.session.accessToken : sessionContext.token;
+    }
     async ping() {
         return this.get("/ping");
     }
@@ -401,17 +409,32 @@ class ApiV1 {
     async put(subpath, data, config) {
         return this.client.put(`/${API_VERSION}` + subpath, data, config);
     }
-    constructor(flags, config){
+    constructor(sessionContext, config){
+        var _sessionContext_session;
         _define_property(this, "client", void 0);
-        const baseURL = flags["api-origin"] || DEFAULT_ORIGIN;
+        _define_property(this, "mgmtClient", void 0);
+        const baseURL = sessionContext.apiOrigin;
+        const token = this.getToken(sessionContext);
+        var _sessionContext_session_clientId;
+        const headers = {
+            // Used to authenticate the request to the API.
+            Authorization: `Bearer ${token}`,
+            // Used in conjunction with the JWT access token, to allow the OAuth server to
+            // verify the client ID of the OAuth client that issued the access token.
+            "x-knock-client-id": (_sessionContext_session_clientId = (_sessionContext_session = sessionContext.session) === null || _sessionContext_session === void 0 ? void 0 : _sessionContext_session.clientId) !== null && _sessionContext_session_clientId !== void 0 ? _sessionContext_session_clientId : undefined,
+            "User-Agent": `${config.userAgent}`
+        };
         this.client = _axios.default.create({
             baseURL,
-            headers: {
-                Authorization: `Bearer ${flags["service-token"]}`,
-                "User-Agent": `${config.userAgent}`
-            },
+            headers,
             // Don't reject the promise based on a response status code.
             validateStatus: null
         });
+        // This should eventually replace the Axios client
+        this.mgmtClient = new _mgmt.default({
+            serviceToken: sessionContext.token || PLACEHOLDER_SERVICE_TOKEN,
+            baseURL,
+            defaultHeaders: headers
+        });
     }
 }

package/dist/lib/auth.js

@@ -0,0 +1,256 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get default () {
+        return _default;
+    },
+    get exchangeCodeForToken () {
+        return exchangeCodeForToken;
+    },
+    get getOAuthServerUrls () {
+        return getOAuthServerUrls;
+    },
+    get refreshAccessToken () {
+        return refreshAccessToken;
+    },
+    get registerClient () {
+        return registerClient;
+    },
+    get waitForAccessToken () {
+        return waitForAccessToken;
+    }
+});
+const _nodecrypto = /*#__PURE__*/ _interop_require_default(require("node:crypto"));
+const _nodehttp = /*#__PURE__*/ _interop_require_default(require("node:http"));
+const _browser = require("./helpers/browser");
+const _urls = require("./urls");
+function _interop_require_default(obj) {
+    return obj && obj.__esModule ? obj : {
+        default: obj
+    };
+}
+const DEFAULT_TIMEOUT = 5000;
+function createChallenge() {
+    // PKCE code verifier and challenge
+    const codeVerifier = _nodecrypto.default.randomBytes(32).toString("base64url");
+    const codeChallenge = _nodecrypto.default.createHash("sha256").update(codeVerifier).digest("base64").replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+    const state = _nodecrypto.default.randomUUID();
+    return {
+        codeVerifier,
+        codeChallenge,
+        state
+    };
+}
+async function getOAuthServerUrls(apiUrl) {
+    const { protocol, host } = new URL(apiUrl);
+    const wellKnownUrl = `${protocol}//${host}/.well-known/oauth-authorization-server`;
+    const response = await fetch(wellKnownUrl, {
+        signal: AbortSignal.timeout(DEFAULT_TIMEOUT)
+    });
+    if (response.ok) {
+        const data = await response.json();
+        return {
+            registrationEndpoint: data.registration_endpoint,
+            authorizationEndpoint: data.authorization_endpoint,
+            tokenEndpoint: data.token_endpoint,
+            issuer: data.issuer
+        };
+    }
+    throw new Error("Failed to fetch OAuth server metadata");
+}
+async function registerClient(registrationEndpoint, redirectUri) {
+    const registrationResponse = await fetch(registrationEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+            client_name: "Knock CLI",
+            token_endpoint_auth_method: "none",
+            grant_types: [
+                "authorization_code"
+            ],
+            response_types: [
+                "code"
+            ],
+            redirect_uris: [
+                redirectUri
+            ]
+        }),
+        signal: AbortSignal.timeout(DEFAULT_TIMEOUT)
+    });
+    if (!registrationResponse.ok) {
+        console.log(await registrationResponse.json());
+        throw new Error(`Could not register client with OAuth server`);
+    }
+    const registrationData = await registrationResponse.json();
+    return registrationData.client_id;
+}
+async function parseTokenResponse(response) {
+    const data = await response.json();
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        idToken: data.id_token,
+        expiresAt: new Date(Date.now() + data.expires_in * 1000)
+    };
+}
+async function exchangeCodeForToken(params) {
+    const response = await fetch(params.tokenEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            client_id: params.clientId,
+            code: params.code,
+            code_verifier: params.codeVerifier,
+            redirect_uri: params.redirectUri
+        }),
+        signal: AbortSignal.timeout(5000)
+    });
+    if (!response.ok) {
+        let errorDescription;
+        try {
+            const errorResponse = await response.json();
+            errorDescription = errorResponse.error_description || errorResponse.error;
+        } catch  {
+        // ignore
+        }
+        return {
+            error: errorDescription !== null && errorDescription !== void 0 ? errorDescription : "unknown error"
+        };
+    }
+    return {
+        ...await parseTokenResponse(response),
+        clientId: params.clientId
+    };
+}
+async function refreshAccessToken(params) {
+    const { tokenEndpoint } = await getOAuthServerUrls(params.authUrl);
+    const response = await fetch(tokenEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: new URLSearchParams({
+            grant_type: "refresh_token",
+            client_id: params.clientId,
+            refresh_token: params.refreshToken
+        }),
+        signal: AbortSignal.timeout(5000)
+    });
+    if (!response.ok) {
+        throw new Error("Failed to refresh access token");
+    }
+    return {
+        ...await parseTokenResponse(response),
+        clientId: params.clientId
+    };
+}
+async function waitForAccessToken(dashboardUrl, authUrl) {
+    const { authorizationEndpoint, tokenEndpoint, registrationEndpoint } = await getOAuthServerUrls(authUrl);
+    let resolve;
+    let reject;
+    const promise = new Promise((res, rej)=>{
+        resolve = res;
+        reject = rej;
+    });
+    const { codeVerifier, codeChallenge, state } = createChallenge();
+    const timeout = setTimeout(()=>{
+        cleanupAndReject(`authentication timed out after ${DEFAULT_TIMEOUT / 1000} seconds`);
+    }, 60000);
+    function cleanupAndReject(message) {
+        cleanup();
+        reject(new Error(`Could not authenticate: ${message}`));
+    }
+    function cleanup() {
+        clearTimeout(timeout);
+        server.close();
+        server.closeAllConnections();
+    }
+    const server = _nodehttp.default.createServer();
+    server.listen();
+    const address = server.address();
+    if (address === null || typeof address !== "object") {
+        throw new Error("Could not start server");
+    }
+    const callbackPath = "/oauth_callback";
+    const redirectUri = `http://localhost:${address.port}${callbackPath}`;
+    const clientId = await registerClient(registrationEndpoint, redirectUri);
+    const params = {
+        response_type: "code",
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        state,
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256",
+        scope: "openid email offline_access"
+    };
+    const browserUrl = `${authorizationEndpoint}?${new URLSearchParams(params).toString()}`;
+    server.on("request", async (req, res)=>{
+        if (!clientId || !redirectUri) {
+            res.writeHead(500).end("Something went wrong");
+            cleanupAndReject("something went wrong");
+            return;
+        }
+        var _req_url;
+        const url = new URL((_req_url = req.url) !== null && _req_url !== void 0 ? _req_url : "/", "http://127.0.0.1");
+        if (url.pathname !== callbackPath) {
+            res.writeHead(404).end("Invalid path");
+            cleanupAndReject("invalid path");
+            return;
+        }
+        const error = url.searchParams.get("error");
+        if (error) {
+            res.writeHead(400).end("Could not authenticate");
+            const errorDescription = url.searchParams.get("error_description");
+            cleanupAndReject(`${errorDescription || error} `);
+            return;
+        }
+        const code = url.searchParams.get("code");
+        if (!code) {
+            res.writeHead(400).end("Could not authenticate");
+            cleanupAndReject("no code provided");
+            return;
+        }
+        const response = await exchangeCodeForToken({
+            tokenEndpoint,
+            clientId,
+            code,
+            codeVerifier,
+            redirectUri
+        });
+        if ("error" in response) {
+            res.writeHead(302, {
+                location: (0, _urls.authErrorUrl)(dashboardUrl, "Could not authenticate: unable to fetch access token")
+            }).end("Could not authenticate");
+            cleanupAndReject(JSON.stringify(response.error));
+            return;
+        }
+        res.writeHead(302, {
+            location: (0, _urls.authSuccessUrl)(dashboardUrl)
+        }).end("Authentication successful");
+        cleanup();
+        resolve({
+            ...response,
+            clientId
+        });
+    });
+    console.log(`Opened web browser to facilitate auth: ${browserUrl}`);
+    _browser.browser.openUrl(browserUrl);
+    return promise;
+}
+const _default = {
+    waitForAccessToken,
+    refreshAccessToken
+};