@verentis/cli 0.2.9 → 0.2.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -5
- package/dist/index.js +8 -13
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -28,15 +28,17 @@ Point `VERENTIS_UPDATE_REGISTRY` at a mirror if you install from a private regis
|
|
|
28
28
|
## Sign in
|
|
29
29
|
|
|
30
30
|
```bash
|
|
31
|
-
verentis login
|
|
31
|
+
verentis login
|
|
32
32
|
```
|
|
33
33
|
|
|
34
|
-
|
|
34
|
+
The CLI targets **production** (`https://api.verentis.io`) by default — third-party developers need no
|
|
35
|
+
extra configuration. With no credential flags this starts a **device sign-in**: open the printed URL in any
|
|
36
|
+
browser (works over SSH), confirm the code, done. Non-interactive alternatives:
|
|
35
37
|
|
|
36
38
|
```bash
|
|
37
|
-
verentis login --api-
|
|
38
|
-
verentis login --
|
|
39
|
-
#
|
|
39
|
+
verentis login --api-key vrt_xxx # CI / scripts (create one with `verentis apikey create`)
|
|
40
|
+
verentis login --token <identity token>
|
|
41
|
+
# VERENTIS_API_KEY / VERENTIS_TOKEN env vars also work
|
|
40
42
|
```
|
|
41
43
|
|
|
42
44
|
A device sign-in also stores a **refresh token**, so you stay signed in: when the 1-hour identity token
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { Command } from 'commander';
|
|
2
|
+
import { Command, Option } from 'commander';
|
|
3
3
|
import { mkdir, stat, writeFile, readFile, readdir, realpath, mkdtemp, rm, glob } from 'fs/promises';
|
|
4
4
|
import { tmpdir, homedir } from 'os';
|
|
5
5
|
import { resolve, basename, dirname, posix, join, isAbsolute, extname, relative, sep } from 'path';
|
|
@@ -21,6 +21,7 @@ function insecureFetchOptions(insecure) {
|
|
|
21
21
|
var configDir = () => process.env.VERENTIS_CONFIG_DIR ?? join(homedir(), ".verentis");
|
|
22
22
|
var configPath = () => join(configDir(), "config.json");
|
|
23
23
|
var keysDir = () => join(configDir(), "keys");
|
|
24
|
+
var PRODUCTION_API_URL = "https://api.verentis.io";
|
|
24
25
|
async function loadConfig() {
|
|
25
26
|
try {
|
|
26
27
|
return JSON.parse(await readFile(configPath(), "utf8"));
|
|
@@ -33,10 +34,7 @@ async function saveConfig(config) {
|
|
|
33
34
|
await writeFile(configPath(), JSON.stringify(config, null, 2) + "\n", { mode: 384 });
|
|
34
35
|
}
|
|
35
36
|
function requireApiUrl(config) {
|
|
36
|
-
const url = process.env.VERENTIS_API_URL ?? config.apiUrl;
|
|
37
|
-
if (!url) {
|
|
38
|
-
throw new Error("No API URL configured. Run `verentis login --api-url <url>` first (or set VERENTIS_API_URL).");
|
|
39
|
-
}
|
|
37
|
+
const url = process.env.VERENTIS_API_URL ?? config.apiUrl ?? PRODUCTION_API_URL;
|
|
40
38
|
return url.replace(/\/+$/, "");
|
|
41
39
|
}
|
|
42
40
|
|
|
@@ -1993,22 +1991,20 @@ function registerKeygen(program2) {
|
|
|
1993
1991
|
console.log(`Revoked key ${kid}.`);
|
|
1994
1992
|
});
|
|
1995
1993
|
}
|
|
1996
|
-
|
|
1997
|
-
// src/commands/login.ts
|
|
1998
1994
|
function registerLogin(program2) {
|
|
1999
|
-
program2.command("login").description("Sign in to Verentis (browser device flow by default; --api-key/--token for non-interactive use)").
|
|
1995
|
+
program2.command("login").description("Sign in to Verentis (browser device flow by default; --api-key/--token for non-interactive use)").addOption(new Option("--api-url <url>", "Verentis API gateway URL (defaults to production)").hideHelp()).option("--api-key <key>", "Verentis API key (vrt_...)").option("--token <token>", "Verentis identity token (exchanged per request for scoped access tokens)").option("--sealing-key <key>", "the platform's base64 X25519 sealing PUBLIC key (used by `pack --encrypt`)").option("--insecure", "skip TLS certificate verification (for local dev with self-signed certs)").action(async (options) => {
|
|
2000
1996
|
const config = await loadConfig();
|
|
2001
1997
|
if (options.apiUrl) config.apiUrl = options.apiUrl;
|
|
2002
1998
|
if (options.sealingKey) config.sealingPublicKey = options.sealingKey;
|
|
2003
1999
|
if (options.insecure !== void 0) config.insecure = options.insecure;
|
|
2004
|
-
|
|
2000
|
+
const apiUrl = (options.apiUrl ?? process.env.VERENTIS_API_URL ?? config.apiUrl ?? PRODUCTION_API_URL).replace(/\/+$/, "");
|
|
2005
2001
|
if (options.apiKey) {
|
|
2006
2002
|
if (!options.apiKey.startsWith("vrt_")) throw new Error('API keys start with "vrt_".');
|
|
2007
2003
|
config.apiKey = options.apiKey;
|
|
2008
2004
|
delete config.identityToken;
|
|
2009
2005
|
delete config.refreshToken;
|
|
2010
2006
|
await saveConfig(config);
|
|
2011
|
-
console.log(`Configuration saved (API key @ ${
|
|
2007
|
+
console.log(`Configuration saved (API key @ ${apiUrl}).`);
|
|
2012
2008
|
return;
|
|
2013
2009
|
}
|
|
2014
2010
|
if (options.token) {
|
|
@@ -2016,10 +2012,9 @@ function registerLogin(program2) {
|
|
|
2016
2012
|
delete config.apiKey;
|
|
2017
2013
|
delete config.refreshToken;
|
|
2018
2014
|
await saveConfig(config);
|
|
2019
|
-
console.log(`Configuration saved (identity token @ ${
|
|
2015
|
+
console.log(`Configuration saved (identity token @ ${apiUrl}).`);
|
|
2020
2016
|
return;
|
|
2021
2017
|
}
|
|
2022
|
-
const apiUrl = config.apiUrl.replace(/\/+$/, "");
|
|
2023
2018
|
const insecure = config.insecure;
|
|
2024
2019
|
const authorization = await startDeviceAuthorization(apiUrl, insecure);
|
|
2025
2020
|
console.log("To sign in, open this URL in a browser:");
|
|
@@ -2036,7 +2031,7 @@ function registerLogin(program2) {
|
|
|
2036
2031
|
delete config.apiKey;
|
|
2037
2032
|
await saveConfig(config);
|
|
2038
2033
|
const claims = decodeJwtPayload(identity.idToken);
|
|
2039
|
-
console.log(`Signed in as ${claims?.name ?? claims?.email ?? claims?.sub ?? "unknown"} @ ${
|
|
2034
|
+
console.log(`Signed in as ${claims?.name ?? claims?.email ?? claims?.sub ?? "unknown"} @ ${apiUrl}.`);
|
|
2040
2035
|
if (!claims?.account_id) {
|
|
2041
2036
|
console.log("Note: no unambiguous account context \u2014 admin commands may need --account <id>.");
|
|
2042
2037
|
}
|