@sentio/cli 3.4.1-rc.1 → 3.4.1-rc.2

package/lib/index.js

@@ -145841,32 +145841,46 @@ app.get("/callback", async (req, res) => {
     fail("Failed to get authorization code");
     return;
   }
-  const tokenResRaw = await getToken(host, code);
-  if (!tokenResRaw.ok) {
-    fail(`Failed to get access token: ${tokenResRaw.status} ${tokenResRaw.statusText}, ${await tokenResRaw.text()}`);
+  try {
+    const username = await exchangeCodeAndSave(host, code, authParams.codeVerifier);
+    res.end("Login success, please go back to CLI to continue");
+    console.log(source_default.green(`Login success with ${username}`));
+  } catch (e10) {
+    fail(e10.message);
     return;
   }
+  server.close();
+  server.closeAllConnections();
+  if (authParams.onSuccess) {
+    authParams.onSuccess();
+  } else {
+    setTimeout(() => process.exit(), 1e3);
+  }
+});
+async function exchangeCodeAndSave(host, code, codeVerifier) {
+  const tokenResRaw = await getToken(host, code, codeVerifier);
+  if (!tokenResRaw.ok) {
+    throw new Error(
+      `Failed to get access token: ${tokenResRaw.status} ${tokenResRaw.statusText}, ${await tokenResRaw.text()}`
+    );
+  }
   const tokenRes = await tokenResRaw.json();
   const accessToken = tokenRes.access_token;
   const userResRaw = await getUser(host, accessToken);
   if (!userResRaw.ok) {
     if (userResRaw.status == 401) {
-      fail("The account does not exist, please sign up on sentio first");
-    } else {
-      fail(`Failed to get user info: ${userResRaw.status} ${userResRaw.statusText}`);
+      throw new Error("The account does not exist, please sign up on sentio first");
     }
-    return;
+    throw new Error(`Failed to get user info: ${userResRaw.status} ${userResRaw.statusText}`);
   }
   const userRes = await userResRaw.json();
   if (!userRes.emailVerified) {
-    fail("Your account is not verified, please verify your email first");
-    return;
+    throw new Error("Your account is not verified, please verify your email first");
   }
   const apiKeyName = `${os3.hostname()}-${crypto.randomBytes(4).toString("hex")}`;
   const createApiKeyResRaw = await createApiKey(host, apiKeyName, "sdk_generated", accessToken);
   if (!createApiKeyResRaw.ok) {
-    fail(`Failed to create API key: ${createApiKeyResRaw.status} ${createApiKeyResRaw.statusText}`);
-    return;
+    throw new Error(`Failed to create API key: ${createApiKeyResRaw.status} ${createApiKeyResRaw.statusText}`);
   }
   const { key, username } = await createApiKeyResRaw.json();
   WriteKey(host, key);
@@ -145874,22 +145888,14 @@ app.get("/callback", async (req, res) => {
   if (expiresAt !== void 0) {
     WriteAccessToken(host, accessToken, expiresAt);
   }
-  res.end("Login success, please go back to CLI to continue");
-  console.log(source_default.green(`Login success with ${username}, new API key: ${key}`));
-  server.close();
-  server.closeAllConnections();
-  if (authParams.onSuccess) {
-    authParams.onSuccess();
-  } else {
-    setTimeout(() => process.exit(), 1e3);
-  }
-});
-async function getToken(host, code) {
+  return username;
+}
+async function getToken(host, code, codeVerifier) {
   const authConf = getAuthConfig(host);
   const params = new url3.URLSearchParams({
     grant_type: "authorization_code",
     client_id: authConf.clientId,
-    code_verifier: authParams.codeVerifier,
+    code_verifier: codeVerifier,
     code,
     redirect_uri: authConf.redirectUri
   });
@@ -145937,6 +145943,7 @@ function decodeJwtExpiry(token) {
 }
 
 // src/commands/login.ts
+import readline from "readline";
 import url4, { URL as URL2 } from "url";
 import * as crypto2 from "crypto";
 
@@ -146564,10 +146571,43 @@ var open_default = open;
 // src/commands/login.ts
 var port = 2e4;
 function createLoginCommand() {
-  return new Command("login").description("Login to Sentio").option("--host <host>", "(Optional) Override Sentio Host name").option("--api-key <key>", "(Optional) Your API key").action((options) => {
-    login(options);
+  return new Command("login").description("Login to Sentio").option("--host <host>", "(Optional) Override Sentio Host name").option("--api-key <key>", "(Optional) Your API key").option("--status", "Show current login status").option("--no-browser", "Print the auth URL and accept the authorization code manually (for headless environments)").action((options) => {
+    if (options.status) {
+      loginStatus(options);
+    } else {
+      login(options);
+    }
   });
 }
+async function loginStatus(options) {
+  const host = getFinalizedHost(options.host);
+  console.log(source_default.blue("Host: ") + host);
+  const apiKey = ReadKey(host);
+  if (!apiKey) {
+    console.log(source_default.red("Not logged in") + " (no API key stored for this host)");
+    return;
+  }
+  console.log(source_default.green("API key: ") + apiKey.slice(0, 8) + "...");
+  const tokenInfo = ReadAccessToken(host);
+  if (tokenInfo) {
+    const expired = isAccessTokenExpired(tokenInfo.expiresAt);
+    const expiresDate = new Date(tokenInfo.expiresAt * 1e3).toLocaleString();
+    if (expired) {
+      console.log(source_default.yellow("Access token: ") + `expired (${expiresDate})`);
+    } else {
+      console.log(source_default.green("Access token: ") + `valid until ${expiresDate}`);
+    }
+  } else {
+    console.log(source_default.yellow("Access token: ") + "none stored");
+  }
+  const res = await checkKey(host, apiKey);
+  if (res.status === 200) {
+    const { username } = await res.json();
+    console.log(source_default.green("Logged in as: ") + username);
+  } else {
+    console.log(source_default.red("API key validation failed: ") + `${res.status} ${res.statusText}`);
+  }
+}
 function login(options) {
   const host = getFinalizedHost(options.host);
   if (options.apiKey) {
@@ -146591,10 +146631,15 @@ function login(options) {
       return;
     }
     const authURL = buildAuthURL(conf, challenge);
+    if (options.browser === false) {
+      loginNoBrowser(host, authURL.toString(), verifier);
+      return;
+    }
     console.log("Continue your authorization in the browser");
     open_default(authURL.toString()).catch((reason) => {
-      console.error(source_default.red("Unable to open browser: " + reason));
-      console.error(source_default.red("Open this url in your browser: " + authURL.toString()));
+      console.error(source_default.yellow("Unable to open browser: " + reason));
+      console.error(source_default.yellow("Falling back to manual login..."));
+      loginNoBrowser(host, authURL.toString(), verifier);
     });
     startServer({
       serverPort: port,
@@ -146627,6 +146672,28 @@ function loginInteractiveAndWait(host) {
     });
   });
 }
+function loginNoBrowser(host, authURL, codeVerifier) {
+  console.log(source_default.blue("\nOpen the following URL in your browser to complete login:"));
+  console.log(source_default.cyan(authURL));
+  console.log(source_default.blue("\nAfter completing login, copy the authorization code from the redirect URL"));
+  console.log(source_default.blue("(it is the value of the `code` query parameter) and paste it below.\n"));
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  rl.question("Authorization code: ", async (input) => {
+    rl.close();
+    const code = input.trim();
+    if (!code) {
+      console.error(source_default.red("No code provided, login aborted."));
+      process.exit(1);
+    }
+    try {
+      const username = await exchangeCodeAndSave(host, code, codeVerifier);
+      console.log(source_default.green(`Login success with ${username}`));
+    } catch (e10) {
+      console.error(source_default.red("Login failed: " + e10.message));
+      process.exit(1);
+    }
+  });
+}
 function buildAuthURL(conf, challenge) {
   const authURL = new URL2(conf.domain + `/authorize?`);
   const params = new url4.URLSearchParams({
@@ -148996,7 +149063,7 @@ import path12 from "path";
 import { createHash as createHash3 } from "crypto";
 import { execFileSync as execFileSync2 } from "child_process";
 var import_jszip = __toESM(require_lib9(), 1);
-import readline from "readline";
+import readline2 from "readline";
 
 // src/uploader.ts
 init_cjs_shim();
@@ -149435,7 +149502,7 @@ async function createProjectPrompt(options, auth, type) {
   if (options.silentOverwrite) {
     return await create2();
   }
-  const rl = readline.createInterface({
+  const rl = readline2.createInterface({
     input: process.stdin,
     output: process.stdout
   });
@@ -149457,7 +149524,7 @@ async function createProjectPrompt(options, auth, type) {
   }
 }
 async function confirm(question) {
-  const rl = readline.createInterface({
+  const rl = readline2.createInterface({
     input: process.stdin,
     output: process.stdout
   });
@@ -151477,7 +151544,7 @@ function asRecordArray(value) {
 init_cjs_shim();
 var import_yaml6 = __toESM(require_dist(), 1);
 import process18 from "process";
-import readline2 from "readline";
+import readline3 from "readline";
 function createProjectCommand() {
   const projectCommand = new Command("project").description("Manage Sentio projects");
   projectCommand.addCommand(createProjectListCommand());
@@ -151626,7 +151693,7 @@ async function requireAccessToken(host, { strict }) {
   return refreshed.token;
 }
 async function confirmDelete(projectSlug) {
-  const rl = readline2.createInterface({ input: process18.stdin, output: process18.stdout });
+  const rl = readline3.createInterface({ input: process18.stdin, output: process18.stdout });
   return new Promise((resolve) => {
     rl.question(
       source_default.yellow(`Are you sure you want to delete project "${projectSlug}"? This cannot be undone. [y/N] `),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentio/cli",
-  "version": "3.4.1-rc.1",
+  "version": "3.4.1-rc.2",
   "license": "Apache-2.0",
   "type": "module",
   "exports": {
@@ -11,6 +11,7 @@
   },
   "files": [
     "{lib,src,templates}",
+    "!lib/**/*.map",
     "!{lib,src}/**/*.test.{js,ts}"
   ],
   "types": "module",

package/src/commands/login-server.ts

@@ -49,11 +49,36 @@ app.get('/callback', async (req, res) => {
     return
   }
 
+  try {
+    const username = await exchangeCodeAndSave(host, code as string, authParams.codeVerifier)
+    res.end('Login success, please go back to CLI to continue')
+    console.log(chalk.green(`Login success with ${username}`))
+  } catch (e) {
+    fail((e as Error).message)
+    return
+  }
+
+  server.close()
+  server.closeAllConnections()
+  if (authParams.onSuccess) {
+    authParams.onSuccess()
+  } else {
+    setTimeout(() => process.exit(), 1000)
+  }
+})
+
+/**
+ * Exchanges an OAuth authorization code for an access token, verifies the account,
+ * creates an API key, and saves everything to local config.
+ * Returns the username on success, throws on failure.
+ */
+export async function exchangeCodeAndSave(host: string, code: string, codeVerifier: string): Promise<string> {
   // exchange token
-  const tokenResRaw = await getToken(host, code as string)
+  const tokenResRaw = await getToken(host, code, codeVerifier)
   if (!tokenResRaw.ok) {
-    fail(`Failed to get access token: ${tokenResRaw.status} ${tokenResRaw.statusText}, ${await tokenResRaw.text()}`)
-    return
+    throw new Error(
+      `Failed to get access token: ${tokenResRaw.status} ${tokenResRaw.statusText}, ${await tokenResRaw.text()}`
+    )
   }
   const tokenRes = (await tokenResRaw.json()) as { access_token: string }
   const accessToken = tokenRes.access_token
@@ -62,24 +87,20 @@ app.get('/callback', async (req, res) => {
   const userResRaw = await getUser(host, accessToken)
   if (!userResRaw.ok) {
     if (userResRaw.status == 401) {
-      fail('The account does not exist, please sign up on sentio first')
-    } else {
-      fail(`Failed to get user info: ${userResRaw.status} ${userResRaw.statusText}`)
+      throw new Error('The account does not exist, please sign up on sentio first')
     }
-    return
+    throw new Error(`Failed to get user info: ${userResRaw.status} ${userResRaw.statusText}`)
   }
   const userRes = (await userResRaw.json()) as { emailVerified: boolean }
   if (!userRes.emailVerified) {
-    fail('Your account is not verified, please verify your email first')
-    return
+    throw new Error('Your account is not verified, please verify your email first')
   }
 
   // create API key
   const apiKeyName = `${os.hostname()}-${crypto.randomBytes(4).toString('hex')}`
   const createApiKeyResRaw = await createApiKey(host, apiKeyName, 'sdk_generated', accessToken)
   if (!createApiKeyResRaw.ok) {
-    fail(`Failed to create API key: ${createApiKeyResRaw.status} ${createApiKeyResRaw.statusText}`)
-    return
+    throw new Error(`Failed to create API key: ${createApiKeyResRaw.status} ${createApiKeyResRaw.statusText}`)
   }
   const { key, username } = (await createApiKeyResRaw.json()) as { key: string; username: string }
   WriteKey(host, key)
@@ -90,24 +111,15 @@ app.get('/callback', async (req, res) => {
     WriteAccessToken(host, accessToken, expiresAt)
   }
 
-  res.end('Login success, please go back to CLI to continue')
-  console.log(chalk.green(`Login success with ${username}, new API key: ${key}`))
-
-  server.close()
-  server.closeAllConnections()
-  if (authParams.onSuccess) {
-    authParams.onSuccess()
-  } else {
-    setTimeout(() => process.exit(), 1000)
-  }
-})
+  return username
+}
 
-async function getToken(host: string, code: string) {
+async function getToken(host: string, code: string, codeVerifier: string) {
   const authConf = getAuthConfig(host)
   const params = new url.URLSearchParams({
     grant_type: 'authorization_code',
     client_id: authConf.clientId,
-    code_verifier: authParams.codeVerifier,
+    code_verifier: codeVerifier,
     code: code,
     redirect_uri: authConf.redirectUri
   })

package/src/commands/login.ts

@@ -1,10 +1,11 @@
 import { Command } from '@commander-js/extra-typings'
 import { getAuthConfig, getFinalizedHost } from '../config.js'
-import { startServer } from './login-server.js'
+import { startServer, exchangeCodeAndSave } from './login-server.js'
+import readline from 'readline'
 import url, { URL } from 'url'
 import * as crypto from 'crypto'
 import chalk from 'chalk'
-import { WriteKey } from '../key.js'
+import { WriteKey, ReadKey, ReadAccessToken, isAccessTokenExpired } from '../key.js'
 import fetch from 'node-fetch'
 import open from 'open'
 import { CommandOptionsType } from './types.js'
@@ -17,11 +18,51 @@ export function createLoginCommand() {
     .description('Login to Sentio')
     .option('--host <host>', '(Optional) Override Sentio Host name')
     .option('--api-key <key>', '(Optional) Your API key')
+    .option('--status', 'Show current login status')
+    .option('--no-browser', 'Print the auth URL and accept the authorization code manually (for headless environments)')
     .action((options) => {
-      login(options)
+      if (options.status) {
+        loginStatus(options)
+      } else {
+        login(options)
+      }
     })
 }
 
+async function loginStatus(options: CommandOptionsType<typeof createLoginCommand>) {
+  const host = getFinalizedHost(options.host)
+  console.log(chalk.blue('Host: ') + host)
+
+  const apiKey = ReadKey(host)
+  if (!apiKey) {
+    console.log(chalk.red('Not logged in') + ' (no API key stored for this host)')
+    return
+  }
+
+  console.log(chalk.green('API key: ') + apiKey.slice(0, 8) + '...')
+
+  const tokenInfo = ReadAccessToken(host)
+  if (tokenInfo) {
+    const expired = isAccessTokenExpired(tokenInfo.expiresAt)
+    const expiresDate = new Date(tokenInfo.expiresAt * 1000).toLocaleString()
+    if (expired) {
+      console.log(chalk.yellow('Access token: ') + `expired (${expiresDate})`)
+    } else {
+      console.log(chalk.green('Access token: ') + `valid until ${expiresDate}`)
+    }
+  } else {
+    console.log(chalk.yellow('Access token: ') + 'none stored')
+  }
+
+  const res = await checkKey(host, apiKey)
+  if (res.status === 200) {
+    const { username } = (await res.json()) as { username: string }
+    console.log(chalk.green('Logged in as: ') + username)
+  } else {
+    console.log(chalk.red('API key validation failed: ') + `${res.status} ${res.statusText}`)
+  }
+}
+
 function login(options: CommandOptionsType<typeof createLoginCommand>) {
   const host = getFinalizedHost(options.host)
 
@@ -48,10 +89,16 @@ function login(options: CommandOptionsType<typeof createLoginCommand>) {
     }
     const authURL = buildAuthURL(conf, challenge)
 
+    if (options.browser === false) {
+      loginNoBrowser(host, authURL.toString(), verifier)
+      return
+    }
+
     console.log('Continue your authorization in the browser')
     open(authURL.toString()).catch((reason) => {
-      console.error(chalk.red('Unable to open browser: ' + reason))
-      console.error(chalk.red('Open this url in your browser: ' + authURL.toString()))
+      console.error(chalk.yellow('Unable to open browser: ' + reason))
+      console.error(chalk.yellow('Falling back to manual login...'))
+      loginNoBrowser(host, authURL.toString(), verifier)
     })
 
     startServer({
@@ -95,6 +142,30 @@ export function loginInteractiveAndWait(host: string): Promise<void> {
   })
 }
 
+function loginNoBrowser(host: string, authURL: string, codeVerifier: string) {
+  console.log(chalk.blue('\nOpen the following URL in your browser to complete login:'))
+  console.log(chalk.cyan(authURL))
+  console.log(chalk.blue('\nAfter completing login, copy the authorization code from the redirect URL'))
+  console.log(chalk.blue('(it is the value of the `code` query parameter) and paste it below.\n'))
+
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout })
+  rl.question('Authorization code: ', async (input) => {
+    rl.close()
+    const code = input.trim()
+    if (!code) {
+      console.error(chalk.red('No code provided, login aborted.'))
+      process.exit(1)
+    }
+    try {
+      const username = await exchangeCodeAndSave(host, code, codeVerifier)
+      console.log(chalk.green(`Login success with ${username}`))
+    } catch (e) {
+      console.error(chalk.red('Login failed: ' + (e as Error).message))
+      process.exit(1)
+    }
+  })
+}
+
 function buildAuthURL(
   conf: { domain: string; clientId: string; audience: string; redirectUri: string },
   challenge: string