npm - @secretstash/cli - Versions diffs - 0.1.2 → 0.1.4 - Mend

@secretstash/cli 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +104 -96
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -8,8 +8,9 @@ import { fileURLToPath } from "url";
 import { dirname as dirname2, join as join2 } from "path";
 // src/commands/auth.ts
-import { prompt } from "enquirer";
+import enquirer from "enquirer";
 import qrcode from "qrcode-terminal";
+import { execFile } from "child_process";
 // src/config.ts
 import Conf from "conf";
@@ -385,6 +386,18 @@ var ApiClient = class {
       requireAuth: false
     });
   }
+  // Browser-based CLI auth endpoints
+  async initBrowserAuth() {
+    return this.request("/api/v1/cli/auth/init", {
+      method: "POST",
+      requireAuth: false
+    });
+  }
+  async checkBrowserAuthStatus(code) {
+    return this.request(`/api/v1/cli/auth/status/${code}`, {
+      requireAuth: false
+    });
+  }
   async verify2FA(tempToken, code) {
     return this.request("/api/auth/2fa/verify", {
       method: "POST",
@@ -817,7 +830,81 @@ var ui = {
 };
 // src/commands/auth.ts
+var { prompt } = enquirer;
 var SERVICE_TOKEN_PREFIX = "stk_";
+function openBrowser(url) {
+  const opener = process.platform === "darwin" ? "open" : process.platform === "win32" ? "powershell" : "xdg-open";
+  const args = process.platform === "win32" ? ["-Command", "Start-Process", url] : [url];
+  execFile(opener, args, (error) => {
+    if (error) {
+      ui.warning("Could not open browser automatically");
+      ui.info(`Please open this URL manually: ${colors.highlight(url)}`);
+    }
+  });
+}
+async function handleBrowserLogin() {
+  ui.heading("SecretStash Login");
+  ui.br();
+  const initSpinner = ui.spinner("Starting authentication...");
+  const initResult = await apiClient.initBrowserAuth();
+  if (initResult.error) {
+    initSpinner.fail();
+    ui.error(initResult.error.message);
+    process.exit(1);
+  }
+  initSpinner.succeed("Authentication session started");
+  const { code, authUrl, expiresIn } = initResult.data;
+  ui.br();
+  ui.box("Browser Authentication", [
+    "A browser window will open for you to sign in.",
+    "If it doesn't open automatically, visit:",
+    "",
+    `  ${colors.highlight(authUrl)}`,
+    "",
+    `Code: ${colors.primary.bold(code)}`,
+    "",
+    colors.muted(`This code expires in ${Math.floor(expiresIn / 60)} minutes`)
+  ]);
+  openBrowser(authUrl);
+  ui.br();
+  const pollSpinner = ui.spinner("Waiting for authentication...");
+  const pollInterval = 2e3;
+  const maxAttempts = Math.floor(expiresIn * 1e3 / pollInterval);
+  let attempts = 0;
+  while (attempts < maxAttempts) {
+    await new Promise((resolve) => setTimeout(resolve, pollInterval));
+    attempts++;
+    const statusResult = await apiClient.checkBrowserAuthStatus(code);
+    if (statusResult.error) {
+      if (statusResult.error.code === "EXPIRED" || statusResult.error.code === "NOT_FOUND") {
+        pollSpinner.fail();
+        ui.error("Authentication session expired. Please try again.");
+        process.exit(1);
+      }
+      continue;
+    }
+    const { status, accessToken, refreshToken, expiresIn: tokenExpiry, user } = statusResult.data;
+    if (status === "completed" && accessToken && refreshToken && user) {
+      pollSpinner.succeed("Authentication successful!");
+      configManager.setTokens(accessToken, refreshToken, tokenExpiry || 3600);
+      configManager.setUser(user.id, user.email);
+      ui.br();
+      ui.keyValue("Email", user.email);
+      ui.keyValue("Config", configManager.getConfigPath());
+      ui.br();
+      ui.info(`Run ${ui.code("sstash teams")} to see your teams`);
+      return;
+    }
+    if (status === "expired") {
+      pollSpinner.fail();
+      ui.error("Authentication session expired. Please try again.");
+      process.exit(1);
+    }
+  }
+  pollSpinner.fail();
+  ui.error("Authentication timed out. Please try again.");
+  process.exit(1);
+}
 async function handleServiceTokenLogin(token, fromEnvVar = false) {
   ui.heading("SecretStash Service Token Login");
   if (!token.startsWith(SERVICE_TOKEN_PREFIX)) {
@@ -865,7 +952,7 @@ async function handleServiceTokenLogin(token, fromEnvVar = false) {
   ]);
 }
 function registerAuthCommands(program2) {
-  program2.command("login").description("Authenticate with SecretStash").option("-e, --email <email>", "Email address").option("-t, --token <token>", "Service token for CI/CD authentication (must start with stk_)").action(async (options) => {
+  program2.command("login").description("Authenticate with SecretStash via browser (supports passkeys and 2FA)").option("-t, --token <token>", "Service token for CI/CD authentication (must start with stk_)").action(async (options) => {
     if (options.token) {
       await handleServiceTokenLogin(options.token);
       return;
@@ -874,93 +961,7 @@ function registerAuthCommands(program2) {
       await handleServiceTokenLogin(process.env.SECRETSTASH_TOKEN, true);
       return;
     }
-    ui.heading("SecretStash Login");
-    let email = options.email;
-    if (!email) {
-      const response = await prompt({
-        type: "input",
-        name: "email",
-        message: "Email:",
-        validate: (value) => {
-          if (!value) return "Email is required";
-          if (!value.includes("@")) return "Invalid email format";
-          return true;
-        }
-      });
-      email = response.email;
-    }
-    const { password } = await prompt({
-      type: "password",
-      name: "password",
-      message: "Password:",
-      validate: (value) => value ? true : "Password is required"
-    });
-    const spinner = ui.spinner("Authenticating...");
-    const result = await apiClient.login(email, password);
-    if (result.error) {
-      spinner.fail();
-      if (result.error.code === "CLI_2FA_REQUIRED") {
-        ui.br();
-        ui.box("Two-Factor Authentication Required", [
-          "CLI access requires two-factor authentication.",
-          "",
-          "To set up 2FA:",
-          `  1. Visit ${colors.highlight("https://app.secretstash.dev/settings/security")}`,
-          "  2. Enable two-factor authentication",
-          "  3. Return here and try again",
-          "",
-          colors.muted("For CI/CD pipelines, use service tokens instead:"),
-          `  ${colors.highlight("sstash login --token <service-token>")}`
-        ]);
-        process.exit(1);
-      }
-      ui.error(result.error.message);
-      process.exit(1);
-    }
-    if (result.data?.requires2FA) {
-      spinner.stop();
-      ui.info("Two-factor authentication required");
-      const { code } = await prompt({
-        type: "input",
-        name: "code",
-        message: "2FA Code:",
-        validate: (value) => {
-          if (!value) return "2FA code is required";
-          if (!/^\d{6}$/.test(value)) return "Code must be 6 digits";
-          return true;
-        }
-      });
-      const spinner2 = ui.spinner("Verifying...");
-      const twoFAResult = await apiClient.verify2FA(
-        result.data.tempToken,
-        code
-      );
-      if (twoFAResult.error) {
-        spinner2.fail();
-        ui.error(twoFAResult.error.message);
-        process.exit(1);
-      }
-      configManager.setTokens(
-        twoFAResult.data.accessToken,
-        twoFAResult.data.refreshToken,
-        twoFAResult.data.expiresIn
-      );
-      configManager.setUser(twoFAResult.data.user.id, twoFAResult.data.user.email);
-      spinner2.succeed("Logged in successfully");
-    } else {
-      configManager.setTokens(
-        result.data.accessToken,
-        result.data.refreshToken,
-        result.data.expiresIn
-      );
-      configManager.setUser(result.data.user.id, result.data.user.email);
-      spinner.succeed("Logged in successfully");
-    }
-    ui.br();
-    ui.keyValue("Email", email);
-    ui.keyValue("Config", configManager.getConfigPath());
-    ui.br();
-    ui.info(`Run ${ui.code("sstash teams")} to see your teams`);
+    await handleBrowserLogin();
   });
   program2.command("logout").description("Log out from SecretStash").action(async () => {
     if (!configManager.isAuthenticated()) {
@@ -1134,7 +1135,8 @@ function registerAuthCommands(program2) {
 }
 // src/commands/teams.ts
-import { prompt as prompt2 } from "enquirer";
+import enquirer2 from "enquirer";
+var { prompt: prompt2 } = enquirer2;
 function registerTeamCommands(program2) {
   const teams = program2.command("teams").description("Manage teams");
   teams.command("list").alias("ls").description("List all teams you belong to").action(async () => {
@@ -1449,7 +1451,8 @@ function registerTeamCommands(program2) {
 }
 // src/commands/projects.ts
-import { prompt as prompt3 } from "enquirer";
+import enquirer3 from "enquirer";
+var { prompt: prompt3 } = enquirer3;
 function requireTeam() {
   const team = configManager.getCurrentTeam();
   if (!team) {
@@ -1644,7 +1647,8 @@ function registerProjectCommands(program2) {
 }
 // src/commands/environments.ts
-import { prompt as prompt4 } from "enquirer";
+import enquirer4 from "enquirer";
+var { prompt: prompt4 } = enquirer4;
 function requireProject() {
   const project = configManager.getCurrentProject();
   if (!project) {
@@ -1943,10 +1947,11 @@ function registerEnvironmentCommands(program2) {
 }
 // src/commands/secrets.ts
-import { prompt as prompt5 } from "enquirer";
+import enquirer5 from "enquirer";
 import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2 } from "fs";
 import { spawn } from "child_process";
 import yaml from "js-yaml";
+var { prompt: prompt5 } = enquirer5;
 function requireContext() {
   const teamSlug = projectConfig.getEffectiveTeam();
   const projectSlug = projectConfig.getEffectiveProject();
@@ -2987,7 +2992,8 @@ function registerSecretCommands(program2) {
 }
 // src/commands/diff.ts
-import { prompt as prompt6 } from "enquirer";
+import enquirer6 from "enquirer";
+var { prompt: prompt6 } = enquirer6;
 function computeDiff(secrets1, secrets2) {
   const map1 = new Map(secrets1.map((s) => [s.key, s.value]));
   const map2 = new Map(secrets2.map((s) => [s.key, s.value]));
@@ -3141,7 +3147,8 @@ function registerDiffCommand(program2) {
 }
 // src/commands/share.ts
-import { prompt as prompt7 } from "enquirer";
+import enquirer7 from "enquirer";
+var { prompt: prompt7 } = enquirer7;
 function requireContext2() {
   const teamSlug = projectConfig.getEffectiveTeam();
   const projectSlug = projectConfig.getEffectiveProject();
@@ -3693,8 +3700,9 @@ function registerDoctorCommand(program2) {
 }
 // src/commands/tags.ts
-import { prompt as prompt8 } from "enquirer";
+import enquirer8 from "enquirer";
 import chalk2 from "chalk";
+var { prompt: prompt8 } = enquirer8;
 function registerTagCommands(program2) {
   const tags = program2.command("tags").description("Manage tags for organizing secrets");
   tags.command("list").alias("ls").description("List all tags in the current team").action(async () => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@secretstash/cli",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "CLI tool for SecretStash - secure team secrets management",
   "type": "module",
   "main": "dist/index.js",