@synkro-sh/cli 1.0.3 → 1.0.5

package/dist/bootstrap.js

@@ -1595,22 +1595,26 @@ import { createServer } from "http";
 import { writeFileSync as writeFileSync3, readFileSync as readFileSync3, existsSync as existsSync4, mkdirSync as mkdirSync3, unlinkSync as unlinkSync2 } from "fs";
 import { homedir as homedir3, platform } from "os";
 import { join as join3, dirname as dirname3 } from "path";
-import { exec } from "child_process";
+import { execFile } from "child_process";
 import jwt from "jsonwebtoken";
 function openBrowser(url) {
   const os = platform();
-  let command;
+  let bin;
+  let args2;
   switch (os) {
     case "darwin":
-      command = `open "${url}"`;
+      bin = "open";
+      args2 = [url];
       break;
     case "win32":
-      command = `start "" "${url}"`;
+      bin = "cmd";
+      args2 = ["/c", "start", "", url];
       break;
     default:
-      command = `xdg-open "${url}"`;
+      bin = "xdg-open";
+      args2 = [url];
   }
-  exec(command, (error) => {
+  execFile(bin, args2, (error) => {
     if (error) {
       console.error("Failed to open browser automatically.");
       console.log(`Please open this URL manually: ${url}`);
@@ -1637,14 +1641,30 @@ function loadCredentials() {
 }
 function createCallbackServer() {
   const CORS_HEADERS = {
-    "Access-Control-Allow-Origin": "*",
-    "Access-Control-Allow-Methods": "GET, OPTIONS",
-    "Access-Control-Allow-Headers": "*"
+    "Access-Control-Allow-Origin": SYNKRO_WEB_AUTH_URL,
+    "Access-Control-Allow-Methods": "POST, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type",
+    "Vary": "Origin"
   };
   return new Promise((resolve2, reject) => {
     const server = createServer((req, res) => {
       if (req.method === "OPTIONS") {
-        res.writeHead(204, CORS_HEADERS);
+        const origin = req.headers.origin;
+        if (origin === SYNKRO_WEB_AUTH_URL) {
+          res.writeHead(204, CORS_HEADERS);
+        } else {
+          res.writeHead(204, {
+            "Access-Control-Allow-Methods": "POST, OPTIONS",
+            "Access-Control-Allow-Headers": "Content-Type",
+            "Vary": "Origin"
+          });
+        }
+        res.end();
+        return;
+      }
+      const reqOrigin = req.headers.origin;
+      if (reqOrigin && reqOrigin !== SYNKRO_WEB_AUTH_URL) {
+        res.writeHead(403, { "Vary": "Origin" });
         res.end();
         return;
       }
@@ -1659,35 +1679,78 @@ function createCallbackServer() {
         res.end();
         return;
       }
-      const token = url.searchParams.get("token");
-      const refreshToken = url.searchParams.get("refresh_token") || "";
-      const userId = url.searchParams.get("user_id") || "";
-      const email = url.searchParams.get("email") || "";
-      const orgId = url.searchParams.get("org_id") || "";
-      const state = url.searchParams.get("state") || "";
-      if (!token) {
-        res.writeHead(400, { ...CORS_HEADERS, "Content-Type": "text/html" });
+      if (req.method !== "POST") {
+        res.writeHead(405, { ...CORS_HEADERS, "Allow": "POST, OPTIONS", "Content-Type": "text/html" });
         res.end(ERROR_HTML);
-        setTimeout(() => {
-          server.close();
-          reject(new Error("Authentication failed: missing token in callback"));
-        }, 500);
         return;
       }
-      const authData = {
-        access_token: token,
-        refresh_token: refreshToken,
-        user_id: userId || void 0,
-        email: email || void 0,
-        org_id: orgId || void 0,
-        state: state || void 0
-      };
-      res.writeHead(200, { ...CORS_HEADERS, "Content-Type": "text/html" });
-      res.end(SUCCESS_HTML);
-      setTimeout(() => {
-        server.close();
-        resolve2(authData);
-      }, 500);
+      const MAX_BODY = 16 * 1024;
+      const chunks = [];
+      let total = 0;
+      let aborted = false;
+      req.on("data", (chunk) => {
+        if (aborted) return;
+        total += chunk.length;
+        if (total > MAX_BODY) {
+          aborted = true;
+          res.writeHead(413, CORS_HEADERS);
+          res.end();
+          return;
+        }
+        chunks.push(chunk);
+      });
+      req.on("end", () => {
+        if (aborted) return;
+        let parsed;
+        try {
+          parsed = JSON.parse(Buffer.concat(chunks).toString("utf8"));
+        } catch {
+          res.writeHead(400, { ...CORS_HEADERS, "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "invalid_json" }));
+          setTimeout(() => {
+            server.close();
+            reject(new Error("Authentication failed: invalid JSON body"));
+          }, 200);
+          return;
+        }
+        const token = parsed?.token;
+        if (!token || typeof token !== "string") {
+          res.writeHead(400, { ...CORS_HEADERS, "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "missing_token" }));
+          setTimeout(() => {
+            server.close();
+            reject(new Error("Authentication failed: missing token"));
+          }, 200);
+          return;
+        }
+        const authData = {
+          access_token: token,
+          refresh_token: typeof parsed.refresh_token === "string" ? parsed.refresh_token : "",
+          user_id: typeof parsed.user_id === "string" ? parsed.user_id : void 0,
+          email: typeof parsed.email === "string" ? parsed.email : void 0,
+          org_id: typeof parsed.org_id === "string" ? parsed.org_id : void 0,
+          state: typeof parsed.state === "string" ? parsed.state : void 0
+        };
+        res.writeHead(200, { ...CORS_HEADERS, "Content-Type": "application/json" });
+        res.end(JSON.stringify({ ok: true }));
+        setTimeout(() => {
+          server.close();
+          resolve2(authData);
+        }, 200);
+      });
+      req.on("error", (e) => {
+        if (aborted) return;
+        aborted = true;
+        try {
+          res.writeHead(500, CORS_HEADERS);
+          res.end();
+        } catch {
+        }
+        setTimeout(() => {
+          server.close();
+          reject(e);
+        }, 200);
+      });
     });
     server.listen(PORT);
     server.on("error", (error) => {
@@ -1765,80 +1828,13 @@ function clearCredentials() {
     unlinkSync2(AUTH_FILE);
   }
 }
-var PORT, SYNKRO_WEB_AUTH_URL, AUTH_FILE, SUCCESS_HTML, ERROR_HTML;
+var PORT, SYNKRO_WEB_AUTH_URL, AUTH_FILE, ERROR_HTML;
 var init_stub = __esm({
   "cli/auth/stub.ts"() {
     "use strict";
     PORT = 8100;
-    SYNKRO_WEB_AUTH_URL = process.env.SYNKRO_WEB_AUTH_URL || "http://localhost:4322";
+    SYNKRO_WEB_AUTH_URL = process.env.SYNKRO_WEB_AUTH_URL || "https://app.synkro.sh";
     AUTH_FILE = process.env.SYNKRO_AUTH_FILE || join3(homedir3(), ".synkro", "credentials.json");
-    SUCCESS_HTML = `
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Authentication Successful - Synkro CLI</title>
-    <style>
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            height: 100vh;
-            margin: 0;
-            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-        }
-        .container {
-            background: white;
-            padding: 3rem;
-            border-radius: 1rem;
-            box-shadow: 0 20px 60px rgba(0,0,0,0.3);
-            text-align: center;
-            max-width: 400px;
-        }
-        .checkmark {
-            width: 80px;
-            height: 80px;
-            border-radius: 50%;
-            background: #10b981;
-            margin: 0 auto 1.5rem;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-        }
-        .checkmark svg {
-            width: 50px;
-            height: 50px;
-            stroke: white;
-        }
-        h1 {
-            color: #1f2937;
-            margin: 0 0 0.5rem;
-        }
-        p {
-            color: #6b7280;
-            margin: 0;
-        }
-        .close-note {
-            margin-top: 1.5rem;
-            font-size: 0.875rem;
-            color: #9ca3af;
-        }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <div class="checkmark">
-            <svg fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="3" d="M5 13l4 4L19 7"></path>
-            </svg>
-        </div>
-        <h1>Authentication Successful!</h1>
-        <p>Your Synkro CLI has been authenticated.</p>
-        <p class="close-note">You can close this window and return to your terminal.</p>
-    </div>
-</body>
-</html>
-`;
     ERROR_HTML = `
 <!DOCTYPE html>
 <html>
@@ -1966,7 +1962,7 @@ function writeConfigEnv(opts) {
     `SYNKRO_GATEWAY_URL=${shellQuoteSingle(safeGateway)}`,
     `SYNKRO_CREDENTIALS_PATH=${shellQuoteSingle(credsPath)}`,
     `SYNKRO_TIER=${shellQuoteSingle(safeTier)}`,
-    `SYNKRO_VERSION=${shellQuoteSingle("1.0.3")}`
+    `SYNKRO_VERSION=${shellQuoteSingle("1.0.5")}`
   ];
   if (safeUserId) lines.push(`SYNKRO_USER_ID=${shellQuoteSingle(safeUserId)}`);
   if (safeOrgId) lines.push(`SYNKRO_ORG_ID=${shellQuoteSingle(safeOrgId)}`);
@@ -1998,7 +1994,7 @@ function assertGatewayAllowed(gatewayUrl) {
   }
 }
 async function installCommand(opts = {}) {
-  const gatewayUrl = opts.gatewayUrl || process.env.SYNKRO_GATEWAY_URL || "http://localhost:8788";
+  const gatewayUrl = opts.gatewayUrl || process.env.SYNKRO_GATEWAY_URL || "https://api.synkro.sh";
   try {
     assertGatewayAllowed(gatewayUrl);
   } catch (err) {
@@ -2028,7 +2024,7 @@ async function installCommand(opts = {}) {
       }
     });
     if (!result) {
-      console.error("Authentication failed. Make sure the Synkro web app is running on http://localhost:4322 (or set SYNKRO_WEB_AUTH_URL).");
+      console.error("Authentication failed. If you are running a self-hosted dashboard, set SYNKRO_WEB_AUTH_URL to its origin.");
       process.exit(1);
     }
   }