npm - @orth/cli - Versions diffs - 0.2.16 → 0.2.18 - Mend

@orth/cli 0.2.16 → 0.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/commands/auth.js CHANGED Viewed

@@ -7,6 +7,7 @@ exports.loginCommand = loginCommand;
 exports.logoutCommand = logoutCommand;
 exports.whoamiCommand = whoamiCommand;
 const chalk_1 = __importDefault(require("chalk"));
+const crypto_1 = __importDefault(require("crypto"));
 const http_1 = __importDefault(require("http"));
 const config_js_1 = require("../config.js");
 const API_BASE = process.env.ORTH_API_URL || "https://api.orth.sh";
@@ -22,13 +23,33 @@ function openBrowser(url) {
         exec(`xdg-open "${url}"`);
 }
 async function browserLogin() {
+    // Generate a random state token to prevent CSRF
+    const state = crypto_1.default.randomBytes(32).toString("hex");
     return new Promise((resolve, reject) => {
-        // Find a random available port
         const server = http_1.default.createServer((req, res) => {
             const url = new URL(req.url || "/", `http://localhost`);
             if (url.pathname === "/callback") {
                 const key = url.searchParams.get("key");
                 const error = url.searchParams.get("error");
+                const returnedState = url.searchParams.get("state");
+                // Verify state token
+                if (returnedState !== state) {
+                    res.writeHead(403, { "Content-Type": "text/html" });
+                    res.end(`
+            <html>
+              <body style="font-family: -apple-system, sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; background: #f0f0f0;">
+                <div style="text-align: center; background: white; padding: 48px; border-radius: 16px; box-shadow: 0 4px 12px rgba(0,0,0,0.1);">
+                  <h1 style="font-size: 24px; margin: 0 0 8px; color: #e11d48;">Invalid Request</h1>
+                  <p style="color: #666; margin: 0;">State token mismatch. Please try again.</p>
+                </div>
+              </body>
+            </html>
+          `);
+                    console.log(chalk_1.default.red("\n✗ Login failed: state token mismatch"));
+                    server.close();
+                    reject(new Error("State token mismatch"));
+                    return;
+                }
                 if (key) {
                     // Send a nice HTML response
                     res.writeHead(200, { "Content-Type": "text/html" });
@@ -78,7 +99,7 @@ async function browserLogin() {
             }
             const port = address.port;
             const callbackUrl = `http://127.0.0.1:${port}/callback`;
-            const authUrl = `${WEB_BASE}/cli-auth?callback=${encodeURIComponent(callbackUrl)}`;
+            const authUrl = `${WEB_BASE}/cli-auth?callback=${encodeURIComponent(callbackUrl)}&state=${state}`;
             console.log(chalk_1.default.gray("Opening browser to authenticate..."));
             console.log(chalk_1.default.gray(`If it doesn't open, visit: ${authUrl}\n`));
             openBrowser(authUrl);

package/dist/commands/skills.d.ts CHANGED Viewed

@@ -20,6 +20,7 @@ export declare function skillsInitCommand(name: string | undefined, options: {
 export declare function skillsSubmitCommand(inputPath: string | undefined, options: {
     name?: string;
     tags?: string;
+    org?: string;
 }): Promise<void>;
 export declare function skillsPushCommand(slug: string, inputPath: string | undefined, options: {
     name?: string;

package/dist/commands/skills.js CHANGED Viewed

@@ -556,6 +556,7 @@ async function skillsSubmitCommand(inputPath, options) {
                 })),
                 tags,
                 discoverable: false,
+                ...(options.org ? { organizationId: options.org } : {}),
             },
         });
         spinner.stop();

package/dist/index.js CHANGED Viewed

@@ -174,6 +174,7 @@ skillsGroup
     .description("Submit a local skill to the Orthogonal platform")
     .option("-n, --name <name>", "Override skill name from frontmatter")
     .option("-t, --tags <tags>", "Comma-separated tags")
+    .option("--org <orgId>", "Submit to an organization instead of personal account")
     .action(asyncAction(async (inputPath, options) => {
     (0, analytics_js_1.trackEvent)("skills.submit", { path: inputPath });
     await (0, skills_js_1.skillsSubmitCommand)(inputPath, options);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@orth/cli",
-  "version": "0.2.16",
+  "version": "0.2.18",
   "description": "CLI to access all APIs and skills on the Orthogonal platform",
   "main": "dist/index.js",
   "bin": {