@papercraneai/cli 1.0.0

package/lib/pkce.js

@@ -0,0 +1,55 @@
+import crypto from 'crypto';
+
+/**
+ * Generates a cryptographically random code verifier for PKCE
+ * @param {number} length - Length of the code verifier (43-128 characters)
+ * @returns {string} Base64URL-encoded code verifier
+ */
+export function generateCodeVerifier(length = 128) {
+  const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+  const randomValues = crypto.randomBytes(length);
+  let result = '';
+
+  for (let i = 0; i < length; i++) {
+    result += charset[randomValues[i] % charset.length];
+  }
+
+  return result;
+}
+
+/**
+ * Generates a code challenge from a code verifier using SHA256
+ * @param {string} verifier - The code verifier
+ * @returns {string} Base64URL-encoded SHA256 hash of the verifier
+ */
+export function generateCodeChallenge(verifier) {
+  const hash = crypto.createHash('sha256').update(verifier).digest();
+  return base64URLEncode(hash);
+}
+
+/**
+ * Base64URL encodes a buffer
+ * @param {Buffer} buffer - Buffer to encode
+ * @returns {string} Base64URL-encoded string
+ */
+function base64URLEncode(buffer) {
+  return buffer
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+}
+
+/**
+ * Generates both code verifier and challenge for PKCE flow
+ * @returns {{verifier: string, challenge: string}} PKCE credentials
+ */
+export function generatePKCE() {
+  const verifier = generateCodeVerifier();
+  const challenge = generateCodeChallenge(verifier);
+
+  return {
+    verifier,
+    challenge
+  };
+}

package/lib/storage.js

@@ -0,0 +1,234 @@
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+import crypto from 'crypto';
+import { randomUUID } from 'crypto';
+
+const PAPERCRANE_DIR = path.join(os.homedir(), '.papercrane');
+const GOOGLE_DIR = path.join(PAPERCRANE_DIR, 'google');
+const FACEBOOK_DIR = path.join(PAPERCRANE_DIR, 'facebook');
+
+/**
+ * Ensures the storage directories exist
+ */
+export async function ensureStorageDirectories() {
+  await fs.mkdir(PAPERCRANE_DIR, { recursive: true });
+  await fs.mkdir(GOOGLE_DIR, { recursive: true });
+  await fs.mkdir(FACEBOOK_DIR, { recursive: true });
+}
+
+/**
+ * Saves Google OAuth credentials in Google SDK-compatible format
+ * @param {Object} credentials - The credentials to save
+ * @param {string} credentials.access_token - Access token
+ * @param {string} credentials.refresh_token - Refresh token
+ * @param {number} credentials.expires_in - Token expiration time in seconds
+ * @param {string} credentials.scope - Granted scopes
+ * @param {string} credentials.token_type - Token type
+ * @param {string} clientId - OAuth client ID
+ * @param {string} clientSecret - OAuth client secret
+ */
+export async function saveGoogleCredentials(credentials, clientId, clientSecret) {
+  await ensureStorageDirectories();
+
+  const timestamp = Date.now();
+  const expiresAt = timestamp + (credentials.expires_in * 1000);
+
+  // Format credentials for Google SDK compatibility
+  const credentialData = {
+    credential_id: randomUUID(),
+    type: 'authorized_user',
+    client_id: clientId,
+    client_secret: clientSecret,
+    refresh_token: credentials.refresh_token,
+    // Include additional fields for papercrane tracking
+    access_token: credentials.access_token,
+    expires_in: credentials.expires_in,
+    scope: credentials.scope,
+    token_type: credentials.token_type,
+    created_at: timestamp,
+    expires_at: expiresAt
+    // cloud_id: will be set after first push to cloud
+  };
+
+  // Generate a filename based on the scopes
+  // Sort scopes alphabetically and hash them to ensure consistency
+  const scopes = credentials.scope.split(' ').sort().join(' ');
+  const scopeHash = crypto.createHash('md5').update(scopes).digest('hex');
+  const filename = `credentials-${scopeHash}.json`;
+  const filepath = path.join(GOOGLE_DIR, filename);
+
+  await fs.writeFile(filepath, JSON.stringify(credentialData, null, 2));
+
+  return filepath;
+}
+
+/**
+ * Lists all stored Google credentials
+ * @returns {Promise<Array<{file: string, data: Object}>>}
+ */
+export async function listGoogleCredentials() {
+  try {
+    await ensureStorageDirectories();
+    const files = await fs.readdir(GOOGLE_DIR);
+    const jsonFiles = files.filter(f => f.endsWith('.json'));
+
+    const credentials = await Promise.all(
+      jsonFiles.map(async (file) => {
+        const filepath = path.join(GOOGLE_DIR, file);
+        const content = await fs.readFile(filepath, 'utf-8');
+        const data = JSON.parse(content);
+        return { file, filepath, data };
+      })
+    );
+
+    return credentials;
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return [];
+    }
+    throw error;
+  }
+}
+
+/**
+ * Gets the Google credentials directory path
+ * @returns {string}
+ */
+export function getGoogleCredentialsDir() {
+  return GOOGLE_DIR;
+}
+
+/**
+ * Saves Facebook OAuth credentials
+ * @param {Object} credentials - The credentials to save
+ * @param {string} credentials.access_token - Access token
+ * @param {number} credentials.expires_in - Token expiration time in seconds
+ * @param {string} credentials.token_type - Token type
+ * @param {string} appId - Facebook App ID
+ * @param {string} scope - Granted scopes (comma-separated)
+ */
+export async function saveFacebookCredentials(credentials, appId, scope) {
+  await ensureStorageDirectories();
+
+  const timestamp = Date.now();
+  const expiresAt = timestamp + (credentials.expires_in * 1000);
+
+  // Format credentials for Facebook SDK compatibility
+  const credentialData = {
+    credential_id: randomUUID(),
+    access_token: credentials.access_token,
+    token_type: credentials.token_type || 'bearer',
+    expires_in: credentials.expires_in,
+    scope: scope,
+    app_id: appId,
+    created_at: timestamp,
+    expires_at: expiresAt
+    // cloud_id: will be set after first push to cloud
+  };
+
+  // Generate a filename based on the scopes
+  const scopeHash = crypto.createHash('md5').update(scope).digest('hex');
+  const filename = `credentials-${scopeHash}.json`;
+  const filepath = path.join(FACEBOOK_DIR, filename);
+
+  await fs.writeFile(filepath, JSON.stringify(credentialData, null, 2));
+
+  return filepath;
+}
+
+/**
+ * Lists all stored Facebook credentials
+ * @returns {Promise<Array<{file: string, data: Object}>>}
+ */
+export async function listFacebookCredentials() {
+  try {
+    await ensureStorageDirectories();
+    const files = await fs.readdir(FACEBOOK_DIR);
+    const jsonFiles = files.filter(f => f.endsWith('.json'));
+
+    const credentials = await Promise.all(
+      jsonFiles.map(async (file) => {
+        const filepath = path.join(FACEBOOK_DIR, file);
+        const content = await fs.readFile(filepath, 'utf-8');
+        const data = JSON.parse(content);
+        return { file, filepath, data };
+      })
+    );
+
+    return credentials;
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return [];
+    }
+    throw error;
+  }
+}
+
+/**
+ * Gets the Facebook credentials directory path
+ * @returns {string}
+ */
+export function getFacebookCredentialsDir() {
+  return FACEBOOK_DIR;
+}
+
+/**
+ * Update a credential file with cloud_id after successful push
+ * @param {string} filepath - Path to the credential file
+ * @param {string} cloudId - The cloud ID returned from the server
+ */
+export async function updateCredentialCloudId(filepath, cloudId) {
+  const content = await fs.readFile(filepath, 'utf-8');
+  const data = JSON.parse(content);
+  data.cloud_id = cloudId;
+  await fs.writeFile(filepath, JSON.stringify(data, null, 2));
+}
+
+/**
+ * Check if a credential with the given cloud_id exists locally
+ * @param {string} cloudId - The cloud ID to search for
+ * @returns {Promise<boolean>}
+ */
+export async function hasLocalCredentialWithCloudId(cloudId) {
+  const allCreds = await getAllLocalCredentials();
+  return allCreds.some(cred => cred.data.cloud_id === cloudId);
+}
+
+/**
+ * Get all local credentials (both Google and Facebook)
+ * @returns {Promise<Array<{provider: string, file: string, filepath: string, data: Object}>>}
+ */
+export async function getAllLocalCredentials() {
+  const googleCreds = await listGoogleCredentials();
+  const facebookCreds = await listFacebookCredentials();
+
+  return [
+    ...googleCreds.map(c => ({ provider: 'google', ...c })),
+    ...facebookCreds.map(c => ({ provider: 'facebook', ...c }))
+  ];
+}
+
+/**
+ * Save a credential pulled from cloud
+ * @param {string} provider - Provider name ('google' or 'facebook')
+ * @param {Object} credentialData - The credential data including cloud_id
+ * @returns {Promise<string>} Path to saved file
+ */
+export async function saveCloudCredential(provider, credentialData) {
+  await ensureStorageDirectories();
+
+  const dir = provider === 'google' ? GOOGLE_DIR : FACEBOOK_DIR;
+  const scope = credentialData.scope || '';
+  const scopeHash = crypto.createHash('md5').update(scope).digest('hex');
+  const filename = `credentials-${scopeHash}.json`;
+  const filepath = path.join(dir, filename);
+
+  // Ensure credential_id exists (generate if cloud doesn't have one)
+  if (!credentialData.credential_id) {
+    credentialData.credential_id = randomUUID();
+  }
+
+  await fs.writeFile(filepath, JSON.stringify(credentialData, null, 2));
+  return filepath;
+}

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@papercraneai/cli",
+  "version": "1.0.0",
+  "description": "CLI tool for managing OAuth credentials for LLM integrations",
+  "main": "index.js",
+  "type": "module",
+  "bin": {
+    "papercrane": "./bin/papercrane.js"
+  },
+  "files": [
+    "bin",
+    "lib"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "start": "node bin/papercrane.js"
+  },
+  "keywords": ["oauth", "cli", "authentication", "google"],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.0.0",
+    "axios": "^1.6.0",
+    "chalk": "^4.1.2",
+    "inquirer": "^8.2.6",
+    "open": "^8.4.2"
+  }
+}