@servicetitan/hammer-token 2.5.0 → 3.0.0

package/src/utils/figma/get-token.js

@@ -0,0 +1,348 @@
+#!/usr/bin/env node
+
+/**
+ * Helper script to obtain Figma OAuth2 refresh token
+ *
+ * This script guides you through the OAuth2 authorization flow to get a refresh token.
+ */
+
+const http = require("http");
+const { URL } = require("url");
+
+// Load .env.local file if it exists
+const fs = require("fs");
+const path = require("path");
+const ENV_FILE = path.join(__dirname, "../../../../../.env.local");
+
+function loadEnvFile() {
+  if (fs.existsSync(ENV_FILE)) {
+    try {
+      const envContent = fs.readFileSync(ENV_FILE, "utf8");
+      const lines = envContent.split("\n");
+
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) {
+          continue;
+        }
+
+        const match = trimmed.match(/^([^=]+)=(.*)$/);
+        if (match) {
+          const key = match[1].trim();
+          const value = match[2].trim().replace(/^["']|["']$/g, "");
+          if (!process.env[key]) {
+            process.env[key] = value;
+          }
+        }
+      }
+    } catch (_error) {
+      // Silently fail
+    }
+  }
+}
+
+loadEnvFile();
+
+const CLIENT_ID = process.env.FIGMA_CLIENT_ID;
+const CLIENT_SECRET = process.env.FIGMA_CLIENT_SECRET;
+const REDIRECT_URI = "http://localhost:3000/figma-oauth-callback";
+const PORT = 3000;
+const FIGMA_OAUTH_BASE = "https://api.figma.com/v1";
+
+if (!CLIENT_ID || !CLIENT_SECRET) {
+  console.error(
+    "❌ Error: FIGMA_CLIENT_ID and FIGMA_CLIENT_SECRET must be set in .env.local file",
+  );
+  console.error("\nPlease add to your .env.local file:");
+  console.error("  FIGMA_CLIENT_ID=your-client-id");
+  console.error("  FIGMA_CLIENT_SECRET=your-client-secret");
+  process.exit(1);
+}
+
+// Required scopes for variables API
+// Note: current_user:read is required for /me endpoint used in token validation
+const SCOPES =
+  "file_variables:read file_variables:write file_content:read current_user:read";
+
+// Generate a random state for security
+const state =
+  Math.random().toString(36).substring(2, 15) +
+  Math.random().toString(36).substring(2, 15);
+
+// Build authorization URL
+const authUrl = new URL("https://www.figma.com/oauth");
+authUrl.searchParams.set("client_id", CLIENT_ID);
+authUrl.searchParams.set("redirect_uri", REDIRECT_URI);
+authUrl.searchParams.set("scope", SCOPES);
+authUrl.searchParams.set("state", state);
+authUrl.searchParams.set("response_type", "code");
+
+console.log("🔐 Figma OAuth2 Token Helper\n");
+console.log(
+  "This script will help you obtain a refresh token for Figma OAuth2.\n",
+);
+console.log("📋 Prerequisites:");
+console.log(
+  "   1. Make sure your Figma OAuth app has this redirect URI configured:",
+);
+console.log(`      ${REDIRECT_URI}\n`);
+console.log("   2. Your app should have these scopes enabled:");
+console.log(`      - ${SCOPES.replace(/ /g, "\n      - ")}\n`);
+
+// Create HTTP server to handle OAuth callback
+const server = http.createServer((req, res) => {
+  const url = new URL(req.url, `http://localhost:${PORT}`);
+
+  if (url.pathname !== "/figma-oauth-callback") {
+    res.writeHead(404, { "Content-Type": "text/html" });
+    res.end("<h1>404 Not Found</h1>");
+    return;
+  }
+
+  const code = url.searchParams.get("code");
+  const returnedState = url.searchParams.get("state");
+  const error = url.searchParams.get("error");
+
+  // Handle errors
+  if (error) {
+    res.writeHead(400, { "Content-Type": "text/html" });
+    res.end(`
+      <html>
+        <head><title>OAuth Error</title></head>
+        <body>
+          <h1>❌ OAuth Error</h1>
+          <p>Error: ${error}</p>
+          <p>Error description: ${url.searchParams.get("error_description") || "Unknown error"}</p>
+          <p>You can close this window.</p>
+        </body>
+      </html>
+    `);
+    server.close();
+    console.error(`\n❌ OAuth error: ${error}`);
+    process.exit(1);
+    return;
+  }
+
+  // Verify state
+  if (returnedState !== state) {
+    res.writeHead(400, { "Content-Type": "text/html" });
+    res.end(`
+      <html>
+        <head><title>Security Error</title></head>
+        <body>
+          <h1>❌ Security Error</h1>
+          <p>State mismatch. Please try again.</p>
+          <p>You can close this window.</p>
+        </body>
+      </html>
+    `);
+    server.close();
+    console.error("\n❌ Security error: State mismatch");
+    process.exit(1);
+    return;
+  }
+
+  // Exchange authorization code for tokens
+  if (!code) {
+    res.writeHead(400, { "Content-Type": "text/html" });
+    res.end(`
+      <html>
+        <head><title>Error</title></head>
+        <body>
+          <h1>❌ Error</h1>
+          <p>No authorization code received.</p>
+          <p>You can close this window.</p>
+        </body>
+      </html>
+    `);
+    server.close();
+    console.error("\n❌ No authorization code received");
+    process.exit(1);
+    return;
+  }
+
+  // Show success page
+  res.writeHead(200, { "Content-Type": "text/html" });
+  res.end(`
+    <html>
+      <head><title>Success</title></head>
+      <body>
+        <h1>✅ Authorization Successful!</h1>
+        <p>Exchanging authorization code for tokens...</p>
+        <p>Please wait and check the terminal.</p>
+      </body>
+    </html>
+  `);
+
+  // Exchange code for tokens
+  console.log("\n🔄 Exchanging authorization code for tokens...");
+  exchangeCodeForTokens(code)
+    .then((tokens) => {
+      console.log("\n✅ Success! Here are your tokens:\n");
+      console.log("📝 Add this to your .env.local file:\n");
+      console.log(`FIGMA_REFRESH_TOKEN=${tokens.refresh_token}\n`);
+      console.log(
+        "💡 Note: The access token expires in 1 hour, but the refresh token",
+      );
+      console.log(
+        "   is long-lived and can be used to get new access tokens.\n",
+      );
+      console.log("📋 Full token response:");
+      console.log(
+        `   Access Token: ${tokens.access_token.substring(0, 20)}...`,
+      );
+      console.log(`   Refresh Token: ${tokens.refresh_token}`);
+      console.log(`   Expires In: ${tokens.expires_in || "3600"} seconds\n`);
+      server.close();
+      process.exit(0);
+    })
+    .catch((error) => {
+      console.error("\n❌ Failed to exchange code for tokens:", error.message);
+      if (error.stack && process.env.DEBUG) {
+        console.error("\nStack trace:");
+        console.error(error.stack);
+      }
+      server.close();
+      process.exit(1);
+    });
+});
+
+async function exchangeCodeForTokens(code) {
+  console.log(`   Code received: ${code.substring(0, 10)}...`);
+  console.log(`   Exchanging at: ${FIGMA_OAUTH_BASE}/oauth/token`);
+
+  // Figma requires HTTP Basic Authentication with Base64 encoded client_id:client_secret
+  const credentials = Buffer.from(`${CLIENT_ID}:${CLIENT_SECRET}`).toString(
+    "base64",
+  );
+
+  // Figma requires form-encoded body, not JSON
+  const formData = new URLSearchParams({
+    redirect_uri: REDIRECT_URI,
+    code: code,
+    grant_type: "authorization_code",
+  });
+
+  console.log(
+    `   Using Basic Auth with client_id: ${CLIENT_ID.substring(0, 10)}...`,
+  );
+  console.log(
+    `   Form data: redirect_uri=${REDIRECT_URI}, grant_type=authorization_code`,
+  );
+
+  const response = await fetch(`${FIGMA_OAUTH_BASE}/oauth/token`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Authorization: `Basic ${credentials}`,
+    },
+    body: formData.toString(),
+  });
+
+  const responseText = await response.text();
+  console.log(`   Response status: ${response.status}`);
+  console.log(
+    `   Response headers: ${JSON.stringify(Object.fromEntries(response.headers.entries()))}`,
+  );
+
+  if (!response.ok) {
+    let errorMessage = `Token exchange failed (${response.status}): ${responseText}`;
+
+    // Always log the full error response for debugging
+    console.error(`   Full error response: ${responseText}`);
+
+    try {
+      const errorJson = JSON.parse(responseText);
+      if (errorJson.error) {
+        errorMessage = `Token exchange failed: ${errorJson.error}`;
+        if (errorJson.error_description) {
+          errorMessage += ` - ${errorJson.error_description}`;
+        }
+        console.error(`   Parsed error: ${errorJson.error}`);
+        console.error(
+          `   Error description: ${errorJson.error_description || "none"}`,
+        );
+      }
+    } catch {
+      // Not JSON, use raw text
+      if (responseText.length < 500) {
+        console.error(`   Error response (raw): ${responseText}`);
+      } else {
+        console.error(
+          `   Error response (first 500 chars): ${responseText.substring(0, 500)}`,
+        );
+      }
+    }
+
+    throw new Error(errorMessage);
+  }
+
+  let data;
+  try {
+    data = JSON.parse(responseText);
+  } catch (error) {
+    throw new Error(`Failed to parse token response: ${error.message}`);
+  }
+
+  if (!data.refresh_token) {
+    console.error("   Token response:", JSON.stringify(data, null, 2));
+    throw new Error("Token exchange response missing refresh_token");
+  }
+
+  return {
+    access_token: data.access_token,
+    refresh_token: data.refresh_token,
+    expires_in: data.expires_in,
+  };
+}
+
+// Start server
+server.listen(PORT, () => {
+  console.log(`🌐 Local server started on port ${PORT}`);
+  console.log(`\n🔗 Opening browser to authorize...\n`);
+  console.log(
+    `   If the browser doesn't open automatically, visit this URL:\n`,
+  );
+  console.log(`   ${authUrl.toString()}\n`);
+
+  // Try to open browser (optional, may fail)
+  try {
+    const { exec } = require("child_process");
+    const platform = process.platform;
+    let command;
+
+    if (platform === "darwin") {
+      command = "open";
+    } else if (platform === "win32") {
+      command = "start";
+    } else {
+      command = "xdg-open";
+    }
+
+    exec(`${command} "${authUrl.toString()}"`, (error) => {
+      if (error && process.env.DEBUG) {
+        console.warn(`   ⚠️  Could not open browser: ${error.message}`);
+      }
+    });
+  } catch (_error) {
+    // Ignore
+  }
+
+  console.log("⏳ Waiting for authorization...");
+  console.log(
+    "   (The server will close automatically after receiving the token)\n",
+  );
+});
+
+// Handle server errors
+server.on("error", (error) => {
+  if (error.code === "EADDRINUSE") {
+    console.error(`\n❌ Error: Port ${PORT} is already in use.`);
+    console.error(
+      "   Please close any other applications using this port and try again.\n",
+    );
+  } else {
+    console.error(`\n❌ Server error: ${error.message}\n`);
+  }
+  process.exit(1);
+});