@myvillage/cli 1.5.0 → 1.5.1

package/src/commands/login.js

@@ -1,4 +1,5 @@
 import { createServer } from 'http';
+import { createInterface } from 'readline';
 import { randomBytes, createHash } from 'crypto';
 import chalk from 'chalk';
 import ora from 'ora';
@@ -21,8 +22,37 @@ function generateCodeChallenge(verifier) {
     .digest('base64url');
 }
 
-export async function loginCommand() {
+// Detect headless environments where no browser is available
+function isHeadless() {
+  // No graphical display on Linux
+  if (process.platform === 'linux' && !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY) {
+    return true;
+  }
+  // Running inside SSH session
+  if (process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION) {
+    return true;
+  }
+  // Running inside a Docker container or CI
+  if (process.env.container || process.env.CI) {
+    return true;
+  }
+  return false;
+}
+
+// Prompt the user to paste a URL from their browser
+function promptForCallbackUrl() {
+  return new Promise((resolve) => {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(chalk.cyan('\nPaste the URL here: '), (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+export async function loginCommand(options) {
   const config = getConfig();
+  const headless = options.browser === false || isHeadless();
 
   // Check if already logged in
   const existing = loadCredentials();
@@ -52,96 +82,153 @@ export async function loginCommand() {
 
   const authUrl = `${config.oauthBaseUrl}/authorize?${params.toString()}`;
 
-  // Create a promise that resolves when we receive the OAuth callback
-  const authResult = await new Promise((resolve, reject) => {
-    let timeout;
-    const server = createServer(async (req, res) => {
-      const url = new URL(req.url, `http://localhost:${config.callbackPort}`);
+  let authResult;
 
-      if (url.pathname !== '/callback') {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
+  if (headless) {
+    // ── Headless / manual flow ──────────────────────────
+    // No local server — the user authenticates in a browser elsewhere,
+    // then pastes the redirect URL (which their browser can't reach) back here.
+    spinner.stop();
+    console.log();
+    console.log(brand.gold('No browser detected — using manual authentication.'));
+    console.log();
+    console.log(brand.teal('1. Open this URL in any browser:'));
+    console.log();
+    console.log(`   ${chalk.underline(authUrl)}`);
+    console.log();
+    console.log(brand.teal('2. Log in and authorize the CLI.'));
+    console.log(brand.teal('3. Your browser will redirect to a localhost URL that won\'t load — this is expected.'));
+    console.log(brand.teal('4. Copy the full URL from your browser\'s address bar and paste it below.'));
+    console.log(brand.teal('   It will look like: http://localhost:3737/callback?code=...&state=...'));
 
-      const code = url.searchParams.get('code');
-      const returnedState = url.searchParams.get('state');
-      const error = url.searchParams.get('error');
-      const errorDescription = url.searchParams.get('error_description');
+    const callbackInput = await promptForCallbackUrl();
 
-      // Send response to the browser
-      res.writeHead(200, { 'Content-Type': 'text/html' });
-      if (error) {
-        res.end(`
-          <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
-            <div style="text-align: center;">
-              <h1 style="color: #FF6B6B;">Authentication Failed</h1>
-              <p>${errorDescription || error}</p>
-              <p>You can close this window.</p>
-            </div>
-          </body></html>
-        `);
-      } else {
-        res.end(`
-          <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
-            <div style="text-align: center;">
-              <h1 style="color: #FFD700;">Success!</h1>
-              <p>You are now logged in to MyVillageOS CLI.</p>
-              <p>You can close this window and return to your terminal.</p>
-            </div>
-          </body></html>
-        `);
-      }
+    if (!callbackInput) {
+      console.log(chalk.red('No URL provided. Authentication cancelled.'));
+      return;
+    }
 
-      // Close the server and clear timeout
-      server.close();
-      clearTimeout(timeout);
+    try {
+      const callbackUrl = new URL(callbackInput);
+      const code = callbackUrl.searchParams.get('code');
+      const returnedState = callbackUrl.searchParams.get('state');
+      const error = callbackUrl.searchParams.get('error');
+      const errorDescription = callbackUrl.searchParams.get('error_description');
 
       if (error) {
-        reject(new Error(errorDescription || error));
+        console.log(chalk.red(`Authentication failed: ${errorDescription || error}`));
+        return;
+      }
+
+      if (!code) {
+        console.log(chalk.red('No authorization code found in the URL. Please try again.'));
         return;
       }
 
-      // Validate state parameter
       if (returnedState !== state) {
-        reject(new Error('State mismatch - possible CSRF attack. Please try again.'));
+        console.log(chalk.red('State mismatch — possible CSRF attack. Please try again.'));
         return;
       }
 
-      resolve(code);
-    });
+      authResult = code;
+    } catch {
+      console.log(chalk.red('Invalid URL. Please copy the full URL from your browser\'s address bar.'));
+      return;
+    }
+
+    spinner.start('Exchanging authorization code for tokens...');
+  } else {
+    // ── Browser flow (original) ─────────────────────────
+    authResult = await new Promise((resolve, reject) => {
+      let timeout;
+      const server = createServer(async (req, res) => {
+        const url = new URL(req.url, `http://localhost:${config.callbackPort}`);
+
+        if (url.pathname !== '/callback') {
+          res.writeHead(404);
+          res.end('Not found');
+          return;
+        }
 
-    server.listen(config.callbackPort, () => {
-      spinner.text = 'Opening browser for authentication...';
+        const code = url.searchParams.get('code');
+        const returnedState = url.searchParams.get('state');
+        const error = url.searchParams.get('error');
+        const errorDescription = url.searchParams.get('error_description');
 
-      // Open browser to authorization URL
-      open(authUrl).catch(() => {
-        spinner.stop();
-        console.log(chalk.yellow('\nCould not open browser automatically.'));
-        console.log(brand.teal('Please open this URL in your browser:'));
-        console.log(brand.gold(authUrl));
+        // Send response to the browser
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        if (error) {
+          res.end(`
+            <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
+              <div style="text-align: center;">
+                <h1 style="color: #FF6B6B;">Authentication Failed</h1>
+                <p>${errorDescription || error}</p>
+                <p>You can close this window.</p>
+              </div>
+            </body></html>
+          `);
+        } else {
+          res.end(`
+            <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
+              <div style="text-align: center;">
+                <h1 style="color: #FFD700;">Success!</h1>
+                <p>You are now logged in to MyVillageOS CLI.</p>
+                <p>You can close this window and return to your terminal.</p>
+              </div>
+            </body></html>
+          `);
+        }
+
+        // Close the server and clear timeout
+        server.close();
+        clearTimeout(timeout);
+
+        if (error) {
+          reject(new Error(errorDescription || error));
+          return;
+        }
+
+        // Validate state parameter
+        if (returnedState !== state) {
+          reject(new Error('State mismatch - possible CSRF attack. Please try again.'));
+          return;
+        }
+
+        resolve(code);
       });
 
-      spinner.text = 'Waiting for authentication in browser...';
-    });
+      server.listen(config.callbackPort, () => {
+        spinner.text = 'Opening browser for authentication...';
 
-    server.on('error', (err) => {
-      if (err.code === 'EADDRINUSE') {
-        reject(new Error(`Port ${config.callbackPort} is already in use. Close other applications and try again.`));
-      } else {
-        reject(err);
-      }
-    });
+        // Open browser to authorization URL
+        open(authUrl).catch(() => {
+          spinner.stop();
+          console.log(chalk.yellow('\nCould not open browser automatically.'));
+          console.log(brand.teal('Please open this URL in your browser:'));
+          console.log(brand.gold(authUrl));
+        });
 
-    // Timeout after 5 minutes
-    timeout = setTimeout(() => {
-      server.close();
-      reject(new Error('Authentication timed out. Please try again.'));
-    }, 5 * 60 * 1000);
-  }).catch((err) => {
-    spinner.fail(err.message);
-    return null;
-  });
+        spinner.text = 'Waiting for authentication in browser...';
+      });
+
+      server.on('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+          reject(new Error(`Port ${config.callbackPort} is already in use. Close other applications and try again.`));
+        } else {
+          reject(err);
+        }
+      });
+
+      // Timeout after 5 minutes
+      timeout = setTimeout(() => {
+        server.close();
+        reject(new Error('Authentication timed out. Please try again.'));
+      }, 5 * 60 * 1000);
+    }).catch((err) => {
+      spinner.fail(err.message);
+      return null;
+    });
+  }
 
   if (!authResult) return;
 

package/src/commands/logout.js

@@ -1,13 +1,50 @@
-import chalk from 'chalk';
 import { brand } from '../utils/brand.js';
-import { clearCredentials } from '../utils/auth.js';
+import { loadCredentials, clearCredentials } from '../utils/auth.js';
+import { getConfig } from '../utils/config.js';
 
 export async function logoutCommand() {
-  const removed = clearCredentials();
+  const creds = loadCredentials();
 
-  if (removed) {
-    console.log(brand.green('  \u2713 Successfully logged out.'));
-  } else {
+  if (!creds) {
     console.log(brand.teal('  No stored credentials found. You are not logged in.'));
+    return;
   }
+
+  const { oauthBaseUrl, clientId } = getConfig();
+
+  // Revoke tokens server-side (best-effort)
+  if (creds.access_token) {
+    try {
+      await fetch(`${oauthBaseUrl}/revoke`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          token: creds.access_token,
+          token_type_hint: 'access_token',
+          client_id: clientId,
+        }),
+      });
+    } catch {
+      // Best-effort — continue with local cleanup
+    }
+  }
+
+  if (creds.refresh_token) {
+    try {
+      await fetch(`${oauthBaseUrl}/revoke`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          token: creds.refresh_token,
+          token_type_hint: 'refresh_token',
+          client_id: clientId,
+        }),
+      });
+    } catch {
+      // Best-effort — continue with local cleanup
+    }
+  }
+
+  clearCredentials();
+  console.log(brand.green('  \u2713 Successfully logged out.'));
 }