@sentio/sdk 1.26.4 → 1.27.1

package/src/cli/cli.ts

@@ -10,9 +10,9 @@ import { finalizeHost, FinalizeProjectName, SentioProjectConfig } from './config
 import { uploadFile } from './upload'
 import chalk from 'chalk'
 import { buildProcessor } from './build'
-import { runLogin } from './commands/run-login'
 import { runCreate } from './commands/run-create'
 import { runVersion } from './commands/run-version'
+import { runLogin } from './commands/run-login'
 
 const mainDefinitions = [{ name: 'command', defaultOption: true }]
 const mainOptions = commandLineArgs(mainDefinitions, {
@@ -159,12 +159,12 @@ function usage() {
       header: 'Usage',
       content: [
         'sentio <command> --help\t\tshow detail usage of specific command',
-        'sentio login --api-key=xx\t\tsave credential to local',
+        'sentio login\t\t\t\tlogin to sentio',
         'sentio create\t\t\t\tcreate a template project',
         'sentio upload\t\t\t\tbuild and upload processor to sentio',
         'sentio gen\t\t\t\tgenerate abi',
         'sentio build\t\t\t\tgenerate abi and build',
-        'sentio version\t\t\t\tcurrent cli version',
+        'sentio version\t\t\tcurrent cli version',
       ],
     },
   ])

package/src/cli/commands/login-server.ts

@@ -0,0 +1,120 @@
+import express from 'express'
+import { getAuthConfig, getFinalizedHost } from '../config'
+import url, { URL } from 'url'
+import fetch from 'node-fetch'
+import { getCliVersion } from '../utils'
+import { WriteKey } from '../key'
+import chalk from 'chalk'
+import http from 'http'
+import os from 'os'
+import * as crypto from 'crypto'
+
+interface AuthParams {
+  serverPort: number
+  sentioHost: string
+  codeVerifier: string
+}
+
+const app = express()
+
+let server: http.Server
+let authParams: AuthParams
+
+export function startServer(params: AuthParams) {
+  authParams = params
+  server = app.listen(params.serverPort)
+}
+
+app.get('/callback', async (req, res) => {
+  res.end('login success, please go back to CLI to continue')
+  const host = authParams.sentioHost
+  const code = req.query.code
+  if (!code || (code as string).length == 0) {
+    return
+  }
+
+  // exchange token
+  const tokenResRaw = await getToken(host, code as string)
+  if (!tokenResRaw.ok) {
+    console.error(chalk.red('request token error, code:', tokenResRaw.status, tokenResRaw.statusText))
+    return
+  }
+  const tokenRes = await tokenResRaw.json()
+  const accessToken = tokenRes['access_token']
+
+  // check if the account is ready
+  const realHost = getFinalizedHost(host)
+  const userResRaw = await getUser(realHost, accessToken)
+  if (!userResRaw.ok) {
+    if (userResRaw.status == 401) {
+      console.error(chalk.red('please sign up on sentio first'))
+    } else {
+      console.error(chalk.red('get user error, code:', userResRaw.status, userResRaw.statusText))
+    }
+    return
+  }
+  const userRes = await userResRaw.json()
+  if (!userRes.emailVerified) {
+    console.error(chalk.red('please verify your email first'))
+    return
+  }
+
+  // create API key
+  const apiKeyName = `${os.hostname()}-${crypto.randomBytes(4).toString('hex')}`
+  const createApiKeyResRaw = await createApiKey(realHost, apiKeyName, 'sdk_generated', accessToken)
+  if (!createApiKeyResRaw.ok) {
+    console.error(chalk.red('create api key error, code:', createApiKeyResRaw.status, createApiKeyResRaw.statusText))
+    return
+  }
+  const createApiKeyRes = await createApiKeyResRaw.json()
+  const apiKey = createApiKeyRes['key']
+  WriteKey(realHost, apiKey)
+  console.log(chalk.green('login success, new API key: ' + apiKey))
+
+  server.close()
+})
+
+async function getToken(host: string, code: string) {
+  const authConf = getAuthConfig(host)
+  const params = new url.URLSearchParams({
+    grant_type: 'authorization_code',
+    client_id: authConf.clientId,
+    code_verifier: authParams.codeVerifier,
+    code: code,
+    redirect_uri: `http://localhost:${authParams.serverPort}/callback`,
+  })
+  return fetch(`${authConf.domain}/oauth/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+    body: params.toString(),
+  })
+}
+
+async function createApiKey(host: string, name: string, source: string, accessToken: string) {
+  const createApiKeyUrl = new URL('/api/v1/keys', host)
+  return fetch(createApiKeyUrl, {
+    method: 'POST',
+    headers: {
+      Authorization: 'Bearer ' + accessToken,
+      version: getCliVersion(),
+    },
+    body: JSON.stringify({
+      name: name,
+      scopes: ['write:project'],
+      source: source,
+    }),
+  })
+}
+
+async function getUser(host: string, accessToken: string) {
+  const getUserUrl = new URL('/api/v1/users', host)
+  return fetch(getUserUrl, {
+    method: 'GET',
+    headers: {
+      Authorization: 'Bearer ' + accessToken,
+      version: getCliVersion(),
+    },
+  })
+}

package/src/cli/commands/run-login.ts

@@ -1,10 +1,14 @@
 import commandLineArgs from 'command-line-args'
 import commandLineUsage from 'command-line-usage'
-import { getFinalizedHost } from '../config'
+import { getAuthConfig, getFinalizedHost } from '../config'
+import { startServer } from './login-server'
+import url, { URL } from 'url'
+import * as crypto from 'crypto'
 import chalk from 'chalk'
-import https from 'https'
-import http from 'http'
 import { WriteKey } from '../key'
+import fetch from 'node-fetch'
+
+const port = 20000
 
 export function runLogin(argv: string[]) {
   const optionDefinitions = [
@@ -15,23 +19,23 @@ export function runLogin(argv: string[]) {
       description: 'Display this usage guide.',
     },
     {
-      name: 'api-key',
+      name: 'host',
+      description: '(Optional) Override Sentio Host name',
       type: String,
-      description: '(Required) Your API key',
     },
     {
-      name: 'host',
-      description: '(Optional) Override Sentio Host name',
+      name: 'api-key',
       type: String,
+      description: '(Optional) Your API key',
     },
   ]
   const options = commandLineArgs(optionDefinitions, { argv })
 
-  if (options.help || !options['api-key']) {
+  if (options.help) {
     const usage = commandLineUsage([
       {
         header: 'Login to Sentio',
-        content: 'sentio login --api-key=<key>',
+        content: 'sentio login',
       },
       {
         header: 'Options',
@@ -39,32 +43,59 @@ export function runLogin(argv: string[]) {
       },
     ])
     console.log(usage)
-  } else {
+  } else if (options['api-key']) {
     const host = getFinalizedHost(options.host)
     console.log(chalk.blue('login to ' + host))
-    const url = new URL(host)
-    const reqOptions = {
-      hostname: url.hostname,
-      port: url.port,
-      path: '/api/v1/processors/check_key',
-      method: 'HEAD',
-      headers: {
-        'api-key': options['api-key'],
-      },
-    }
-    const h = url.protocol == 'https:' ? https : http
-    const req = h.request(reqOptions, (res) => {
-      if (res.statusCode == 200) {
-        WriteKey(host, options['api-key'])
+    const apiKey = options['api-key']
+    checkKey(host, apiKey).then((res) => {
+      if (res.status == 200) {
+        WriteKey(host, apiKey)
         console.log(chalk.green('login success'))
       } else {
-        console.error(chalk.red('login failed, code:', res.statusCode, res.statusMessage))
+        console.error(chalk.red('login failed, code:', res.status, res.statusText))
       }
     })
+  } else {
+    // https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-authorization-code-flow-with-pkce
+    const verifier = base64URLEncode(crypto.randomBytes(32))
+    const challenge = base64URLEncode(sha256(verifier))
 
-    req.on('error', (error) => {
-      console.error(error)
+    const conf = getAuthConfig(options.host)
+    const authURL = new URL(conf.domain + `/authorize?`)
+    const params = new url.URLSearchParams({
+      response_type: 'code',
+      code_challenge: challenge,
+      code_challenge_method: 'S256',
+      client_id: conf.clientId,
+      redirect_uri: `http://localhost:${port}/callback`,
+      audience: conf.audience,
+      prompt: 'login',
+    })
+    authURL.search = params.toString()
+    console.log('Continue your authorization here: ' + authURL.toString())
+
+    startServer({
+      serverPort: port,
+      sentioHost: options.host,
+      codeVerifier: verifier,
     })
-    req.end()
   }
 }
+
+function base64URLEncode(str: Buffer) {
+  return str.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '')
+}
+
+function sha256(str: string) {
+  return crypto.createHash('sha256').update(str).digest()
+}
+
+async function checkKey(host: string, apiKey: string) {
+  const checkApiKeyUrl = new URL('/api/v1/processors/check_key', host)
+  return fetch(checkApiKeyUrl, {
+    method: 'HEAD',
+    headers: {
+      'api-key': apiKey,
+    },
+  })
+}

package/src/cli/config.ts

@@ -22,6 +22,35 @@ export function getFinalizedHost(host: string): string {
   return host
 }
 
+export function getAuthConfig(host: string): { domain: string; clientId: string; audience: string } {
+  let domain = '',
+    clientId = '',
+    audience = ''
+  switch (host) {
+    case 'local':
+      domain = 'https://sentio-dev.us.auth0.com'
+      clientId = 'qGDisObqQbcPeRA8k02POPZ2Df4KVCna'
+      audience = 'http://localhost:8080/v1'
+      break
+    case '':
+    case undefined:
+    case 'prod':
+      domain = 'https://auth.sentio.xyz'
+      clientId = 'xd80PeuvuZVHpBFh7yEdlSZdtE5mTpGe'
+      audience = 'https://app.sentio.xyz/api/v1'
+      break
+    case 'test':
+    case 'staging':
+      domain = 'https://auth.test.sentio.xyz'
+      clientId = 'qXVvovHaOE37SndxTZJxCKgZjw1axPax'
+      audience = 'https://test.sentio.xyz/api/v1'
+      break
+    default:
+      break
+  }
+  return { domain, clientId, audience }
+}
+
 export function finalizeHost(config: SentioProjectConfig) {
   config.host = getFinalizedHost(config.host)
 }