@sanity/cli 6.0.0-alpha.9 → 6.0.0

package/bin/run.js

@@ -21,9 +21,11 @@ function isSupportedNodeVersion(major, minor, patch) {
 }
 
 if (!isSupportedNodeVersion(majorVersion, minorVersion, patchVersion)) {
+  // eslint-disable-next-line no-console
   console.error(
     `${err}Node.js version >=20.19.1 <22 or >=22.12 required. You are running ${process.version}`,
   )
+  // eslint-disable-next-line no-console
   console.error('')
   process.exit(1)
 }

package/dist/SanityHelp.js

@@ -1,42 +1,70 @@
 import { Help } from '@oclif/core';
-export default class SanityHelp extends Help {
+import { getBinCommand, getRunningPackageManager } from '@sanity/cli-core/package-manager';
+// Running `oclif readme`, we don't want to apply the `prefixBinName` transformation,
+// as it will include whatever pm was used to spawn the script in the generated readme.
+// argv will contain something like [nodeBinPath, oclifBinPath, 'readme', …] so check
+// for 'readme' with a preceeding argument that includes 'oclif' to be sure.
+const IS_README_GENERATION = (process.argv[process.argv.indexOf('readme') - 1] ?? '').includes('oclif');
+/**
+ * Custom Help class for Sanity CLI that overrides the default help formatting to
+ * prefix the bin name (e.g., `npx sanity`, `yarn sanity`, etc.) in the help text,
+ * and to replace `sanity init` references with the appropriate `create` command
+ * for the detected package manager when needed.
+ *
+ * @internal
+ */ export default class SanityHelp extends Help {
     formatCommand(command) {
-        const help = super.formatCommand(command);
+        let help = super.formatCommand(command);
         // When `sanity init` is called, but originates from the `create-sanity`
         // package/binary (eg the one used by `npm create sanity@latest` etc), we want to
-        // customize the help text to show that command instead of `sanity init`. In the
-        // future we may also want to consider prefixing with `npx` etc for non-init
-        // commands - but leaving that for another day.
+        // customize the help text to show that command instead of `sanity init`.
         const isFromCreate = process.argv.includes('--from-create') && command.id === 'init';
-        if (!isFromCreate) {
-            return help;
+        if (isFromCreate) {
+            help = replaceInitWithCreateCommand(help);
         }
-        const createCmd = guessCreateCommand();
-        const flagSeparator = needsFlagSeparator() ? ' --' : '';
-        // First replace all `sanity init` references that ends with a newline with the
-        // create variant that does not include any flag separator (eg `--`). Then replace
-        // the other references that do. Most package managers do not require the `--`
-        // separator, but npm does. Only include it if we need to, as the commands look
-        // cleaner without it.
-        return help.replaceAll(/(\s+)sanity(\s+)init(\s*)\n/g, `$1${createCmd}$2\n`).replaceAll(/(\s+)sanity(\s+)init/g, `$1${createCmd}${flagSeparator}`);
+        return prefixBinName(help);
     }
+    formatRoot() {
+        return prefixBinName(super.formatRoot());
+    }
+    formatTopic(topic) {
+        return prefixBinName(super.formatTopic(topic));
+    }
+}
+/**
+ * @internal
+ */ export function prefixBinName(help) {
+    if (IS_README_GENERATION) return help;
+    const binCommand = getBinCommand();
+    if (binCommand === 'sanity') return help;
+    return help.replaceAll('$ sanity', `$ ${binCommand}`);
 }
-function guessPackageManager() {
-    const ua = process.env.npm_config_user_agent || '';
-    if (ua.includes('pnpm')) return 'pnpm';
-    if (ua.includes('yarn')) return 'yarn';
-    if (ua.includes('bun')) return 'bun';
-    if (ua.includes('npm')) return 'npm';
+/**
+ * Replace `sanity init` references in help text with the equivalent `create` command
+ * for the detected package manager. Lines ending in just `sanity init\n` (no flags)
+ * are replaced without a flag separator, while lines with flags get the separator
+ * (eg `--` for npm) so the flags are forwarded correctly.
+ *
+ * @internal
+ */ export function replaceInitWithCreateCommand(help) {
+    const createCmd = guessCreateCommand();
+    const flagSeparator = needsFlagSeparator() ? ' --' : '';
+    // First replace all `sanity init` references that ends with a newline with the
+    // create variant that does not include any flag separator (eg `--`). Then replace
+    // the other references that do. Most package managers do not require the `--`
+    // separator, but npm does. Only include it if we need to, as the commands look
+    // cleaner without it.
+    return help.replaceAll(/(\s+)sanity\s+init\s*\n/g, `$1${createCmd}\n`).replaceAll(/(\s+)sanity(\s+)init/g, `$1${createCmd}${flagSeparator}`);
 }
 function guessCreateCommand() {
-    const pm = guessPackageManager();
+    const pm = getRunningPackageManager();
     if (pm === 'yarn') return `yarn create sanity`;
     if (pm === 'bun') return `bun create sanity@latest`;
     if (pm === 'pnpm') return `pnpm create sanity@latest`;
     return `npm create sanity@latest`;
 }
 function needsFlagSeparator() {
-    const pm = guessPackageManager();
+    const pm = getRunningPackageManager();
     return pm === 'npm' || !pm;
 }
 

package/dist/SanityHelp.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/SanityHelp.ts"],"sourcesContent":["import {Command, Help} from '@oclif/core'\n\nexport default class SanityHelp extends Help {\n  protected formatCommand(command: Command.Loadable): string {\n    const help = super.formatCommand(command)\n\n    // When `sanity init` is called, but originates from the `create-sanity`\n    // package/binary (eg the one used by `npm create sanity@latest` etc), we want to\n    // customize the help text to show that command instead of `sanity init`. In the\n    // future we may also want to consider prefixing with `npx` etc for non-init\n    // commands - but leaving that for another day.\n    const isFromCreate = process.argv.includes('--from-create') && command.id === 'init'\n    if (!isFromCreate) {\n      return help\n    }\n\n    const createCmd = guessCreateCommand()\n    const flagSeparator = needsFlagSeparator() ? ' --' : ''\n\n    // First replace all `sanity init` references that ends with a newline with the\n    // create variant that does not include any flag separator (eg `--`). Then replace\n    // the other references that do. Most package managers do not require the `--`\n    // separator, but npm does. Only include it if we need to, as the commands look\n    // cleaner without it.\n    return help\n      .replaceAll(/(\\s+)sanity(\\s+)init(\\s*)\\n/g, `$1${createCmd}$2\\n`)\n      .replaceAll(/(\\s+)sanity(\\s+)init/g, `$1${createCmd}${flagSeparator}`)\n  }\n}\n\nfunction guessPackageManager() {\n  const ua = process.env.npm_config_user_agent || ''\n  if (ua.includes('pnpm')) return 'pnpm'\n  if (ua.includes('yarn')) return 'yarn'\n  if (ua.includes('bun')) return 'bun'\n  if (ua.includes('npm')) return 'npm'\n}\n\nfunction guessCreateCommand() {\n  const pm = guessPackageManager()\n  if (pm === 'yarn') return `yarn create sanity`\n  if (pm === 'bun') return `bun create sanity@latest`\n  if (pm === 'pnpm') return `pnpm create sanity@latest`\n  return `npm create sanity@latest`\n}\n\nfunction needsFlagSeparator() {\n  const pm = guessPackageManager()\n  return pm === 'npm' || !pm\n}\n"],"names":["Help","SanityHelp","formatCommand","command","help","isFromCreate","process","argv","includes","id","createCmd","guessCreateCommand","flagSeparator","needsFlagSeparator","replaceAll","guessPackageManager","ua","env","npm_config_user_agent","pm"],"mappings":"AAAA,SAAiBA,IAAI,QAAO,cAAa;AAEzC,eAAe,MAAMC,mBAAmBD;IAC5BE,cAAcC,OAAyB,EAAU;QACzD,MAAMC,OAAO,KAAK,CAACF,cAAcC;QAEjC,wEAAwE;QACxE,iFAAiF;QACjF,gFAAgF;QAChF,4EAA4E;QAC5E,+CAA+C;QAC/C,MAAME,eAAeC,QAAQC,IAAI,CAACC,QAAQ,CAAC,oBAAoBL,QAAQM,EAAE,KAAK;QAC9E,IAAI,CAACJ,cAAc;YACjB,OAAOD;QACT;QAEA,MAAMM,YAAYC;QAClB,MAAMC,gBAAgBC,uBAAuB,QAAQ;QAErD,+EAA+E;QAC/E,kFAAkF;QAClF,8EAA8E;QAC9E,+EAA+E;QAC/E,sBAAsB;QACtB,OAAOT,KACJU,UAAU,CAAC,gCAAgC,CAAC,EAAE,EAAEJ,UAAU,IAAI,CAAC,EAC/DI,UAAU,CAAC,yBAAyB,CAAC,EAAE,EAAEJ,YAAYE,eAAe;IACzE;AACF;AAEA,SAASG;IACP,MAAMC,KAAKV,QAAQW,GAAG,CAACC,qBAAqB,IAAI;IAChD,IAAIF,GAAGR,QAAQ,CAAC,SAAS,OAAO;IAChC,IAAIQ,GAAGR,QAAQ,CAAC,SAAS,OAAO;IAChC,IAAIQ,GAAGR,QAAQ,CAAC,QAAQ,OAAO;IAC/B,IAAIQ,GAAGR,QAAQ,CAAC,QAAQ,OAAO;AACjC;AAEA,SAASG;IACP,MAAMQ,KAAKJ;IACX,IAAII,OAAO,QAAQ,OAAO,CAAC,kBAAkB,CAAC;IAC9C,IAAIA,OAAO,OAAO,OAAO,CAAC,wBAAwB,CAAC;IACnD,IAAIA,OAAO,QAAQ,OAAO,CAAC,yBAAyB,CAAC;IACrD,OAAO,CAAC,wBAAwB,CAAC;AACnC;AAEA,SAASN;IACP,MAAMM,KAAKJ;IACX,OAAOI,OAAO,SAAS,CAACA;AAC1B"}
+{"version":3,"sources":["../src/SanityHelp.ts"],"sourcesContent":["import {Command, Help, Interfaces} from '@oclif/core'\nimport {getBinCommand, getRunningPackageManager} from '@sanity/cli-core/package-manager'\n\n// Running `oclif readme`, we don't want to apply the `prefixBinName` transformation,\n// as it will include whatever pm was used to spawn the script in the generated readme.\n// argv will contain something like [nodeBinPath, oclifBinPath, 'readme', …] so check\n// for 'readme' with a preceeding argument that includes 'oclif' to be sure.\nconst IS_README_GENERATION = (process.argv[process.argv.indexOf('readme') - 1] ?? '').includes(\n  'oclif',\n)\n\n/**\n * Custom Help class for Sanity CLI that overrides the default help formatting to\n * prefix the bin name (e.g., `npx sanity`, `yarn sanity`, etc.) in the help text,\n * and to replace `sanity init` references with the appropriate `create` command\n * for the detected package manager when needed.\n *\n * @internal\n */\nexport default class SanityHelp extends Help {\n  protected formatCommand(command: Command.Loadable): string {\n    let help = super.formatCommand(command)\n\n    // When `sanity init` is called, but originates from the `create-sanity`\n    // package/binary (eg the one used by `npm create sanity@latest` etc), we want to\n    // customize the help text to show that command instead of `sanity init`.\n    const isFromCreate = process.argv.includes('--from-create') && command.id === 'init'\n    if (isFromCreate) {\n      help = replaceInitWithCreateCommand(help)\n    }\n\n    return prefixBinName(help)\n  }\n\n  protected formatRoot(): string {\n    return prefixBinName(super.formatRoot())\n  }\n\n  protected formatTopic(topic: Interfaces.Topic): string {\n    return prefixBinName(super.formatTopic(topic))\n  }\n}\n\n/**\n * @internal\n */\nexport function prefixBinName(help: string): string {\n  if (IS_README_GENERATION) return help\n  const binCommand = getBinCommand()\n  if (binCommand === 'sanity') return help\n  return help.replaceAll('$ sanity', `$ ${binCommand}`)\n}\n\n/**\n * Replace `sanity init` references in help text with the equivalent `create` command\n * for the detected package manager. Lines ending in just `sanity init\\n` (no flags)\n * are replaced without a flag separator, while lines with flags get the separator\n * (eg `--` for npm) so the flags are forwarded correctly.\n *\n * @internal\n */\nexport function replaceInitWithCreateCommand(help: string): string {\n  const createCmd = guessCreateCommand()\n  const flagSeparator = needsFlagSeparator() ? ' --' : ''\n\n  // First replace all `sanity init` references that ends with a newline with the\n  // create variant that does not include any flag separator (eg `--`). Then replace\n  // the other references that do. Most package managers do not require the `--`\n  // separator, but npm does. Only include it if we need to, as the commands look\n  // cleaner without it.\n  return help\n    .replaceAll(/(\\s+)sanity\\s+init\\s*\\n/g, `$1${createCmd}\\n`)\n    .replaceAll(/(\\s+)sanity(\\s+)init/g, `$1${createCmd}${flagSeparator}`)\n}\n\nfunction guessCreateCommand() {\n  const pm = getRunningPackageManager()\n  if (pm === 'yarn') return `yarn create sanity`\n  if (pm === 'bun') return `bun create sanity@latest`\n  if (pm === 'pnpm') return `pnpm create sanity@latest`\n  return `npm create sanity@latest`\n}\n\nfunction needsFlagSeparator() {\n  const pm = getRunningPackageManager()\n  return pm === 'npm' || !pm\n}\n"],"names":["Help","getBinCommand","getRunningPackageManager","IS_README_GENERATION","process","argv","indexOf","includes","SanityHelp","formatCommand","command","help","isFromCreate","id","replaceInitWithCreateCommand","prefixBinName","formatRoot","formatTopic","topic","binCommand","replaceAll","createCmd","guessCreateCommand","flagSeparator","needsFlagSeparator","pm"],"mappings":"AAAA,SAAiBA,IAAI,QAAmB,cAAa;AACrD,SAAQC,aAAa,EAAEC,wBAAwB,QAAO,mCAAkC;AAExF,qFAAqF;AACrF,uFAAuF;AACvF,qFAAqF;AACrF,4EAA4E;AAC5E,MAAMC,uBAAuB,AAACC,CAAAA,QAAQC,IAAI,CAACD,QAAQC,IAAI,CAACC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAC,EAAGC,QAAQ,CAC5F;AAGF;;;;;;;CAOC,GACD,eAAe,MAAMC,mBAAmBR;IAC5BS,cAAcC,OAAyB,EAAU;QACzD,IAAIC,OAAO,KAAK,CAACF,cAAcC;QAE/B,wEAAwE;QACxE,iFAAiF;QACjF,yEAAyE;QACzE,MAAME,eAAeR,QAAQC,IAAI,CAACE,QAAQ,CAAC,oBAAoBG,QAAQG,EAAE,KAAK;QAC9E,IAAID,cAAc;YAChBD,OAAOG,6BAA6BH;QACtC;QAEA,OAAOI,cAAcJ;IACvB;IAEUK,aAAqB;QAC7B,OAAOD,cAAc,KAAK,CAACC;IAC7B;IAEUC,YAAYC,KAAuB,EAAU;QACrD,OAAOH,cAAc,KAAK,CAACE,YAAYC;IACzC;AACF;AAEA;;CAEC,GACD,OAAO,SAASH,cAAcJ,IAAY;IACxC,IAAIR,sBAAsB,OAAOQ;IACjC,MAAMQ,aAAalB;IACnB,IAAIkB,eAAe,UAAU,OAAOR;IACpC,OAAOA,KAAKS,UAAU,CAAC,YAAY,CAAC,EAAE,EAAED,YAAY;AACtD;AAEA;;;;;;;CAOC,GACD,OAAO,SAASL,6BAA6BH,IAAY;IACvD,MAAMU,YAAYC;IAClB,MAAMC,gBAAgBC,uBAAuB,QAAQ;IAErD,+EAA+E;IAC/E,kFAAkF;IAClF,8EAA8E;IAC9E,+EAA+E;IAC/E,sBAAsB;IACtB,OAAOb,KACJS,UAAU,CAAC,4BAA4B,CAAC,EAAE,EAAEC,UAAU,EAAE,CAAC,EACzDD,UAAU,CAAC,yBAAyB,CAAC,EAAE,EAAEC,YAAYE,eAAe;AACzE;AAEA,SAASD;IACP,MAAMG,KAAKvB;IACX,IAAIuB,OAAO,QAAQ,OAAO,CAAC,kBAAkB,CAAC;IAC9C,IAAIA,OAAO,OAAO,OAAO,CAAC,wBAAwB,CAAC;IACnD,IAAIA,OAAO,QAAQ,OAAO,CAAC,yBAAyB,CAAC;IACrD,OAAO,CAAC,wBAAwB,CAAC;AACnC;AAEA,SAASD;IACP,MAAMC,KAAKvB;IACX,OAAOuB,OAAO,SAAS,CAACA;AAC1B"}

package/dist/actions/auth/authServer.js

@@ -1,6 +1,7 @@
 import { createServer } from 'node:http';
 import os from 'node:os';
-import { subdebug } from '@sanity/cli-core';
+import { getSanityUrl, subdebug } from '@sanity/cli-core';
+import { getTokenDetails } from '../../services/auth.js';
 const debug = subdebug('auth');
 const callbackPorts = [
     4321,
@@ -30,13 +31,11 @@ const platformNames = {
  *
  * If we fail to bind to the first port, we retry with the next port in the list.
  *
- * @param options - Options for the server
+ * @param providerUrl - The URL of the login provider
  * @returns Resolves with HTTP server instance, a login URL to send user to, and a `token` promise
  * @internal
- */ export function startServerForTokenCallback(options) {
-    const { client, providerUrl } = options;
-    const { apiHost } = client.config();
-    const domain = apiHost.includes('.sanity.work') ? 'www.sanity.work' : 'www.sanity.io';
+ */ export function startServerForTokenCallback(providerUrl) {
+    const sanityUrl = getSanityUrl();
     const attemptPorts = [
         ...callbackPorts
     ];
@@ -52,7 +51,8 @@ const platformNames = {
         const server = createServer(async function onCallbackServerRequest(req, res) {
             function failLoginRequest(code = '') {
                 res.writeHead(303, 'See Other', {
-                    Location: `https://${domain}/login/error${code ? `?error=${code}` : ''}`
+                    Connection: 'close',
+                    Location: `${sanityUrl}/login/error${code ? `?error=${code}` : ''}`
                 });
                 res.end();
                 server.close();
@@ -60,6 +60,7 @@ const platformNames = {
             const url = new URL(req.url || '/', `http://localhost:${callbackPort}`);
             if (url.pathname !== callbackEndpoint) {
                 res.writeHead(404, 'Not Found', {
+                    Connection: 'close',
                     'Content-Type': 'text/plain'
                 });
                 res.write('404 Not Found');
@@ -69,25 +70,26 @@ const platformNames = {
             const absoluteTokenUrl = url.searchParams.get('url');
             if (!absoluteTokenUrl) {
                 failLoginRequest();
+                rejectToken(new Error('Missing callback URL'));
                 return;
             }
             const tokenUrl = new URL(absoluteTokenUrl);
             if (!tokenUrl.searchParams.has('sid')) {
                 failLoginRequest('NO_SESSION_ID');
+                rejectToken(new Error('Missing session ID in callback'));
                 return;
             }
             let token;
             try {
-                token = await client.request({
-                    uri: `/auth/fetch${tokenUrl.search}`
-                });
+                token = await getTokenDetails(tokenUrl.search);
             } catch (err) {
                 failLoginRequest('UNRESOLVED_SESSION');
                 rejectToken(err instanceof Error ? err : new Error(`Unknown error: ${err}`));
                 return;
             }
             res.writeHead(303, 'See Other', {
-                Location: `https://${domain}/login/success`
+                Connection: 'close',
+                Location: `${sanityUrl}/login/success`
             });
             res.end();
             server.close();
@@ -96,7 +98,8 @@ const platformNames = {
         server.on('listening', function onCallbackListen() {
             // Once the server is successfully listening on a port, we can return the promise.
             // We'll then await the _token promise_, while the server is running in the background.
-            const loginUrl = getLoginUrl(server, providerUrl);
+            const callbackUrl = getCallbackUrl(server);
+            const loginUrl = getLoginUrl(providerUrl, callbackUrl);
             resolve({
                 loginUrl,
                 server,
@@ -121,22 +124,16 @@ const platformNames = {
     });
 }
 /**
- * Get the login URL to send the user to for the given local auth token server.
+ * Get the login URL to send the user to for the given auth provider.
  *
  * The generated URL will include a label for the session that includes the
  * hostname and platform of the current computer, to help identify the session.
  *
- * @param server - The local auth token server
  * @param providerUrl - The URL of the login provider
+ * @param callbackUrl - The callback URL for the local auth token server
  * @returns The login URL
  * @internal
- */ function getLoginUrl(server, providerUrl) {
-    const serverUrl = server.address();
-    if (!serverUrl || typeof serverUrl === 'string') {
-        // Note: `serverUrl` is string only when binding to unix sockets,
-        // thus we can safely assume Something Is Wrong™ if it's a string
-        throw new Error('Failed to start auth callback server');
-    }
+ */ function getLoginUrl(providerUrl, callbackUrl) {
     // Build a login URL that redirects back back to OAuth flow on success
     const loginUrl = new URL(providerUrl);
     // Prefer `MacOS` over `darwin` etc
@@ -146,8 +143,17 @@ const platformNames = {
     const hostname = os.hostname().replaceAll(/\.(local|lan)$/g, '');
     loginUrl.searchParams.set('type', 'token');
     loginUrl.searchParams.set('label', `${hostname} / ${platform}`);
-    loginUrl.searchParams.set('origin', `http://localhost:${serverUrl.port}${callbackEndpoint}`);
+    loginUrl.searchParams.set('origin', callbackUrl.href);
     return loginUrl;
 }
+function getCallbackUrl(server) {
+    const serverUrl = server.address();
+    if (!serverUrl || typeof serverUrl === 'string') {
+        // Note: `serverUrl` is string only when binding to unix sockets,
+        // thus we can safely assume Something Is Wrong™ if it's a string
+        throw new Error('Failed to start auth callback server');
+    }
+    return new URL(callbackEndpoint, `http://localhost:${serverUrl.port}`);
+}
 
 //# sourceMappingURL=authServer.js.map

package/dist/actions/auth/authServer.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/actions/auth/authServer.ts"],"sourcesContent":["import {createServer, type Server} from 'node:http'\nimport os from 'node:os'\n\nimport {subdebug} from '@sanity/cli-core'\nimport {type SanityClient} from '@sanity/client'\n\nconst debug = subdebug('auth')\nconst callbackPorts = [4321, 4000, 3003, 1234, 8080, 13_333]\nconst callbackEndpoint = '/callback'\n\nconst platformNames: Record<string, string | undefined> = {\n  aix: 'AIX',\n  android: 'Android',\n  darwin: 'MacOS',\n  freebsd: 'FreeBSD',\n  linux: 'Linux',\n  openbsd: 'OpenBSD',\n  sunos: 'SunOS',\n  win32: 'Windows',\n}\n\n/**\n * The response shape from /auth/fetch\n *\n * @internal\n */\ninterface TokenDetails {\n  label: string\n  token: string\n}\n\n/**\n * Start a local HTTP server and wait for a request to the auth callback endpoint.\n * This happens by the user being sent to a login page with a callback URL that points to\n * this local server. This request includes a short-lived \"SID\" (session ID) that we then\n * do a request to the `/auth/fetch` endpoint with to get the actual auth token,\n * invalidating the SID in the process.\n *\n * If we fail to bind to the first port, we retry with the next port in the list.\n *\n * @param options - Options for the server\n * @returns Resolves with HTTP server instance, a login URL to send user to, and a `token` promise\n * @internal\n */\nexport function startServerForTokenCallback(options: {\n  client: SanityClient\n  providerUrl: string\n}): Promise<{loginUrl: URL; server: Server; token: Promise<TokenDetails>}> {\n  const {client, providerUrl} = options\n  const {apiHost} = client.config()\n  const domain = apiHost.includes('.sanity.work') ? 'www.sanity.work' : 'www.sanity.io'\n\n  const attemptPorts = [...callbackPorts]\n  let callbackPort = attemptPorts.shift()\n\n  // note: replace with `Promise.withResolvers()` when minimum Node.js is 22+\n  let resolveToken: (resolvedToken: PromiseLike<TokenDetails> | TokenDetails) => void\n  let rejectToken: (reason: Error) => void\n  const tokenPromise = new Promise<TokenDetails>((resolve, reject) => {\n    resolveToken = resolve\n    rejectToken = reject\n  })\n\n  return new Promise((resolve, reject) => {\n    const server = createServer(async function onCallbackServerRequest(req, res) {\n      function failLoginRequest(code = '') {\n        res.writeHead(303, 'See Other', {\n          Location: `https://${domain}/login/error${code ? `?error=${code}` : ''}`,\n        })\n        res.end()\n        server.close()\n      }\n\n      const url = new URL(req.url || '/', `http://localhost:${callbackPort}`)\n      if (url.pathname !== callbackEndpoint) {\n        res.writeHead(404, 'Not Found', {'Content-Type': 'text/plain'})\n        res.write('404 Not Found')\n        res.end()\n        return\n      }\n\n      const absoluteTokenUrl = url.searchParams.get('url')\n      if (!absoluteTokenUrl) {\n        failLoginRequest()\n        return\n      }\n\n      const tokenUrl = new URL(absoluteTokenUrl)\n      if (!tokenUrl.searchParams.has('sid')) {\n        failLoginRequest('NO_SESSION_ID')\n        return\n      }\n\n      let token: TokenDetails\n      try {\n        token = await client.request({uri: `/auth/fetch${tokenUrl.search}`})\n      } catch (err) {\n        failLoginRequest('UNRESOLVED_SESSION')\n        rejectToken(err instanceof Error ? err : new Error(`Unknown error: ${err}`))\n        return\n      }\n\n      res.writeHead(303, 'See Other', {Location: `https://${domain}/login/success`})\n      res.end()\n      server.close()\n      resolveToken(token)\n    })\n\n    server.on('listening', function onCallbackListen() {\n      // Once the server is successfully listening on a port, we can return the promise.\n      // We'll then await the _token promise_, while the server is running in the background.\n      const loginUrl = getLoginUrl(server, providerUrl)\n      resolve({loginUrl, server, token: tokenPromise})\n    })\n\n    server.on('error', function onCallbackServerError(err) {\n      if ('code' in err && err.code === 'EADDRINUSE') {\n        callbackPort = attemptPorts.shift()\n        if (!callbackPort) {\n          reject(new Error('Failed to find port number to bind auth callback server to'))\n          return\n        }\n\n        debug('Port busy, trying %d', callbackPort)\n        server.listen(callbackPort)\n      } else {\n        reject(err)\n      }\n    })\n\n    debug('Starting callback server on port %d', callbackPort)\n    server.listen(callbackPort)\n  })\n}\n\n/**\n * Get the login URL to send the user to for the given local auth token server.\n *\n * The generated URL will include a label for the session that includes the\n * hostname and platform of the current computer, to help identify the session.\n *\n * @param server - The local auth token server\n * @param providerUrl - The URL of the login provider\n * @returns The login URL\n * @internal\n */\nfunction getLoginUrl(server: Server, providerUrl: string): URL {\n  const serverUrl = server.address()\n  if (!serverUrl || typeof serverUrl === 'string') {\n    // Note: `serverUrl` is string only when binding to unix sockets,\n    // thus we can safely assume Something Is Wrong™ if it's a string\n    throw new Error('Failed to start auth callback server')\n  }\n\n  // Build a login URL that redirects back back to OAuth flow on success\n  const loginUrl = new URL(providerUrl)\n\n  // Prefer `MacOS` over `darwin` etc\n  const platformName = os.platform()\n  const platform = platformName in platformNames ? platformNames[platformName] : platformName\n\n  // Prefer `espens-macbook` over `espens-macbook.local`\n  const hostname = os.hostname().replaceAll(/\\.(local|lan)$/g, '')\n\n  loginUrl.searchParams.set('type', 'token')\n  loginUrl.searchParams.set('label', `${hostname} / ${platform}`)\n  loginUrl.searchParams.set('origin', `http://localhost:${serverUrl.port}${callbackEndpoint}`)\n\n  return loginUrl\n}\n"],"names":["createServer","os","subdebug","debug","callbackPorts","callbackEndpoint","platformNames","aix","android","darwin","freebsd","linux","openbsd","sunos","win32","startServerForTokenCallback","options","client","providerUrl","apiHost","config","domain","includes","attemptPorts","callbackPort","shift","resolveToken","rejectToken","tokenPromise","Promise","resolve","reject","server","onCallbackServerRequest","req","res","failLoginRequest","code","writeHead","Location","end","close","url","URL","pathname","write","absoluteTokenUrl","searchParams","get","tokenUrl","has","token","request","uri","search","err","Error","on","onCallbackListen","loginUrl","getLoginUrl","onCallbackServerError","listen","serverUrl","address","platformName","platform","hostname","replaceAll","set","port"],"mappings":"AAAA,SAAQA,YAAY,QAAoB,YAAW;AACnD,OAAOC,QAAQ,UAAS;AAExB,SAAQC,QAAQ,QAAO,mBAAkB;AAGzC,MAAMC,QAAQD,SAAS;AACvB,MAAME,gBAAgB;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;CAAO;AAC5D,MAAMC,mBAAmB;AAEzB,MAAMC,gBAAoD;IACxDC,KAAK;IACLC,SAAS;IACTC,QAAQ;IACRC,SAAS;IACTC,OAAO;IACPC,SAAS;IACTC,OAAO;IACPC,OAAO;AACT;AAYA;;;;;;;;;;;;CAYC,GACD,OAAO,SAASC,4BAA4BC,OAG3C;IACC,MAAM,EAACC,MAAM,EAAEC,WAAW,EAAC,GAAGF;IAC9B,MAAM,EAACG,OAAO,EAAC,GAAGF,OAAOG,MAAM;IAC/B,MAAMC,SAASF,QAAQG,QAAQ,CAAC,kBAAkB,oBAAoB;IAEtE,MAAMC,eAAe;WAAInB;KAAc;IACvC,IAAIoB,eAAeD,aAAaE,KAAK;IAErC,2EAA2E;IAC3E,IAAIC;IACJ,IAAIC;IACJ,MAAMC,eAAe,IAAIC,QAAsB,CAACC,SAASC;QACvDL,eAAeI;QACfH,cAAcI;IAChB;IAEA,OAAO,IAAIF,QAAQ,CAACC,SAASC;QAC3B,MAAMC,SAAShC,aAAa,eAAeiC,wBAAwBC,GAAG,EAAEC,GAAG;YACzE,SAASC,iBAAiBC,OAAO,EAAE;gBACjCF,IAAIG,SAAS,CAAC,KAAK,aAAa;oBAC9BC,UAAU,CAAC,QAAQ,EAAElB,OAAO,YAAY,EAAEgB,OAAO,CAAC,OAAO,EAAEA,MAAM,GAAG,IAAI;gBAC1E;gBACAF,IAAIK,GAAG;gBACPR,OAAOS,KAAK;YACd;YAEA,MAAMC,MAAM,IAAIC,IAAIT,IAAIQ,GAAG,IAAI,KAAK,CAAC,iBAAiB,EAAElB,cAAc;YACtE,IAAIkB,IAAIE,QAAQ,KAAKvC,kBAAkB;gBACrC8B,IAAIG,SAAS,CAAC,KAAK,aAAa;oBAAC,gBAAgB;gBAAY;gBAC7DH,IAAIU,KAAK,CAAC;gBACVV,IAAIK,GAAG;gBACP;YACF;YAEA,MAAMM,mBAAmBJ,IAAIK,YAAY,CAACC,GAAG,CAAC;YAC9C,IAAI,CAACF,kBAAkB;gBACrBV;gBACA;YACF;YAEA,MAAMa,WAAW,IAAIN,IAAIG;YACzB,IAAI,CAACG,SAASF,YAAY,CAACG,GAAG,CAAC,QAAQ;gBACrCd,iBAAiB;gBACjB;YACF;YAEA,IAAIe;YACJ,IAAI;gBACFA,QAAQ,MAAMlC,OAAOmC,OAAO,CAAC;oBAACC,KAAK,CAAC,WAAW,EAAEJ,SAASK,MAAM,EAAE;gBAAA;YACpE,EAAE,OAAOC,KAAK;gBACZnB,iBAAiB;gBACjBT,YAAY4B,eAAeC,QAAQD,MAAM,IAAIC,MAAM,CAAC,eAAe,EAAED,KAAK;gBAC1E;YACF;YAEApB,IAAIG,SAAS,CAAC,KAAK,aAAa;gBAACC,UAAU,CAAC,QAAQ,EAAElB,OAAO,cAAc,CAAC;YAAA;YAC5Ec,IAAIK,GAAG;YACPR,OAAOS,KAAK;YACZf,aAAayB;QACf;QAEAnB,OAAOyB,EAAE,CAAC,aAAa,SAASC;YAC9B,kFAAkF;YAClF,uFAAuF;YACvF,MAAMC,WAAWC,YAAY5B,QAAQd;YACrCY,QAAQ;gBAAC6B;gBAAU3B;gBAAQmB,OAAOvB;YAAY;QAChD;QAEAI,OAAOyB,EAAE,CAAC,SAAS,SAASI,sBAAsBN,GAAG;YACnD,IAAI,UAAUA,OAAOA,IAAIlB,IAAI,KAAK,cAAc;gBAC9Cb,eAAeD,aAAaE,KAAK;gBACjC,IAAI,CAACD,cAAc;oBACjBO,OAAO,IAAIyB,MAAM;oBACjB;gBACF;gBAEArD,MAAM,wBAAwBqB;gBAC9BQ,OAAO8B,MAAM,CAACtC;YAChB,OAAO;gBACLO,OAAOwB;YACT;QACF;QAEApD,MAAM,uCAAuCqB;QAC7CQ,OAAO8B,MAAM,CAACtC;IAChB;AACF;AAEA;;;;;;;;;;CAUC,GACD,SAASoC,YAAY5B,MAAc,EAAEd,WAAmB;IACtD,MAAM6C,YAAY/B,OAAOgC,OAAO;IAChC,IAAI,CAACD,aAAa,OAAOA,cAAc,UAAU;QAC/C,iEAAiE;QACjE,iEAAiE;QACjE,MAAM,IAAIP,MAAM;IAClB;IAEA,sEAAsE;IACtE,MAAMG,WAAW,IAAIhB,IAAIzB;IAEzB,mCAAmC;IACnC,MAAM+C,eAAehE,GAAGiE,QAAQ;IAChC,MAAMA,WAAWD,gBAAgB3D,gBAAgBA,aAAa,CAAC2D,aAAa,GAAGA;IAE/E,sDAAsD;IACtD,MAAME,WAAWlE,GAAGkE,QAAQ,GAAGC,UAAU,CAAC,mBAAmB;IAE7DT,SAASZ,YAAY,CAACsB,GAAG,CAAC,QAAQ;IAClCV,SAASZ,YAAY,CAACsB,GAAG,CAAC,SAAS,GAAGF,SAAS,GAAG,EAAED,UAAU;IAC9DP,SAASZ,YAAY,CAACsB,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAEN,UAAUO,IAAI,GAAGjE,kBAAkB;IAE3F,OAAOsD;AACT"}
+{"version":3,"sources":["../../../src/actions/auth/authServer.ts"],"sourcesContent":["import {createServer, type Server} from 'node:http'\nimport os from 'node:os'\n\nimport {getSanityUrl, subdebug} from '@sanity/cli-core'\n\nimport {getTokenDetails} from '../../services/auth.js'\nimport {type TokenDetails} from './types.js'\n\nconst debug = subdebug('auth')\nconst callbackPorts = [4321, 4000, 3003, 1234, 8080, 13_333]\nconst callbackEndpoint = '/callback'\n\nconst platformNames: Record<string, string | undefined> = {\n  aix: 'AIX',\n  android: 'Android',\n  darwin: 'MacOS',\n  freebsd: 'FreeBSD',\n  linux: 'Linux',\n  openbsd: 'OpenBSD',\n  sunos: 'SunOS',\n  win32: 'Windows',\n}\n\n/**\n * Start a local HTTP server and wait for a request to the auth callback endpoint.\n * This happens by the user being sent to a login page with a callback URL that points to\n * this local server. This request includes a short-lived \"SID\" (session ID) that we then\n * do a request to the `/auth/fetch` endpoint with to get the actual auth token,\n * invalidating the SID in the process.\n *\n * If we fail to bind to the first port, we retry with the next port in the list.\n *\n * @param providerUrl - The URL of the login provider\n * @returns Resolves with HTTP server instance, a login URL to send user to, and a `token` promise\n * @internal\n */\nexport function startServerForTokenCallback(\n  providerUrl: string,\n): Promise<{loginUrl: URL; server: Server; token: Promise<TokenDetails>}> {\n  const sanityUrl = getSanityUrl()\n\n  const attemptPorts = [...callbackPorts]\n  let callbackPort = attemptPorts.shift()\n\n  // note: replace with `Promise.withResolvers()` when minimum Node.js is 22+\n  let resolveToken: (resolvedToken: PromiseLike<TokenDetails> | TokenDetails) => void\n  let rejectToken: (reason: Error) => void\n  const tokenPromise = new Promise<TokenDetails>((resolve, reject) => {\n    resolveToken = resolve\n    rejectToken = reject\n  })\n\n  return new Promise((resolve, reject) => {\n    const server = createServer(async function onCallbackServerRequest(req, res) {\n      function failLoginRequest(code = '') {\n        res.writeHead(303, 'See Other', {\n          Connection: 'close',\n          Location: `${sanityUrl}/login/error${code ? `?error=${code}` : ''}`,\n        })\n        res.end()\n        server.close()\n      }\n\n      const url = new URL(req.url || '/', `http://localhost:${callbackPort}`)\n      if (url.pathname !== callbackEndpoint) {\n        res.writeHead(404, 'Not Found', {Connection: 'close', 'Content-Type': 'text/plain'})\n        res.write('404 Not Found')\n        res.end()\n        return\n      }\n\n      const absoluteTokenUrl = url.searchParams.get('url')\n      if (!absoluteTokenUrl) {\n        failLoginRequest()\n        rejectToken(new Error('Missing callback URL'))\n        return\n      }\n\n      const tokenUrl = new URL(absoluteTokenUrl)\n      if (!tokenUrl.searchParams.has('sid')) {\n        failLoginRequest('NO_SESSION_ID')\n        rejectToken(new Error('Missing session ID in callback'))\n        return\n      }\n\n      let token: TokenDetails\n      try {\n        token = await getTokenDetails(tokenUrl.search)\n      } catch (err) {\n        failLoginRequest('UNRESOLVED_SESSION')\n        rejectToken(err instanceof Error ? err : new Error(`Unknown error: ${err}`))\n        return\n      }\n\n      res.writeHead(303, 'See Other', {\n        Connection: 'close',\n        Location: `${sanityUrl}/login/success`,\n      })\n      res.end()\n      server.close()\n      resolveToken(token)\n    })\n\n    server.on('listening', function onCallbackListen() {\n      // Once the server is successfully listening on a port, we can return the promise.\n      // We'll then await the _token promise_, while the server is running in the background.\n      const callbackUrl = getCallbackUrl(server)\n      const loginUrl = getLoginUrl(providerUrl, callbackUrl)\n      resolve({loginUrl, server, token: tokenPromise})\n    })\n\n    server.on('error', function onCallbackServerError(err) {\n      if ('code' in err && err.code === 'EADDRINUSE') {\n        callbackPort = attemptPorts.shift()\n        if (!callbackPort) {\n          reject(new Error('Failed to find port number to bind auth callback server to'))\n          return\n        }\n\n        debug('Port busy, trying %d', callbackPort)\n        server.listen(callbackPort)\n      } else {\n        reject(err)\n      }\n    })\n\n    debug('Starting callback server on port %d', callbackPort)\n    server.listen(callbackPort)\n  })\n}\n\n/**\n * Get the login URL to send the user to for the given auth provider.\n *\n * The generated URL will include a label for the session that includes the\n * hostname and platform of the current computer, to help identify the session.\n *\n * @param providerUrl - The URL of the login provider\n * @param callbackUrl - The callback URL for the local auth token server\n * @returns The login URL\n * @internal\n */\nfunction getLoginUrl(providerUrl: string, callbackUrl: URL): URL {\n  // Build a login URL that redirects back back to OAuth flow on success\n  const loginUrl = new URL(providerUrl)\n\n  // Prefer `MacOS` over `darwin` etc\n  const platformName = os.platform()\n  const platform = platformName in platformNames ? platformNames[platformName] : platformName\n\n  // Prefer `espens-macbook` over `espens-macbook.local`\n  const hostname = os.hostname().replaceAll(/\\.(local|lan)$/g, '')\n\n  loginUrl.searchParams.set('type', 'token')\n  loginUrl.searchParams.set('label', `${hostname} / ${platform}`)\n  loginUrl.searchParams.set('origin', callbackUrl.href)\n\n  return loginUrl\n}\n\nfunction getCallbackUrl(server: Server): URL {\n  const serverUrl = server.address()\n  if (!serverUrl || typeof serverUrl === 'string') {\n    // Note: `serverUrl` is string only when binding to unix sockets,\n    // thus we can safely assume Something Is Wrong™ if it's a string\n    throw new Error('Failed to start auth callback server')\n  }\n\n  return new URL(callbackEndpoint, `http://localhost:${serverUrl.port}`)\n}\n"],"names":["createServer","os","getSanityUrl","subdebug","getTokenDetails","debug","callbackPorts","callbackEndpoint","platformNames","aix","android","darwin","freebsd","linux","openbsd","sunos","win32","startServerForTokenCallback","providerUrl","sanityUrl","attemptPorts","callbackPort","shift","resolveToken","rejectToken","tokenPromise","Promise","resolve","reject","server","onCallbackServerRequest","req","res","failLoginRequest","code","writeHead","Connection","Location","end","close","url","URL","pathname","write","absoluteTokenUrl","searchParams","get","Error","tokenUrl","has","token","search","err","on","onCallbackListen","callbackUrl","getCallbackUrl","loginUrl","getLoginUrl","onCallbackServerError","listen","platformName","platform","hostname","replaceAll","set","href","serverUrl","address","port"],"mappings":"AAAA,SAAQA,YAAY,QAAoB,YAAW;AACnD,OAAOC,QAAQ,UAAS;AAExB,SAAQC,YAAY,EAAEC,QAAQ,QAAO,mBAAkB;AAEvD,SAAQC,eAAe,QAAO,yBAAwB;AAGtD,MAAMC,QAAQF,SAAS;AACvB,MAAMG,gBAAgB;IAAC;IAAM;IAAM;IAAM;IAAM;IAAM;CAAO;AAC5D,MAAMC,mBAAmB;AAEzB,MAAMC,gBAAoD;IACxDC,KAAK;IACLC,SAAS;IACTC,QAAQ;IACRC,SAAS;IACTC,OAAO;IACPC,SAAS;IACTC,OAAO;IACPC,OAAO;AACT;AAEA;;;;;;;;;;;;CAYC,GACD,OAAO,SAASC,4BACdC,WAAmB;IAEnB,MAAMC,YAAYjB;IAElB,MAAMkB,eAAe;WAAId;KAAc;IACvC,IAAIe,eAAeD,aAAaE,KAAK;IAErC,2EAA2E;IAC3E,IAAIC;IACJ,IAAIC;IACJ,MAAMC,eAAe,IAAIC,QAAsB,CAACC,SAASC;QACvDL,eAAeI;QACfH,cAAcI;IAChB;IAEA,OAAO,IAAIF,QAAQ,CAACC,SAASC;QAC3B,MAAMC,SAAS7B,aAAa,eAAe8B,wBAAwBC,GAAG,EAAEC,GAAG;YACzE,SAASC,iBAAiBC,OAAO,EAAE;gBACjCF,IAAIG,SAAS,CAAC,KAAK,aAAa;oBAC9BC,YAAY;oBACZC,UAAU,GAAGlB,UAAU,YAAY,EAAEe,OAAO,CAAC,OAAO,EAAEA,MAAM,GAAG,IAAI;gBACrE;gBACAF,IAAIM,GAAG;gBACPT,OAAOU,KAAK;YACd;YAEA,MAAMC,MAAM,IAAIC,IAAIV,IAAIS,GAAG,IAAI,KAAK,CAAC,iBAAiB,EAAEnB,cAAc;YACtE,IAAImB,IAAIE,QAAQ,KAAKnC,kBAAkB;gBACrCyB,IAAIG,SAAS,CAAC,KAAK,aAAa;oBAACC,YAAY;oBAAS,gBAAgB;gBAAY;gBAClFJ,IAAIW,KAAK,CAAC;gBACVX,IAAIM,GAAG;gBACP;YACF;YAEA,MAAMM,mBAAmBJ,IAAIK,YAAY,CAACC,GAAG,CAAC;YAC9C,IAAI,CAACF,kBAAkB;gBACrBX;gBACAT,YAAY,IAAIuB,MAAM;gBACtB;YACF;YAEA,MAAMC,WAAW,IAAIP,IAAIG;YACzB,IAAI,CAACI,SAASH,YAAY,CAACI,GAAG,CAAC,QAAQ;gBACrChB,iBAAiB;gBACjBT,YAAY,IAAIuB,MAAM;gBACtB;YACF;YAEA,IAAIG;YACJ,IAAI;gBACFA,QAAQ,MAAM9C,gBAAgB4C,SAASG,MAAM;YAC/C,EAAE,OAAOC,KAAK;gBACZnB,iBAAiB;gBACjBT,YAAY4B,eAAeL,QAAQK,MAAM,IAAIL,MAAM,CAAC,eAAe,EAAEK,KAAK;gBAC1E;YACF;YAEApB,IAAIG,SAAS,CAAC,KAAK,aAAa;gBAC9BC,YAAY;gBACZC,UAAU,GAAGlB,UAAU,cAAc,CAAC;YACxC;YACAa,IAAIM,GAAG;YACPT,OAAOU,KAAK;YACZhB,aAAa2B;QACf;QAEArB,OAAOwB,EAAE,CAAC,aAAa,SAASC;YAC9B,kFAAkF;YAClF,uFAAuF;YACvF,MAAMC,cAAcC,eAAe3B;YACnC,MAAM4B,WAAWC,YAAYxC,aAAaqC;YAC1C5B,QAAQ;gBAAC8B;gBAAU5B;gBAAQqB,OAAOzB;YAAY;QAChD;QAEAI,OAAOwB,EAAE,CAAC,SAAS,SAASM,sBAAsBP,GAAG;YACnD,IAAI,UAAUA,OAAOA,IAAIlB,IAAI,KAAK,cAAc;gBAC9Cb,eAAeD,aAAaE,KAAK;gBACjC,IAAI,CAACD,cAAc;oBACjBO,OAAO,IAAImB,MAAM;oBACjB;gBACF;gBAEA1C,MAAM,wBAAwBgB;gBAC9BQ,OAAO+B,MAAM,CAACvC;YAChB,OAAO;gBACLO,OAAOwB;YACT;QACF;QAEA/C,MAAM,uCAAuCgB;QAC7CQ,OAAO+B,MAAM,CAACvC;IAChB;AACF;AAEA;;;;;;;;;;CAUC,GACD,SAASqC,YAAYxC,WAAmB,EAAEqC,WAAgB;IACxD,sEAAsE;IACtE,MAAME,WAAW,IAAIhB,IAAIvB;IAEzB,mCAAmC;IACnC,MAAM2C,eAAe5D,GAAG6D,QAAQ;IAChC,MAAMA,WAAWD,gBAAgBrD,gBAAgBA,aAAa,CAACqD,aAAa,GAAGA;IAE/E,sDAAsD;IACtD,MAAME,WAAW9D,GAAG8D,QAAQ,GAAGC,UAAU,CAAC,mBAAmB;IAE7DP,SAASZ,YAAY,CAACoB,GAAG,CAAC,QAAQ;IAClCR,SAASZ,YAAY,CAACoB,GAAG,CAAC,SAAS,GAAGF,SAAS,GAAG,EAAED,UAAU;IAC9DL,SAASZ,YAAY,CAACoB,GAAG,CAAC,UAAUV,YAAYW,IAAI;IAEpD,OAAOT;AACT;AAEA,SAASD,eAAe3B,MAAc;IACpC,MAAMsC,YAAYtC,OAAOuC,OAAO;IAChC,IAAI,CAACD,aAAa,OAAOA,cAAc,UAAU;QAC/C,iEAAiE;QACjE,iEAAiE;QACjE,MAAM,IAAIpB,MAAM;IAClB;IAEA,OAAO,IAAIN,IAAIlC,kBAAkB,CAAC,iBAAiB,EAAE4D,UAAUE,IAAI,EAAE;AACvE"}

package/dist/actions/auth/login/getProvider.js

@@ -1,54 +1,65 @@
+import { subdebug } from '@sanity/cli-core';
 import { input, spinner } from '@sanity/cli-core/ux';
+import { promptForProviders } from '../../../prompts/promptForProviders.js';
+import { getProviders, getVercelProviderUrl } from '../../../services/auth.js';
 import { getSSOProvider } from './getSSOProvider.js';
-import { promptProviders } from './promptProviders.js';
+const debug = subdebug('login:getProvider');
 /**
  * Prompt the user to select a login provider, or use the specified provider if given.
  *
  * @param options - Options for the provider resolve operation
  * @returns Promise that resolves to the selected login provider
  * @internal
- */ export async function getProvider({ client, experimental, orgSlug, specifiedProvider }) {
-    if (orgSlug) {
-        return getSSOProvider({
-            client,
-            orgSlug
-        });
+ */ export async function getProvider({ experimental, orgSlug, specifiedProvider }) {
+    if (specifiedProvider === 'vercel') {
+        return {
+            name: 'vercel',
+            title: 'Vercel',
+            url: await getVercelProviderUrl()
+        };
     }
-    // Fetch and prompt for login provider to use
-    const spin = spinner('Fetching providers...').start();
-    let { providers } = await client.request({
-        uri: '/auth/providers'
-    });
-    if (experimental) {
-        providers = [
-            ...providers,
-            {
-                name: 'sso',
-                title: 'SSO',
-                url: '_not_used_'
+    let spin;
+    try {
+        if (orgSlug) {
+            return getSSOProvider(orgSlug);
+        }
+        spin = spinner('Fetching providers...').start();
+        // Fetch and prompt for login provider to use
+        let { providers } = await getProviders();
+        if (experimental) {
+            providers = [
+                ...providers,
+                {
+                    name: 'sso',
+                    title: 'SSO',
+                    url: '_not_used_'
+                }
+            ];
+        }
+        spin.stop();
+        if (specifiedProvider) {
+            const provider = providers.find((prov)=>prov.name === specifiedProvider);
+            if (!provider) {
+                throw new Error(`Cannot find login provider with name "${specifiedProvider}"`);
             }
-        ];
-    }
-    spin.stop();
-    const providerNames = providers.map((prov)=>prov.name);
-    if (specifiedProvider && providerNames.includes(specifiedProvider)) {
-        const provider = providers.find((prov)=>prov.name === specifiedProvider);
-        if (!provider) {
-            throw new Error(`Cannot find login provider with name "${specifiedProvider}"`);
+            return provider;
+        }
+        if (providers.length === 0) {
+            return undefined;
+        }
+        const provider = await promptForProviders(providers);
+        if (provider.name === 'sso') {
+            const orgSlug = await input({
+                message: 'Organization slug:'
+            });
+            return getSSOProvider(orgSlug);
         }
         return provider;
+    } catch (err) {
+        spin?.stop();
+        debug('Error retrieving providers', err);
+        throw err;
     }
-    const provider = await promptProviders(providers);
-    if (provider.name === 'sso') {
-        const orgSlug = await input({
-            message: 'Organization slug:'
-        });
-        return getSSOProvider({
-            client,
-            orgSlug
-        });
-    }
-    return provider;
 }
 
 //# sourceMappingURL=getProvider.js.map

package/dist/actions/auth/login/getProvider.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/actions/auth/login/getProvider.ts"],"sourcesContent":["import {input, spinner} from '@sanity/cli-core/ux'\nimport {type SanityClient} from '@sanity/client'\n\nimport {type LoginProvider, type ProvidersResponse} from '../types.js'\nimport {getSSOProvider} from './getSSOProvider.js'\nimport {promptProviders} from './promptProviders.js'\n\n/**\n * Prompt the user to select a login provider, or use the specified provider if given.\n *\n * @param options - Options for the provider resolve operation\n * @returns Promise that resolves to the selected login provider\n * @internal\n */\nexport async function getProvider({\n  client,\n  experimental,\n  orgSlug,\n  specifiedProvider,\n}: {\n  client: SanityClient\n  experimental: boolean | undefined\n  orgSlug: string | undefined\n  specifiedProvider: string | undefined\n}): Promise<LoginProvider | undefined> {\n  if (orgSlug) {\n    return getSSOProvider({client, orgSlug})\n  }\n\n  // Fetch and prompt for login provider to use\n  const spin = spinner('Fetching providers...').start()\n  let {providers} = await client.request<ProvidersResponse>({uri: '/auth/providers'})\n  if (experimental) {\n    providers = [...providers, {name: 'sso', title: 'SSO', url: '_not_used_'}]\n  }\n  spin.stop()\n\n  const providerNames = providers.map((prov) => prov.name)\n\n  if (specifiedProvider && providerNames.includes(specifiedProvider)) {\n    const provider = providers.find((prov) => prov.name === specifiedProvider)\n\n    if (!provider) {\n      throw new Error(`Cannot find login provider with name \"${specifiedProvider}\"`)\n    }\n\n    return provider\n  }\n\n  const provider = await promptProviders(providers)\n  if (provider.name === 'sso') {\n    const orgSlug = await input({message: 'Organization slug:'})\n    return getSSOProvider({client, orgSlug})\n  }\n\n  return provider\n}\n"],"names":["input","spinner","getSSOProvider","promptProviders","getProvider","client","experimental","orgSlug","specifiedProvider","spin","start","providers","request","uri","name","title","url","stop","providerNames","map","prov","includes","provider","find","Error","message"],"mappings":"AAAA,SAAQA,KAAK,EAAEC,OAAO,QAAO,sBAAqB;AAIlD,SAAQC,cAAc,QAAO,sBAAqB;AAClD,SAAQC,eAAe,QAAO,uBAAsB;AAEpD;;;;;;CAMC,GACD,OAAO,eAAeC,YAAY,EAChCC,MAAM,EACNC,YAAY,EACZC,OAAO,EACPC,iBAAiB,EAMlB;IACC,IAAID,SAAS;QACX,OAAOL,eAAe;YAACG;YAAQE;QAAO;IACxC;IAEA,6CAA6C;IAC7C,MAAME,OAAOR,QAAQ,yBAAyBS,KAAK;IACnD,IAAI,EAACC,SAAS,EAAC,GAAG,MAAMN,OAAOO,OAAO,CAAoB;QAACC,KAAK;IAAiB;IACjF,IAAIP,cAAc;QAChBK,YAAY;eAAIA;YAAW;gBAACG,MAAM;gBAAOC,OAAO;gBAAOC,KAAK;YAAY;SAAE;IAC5E;IACAP,KAAKQ,IAAI;IAET,MAAMC,gBAAgBP,UAAUQ,GAAG,CAAC,CAACC,OAASA,KAAKN,IAAI;IAEvD,IAAIN,qBAAqBU,cAAcG,QAAQ,CAACb,oBAAoB;QAClE,MAAMc,WAAWX,UAAUY,IAAI,CAAC,CAACH,OAASA,KAAKN,IAAI,KAAKN;QAExD,IAAI,CAACc,UAAU;YACb,MAAM,IAAIE,MAAM,CAAC,sCAAsC,EAAEhB,kBAAkB,CAAC,CAAC;QAC/E;QAEA,OAAOc;IACT;IAEA,MAAMA,WAAW,MAAMnB,gBAAgBQ;IACvC,IAAIW,SAASR,IAAI,KAAK,OAAO;QAC3B,MAAMP,UAAU,MAAMP,MAAM;YAACyB,SAAS;QAAoB;QAC1D,OAAOvB,eAAe;YAACG;YAAQE;QAAO;IACxC;IAEA,OAAOe;AACT"}
+{"version":3,"sources":["../../../../src/actions/auth/login/getProvider.ts"],"sourcesContent":["import {subdebug} from '@sanity/cli-core'\nimport {input, spinner, type SpinnerInstance} from '@sanity/cli-core/ux'\n\nimport {promptForProviders} from '../../../prompts/promptForProviders.js'\nimport {getProviders, getVercelProviderUrl} from '../../../services/auth.js'\nimport {type LoginProvider} from '../types.js'\nimport {getSSOProvider} from './getSSOProvider.js'\n\nconst debug = subdebug('login:getProvider')\n\n/**\n * Prompt the user to select a login provider, or use the specified provider if given.\n *\n * @param options - Options for the provider resolve operation\n * @returns Promise that resolves to the selected login provider\n * @internal\n */\nexport async function getProvider({\n  experimental,\n  orgSlug,\n  specifiedProvider,\n}: {\n  experimental: boolean | undefined\n  orgSlug: string | undefined\n  specifiedProvider: string | undefined\n}): Promise<LoginProvider | undefined> {\n  if (specifiedProvider === 'vercel') {\n    return {\n      name: 'vercel',\n      title: 'Vercel',\n      url: await getVercelProviderUrl(),\n    }\n  }\n\n  let spin: SpinnerInstance | undefined\n\n  try {\n    if (orgSlug) {\n      return getSSOProvider(orgSlug)\n    }\n\n    spin = spinner('Fetching providers...').start()\n    // Fetch and prompt for login provider to use\n    let {providers} = await getProviders()\n    if (experimental) {\n      providers = [...providers, {name: 'sso', title: 'SSO', url: '_not_used_'}]\n    }\n    spin.stop()\n\n    if (specifiedProvider) {\n      const provider = providers.find((prov) => prov.name === specifiedProvider)\n      if (!provider) {\n        throw new Error(`Cannot find login provider with name \"${specifiedProvider}\"`)\n      }\n      return provider\n    }\n\n    if (providers.length === 0) {\n      return undefined\n    }\n\n    const provider = await promptForProviders(providers)\n    if (provider.name === 'sso') {\n      const orgSlug = await input({message: 'Organization slug:'})\n      return getSSOProvider(orgSlug)\n    }\n\n    return provider\n  } catch (err) {\n    spin?.stop()\n    debug('Error retrieving providers', err)\n    throw err\n  }\n}\n"],"names":["subdebug","input","spinner","promptForProviders","getProviders","getVercelProviderUrl","getSSOProvider","debug","getProvider","experimental","orgSlug","specifiedProvider","name","title","url","spin","start","providers","stop","provider","find","prov","Error","length","undefined","message","err"],"mappings":"AAAA,SAAQA,QAAQ,QAAO,mBAAkB;AACzC,SAAQC,KAAK,EAAEC,OAAO,QAA6B,sBAAqB;AAExE,SAAQC,kBAAkB,QAAO,yCAAwC;AACzE,SAAQC,YAAY,EAAEC,oBAAoB,QAAO,4BAA2B;AAE5E,SAAQC,cAAc,QAAO,sBAAqB;AAElD,MAAMC,QAAQP,SAAS;AAEvB;;;;;;CAMC,GACD,OAAO,eAAeQ,YAAY,EAChCC,YAAY,EACZC,OAAO,EACPC,iBAAiB,EAKlB;IACC,IAAIA,sBAAsB,UAAU;QAClC,OAAO;YACLC,MAAM;YACNC,OAAO;YACPC,KAAK,MAAMT;QACb;IACF;IAEA,IAAIU;IAEJ,IAAI;QACF,IAAIL,SAAS;YACX,OAAOJ,eAAeI;QACxB;QAEAK,OAAOb,QAAQ,yBAAyBc,KAAK;QAC7C,6CAA6C;QAC7C,IAAI,EAACC,SAAS,EAAC,GAAG,MAAMb;QACxB,IAAIK,cAAc;YAChBQ,YAAY;mBAAIA;gBAAW;oBAACL,MAAM;oBAAOC,OAAO;oBAAOC,KAAK;gBAAY;aAAE;QAC5E;QACAC,KAAKG,IAAI;QAET,IAAIP,mBAAmB;YACrB,MAAMQ,WAAWF,UAAUG,IAAI,CAAC,CAACC,OAASA,KAAKT,IAAI,KAAKD;YACxD,IAAI,CAACQ,UAAU;gBACb,MAAM,IAAIG,MAAM,CAAC,sCAAsC,EAAEX,kBAAkB,CAAC,CAAC;YAC/E;YACA,OAAOQ;QACT;QAEA,IAAIF,UAAUM,MAAM,KAAK,GAAG;YAC1B,OAAOC;QACT;QAEA,MAAML,WAAW,MAAMhB,mBAAmBc;QAC1C,IAAIE,SAASP,IAAI,KAAK,OAAO;YAC3B,MAAMF,UAAU,MAAMT,MAAM;gBAACwB,SAAS;YAAoB;YAC1D,OAAOnB,eAAeI;QACxB;QAEA,OAAOS;IACT,EAAE,OAAOO,KAAK;QACZX,MAAMG;QACNX,MAAM,8BAA8BmB;QACpC,MAAMA;IACR;AACF"}

package/dist/actions/auth/login/getSSOProvider.js

@@ -1,30 +1,36 @@
+import { subdebug } from '@sanity/cli-core';
 import { select } from '@sanity/cli-core/ux';
+import { getSSOProviders } from '../../../services/auth.js';
 import { samlProviderToLoginProvider } from './samlProviderToLoginProvider.js';
+const debug = subdebug('login:getSSOProvider');
 /**
  * Get the SSO provider for the given slug
  *
- * @param options - Options for the provider resolve operation
+ * @param orgSlug - The slug of the organization to get the SSO provider for
  * @returns Promise that resolves to the SSO provider
  * @internal
- */ export async function getSSOProvider({ client, orgSlug }) {
-    const providers = await client.request({
-        uri: `/auth/organizations/by-slug/${orgSlug}/providers`
-    });
-    const enabledProviders = providers.filter((candidate)=>!candidate.disabled);
-    if (enabledProviders.length === 0) {
-        return undefined;
+ */ export async function getSSOProvider(orgSlug) {
+    try {
+        const providers = await getSSOProviders(orgSlug);
+        const enabledProviders = providers.filter((candidate)=>!candidate.disabled);
+        if (enabledProviders.length === 0) {
+            return undefined;
+        }
+        if (enabledProviders.length === 1) {
+            return samlProviderToLoginProvider(enabledProviders[0]);
+        }
+        const selectedProvider = await select({
+            choices: enabledProviders.map((provider)=>({
+                    name: provider.name,
+                    value: provider
+                })),
+            message: 'Select SSO provider'
+        });
+        return samlProviderToLoginProvider(selectedProvider);
+    } catch (err) {
+        debug('Error retrieving SSO Providers: %O', err);
+        throw err;
     }
-    if (enabledProviders.length === 1) {
-        return samlProviderToLoginProvider(enabledProviders[0]);
-    }
-    const selectedProvider = await select({
-        choices: enabledProviders.map((provider)=>({
-                name: provider.name,
-                value: provider
-            })),
-        message: 'Select SSO provider'
-    });
-    return selectedProvider ? samlProviderToLoginProvider(selectedProvider) : undefined;
 }
 
 //# sourceMappingURL=getSSOProvider.js.map

package/dist/actions/auth/login/getSSOProvider.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/actions/auth/login/getSSOProvider.ts"],"sourcesContent":["import {select} from '@sanity/cli-core/ux'\nimport {type SanityClient} from '@sanity/client'\n\nimport {type LoginProvider, type SamlLoginProvider} from '../types.js'\nimport {samlProviderToLoginProvider} from './samlProviderToLoginProvider.js'\n\n/**\n * Get the SSO provider for the given slug\n *\n * @param options - Options for the provider resolve operation\n * @returns Promise that resolves to the SSO provider\n * @internal\n */\nexport async function getSSOProvider({\n  client,\n  orgSlug,\n}: {\n  client: SanityClient\n  orgSlug: string\n}): Promise<LoginProvider | undefined> {\n  const providers = await client.request<SamlLoginProvider[]>({\n    uri: `/auth/organizations/by-slug/${orgSlug}/providers`,\n  })\n\n  const enabledProviders = providers.filter((candidate) => !candidate.disabled)\n  if (enabledProviders.length === 0) {\n    return undefined\n  }\n\n  if (enabledProviders.length === 1) {\n    return samlProviderToLoginProvider(enabledProviders[0])\n  }\n\n  const selectedProvider = await select({\n    choices: enabledProviders.map((provider) => ({name: provider.name, value: provider})),\n    message: 'Select SSO provider',\n  })\n\n  return selectedProvider ? samlProviderToLoginProvider(selectedProvider) : undefined\n}\n"],"names":["select","samlProviderToLoginProvider","getSSOProvider","client","orgSlug","providers","request","uri","enabledProviders","filter","candidate","disabled","length","undefined","selectedProvider","choices","map","provider","name","value","message"],"mappings":"AAAA,SAAQA,MAAM,QAAO,sBAAqB;AAI1C,SAAQC,2BAA2B,QAAO,mCAAkC;AAE5E;;;;;;CAMC,GACD,OAAO,eAAeC,eAAe,EACnCC,MAAM,EACNC,OAAO,EAIR;IACC,MAAMC,YAAY,MAAMF,OAAOG,OAAO,CAAsB;QAC1DC,KAAK,CAAC,4BAA4B,EAAEH,QAAQ,UAAU,CAAC;IACzD;IAEA,MAAMI,mBAAmBH,UAAUI,MAAM,CAAC,CAACC,YAAc,CAACA,UAAUC,QAAQ;IAC5E,IAAIH,iBAAiBI,MAAM,KAAK,GAAG;QACjC,OAAOC;IACT;IAEA,IAAIL,iBAAiBI,MAAM,KAAK,GAAG;QACjC,OAAOX,4BAA4BO,gBAAgB,CAAC,EAAE;IACxD;IAEA,MAAMM,mBAAmB,MAAMd,OAAO;QACpCe,SAASP,iBAAiBQ,GAAG,CAAC,CAACC,WAAc,CAAA;gBAACC,MAAMD,SAASC,IAAI;gBAAEC,OAAOF;YAAQ,CAAA;QAClFG,SAAS;IACX;IAEA,OAAON,mBAAmBb,4BAA4Ba,oBAAoBD;AAC5E"}
+{"version":3,"sources":["../../../../src/actions/auth/login/getSSOProvider.ts"],"sourcesContent":["import {subdebug} from '@sanity/cli-core'\nimport {select} from '@sanity/cli-core/ux'\n\nimport {getSSOProviders} from '../../../services/auth.js'\nimport {type LoginProvider} from '../types.js'\nimport {samlProviderToLoginProvider} from './samlProviderToLoginProvider.js'\n\nconst debug = subdebug('login:getSSOProvider')\n\n/**\n * Get the SSO provider for the given slug\n *\n * @param orgSlug - The slug of the organization to get the SSO provider for\n * @returns Promise that resolves to the SSO provider\n * @internal\n */\nexport async function getSSOProvider(orgSlug: string): Promise<LoginProvider | undefined> {\n  try {\n    const providers = await getSSOProviders(orgSlug)\n\n    const enabledProviders = providers.filter((candidate) => !candidate.disabled)\n    if (enabledProviders.length === 0) {\n      return undefined\n    }\n\n    if (enabledProviders.length === 1) {\n      return samlProviderToLoginProvider(enabledProviders[0])\n    }\n\n    const selectedProvider = await select({\n      choices: enabledProviders.map((provider) => ({name: provider.name, value: provider})),\n      message: 'Select SSO provider',\n    })\n\n    return samlProviderToLoginProvider(selectedProvider)\n  } catch (err) {\n    debug('Error retrieving SSO Providers: %O', err)\n    throw err\n  }\n}\n"],"names":["subdebug","select","getSSOProviders","samlProviderToLoginProvider","debug","getSSOProvider","orgSlug","providers","enabledProviders","filter","candidate","disabled","length","undefined","selectedProvider","choices","map","provider","name","value","message","err"],"mappings":"AAAA,SAAQA,QAAQ,QAAO,mBAAkB;AACzC,SAAQC,MAAM,QAAO,sBAAqB;AAE1C,SAAQC,eAAe,QAAO,4BAA2B;AAEzD,SAAQC,2BAA2B,QAAO,mCAAkC;AAE5E,MAAMC,QAAQJ,SAAS;AAEvB;;;;;;CAMC,GACD,OAAO,eAAeK,eAAeC,OAAe;IAClD,IAAI;QACF,MAAMC,YAAY,MAAML,gBAAgBI;QAExC,MAAME,mBAAmBD,UAAUE,MAAM,CAAC,CAACC,YAAc,CAACA,UAAUC,QAAQ;QAC5E,IAAIH,iBAAiBI,MAAM,KAAK,GAAG;YACjC,OAAOC;QACT;QAEA,IAAIL,iBAAiBI,MAAM,KAAK,GAAG;YACjC,OAAOT,4BAA4BK,gBAAgB,CAAC,EAAE;QACxD;QAEA,MAAMM,mBAAmB,MAAMb,OAAO;YACpCc,SAASP,iBAAiBQ,GAAG,CAAC,CAACC,WAAc,CAAA;oBAACC,MAAMD,SAASC,IAAI;oBAAEC,OAAOF;gBAAQ,CAAA;YAClFG,SAAS;QACX;QAEA,OAAOjB,4BAA4BW;IACrC,EAAE,OAAOO,KAAK;QACZjB,MAAM,sCAAsCiB;QAC5C,MAAMA;IACR;AACF"}

package/dist/actions/auth/login/login.js

@@ -1,11 +1,12 @@
-import { getCliToken, getGlobalCliClient, setConfig } from '@sanity/cli-core';
+import { getCliToken, setCliUserConfig, subdebug } from '@sanity/cli-core';
 import { spinner } from '@sanity/cli-core/ux';
 import open from 'open';
+import { logout } from '../../../services/auth.js';
 import { LoginTrace } from '../../../telemetry/login.telemetry.js';
 import { canLaunchBrowser } from '../../../util/canLaunchBrowser.js';
 import { startServerForTokenCallback } from '../authServer.js';
 import { getProvider } from './getProvider.js';
-const LOGIN_API_VERSION = '2024-02-01';
+const debug = subdebug('login');
 /**
  * Trigger the authentication flow for the CLI.
  *
@@ -21,15 +22,7 @@ const LOGIN_API_VERSION = '2024-02-01';
     const hasExistingToken = Boolean(previousToken);
     const trace = telemetry.trace(LoginTrace);
     trace.start();
-    // We explicitly want to use an unauthenticated client here, even if we already logged in
-    const globalClient = await getGlobalCliClient({
-        apiVersion: LOGIN_API_VERSION
-    });
-    const client = globalClient.withConfig({
-        token: undefined
-    });
     const provider = await getProvider({
-        client,
         experimental: options.experimental,
         orgSlug: options.sso,
         specifiedProvider: options.provider
@@ -41,19 +34,10 @@ const LOGIN_API_VERSION = '2024-02-01';
     if (provider === undefined) {
         throw new Error('No authentication providers found');
     }
-    const { loginUrl, server, token: tokenPromise } = await startServerForTokenCallback({
-        client,
-        providerUrl: provider.url
-    });
+    const { loginUrl, server, token: tokenPromise } = await startServerForTokenCallback(provider.url);
     trace.log({
         step: 'waitForToken'
     });
-    const serverUrl = server.address();
-    if (!serverUrl || typeof serverUrl === 'string') {
-        // Note: `serverUrl` is string only when binding to unix sockets,
-        // thus we can safely assume Something Is Wrong™ if it's a string
-        throw new Error('Failed to start auth callback server');
-    }
     // Open a browser on the login page (or tell the user to)
     const shouldLaunchBrowser = canLaunchBrowser() && options.open !== false;
     const actionText = shouldLaunchBrowser ? 'Opening browser at' : 'Please open a browser at';
@@ -70,25 +54,20 @@ const LOGIN_API_VERSION = '2024-02-01';
     } catch (err) {
         spin.stop();
         trace.error(err);
-        throw err instanceof Error ? new Error(`Login failed: ${err.message}`, {
-            cause: err
-        }) : new Error(`${err}`);
+        debug('Error retrieving token: %O', err);
+        throw err;
     } finally{
-        server.close();
-        server.unref();
+        await new Promise((resolve)=>{
+            server.close(()=>resolve());
+        });
     }
     // Store the token
-    await setConfig('authToken', authToken);
+    await setCliUserConfig('authToken', authToken);
     // Clear cached telemetry consent
-    await setConfig('telemetryConsent', undefined);
+    await setCliUserConfig('telemetryConsent', undefined);
     // If we had a session previously, attempt to clear it
     if (hasExistingToken) {
-        await globalClient.withConfig({
-            token: previousToken
-        }).request({
-            method: 'POST',
-            uri: '/auth/logout'
-        }).catch((err)=>{
+        await logout(previousToken).catch((err)=>{
             const statusCode = err && err.response && err.response.statusCode;
             if (statusCode !== 401) {
                 output.warn('Failed to invalidate previous session');