@nocobase/cli 2.1.0-beta.35 → 2.1.0-beta.36

package/dist/commands/app/upgrade.js

@@ -24,6 +24,18 @@ const APP_HEALTH_CHECK_REQUEST_TIMEOUT_MS = 5_000;
 function trimValue(value) {
     return String(value ?? '').trim();
 }
+function pushOptionalEnvArg(args, key, value) {
+    if (typeof value === 'string') {
+        if (!value) {
+            return;
+        }
+        args.push('-e', `${key}=${value}`);
+        return;
+    }
+    if (typeof value === 'boolean') {
+        args.push('-e', `${key}=${String(value)}`);
+    }
+}
 function formatAppUrl(port) {
     const value = trimValue(port);
     return value ? `http://127.0.0.1:${value}` : undefined;
@@ -262,10 +274,13 @@ export default class AppUpgrade extends Command {
             persistDownloadVersion: requestedVersion || undefined,
         };
     }
-    static buildLocalDownloadArgv(runtime, downloadVersion) {
+    static buildLocalDownloadArgv(runtime, downloadVersion, options) {
         const argv = ['-y', '--no-intro', '--source', runtime.source, '--replace'];
         const gitUrl = readEnvValue(runtime.env, 'gitUrl');
         const npmRegistry = readEnvValue(runtime.env, 'npmRegistry');
+        if (options?.verbose) {
+            argv.push('--verbose');
+        }
         argv.push('--version', downloadVersion, '--output-dir', runtime.projectRoot);
         if (gitUrl) {
             argv.push('--git-url', gitUrl);
@@ -284,18 +299,12 @@ export default class AppUpgrade extends Command {
         }
         return argv;
     }
-    static buildDockerDownloadArgv(runtime, plan) {
-        const argv = [
-            '-y',
-            '--no-intro',
-            '--source',
-            'docker',
-            '--replace',
-            '--docker-registry',
-            plan.dockerRegistry,
-            '--version',
-            plan.downloadVersion,
-        ];
+    static buildDockerDownloadArgv(runtime, plan, options) {
+        const argv = ['-y', '--no-intro'];
+        if (options?.verbose) {
+            argv.push('--verbose');
+        }
+        argv.push('--source', 'docker', '--replace', '--docker-registry', plan.dockerRegistry, '--version', plan.downloadVersion);
         const dockerPlatform = normalizeDockerPlatform(runtime.env.config.dockerPlatform);
         if (dockerPlatform) {
             argv.push('--docker-platform', dockerPlatform);
@@ -329,6 +338,11 @@ export default class AppUpgrade extends Command {
         const dbDatabase = readEnvValue(runtime.env, 'dbDatabase');
         const dbUser = readEnvValue(runtime.env, 'dbUser');
         const dbPassword = readEnvValue(runtime.env, 'dbPassword');
+        const dbSchema = readEnvValue(runtime.env, 'dbSchema');
+        const dbTablePrefix = readEnvValue(runtime.env, 'dbTablePrefix');
+        const dbUnderscored = typeof runtime.env.config.dbUnderscored === 'boolean'
+            ? runtime.env.config.dbUnderscored
+            : undefined;
         const networkName = trimValue(runtime.dockerNetworkName || runtime.workspaceName);
         const missing = [];
         if (!networkName) {
@@ -384,7 +398,11 @@ export default class AppUpgrade extends Command {
         if (envFile) {
             args.push('--env-file', envFile);
         }
-        args.push('-e', `APP_KEY=${appKey}`, '-e', `DB_DIALECT=${dbDialect}`, '-e', `DB_HOST=${dbHost}`, '-e', `DB_PORT=${dbPort}`, '-e', `DB_DATABASE=${dbDatabase}`, '-e', `DB_USER=${dbUser}`, '-e', `DB_PASSWORD=${dbPassword}`, '-e', `TZ=${timeZone}`, '-v', `${storagePath}:${DOCKER_APP_STORAGE_DESTINATION}`, imageRef);
+        args.push('-e', `APP_KEY=${appKey}`, '-e', `DB_DIALECT=${dbDialect}`, '-e', `DB_HOST=${dbHost}`, '-e', `DB_PORT=${dbPort}`, '-e', `DB_DATABASE=${dbDatabase}`, '-e', `DB_USER=${dbUser}`, '-e', `DB_PASSWORD=${dbPassword}`, '-e', `TZ=${timeZone}`, '-v', `${storagePath}:${DOCKER_APP_STORAGE_DESTINATION}`);
+        pushOptionalEnvArg(args, 'DB_SCHEMA', dbSchema || undefined);
+        pushOptionalEnvArg(args, 'DB_TABLE_PREFIX', dbTablePrefix || undefined);
+        pushOptionalEnvArg(args, 'DB_UNDERSCORED', dbUnderscored);
+        args.push(imageRef);
         return {
             containerName: runtime.containerName,
             networkName,
@@ -422,7 +440,9 @@ export default class AppUpgrade extends Command {
         if (!flags['skip-code-update'] && (runtime.source === 'npm' || runtime.source === 'git')) {
             startTask(`Refreshing NocoBase files for "${runtime.envName}" from the saved ${runtime.source} source...`);
             try {
-                await runCommand('source:download', AppUpgrade.buildLocalDownloadArgv(runtime, downloadVersion));
+                await runCommand('source:download', AppUpgrade.buildLocalDownloadArgv(runtime, downloadVersion, {
+                    verbose: flags.verbose,
+                }));
                 succeedTask(`NocoBase files are up to date for "${runtime.envName}".`);
             }
             catch (error) {
@@ -468,7 +488,9 @@ export default class AppUpgrade extends Command {
             const plan = await AppUpgrade.buildDockerUpgradePlan(runtime, downloadVersion);
             startTask(`Refreshing the Docker image for "${runtime.envName}"...`);
             try {
-                await runCommand('source:download', AppUpgrade.buildDockerDownloadArgv(runtime, plan));
+                await runCommand('source:download', AppUpgrade.buildDockerDownloadArgv(runtime, plan, {
+                    verbose: flags.verbose,
+                }));
                 succeedTask(`Docker image is ready for "${runtime.envName}".`);
             }
             catch (error) {

package/dist/commands/backup/create.js

@@ -0,0 +1,147 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Command, Flags } from '@oclif/core';
+import { BACKUP_CREATE_TIMEOUT_MS, BACKUP_POLL_INTERVAL_MS, BACKUP_RUNTIME_COMMANDS, buildBackupEnvArgv, ensureBackupRuntimeCommands, resolveBackupCreateOutputPath, resolveBackupTargetEnv, runBackupCliJsonCommand, sleep, } from '../../lib/backup.js';
+import { ensureCrossEnvConfirmed, hasExplicitEnvSelection } from '../../lib/env-guard.js';
+import { announceTargetEnv, failTask, startTask, succeedTask, updateTask } from '../../lib/ui.js';
+function formatBackupCreateTimeoutError(envName, name) {
+    return [
+        `Backup "${name}" did not finish in time for "${envName}".`,
+        `Waited ${Math.floor(BACKUP_CREATE_TIMEOUT_MS / 1000)}s but it still reports \`inProgress: true\`.`,
+    ].join(' ');
+}
+function readBackupCreateResult(response) {
+    const name = String(response.data?.name ?? '').trim();
+    if (!name) {
+        throw new Error('Backup creation did not return a backup name.');
+    }
+    return {
+        name,
+        inProgress: Boolean(response.data?.inProgress),
+    };
+}
+function readBackupInProgress(response, name) {
+    const status = response.data?.[name];
+    if (!status || typeof status !== 'object') {
+        throw new Error(`Backup status did not include "${name}".`);
+    }
+    return Boolean(status.inProgress);
+}
+function readDownloadOutput(response) {
+    const output = String(response.data?.output ?? '').trim();
+    return output || undefined;
+}
+export default class BackupCreate extends Command {
+    static summary = 'Create a backup through the selected env and download it locally';
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> --output ./fixtures/base.nbdump',
+        '<%= config.bin %> <%= command.id %> --env e2e --output ./fixtures',
+    ];
+    static flags = {
+        env: Flags.string({
+            char: 'e',
+            description: 'CLI env name to back up. Defaults to the current env when omitted',
+        }),
+        yes: Flags.boolean({
+            char: 'y',
+            description: 'Confirm using --env when it targets a different env than the current env',
+            default: false,
+        }),
+        output: Flags.string({
+            char: 'o',
+            description: 'Download path. When omitted, save to the current directory using the remote backup filename',
+        }),
+        'json-output': Flags.boolean({
+            char: 'j',
+            description: 'Print the final backup result as JSON',
+            default: false,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(BackupCreate);
+        const requestedEnv = flags.env?.trim() || undefined;
+        const explicitEnvSelection = Boolean(requestedEnv && hasExplicitEnvSelection(this.argv));
+        const jsonOutput = Boolean(flags['json-output']);
+        if (explicitEnvSelection) {
+            const confirmed = await ensureCrossEnvConfirmed({
+                command: this,
+                requestedEnv,
+                yes: flags.yes,
+            });
+            if (!confirmed) {
+                return;
+            }
+        }
+        const { envName, env } = await resolveBackupTargetEnv(requestedEnv);
+        const envArgv = buildBackupEnvArgv({
+            requestedEnv,
+            explicitEnvSelection,
+            yes: flags.yes,
+        });
+        if (!jsonOutput) {
+            announceTargetEnv(envName);
+        }
+        await ensureBackupRuntimeCommands({
+            envName,
+            env,
+            commandIds: [
+                BACKUP_RUNTIME_COMMANDS.create,
+                BACKUP_RUNTIME_COMMANDS.status,
+                BACKUP_RUNTIME_COMMANDS.download,
+            ],
+            quiet: jsonOutput,
+        });
+        try {
+            if (!jsonOutput) {
+                startTask(`Creating backup for "${envName}"...`);
+            }
+            const createResponse = await runBackupCliJsonCommand(['api', 'backup', 'create', ...envArgv], { errorName: 'nb api backup create' });
+            const { name, inProgress } = readBackupCreateResult(createResponse);
+            const outputPath = await resolveBackupCreateOutputPath(flags.output, name);
+            const startedAt = Date.now();
+            let pending = inProgress;
+            while (pending) {
+                const now = Date.now();
+                const elapsedMs = now - startedAt;
+                if (elapsedMs >= BACKUP_CREATE_TIMEOUT_MS) {
+                    throw new Error(formatBackupCreateTimeoutError(envName, name));
+                }
+                const elapsedSeconds = Math.max(1, Math.floor(elapsedMs / 1000));
+                if (!jsonOutput) {
+                    updateTask(`Waiting for backup "${name}" to finish for "${envName}"... (${elapsedSeconds}s elapsed)`);
+                }
+                await sleep(BACKUP_POLL_INTERVAL_MS);
+                const statusResponse = await runBackupCliJsonCommand(['api', 'backup', 'status', '--name', name, ...envArgv], { errorName: 'nb api backup status' });
+                pending = readBackupInProgress(statusResponse, name);
+            }
+            if (!jsonOutput) {
+                updateTask(`Downloading backup "${name}" for "${envName}"...`);
+            }
+            const downloadResponse = await runBackupCliJsonCommand(['api', 'backup', 'download', '--name', name, '--output', outputPath, ...envArgv], { errorName: 'nb api backup download' });
+            const savedPath = readDownloadOutput(downloadResponse) ?? outputPath;
+            const result = {
+                env: envName,
+                name,
+                output: savedPath,
+            };
+            if (jsonOutput) {
+                this.log(JSON.stringify(result, null, 2));
+                return;
+            }
+            succeedTask(`Backup saved to ${savedPath}`);
+        }
+        catch (error) {
+            if (!jsonOutput) {
+                failTask(`Failed to create backup for "${envName}".`);
+            }
+            throw error;
+        }
+    }
+}

package/dist/commands/backup/index.js

@@ -0,0 +1,20 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Command, loadHelpClass } from '@oclif/core';
+export default class Backup extends Command {
+    static summary = 'Create or restore NocoBase backups';
+    async run() {
+        await this.parse(Backup);
+        const Help = await loadHelpClass(this.config);
+        await new Help(this.config, this.config.pjson.oclif.helpOptions ?? this.config.pjson.helpOptions).showHelp([
+            this.id ?? 'backup',
+            ...this.argv,
+        ]);
+    }
+}

package/dist/commands/backup/restore.js

@@ -0,0 +1,105 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Command, Flags } from '@oclif/core';
+import { BACKUP_RUNTIME_COMMANDS, buildBackupEnvArgv, ensureBackupRuntimeCommands, resolveBackupRestoreFilePath, resolveBackupTargetEnv, resolveBackupWaitApiBaseUrl, runBackupCliCommand, } from '../../lib/backup.js';
+import { waitForAppReady } from '../../lib/app-health.js';
+import { ensureCrossEnvConfirmed, hasExplicitEnvSelection } from '../../lib/env-guard.js';
+import { confirm } from "../../lib/inquirer.js";
+import { announceTargetEnv, failTask, isInteractiveTerminal, startTask, stopTask, succeedTask } from '../../lib/ui.js';
+async function confirmBackupRestore(envName, filePath, force) {
+    if (force) {
+        return true;
+    }
+    if (!isInteractiveTerminal()) {
+        throw new Error(`\`nb backup restore\` needs confirmation. Re-run with \`--force\` to restore ${filePath} into "${envName}" in non-interactive mode.`);
+    }
+    try {
+        return await confirm({
+            message: `Restore backup "${filePath}" into "${envName}"? This will overwrite application data.`,
+            default: false,
+        });
+    }
+    catch {
+        return false;
+    }
+}
+export default class BackupRestore extends Command {
+    static summary = 'Restore a backup file into the selected env';
+    static examples = [
+        '<%= config.bin %> <%= command.id %> --file ./fixtures/base.nbdump --force',
+        '<%= config.bin %> <%= command.id %> --env e2e --file ./fixtures/base.nbdump --yes --force',
+    ];
+    static flags = {
+        env: Flags.string({
+            char: 'e',
+            description: 'CLI env name to restore into. Defaults to the current env when omitted',
+        }),
+        yes: Flags.boolean({
+            char: 'y',
+            description: 'Confirm using --env when it targets a different env than the current env',
+            default: false,
+        }),
+        file: Flags.string({
+            char: 'f',
+            description: 'Local backup file to upload and restore',
+            required: true,
+        }),
+        force: Flags.boolean({
+            description: 'Confirm overwriting application data during restore',
+            default: false,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(BackupRestore);
+        const requestedEnv = flags.env?.trim() || undefined;
+        const explicitEnvSelection = Boolean(requestedEnv && hasExplicitEnvSelection(this.argv));
+        if (explicitEnvSelection) {
+            const confirmed = await ensureCrossEnvConfirmed({
+                command: this,
+                requestedEnv,
+                yes: flags.yes,
+            });
+            if (!confirmed) {
+                return;
+            }
+        }
+        const filePath = await resolveBackupRestoreFilePath(flags.file);
+        const { envName, env } = await resolveBackupTargetEnv(requestedEnv);
+        const restoreConfirmed = await confirmBackupRestore(envName, filePath, flags.force);
+        if (!restoreConfirmed) {
+            return;
+        }
+        const envArgv = buildBackupEnvArgv({
+            requestedEnv,
+            explicitEnvSelection,
+            yes: flags.yes,
+        });
+        announceTargetEnv(envName);
+        await ensureBackupRuntimeCommands({
+            envName,
+            env,
+            commandIds: [BACKUP_RUNTIME_COMMANDS.restoreUpload],
+        });
+        startTask(`Restoring backup for "${envName}" from ${filePath}...`);
+        try {
+            await runBackupCliCommand(['api', 'backup', 'restore-upload', '--file', filePath, '--force', ...envArgv], { errorName: 'nb api backup restore-upload' });
+            stopTask();
+            await waitForAppReady({
+                envName,
+                apiBaseUrl: resolveBackupWaitApiBaseUrl(env),
+            });
+            succeedTask(`Backup restored for "${envName}" from ${filePath}`);
+        }
+        catch (error) {
+            stopTask();
+            failTask(`Failed to restore backup for "${envName}".`);
+            throw error;
+        }
+    }
+}

package/dist/commands/env/add.js

@@ -13,7 +13,7 @@ import { buildStoredEnvConfig, } from '../../lib/env-config.js';
 import { runPromptCatalog, } from '../../lib/prompt-catalog.js';
 import { applyCliLocale, CLI_LOCALE_FLAG_DESCRIPTION, CLI_LOCALE_FLAG_OPTIONS, localeText, } from '../../lib/cli-locale.js';
 import { validateApiBaseUrl } from '../../lib/prompt-validators.js';
-import { printStage, printSuccess, printVerbose, setVerboseMode } from '../../lib/ui.js';
+import { printInfo, printStage, printSuccess, printVerbose, setVerboseMode } from '../../lib/ui.js';
 const ENV_RUNTIME_FLAG_MAP = {
     source: 'source',
     'download-version': 'downloadVersion',
@@ -33,6 +33,8 @@ const ENV_RUNTIME_FLAG_MAP = {
     'db-database': 'dbDatabase',
     'db-user': 'dbUser',
     'db-password': 'dbPassword',
+    'db-schema': 'dbSchema',
+    'db-table-prefix': 'dbTablePrefix',
     'root-username': 'rootUsername',
     'root-email': 'rootEmail',
     'root-password': 'rootPassword',
@@ -43,8 +45,26 @@ const ENV_BOOLEAN_RUNTIME_FLAG_MAP = {
     'dev-dependencies': 'devDependencies',
     build: 'build',
     'build-dts': 'buildDts',
+    'db-underscored': 'dbUnderscored',
 };
 const envAddText = (key, values) => localeText(`commands.envAdd.${key}`, values);
+const envAddAccessTokenPrompt = {
+    type: 'text',
+    message: envAddText('prompts.accessToken.message'),
+    required: true,
+    hidden: (values) => values.authType !== 'token' || values.skipAuth === true,
+};
+function formatDeferredAuthMessage(envName, authType) {
+    const normalizedAuthType = String(authType ?? '').trim();
+    const nextStep = `Authentication was skipped for env "${envName}". Run \`nb env auth ${envName}\` to finish setup.`;
+    if (normalizedAuthType === 'token') {
+        return `${nextStep} You will be prompted for an access token.`;
+    }
+    if (normalizedAuthType === 'oauth') {
+        return `${nextStep} A browser sign-in flow will be started.`;
+    }
+    return nextStep;
+}
 export default class EnvAdd extends Command {
     static summary = 'Save a named NocoBase API endpoint (token or OAuth), then switch the CLI to use it';
     static examples = [
@@ -97,6 +117,10 @@ export default class EnvAdd extends Command {
             aliases: ['token'],
             description: 'API key or access token when using --auth-type token (prompted in a TTY when omitted)',
         }),
+        'skip-auth': Flags.boolean({
+            description: 'Save the env now and finish authentication later with `nb env auth`',
+            default: false,
+        }),
         source: Flags.string({
             hidden: true,
             description: 'Application source saved with this env',
@@ -189,6 +213,19 @@ export default class EnvAdd extends Command {
             hidden: true,
             description: 'Database password saved with this env',
         }),
+        'db-schema': Flags.string({
+            hidden: true,
+            description: 'Database schema saved with this env',
+        }),
+        'db-table-prefix': Flags.string({
+            hidden: true,
+            description: 'Database table prefix saved with this env',
+        }),
+        'db-underscored': Flags.boolean({
+            allowNo: true,
+            hidden: true,
+            description: 'Whether this env uses underscored database naming',
+        }),
         'root-username': Flags.string({
             hidden: true,
             description: 'Initial root username saved with this env',
@@ -234,13 +271,7 @@ export default class EnvAdd extends Command {
             initialValue: 'oauth',
             required: true,
         },
-        accessToken: {
-            type: 'text',
-            message: envAddText('prompts.accessToken.message'),
-            placeholder: envAddText('prompts.accessToken.placeholder'),
-            required: true,
-            hidden: (values) => values.authType !== 'token',
-        },
+        accessToken: envAddAccessTokenPrompt,
     };
     buildPromptValues(nameArg, flags) {
         const values = {};
@@ -255,6 +286,9 @@ export default class EnvAdd extends Command {
         if (flags['auth-type']) {
             values.authType = flags['auth-type'];
         }
+        if (flags['skip-auth']) {
+            values.skipAuth = true;
+        }
         const token = flags['access-token'] ?? flags.token;
         if (typeof token === 'string' && token !== '') {
             values.accessToken = token;
@@ -269,6 +303,18 @@ export default class EnvAdd extends Command {
         }
         return initialValues;
     }
+    buildPromptCatalog(flags) {
+        if (!flags['skip-auth']) {
+            return EnvAdd.prompts;
+        }
+        return {
+            ...EnvAdd.prompts,
+            accessToken: {
+                ...envAddAccessTokenPrompt,
+                hidden: () => true,
+            },
+        };
+    }
     buildEnvConfig(results, flags) {
         const envConfigInput = {
             apiBaseUrl: results.apiBaseUrl,
@@ -288,12 +334,15 @@ export default class EnvAdd extends Command {
     async run() {
         const { args, flags } = await this.parse(EnvAdd);
         const parsedFlags = flags;
+        if (parsedFlags['skip-auth'] && (parsedFlags['access-token'] !== undefined || parsedFlags.token !== undefined)) {
+            this.error('--skip-auth cannot be used with --access-token or --token.');
+        }
         applyCliLocale(parsedFlags.locale);
         setVerboseMode(parsedFlags.verbose);
         if (!parsedFlags['no-intro']) {
             printStage('Connect to NocoBase');
         }
-        const results = await runPromptCatalog(EnvAdd.prompts, {
+        const results = await runPromptCatalog(this.buildPromptCatalog(parsedFlags), {
             values: this.buildPromptValues(args.name, parsedFlags),
             initialValues: this.buildPromptInitialValues(parsedFlags),
             command: this,
@@ -303,6 +352,11 @@ export default class EnvAdd extends Command {
         printVerbose(`Saving env "${envName}" globally.`);
         await upsertEnv(envName, envConfig, { scope: resolveDefaultConfigScope() });
         await setCurrentEnv(envName, { scope: resolveDefaultConfigScope() });
+        if (parsedFlags['skip-auth']) {
+            printSuccess(`✔ Env "${envName}" was saved.`);
+            printInfo(formatDeferredAuthMessage(envName, results.authType));
+            return;
+        }
         if (results.authType === 'oauth') {
             await this.config.runCommand('env:auth', [envName]);
         }

package/dist/commands/env/auth.js

@@ -7,15 +7,31 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 import { Args, Command, Flags } from '@oclif/core';
-import { getCurrentEnvName } from '../../lib/auth-store.js';
+import { getCurrentEnvName, getEnv, resolveConfiguredAuthType, updateEnvConnection, } from '../../lib/auth-store.js';
 import { resolveDefaultConfigScope } from '../../lib/cli-home.js';
 import { authenticateEnvWithOauth } from '../../lib/env-auth.js';
-import { failTask, printStage, startTask, succeedTask } from '../../lib/ui.js';
+import { runPromptCatalog } from '../../lib/prompt-catalog.js';
+import { failTask, printStage, startTask, stopTask, succeedTask } from '../../lib/ui.js';
+import EnvAdd from "./add.js";
+const envAuthPrompts = {
+    authType: EnvAdd.prompts.authType,
+    accessToken: EnvAdd.prompts.accessToken,
+};
+function resolveExplicitAuthType(value) {
+    return value === 'token' || value === 'oauth' ? value : undefined;
+}
+function formatMissingEnvMessage(envName) {
+    return [
+        `Env "${envName}" is not configured.`,
+        `Run \`nb env add ${envName} --api-base-url <url>\` first.`,
+    ].join('\n');
+}
 export default class EnvAuth extends Command {
-    static summary = 'Sign in to a saved NocoBase environment with OAuth';
+    static summary = 'Authenticate a saved NocoBase environment with a token or OAuth';
     static examples = [
         '<%= config.bin %> <%= command.id %>',
         '<%= config.bin %> <%= command.id %> prod',
+        '<%= config.bin %> <%= command.id %> prod --auth-type token --access-token <api-key>',
     ];
     static args = {
         name: Args.string({
@@ -30,6 +46,15 @@ export default class EnvAuth extends Command {
             deprecated: true,
             description: 'Environment name (same as the optional positional argument; for compatibility with -e/--env on other commands)',
         }),
+        'auth-type': Flags.string({
+            char: 'a',
+            description: 'Authentication: token (API key) or oauth (browser login)',
+            options: ['token', 'oauth'],
+        }),
+        'access-token': Flags.string({
+            char: 't',
+            description: 'API key or access token when using token authentication',
+        }),
     };
     async run() {
         const { args, flags } = await this.parse(EnvAuth);
@@ -38,18 +63,67 @@ export default class EnvAuth extends Command {
         if (nameArg && nameFlag && nameArg !== nameFlag) {
             this.error(`Environment name was provided both as the argument ("${nameArg}") and as --env ("${nameFlag}"). Please use only one.`);
         }
+        if (flags['auth-type'] === 'oauth' && flags['access-token'] !== undefined) {
+            this.error('--access-token cannot be used with --auth-type oauth.');
+        }
         const envName = nameArg || nameFlag || (await getCurrentEnvName({ scope: resolveDefaultConfigScope() }));
-        printStage('Signing in');
-        startTask(`Starting browser sign-in for "${envName}"...`);
+        const env = await getEnv(envName, { scope: resolveDefaultConfigScope() });
+        if (!env) {
+            this.error(formatMissingEnvMessage(envName));
+        }
+        const tokenFromFlags = flags['access-token'];
+        const tokenFlagProvided = tokenFromFlags !== undefined;
+        const tokenProvided = typeof tokenFromFlags === 'string' && tokenFromFlags !== '';
+        if (tokenFlagProvided && !tokenProvided) {
+            this.error('--access-token cannot be empty.');
+        }
+        const explicitAuthType = resolveExplicitAuthType(flags['auth-type']);
+        const savedAuthType = resolveConfiguredAuthType(env.config);
+        const resolvedAuthType = explicitAuthType ?? (tokenProvided ? 'token' : savedAuthType);
+        const prompted = (resolvedAuthType === 'oauth'
+            ? { authType: 'oauth' }
+            : resolvedAuthType === 'token' && tokenProvided
+                ? { authType: 'token', accessToken: tokenFromFlags }
+                : await runPromptCatalog(envAuthPrompts, {
+                    values: {
+                        ...(resolvedAuthType ? { authType: resolvedAuthType } : {}),
+                    },
+                    command: this,
+                })) ?? {};
+        const authType = resolveExplicitAuthType(prompted.authType ?? resolvedAuthType);
+        if (!authType) {
+            this.error('Choose an authentication type before continuing.');
+        }
+        printStage('Authenticating');
         try {
-            await authenticateEnvWithOauth({
-                envName,
-                scope: resolveDefaultConfigScope(),
-            });
-            succeedTask(`✔ Signed in to "${envName}".`);
+            if (authType === 'token') {
+                const accessToken = String(prompted.accessToken ?? tokenFromFlags ?? '');
+                if (accessToken.trim() === '') {
+                    this.error('--access-token cannot be empty.');
+                }
+                startTask(`Saving access token for "${envName}"...`);
+                await updateEnvConnection(envName, {
+                    authType: 'token',
+                    accessToken,
+                }, { scope: resolveDefaultConfigScope() });
+                stopTask();
+            }
+            else {
+                startTask(`Starting browser sign-in for "${envName}"...`);
+                await updateEnvConnection(envName, {
+                    authType: 'oauth',
+                }, { scope: resolveDefaultConfigScope() });
+                await authenticateEnvWithOauth({
+                    envName,
+                    scope: resolveDefaultConfigScope(),
+                });
+                stopTask();
+            }
+            await this.config.runCommand('env:update', [envName]);
+            succeedTask(`✔ Authenticated "${envName}".`);
         }
         catch (error) {
-            failTask(`Sign-in failed for "${envName}".`);
+            failTask(`Authentication failed for "${envName}".`);
             throw error;
         }
     }