@webmate-studio/cli 0.3.61 → 0.4.0

package/src/commands/status.js

@@ -0,0 +1,118 @@
+import { existsSync } from 'fs';
+import { resolve } from 'path';
+import pc from 'picocolors';
+import { logger } from '@webmate-studio/core';
+import { apiFetch, ApiError } from '../utils/api-client.js';
+import { readMeta } from '../utils/webmate-meta.js';
+import { readComponentFiles, diffHashes, getComponentId } from '../utils/component-files.js';
+import { tenantApiFetch, resolveTenantSubdomain } from '../utils/tenant-api.js';
+
+function resolveComponentDir(arg) {
+	const cwd = process.cwd();
+	if (!arg) return cwd;
+	return resolve(cwd, arg);
+}
+
+function fmtState(state) {
+	switch (state) {
+		case 'in-sync': return pc.green('in sync');
+		case 'changes-local': return pc.yellow('local changes');
+		case 'behind-remote': return pc.cyan('behind remote');
+		case 'diverged': return pc.red('diverged');
+		case 'unlinked': return pc.dim('not linked');
+		default: return state;
+	}
+}
+
+export async function statusCommand(componentArg, options = {}) {
+	const rootDir = resolveComponentDir(componentArg);
+
+	if (!existsSync(rootDir)) {
+		logger.error(`Directory not found: ${rootDir}`);
+		process.exit(1);
+	}
+
+	const meta = readMeta(rootDir);
+	let componentInfo;
+	try {
+		componentInfo = getComponentId(rootDir);
+	} catch (err) {
+		logger.error(err.message);
+		process.exit(1);
+	}
+
+	const componentId = componentInfo.id;
+	const { fileHashes: localHashes } = readComponentFiles(rootDir);
+
+	const localDiff = meta?.fileHashes
+		? diffHashes(localHashes, meta.fileHashes)
+		: { added: Object.keys(localHashes), modified: [], removed: [] };
+
+	const hasLocal =
+		localDiff.added.length > 0 ||
+		localDiff.modified.length > 0 ||
+		localDiff.removed.length > 0;
+
+	let remoteLatest = null;
+	let remoteError = null;
+	if (!options.offline) {
+		try {
+			const sub = resolveTenantSubdomain(meta);
+			const path = sub
+				? `/api/tenant-components/${componentId}/versions`
+				: `/api/organization/components/${componentId}/versions`;
+			const list = await tenantApiFetch(path, {}, meta);
+			remoteLatest = list?.versions?.[0] ?? null;
+		} catch (err) {
+			remoteError = err instanceof ApiError
+				? `HTTP ${err.status}: ${err.message}`
+				: err.message;
+		}
+	}
+
+	const behindRemote =
+		meta?.baseVersion && remoteLatest && remoteLatest.id !== meta.baseVersion;
+
+	let state;
+	if (!meta) state = 'unlinked';
+	else if (hasLocal && behindRemote) state = 'diverged';
+	else if (hasLocal) state = 'changes-local';
+	else if (behindRemote) state = 'behind-remote';
+	else state = 'in-sync';
+
+	console.log();
+	console.log(`${pc.bold(componentInfo.displayName ?? componentId)}`);
+	console.log(`  ${pc.dim('Path:')}   ${pc.dim(rootDir)}`);
+	console.log(`  ${pc.dim('ID:')}     ${pc.dim(componentId)}`);
+	console.log(`  ${pc.dim('State:')}  ${fmtState(state)}`);
+
+	if (meta) {
+		console.log(
+			`  ${pc.dim('Local:')}  ${meta.version ? pc.cyan(meta.version) : pc.dim('(no version)')}` +
+			(meta.baseVersion ? ` ${pc.dim('(' + meta.baseVersion.slice(0, 8) + ')')}` : '')
+		);
+	}
+	if (remoteLatest) {
+		console.log(
+			`  ${pc.dim('Remote:')} ${pc.cyan(remoteLatest.version)} ${pc.dim('(' + remoteLatest.id.slice(0, 8) + ')')}`
+		);
+	} else if (remoteError) {
+		console.log(`  ${pc.dim('Remote:')} ${pc.red(remoteError)}`);
+	} else if (options.offline) {
+		console.log(`  ${pc.dim('Remote:')} ${pc.dim('(skipped, --offline)')}`);
+	}
+
+	if (hasLocal) {
+		console.log();
+		console.log(`  ${pc.bold('Local changes since last pull:')}`);
+		for (const p of localDiff.modified.slice(0, 20)) console.log(`    ${pc.yellow('M')} ${p}`);
+		for (const p of localDiff.added.slice(0, 20)) console.log(`    ${pc.green('A')} ${p}`);
+		for (const p of localDiff.removed.slice(0, 20)) console.log(`    ${pc.red('D')} ${p}`);
+		const shown = localDiff.modified.length + localDiff.added.length + localDiff.removed.length;
+		if (shown > 60) console.log(`    ${pc.dim('… more')}`);
+	}
+
+	if (state === 'in-sync') process.exit(0);
+	if (state === 'unlinked') process.exit(1);
+	process.exit(0);
+}

package/src/commands/versions.js

@@ -0,0 +1,130 @@
+import { existsSync } from 'fs';
+import { resolve } from 'path';
+import ora from 'ora';
+import pc from 'picocolors';
+import { logger } from '@webmate-studio/core';
+import { apiFetch, ApiError } from '../utils/api-client.js';
+import { readMeta } from '../utils/webmate-meta.js';
+import { getComponentId } from '../utils/component-files.js';
+import { tenantApiFetch, resolveTenantSubdomain } from '../utils/tenant-api.js';
+
+function isUuid(value) {
+	return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(value);
+}
+
+function resolveComponentId(arg) {
+	if (!arg) {
+		const meta = readMeta(process.cwd());
+		if (meta?.componentId) return meta.componentId;
+		if (existsSync(`${process.cwd()}/component.json`)) {
+			try {
+				return getComponentId(process.cwd()).id;
+			} catch {
+				// ignore
+			}
+		}
+		return null;
+	}
+	if (isUuid(arg)) return arg;
+	const dir = resolve(process.cwd(), arg);
+	const meta = readMeta(dir);
+	if (meta?.componentId) return meta.componentId;
+	if (existsSync(`${dir}/component.json`)) {
+		try {
+			return getComponentId(dir).id;
+		} catch {
+			// ignore
+		}
+	}
+	return null;
+}
+
+function fmt(date) {
+	if (!date) return '';
+	try {
+		return new Date(date).toISOString().slice(0, 16).replace('T', ' ');
+	} catch {
+		return String(date);
+	}
+}
+
+function truncate(s, n) {
+	if (!s) return '';
+	if (s.length <= n) return s;
+	return s.slice(0, n - 1) + '…';
+}
+
+export async function versionsCommand(componentArg, options = {}) {
+	const componentId = resolveComponentId(componentArg);
+	if (!componentId) {
+		logger.error(
+			'Could not resolve component id. Pass a UUID directly, ' +
+			'or run from inside a component directory.'
+		);
+		process.exit(1);
+	}
+
+	const spinner = ora(`Fetching versions for ${pc.dim(componentId)}…`).start();
+	let response;
+	try {
+		// Tenant-Routing wenn der Component-Ordner einen tenantSubdomain
+		// im .webmate.json trägt (oder env-Variable gesetzt ist).
+		const meta = readMeta(process.cwd()) ?? null;
+		const sub = resolveTenantSubdomain(meta);
+		const path = sub
+			? `/api/tenant-components/${componentId}/versions`
+			: `/api/organization/components/${componentId}/versions`;
+		response = await tenantApiFetch(path, {}, meta);
+		spinner.stop();
+	} catch (err) {
+		if (err instanceof ApiError) {
+			spinner.fail(`Fetch failed (HTTP ${err.status}): ${err.message}`);
+		} else {
+			spinner.fail(err.message);
+		}
+		process.exit(1);
+	}
+
+	const versions = response?.versions ?? [];
+	if (!versions.length) {
+		logger.info('No versions yet for this component.');
+		return;
+	}
+
+	const limit = options.limit ? Number(options.limit) : versions.length;
+	const slice = versions.slice(0, limit);
+
+	console.log();
+	console.log(pc.bold(`${versions.length} version(s) for ${pc.dim(componentId)}`));
+	console.log();
+
+	const VER_W = 12;
+	const ID_W = 26;
+	const AUTH_W = 22;
+	const DATE_W = 18;
+
+	console.log(
+		pc.dim(
+			`${'Version'.padEnd(VER_W)}  ${'Version ID'.padEnd(ID_W)}  ${'Author'.padEnd(AUTH_W)}  ${'Created'.padEnd(DATE_W)}  Message`
+		)
+	);
+	console.log(
+		pc.dim(
+			'-'.repeat(VER_W) + '  ' + '-'.repeat(ID_W) + '  ' + '-'.repeat(AUTH_W) + '  ' + '-'.repeat(DATE_W) + '  -------'
+		)
+	);
+
+	for (const v of slice) {
+		console.log(
+			`${pc.cyan(String(v.version ?? '').padEnd(VER_W))}  ` +
+			`${pc.dim(String(v.id ?? '').padEnd(ID_W))}  ` +
+			`${truncate(v.gitAuthorName ?? '', AUTH_W).padEnd(AUTH_W)}  ` +
+			`${pc.dim(fmt(v.createdAt).padEnd(DATE_W))}  ` +
+			truncate(v.gitCommitMsg ?? '', 80)
+		);
+	}
+
+	if (slice.length < versions.length) {
+		console.log(pc.dim(`  … ${versions.length - slice.length} more (use --limit to extend)`));
+	}
+}

package/src/commands/whoami.js

@@ -0,0 +1,64 @@
+import { logger } from '@webmate-studio/core';
+import pc from 'picocolors';
+import { resolveAuth } from '../utils/auth-resolver.js';
+import { apiFetch, ApiError } from '../utils/api-client.js';
+import { getAuthFilePath } from '../utils/auth-storage.js';
+
+function formatSource(auth) {
+	switch (auth.source) {
+		case 'env':
+			return 'WEBMATE_TOKEN environment variable';
+		case 'file':
+			return getAuthFilePath();
+		case 'workspace':
+			return auth.workspacePath ?? '.webmate/config.json';
+		default:
+			return auth.source;
+	}
+}
+
+export async function whoamiCommand(options = {}) {
+	const auth = resolveAuth();
+	if (!auth) {
+		logger.error('Not logged in. Run `wm login` or set WEBMATE_TOKEN.');
+		process.exit(1);
+	}
+
+	console.log(`${pc.bold('Token source:')} ${pc.dim(formatSource(auth))}`);
+	console.log(`${pc.bold('Base URL:')}     ${pc.dim(auth.baseUrl)}`);
+
+	if (options.local) {
+		if (auth.email) console.log(`${pc.bold('Email:')}        ${pc.cyan(auth.email)}`);
+		if (auth.userId) console.log(`${pc.bold('User ID:')}      ${pc.dim(auth.userId)}`);
+		if (auth.organizationId) {
+			console.log(`${pc.bold('Organization:')} ${pc.dim(auth.organizationSlug ?? auth.organizationId)}`);
+		}
+		return;
+	}
+
+	let me;
+	try {
+		me = await apiFetch('/api/auth/me');
+	} catch (err) {
+		if (err instanceof ApiError) {
+			logger.error(`Token rejected (HTTP ${err.status}): ${err.message}`);
+		} else {
+			logger.error(`Could not reach ${auth.baseUrl}: ${err.message}`);
+		}
+		process.exit(1);
+	}
+
+	const user = me?.data ?? me?.user ?? me;
+	const email = user?.email ?? auth.email ?? '(unknown)';
+	const userId = user?.id ?? auth.userId ?? '(unknown)';
+	const orgId = user?.organizationId ?? auth.organizationId ?? null;
+	const orgSlug = user?.organizationSlug ?? auth.organizationSlug ?? null;
+	const fullName = [user?.firstName, user?.lastName].filter(Boolean).join(' ');
+
+	console.log(`${pc.bold('Email:')}        ${pc.cyan(email)}`);
+	if (fullName) console.log(`${pc.bold('Name:')}         ${fullName}`);
+	console.log(`${pc.bold('User ID:')}      ${pc.dim(userId)}`);
+	if (orgId) {
+		console.log(`${pc.bold('Organization:')} ${pc.dim(orgSlug ?? orgId)}`);
+	}
+}

package/src/index.js

@@ -1,17 +1,3 @@
-export { buildCommand } from './commands/build.js';
-export { pushCommand } from './commands/push.js';
 export { devCommand } from './commands/dev.js';
 export { initCommand } from './commands/init.js';
-
-// Export auth utilities for use by other packages (e.g. preview)
-export {
-	loadAuth,
-	saveAuth,
-	clearAuth,
-	isLoggedIn,
-	getCurrentUser,
-	getApiToken,
-	getCurrentTenant,
-	getCmsBaseUrl,
-	getTenantCmsUrl
-} from './utils/auth.js';
+export { generate } from './commands/generate.js';

package/src/utils/api-client.js

@@ -0,0 +1,131 @@
+import { requireAuth, resolveAuth } from './auth-resolver.js';
+import { readAuth, writeAuth, jwtSecondsToExpiry } from './auth-storage.js';
+
+const REFRESH_WINDOW_SECONDS = 7 * 24 * 60 * 60; // 7 days
+
+function buildUrl(baseUrl, path) {
+	const base = baseUrl.replace(/\/+$/, '');
+	const rel = path.startsWith('/') ? path : `/${path}`;
+	return `${base}${rel}`;
+}
+
+export class ApiError extends Error {
+	constructor(message, { status, body, url } = {}) {
+		super(message);
+		this.name = 'ApiError';
+		this.status = status;
+		this.body = body;
+		this.url = url;
+	}
+}
+
+/**
+ * Exchange an existing (still-valid) JWT for a fresh one using
+ * POST /api/auth/refresh. Returns null on any failure so callers
+ * can fall back to the old token without crashing the command.
+ */
+export async function tryRefreshToken({ token, baseUrl }) {
+	try {
+		const response = await fetch(buildUrl(baseUrl, '/api/auth/refresh'), {
+			method: 'POST',
+			headers: {
+				Authorization: `Bearer ${token}`,
+				Accept: 'application/json'
+			}
+		});
+		if (!response.ok) return null;
+		const data = await response.json().catch(() => null);
+		if (!data?.access_token) return null;
+		return { token: data.access_token, expiresIn: data.expires_in ?? null };
+	} catch {
+		return null;
+	}
+}
+
+/**
+ * If the current credential is a file-persisted JWT that is within
+ * REFRESH_WINDOW_SECONDS of expiring, try to swap it for a fresh
+ * one and rewrite ~/.webmate/auth.json. Best-effort: failures are
+ * silent so a transient network glitch does not break the request
+ * that triggered the check.
+ *
+ * Only the file-backed flow is refreshed:
+ *  - env-supplied WEBMATE_TOKEN is opaque to us (CI/CD owns its rotation)
+ *  - workspace .webmate/config.json apiTokens are wms_* (no expiry)
+ *  - wms_* api tokens never expire either, so JWT detection guards us
+ */
+async function maybeAutoRefresh() {
+	const auth = resolveAuth();
+	if (auth?.source !== 'file') return null;
+
+	const secondsLeft = jwtSecondsToExpiry(auth.token);
+	if (secondsLeft === null) return null; // not a JWT (wms_ tokens persisted via env are handled above)
+	if (secondsLeft > REFRESH_WINDOW_SECONDS) return null; // still plenty of time
+
+	const refreshed = await tryRefreshToken({ token: auth.token, baseUrl: auth.baseUrl });
+	if (!refreshed?.token) return null;
+
+	const existing = readAuth();
+	if (existing) {
+		writeAuth({ ...existing, token: refreshed.token });
+	}
+	return refreshed.token;
+}
+
+export async function apiFetch(path, opts = {}) {
+	const {
+		method = 'GET',
+		body,
+		baseUrl: explicitBase,
+		token: explicitToken,
+		headers: extraHeaders = {},
+		json = true
+	} = opts;
+
+	let token = explicitToken;
+	let baseUrl = explicitBase;
+	if (!token || !baseUrl) {
+		const auth = requireAuth();
+		token = token ?? auth.token;
+		baseUrl = baseUrl ?? auth.baseUrl;
+	}
+
+	// Refresh the file-backed JWT if it is within a week of expiring,
+	// but only when the caller did not pass an explicit token (in that
+	// case the caller owns its credential).
+	if (!explicitToken) {
+		const refreshed = await maybeAutoRefresh();
+		if (refreshed) token = refreshed;
+	}
+
+	const url = buildUrl(baseUrl, path);
+	const headers = {
+		Authorization: `Bearer ${token}`,
+		Accept: 'application/json',
+		...extraHeaders
+	};
+
+	let payload;
+	if (body !== undefined) {
+		if (body instanceof FormData || typeof body === 'string') {
+			payload = body;
+		} else {
+			payload = JSON.stringify(body);
+			headers['Content-Type'] = 'application/json';
+		}
+	}
+
+	const response = await fetch(url, { method, headers, body: payload });
+	const contentType = response.headers.get('content-type') ?? '';
+	const isJson = contentType.includes('application/json');
+	const parsed = isJson ? await response.json().catch(() => null) : await response.text();
+
+	if (!response.ok) {
+		const message =
+			(parsed && typeof parsed === 'object' && (parsed.error || parsed.message)) ||
+			`HTTP ${response.status} ${response.statusText}`;
+		throw new ApiError(message, { status: response.status, body: parsed, url });
+	}
+
+	return json ? parsed : { status: response.status, body: parsed, headers: response.headers };
+}

package/src/utils/auth-resolver.js

@@ -0,0 +1,145 @@
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { readAuth } from './auth-storage.js';
+
+const WORKSPACE_CONFIG_PATHS = [
+	'.webmate/config.json',
+	'../.webmate/config.json',
+	'../../.webmate/config.json'
+];
+
+// Pre-release default points at staging. Switch to https://app.webmate-studio.com
+// once the CLI sync flow is GA.
+const DEFAULT_BASE_URL = 'https://app.webmate-studio.io';
+
+function readWorkspaceConfigRaw(cwd = process.cwd()) {
+	for (const rel of WORKSPACE_CONFIG_PATHS) {
+		const full = join(cwd, rel);
+		if (!existsSync(full)) continue;
+		try {
+			const raw = readFileSync(full, 'utf-8');
+			const data = JSON.parse(raw);
+			if (data && typeof data === 'object') {
+				return { data, path: full };
+			}
+		} catch {
+			// ignore malformed workspace config
+		}
+	}
+	return null;
+}
+
+function readWorkspaceConfig(cwd = process.cwd()) {
+	const hit = readWorkspaceConfigRaw(cwd);
+	if (!hit?.data?.apiToken) return null;
+	return {
+		token: hit.data.apiToken,
+		baseUrl: hit.data.baseUrl ?? DEFAULT_BASE_URL,
+		organizationId: hit.data.organizationId ?? null,
+		repositoryId: hit.data.repositoryId ?? null,
+		path: hit.path
+	};
+}
+
+/**
+ * Returns the project context (organizationId, repositoryId, …) from the
+ * nearest `.webmate/config.json`, regardless of whether an apiToken is set.
+ * Used by the preview server to tell the workbench frontend which project
+ * it is currently rendering, so the org-library filter and clone modal can
+ * default to that project.
+ */
+export function readWorkspaceContext(cwd = process.cwd()) {
+	const hit = readWorkspaceConfigRaw(cwd);
+	if (!hit?.data) return null;
+	return {
+		organizationId: hit.data.organizationId ?? null,
+		organizationSlug: hit.data.organizationSlug ?? null,
+		organizationName: hit.data.organizationName ?? null,
+		repositoryId: hit.data.repositoryId ?? null,
+		repositoryName: hit.data.repositoryName ?? null,
+		baseUrl: hit.data.baseUrl ?? null,
+		path: hit.path
+	};
+}
+
+export function getDefaultBaseUrl({ cwd = process.cwd() } = {}) {
+	if (process.env.WEBMATE_BASE_URL) {
+		return { baseUrl: process.env.WEBMATE_BASE_URL, source: 'env' };
+	}
+	const ws = readWorkspaceConfigRaw(cwd);
+	if (ws?.data?.baseUrl) {
+		return { baseUrl: ws.data.baseUrl, source: 'workspace', path: ws.path };
+	}
+	return { baseUrl: DEFAULT_BASE_URL, source: 'default' };
+}
+
+export function resolveAuth({ cwd = process.cwd() } = {}) {
+	// The repositoryId comes from the workspace config regardless of which
+	// token source wins — env/file tokens still want to know which project
+	// they're sitting in so `wm push` can route a first push to the right
+	// ComponentRepository.
+	const ws = readWorkspaceContext(cwd);
+	const wsExtra = {
+		repositoryId: ws?.repositoryId ?? null,
+		workspacePath: ws?.path ?? null
+	};
+
+	const envToken = process.env.WEBMATE_TOKEN;
+	if (envToken) {
+		return {
+			source: 'env',
+			token: envToken,
+			baseUrl: process.env.WEBMATE_BASE_URL ?? DEFAULT_BASE_URL,
+			userId: null,
+			email: null,
+			organizationId: process.env.WEBMATE_ORG_ID ?? null,
+			organizationSlug: null,
+			...wsExtra
+		};
+	}
+
+	const fileAuth = readAuth();
+	if (fileAuth?.token) {
+		return {
+			source: 'file',
+			token: fileAuth.token,
+			baseUrl: fileAuth.baseUrl,
+			userId: fileAuth.userId,
+			email: fileAuth.email,
+			organizationId: fileAuth.organizationId,
+			organizationSlug: fileAuth.organizationSlug,
+			...wsExtra
+		};
+	}
+
+	const workspace = readWorkspaceConfig(cwd);
+	if (workspace?.token) {
+		return {
+			source: 'workspace',
+			token: workspace.token,
+			baseUrl: workspace.baseUrl,
+			userId: null,
+			email: null,
+			organizationId: workspace.organizationId,
+			organizationSlug: null,
+			repositoryId: workspace.repositoryId,
+			workspacePath: workspace.path
+		};
+	}
+
+	return null;
+}
+
+export function requireAuth(opts) {
+	const auth = resolveAuth(opts);
+	if (!auth) {
+		const err = new Error(
+			'No Webmate credentials found. Run `wm login` or set WEBMATE_TOKEN.'
+		);
+		err.code = 'WM_NO_AUTH';
+		throw err;
+	}
+	return auth;
+}
+
+export { DEFAULT_BASE_URL };