@woopsy/mcpanel 1.0.0 → 1.0.3

package/README.md

@@ -144,6 +144,26 @@ npm run dev      # run from TypeScript (ts-node)
 npm run build    # compile to dist/
 ```
 
+### Releasing (maintainers)
+
+Publishing is automated by GitHub Actions (`.github/workflows/publish.yml`). You never
+run `npm publish` by hand.
+
+**One-time setup:**
+1. Create an npm **Automation** token: npmjs.com → Access Tokens → Generate New Token →
+   *Automation* (these bypass 2FA in CI).
+2. Add it to the repo: GitHub → Settings → Secrets and variables → Actions → New repository
+   secret → name `NPM_TOKEN`.
+
+**Every release after that:**
+```bash
+npm version patch      # or minor / major — bumps package.json and creates a git tag
+git push --follow-tags # pushes the commit + tag; CI builds and publishes to npm
+```
+
+The workflow skips automatically if that version is already on npm, and `npm install -g @woopsy/mcpanel@latest`
+picks up the new version once it's green.
+
 ---
 
 ## License

package/dist/commands/commandRouter.js

@@ -74,6 +74,7 @@ class CommandRouter {
             '  /properties                  - Edit server.properties interactively',
             '',
             colors.bold(colors.green('Tunnel Commands (Playit.gg)')),
+            '  /setup                       - One-time Playit account claim (browser approval)',
             '  /tunnel java                 - Auto-create & start a Java tunnel, returns address',
             '  /tunnel bedrock              - Auto-create & start a Bedrock tunnel, returns address',
             '  /tunnel status               - Check tunnel status, address and latency',
@@ -514,6 +515,36 @@ class CommandRouter {
             return colors.failure(`Failed to create tunnel: ${err.message}`);
         }
     }
+    /**
+     * Executes /setup — runs the one-time Playit agent claim (browser approval),
+     * saving the agent secret. Works on all platforms (HTTP claim, no playit-cli).
+     * After this, /tunnel java|bedrock is fully automatic.
+     */
+    async executeSetup() {
+        if (this.playitManager.getSecret()) {
+            return colors.warning('Playit is already set up (agent secret saved). Run /tunnel reset first if you want to re-claim.');
+        }
+        try {
+            await this.playitManager.ensureSecret({
+                onClaimUrl: (url) => {
+                    const opened = (0, helpers_1.openInBrowser)(url);
+                    console.log(`\n🔗 ${colors.bold('Approve the agent in your browser to finish setup.')}`);
+                    if (opened) {
+                        console.log(colors.gray('Your browser was opened automatically — sign in and click Approve.'));
+                    }
+                    else {
+                        console.log(colors.gray('Open this link, sign in (free account), and click Approve:'));
+                    }
+                    console.log(colors.underline(colors.cyan(url)));
+                },
+                onStatus: (msg) => console.log(colors.info(msg)),
+            });
+            return colors.success('Playit is set up! You can now run /tunnel java or /tunnel bedrock.');
+        }
+        catch (err) {
+            return colors.failure(`Setup failed: ${err.message}`);
+        }
+    }
     /**
      * Executes /tunnel reset — clears the saved secret so the agent can be re-claimed.
      */

package/dist/index.js

@@ -159,6 +159,7 @@ const COMMAND_LIST = [
     '/stats', '/folder', '/properties', '/java',
     '/backup create', '/backup list', '/backup restore',
     '/plugins list', '/plugins install', '/plugins remove',
+    '/setup',
     '/tunnel java', '/tunnel bedrock', '/tunnel status', '/tunnel stop', '/tunnel reset',
     '/config', '/clear', '/exit'
 ];
@@ -654,6 +655,9 @@ async function handleCommandState(line) {
                 console.log(colors.failure('Syntax: /plugins [list|install|remove]'));
             }
             break;
+        case '/setup':
+            console.log(await router.executeSetup());
+            break;
         case '/tunnel': {
             const sub = (args[0] || '').toLowerCase();
             if (!sub) {

package/dist/managers/playitManager.js

@@ -37,6 +37,7 @@ exports.PlayitManager = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const https = __importStar(require("https"));
+const crypto = __importStar(require("crypto"));
 const child_process_1 = require("child_process");
 const configManager_1 = require("../config/configManager");
 const helpers_1 = require("../utils/helpers");
@@ -209,6 +210,41 @@ class PlayitManager {
     getRunData(secret) {
         return this.apiPost('/agents/rundata', {}, secret);
     }
+    /**
+     * Unauthenticated POST for the claim endpoints. Unlike apiPost it returns the
+     * raw { status, data } envelope and does NOT throw on `status:"fail"` — a fail
+     * (e.g. "CodeNotFound" while waiting for approval) is a normal polling state.
+     */
+    apiClaim(apiPath, body) {
+        const payload = JSON.stringify(body || {});
+        const url = new URL(PLAYIT_API + apiPath);
+        return new Promise((resolve, reject) => {
+            const req = https.request({
+                hostname: url.hostname,
+                path: url.pathname,
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Content-Length': Buffer.byteLength(payload),
+                },
+            }, (res) => {
+                let data = '';
+                res.on('data', (c) => { data += c; });
+                res.on('end', () => {
+                    try {
+                        const parsed = JSON.parse(data);
+                        resolve({ status: parsed.status, data: parsed.data });
+                    }
+                    catch {
+                        reject(new Error(`Bad claim response: ${data.slice(0, 200)}`));
+                    }
+                });
+            });
+            req.on('error', reject);
+            req.write(payload);
+            req.end();
+        });
+    }
     /** Picks the public address from a rundata tunnel entry. */
     tunnelAddress(tunnel) {
         const port = tunnel?.port?.from ?? tunnel?.local_port ?? 0;
@@ -262,63 +298,66 @@ class PlayitManager {
             });
         });
     }
-    /** Ensures a write-capable agent secret, driving the one-time claim if needed. */
+    /**
+     * Ensures a write-capable agent secret, driving the one-time claim if needed.
+     *
+     * The claim is done entirely over the playit HTTP API (no playit-cli), so it
+     * works identically on Windows, WSL, Linux and macOS. The agent binary is only
+     * needed later, for the traffic relay.
+     */
     async ensureSecret(callbacks = {}) {
         const existing = this.getSecret();
         if (existing)
             return existing;
-        await this.ensureBinary();
+        // A claim code is just a short random hex string generated client-side.
+        const code = crypto.randomBytes(5).toString('hex');
+        const claimBody = { code, agent_type: 'self-managed', version: 'mcpanel 1.0' };
         callbacks.onStatus?.('Generating a new agent claim code...');
-        const code = (await this.runCli(['claim', 'generate'])).replace(/[^a-f0-9]/gi, '');
-        if (!code)
-            throw new Error('Failed to generate a claim code.');
-        const url = (await this.runCli(['claim', 'url', code, '--name', 'mcpanel', '--type', 'self-managed'])).trim();
+        await this.apiClaim('/claim/setup', claimBody);
+        const url = `https://playit.gg/claim/${code}`;
         this.tunnelStatus.claimUrl = url;
         callbacks.onClaimUrl?.(url);
-        callbacks.onStatus?.('Waiting for the agent to be claimed (this only happens once)...');
-        const secret = await this.exchangeClaim(code);
+        // Poll setup (which also keeps the code alive) until the user approves.
+        callbacks.onStatus?.('Waiting for you to approve the agent in your browser (this only happens once)...');
+        const deadline = Date.now() + 5 * 60 * 1000; // 5 minutes
+        let approved = false;
+        while (Date.now() < deadline) {
+            await this.sleep(3000);
+            const res = await this.apiClaim('/claim/setup', claimBody);
+            const status = typeof res.data === 'string' ? res.data : '';
+            if (status === 'UserAccepted') {
+                approved = true;
+                break;
+            }
+            if (status === 'UserRejected') {
+                this.tunnelStatus.claimUrl = null;
+                throw new Error('Claim was rejected in the browser. Run /setup to try again.');
+            }
+        }
+        if (!approved) {
+            this.tunnelStatus.claimUrl = null;
+            throw new Error('Timed out waiting for approval. Open the link, click Approve, then run /setup again.');
+        }
+        // Exchange the approved code for the 64-char agent secret.
+        callbacks.onStatus?.('Approved! Retrieving your agent secret...');
+        let secret = '';
+        for (let i = 0; i < 10 && !secret; i++) {
+            const ex = await this.apiClaim('/claim/exchange', { code });
+            const match = JSON.stringify(ex.data ?? '').match(/[a-f0-9]{64}/i);
+            if (ex.status === 'success' && match)
+                secret = match[0].toLowerCase();
+            else
+                await this.sleep(2000);
+        }
+        if (!secret) {
+            this.tunnelStatus.claimUrl = null;
+            throw new Error('Could not retrieve the agent secret after approval. Run /setup to try again.');
+        }
         this.configManager.setPlayitSecret(secret);
         this.tunnelStatus.claimUrl = null;
         callbacks.onStatus?.('Agent claimed and linked. Secret saved — future tunnels are fully automatic.');
         return secret;
     }
-    /** Spawns `claim exchange` and resolves once a 64-char hex secret is printed. */
-    exchangeClaim(code) {
-        return new Promise((resolve, reject) => {
-            const cliPath = this.getCliPath();
-            const child = (0, child_process_1.spawn)(cliPath, ['claim', 'exchange', code, '--wait', '0'], {
-                cwd: path.dirname(cliPath),
-                stdio: ['ignore', 'pipe', 'pipe'],
-            });
-            this.claimProcess = child;
-            let buffer = '';
-            const scan = (data) => {
-                buffer += stripAnsi(data.toString());
-                const match = buffer.match(/[a-f0-9]{64}/i);
-                if (match) {
-                    this.claimProcess = null;
-                    try {
-                        child.kill();
-                    }
-                    catch { /* ignore */ }
-                    resolve(match[0].toLowerCase());
-                }
-            };
-            child.stdout?.on('data', scan);
-            child.stderr?.on('data', scan);
-            child.on('close', (codeExit) => {
-                if (this.claimProcess === child) {
-                    this.claimProcess = null;
-                    const match = buffer.match(/[a-f0-9]{64}/i);
-                    if (match)
-                        resolve(match[0].toLowerCase());
-                    else
-                        reject(new Error(`Claim was not completed (exit ${codeExit}). Visit the link, then try again.`));
-                }
-            });
-            child.on('error', (err) => { this.claimProcess = null; reject(err); });
-        });
-    }
     // ---------------------------------------------------------------------------
     // Full automated setup
     // ---------------------------------------------------------------------------

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@woopsy/mcpanel",
-  "version": "1.0.0",
+  "version": "1.0.3",
   "description": "MCPANEL — a terminal-based, single-server Minecraft server manager with an Arch/neofetch-style UI, live logs, backups, plugins and Playit.gg tunnels.",
   "main": "dist/index.js",
   "bin": {
@@ -18,6 +18,7 @@
     "dev": "ts-node src/index.ts",
     "prod": "node dist/index.js",
     "prepublishOnly": "npm run build",
+    "push": "node scripts/push.js",
     "install:global": "npm run build && npm install -g ."
   },
   "keywords": [