api-response-manager 1.0.0 → 2.3.0

package/CLI_UPDATES.md

@@ -0,0 +1,196 @@
+# CLI Updates for Advanced Tunnel Features
+
+## ✅ Changes Made
+
+### 1. Enhanced `tunnel` Command
+Added new options to the main tunnel command:
+```bash
+arm tunnel [port] [options]
+
+Options:
+  -s, --subdomain <subdomain>    Custom subdomain
+  -n, --name <name>              Tunnel name
+  -a, --auth                     Enable basic authentication
+  -r, --rate-limit <limit>       Rate limit (requests per minute)
+  -p, --protocol <protocol>      Protocol (http, https, tcp, ws, wss)
+  --ssl                          Enable SSL/HTTPS
+  -d, --domain <domain>          Custom domain
+```
+
+### 2. New Commands Added
+
+#### Custom Domain
+```bash
+arm tunnel:domain <tunnelId> <domain>
+```
+Example:
+```bash
+arm tunnel:domain abc123 api.yourdomain.com
+```
+
+#### SSL Certificate Upload
+```bash
+arm tunnel:ssl <tunnelId> --cert <path> --key <path> [--ca <path>]
+```
+Example:
+```bash
+arm tunnel:ssl abc123 --cert cert.pem --key key.pem --ca ca.pem
+```
+
+#### OAuth Configuration
+```bash
+arm tunnel:auth:oauth <tunnelId> [options]
+
+Options:
+  --provider <provider>          OAuth provider (google, github, microsoft, custom)
+  --client-id <id>              OAuth client ID
+  --client-secret <secret>      OAuth client secret
+  --callback-url <url>          OAuth callback URL
+  --scope <scope>               OAuth scope (comma-separated)
+```
+Example:
+```bash
+arm tunnel:auth:oauth abc123 \
+  --provider google \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://yourtunnel.arm.dev/auth/callback \
+  --scope openid,email,profile
+```
+
+#### OIDC Configuration
+```bash
+arm tunnel:auth:oidc <tunnelId> [options]
+
+Options:
+  --issuer <url>                OIDC issuer URL
+  --client-id <id>              OIDC client ID
+  --client-secret <secret>      OIDC client secret
+  --callback-url <url>          OIDC callback URL
+```
+Example:
+```bash
+arm tunnel:auth:oidc abc123 \
+  --issuer https://accounts.google.com \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://yourtunnel.arm.dev/auth/callback
+```
+
+#### SAML Configuration
+```bash
+arm tunnel:auth:saml <tunnelId> [options]
+
+Options:
+  --entry-point <url>           SAML entry point URL
+  --issuer <issuer>             SAML issuer
+  --cert <path>                 Path to IdP certificate file
+  --callback-url <url>          SAML callback URL
+```
+Example:
+```bash
+arm tunnel:auth:saml abc123 \
+  --entry-point https://idp.example.com/saml/sso \
+  --issuer https://yourtunnel.arm.dev \
+  --cert idp-cert.pem \
+  --callback-url https://yourtunnel.arm.dev/auth/saml/callback
+```
+
+#### Ingress Configuration
+```bash
+arm tunnel:ingress <tunnelId> <rules> [--tls]
+
+Rules format: "/path=host:port,/path2=host:port"
+```
+Example:
+```bash
+arm tunnel:ingress abc123 "/api=localhost:3000,/admin=localhost:4000" --tls
+```
+
+## 📝 Usage Examples
+
+### Example 1: Create HTTPS Tunnel
+```bash
+arm tunnel 3000 --protocol https --ssl --subdomain myapi
+```
+
+### Example 2: Create TCP Tunnel
+```bash
+arm tunnel 5432 --protocol tcp --subdomain postgres
+```
+
+### Example 3: Create Tunnel with Custom Domain
+```bash
+# Create tunnel
+arm tunnel 3000 --protocol https --ssl
+
+# Set custom domain
+arm tunnel:domain <tunnel-id> api.mycompany.com
+```
+
+### Example 4: Create Tunnel with OAuth
+```bash
+# Create tunnel
+arm tunnel 3000 --protocol https --ssl --subdomain myapi
+
+# Configure OAuth
+arm tunnel:auth:oauth <tunnel-id> \
+  --provider google \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://myapi.tunnel.arm.dev/auth/callback
+```
+
+### Example 5: Create Tunnel with Ingress
+```bash
+# Create tunnel
+arm tunnel 3000 --protocol https --ssl
+
+# Configure ingress rules
+arm tunnel:ingress <tunnel-id> \
+  "/v1=localhost:3000,/v2=localhost:4000" \
+  --tls
+```
+
+## 🔧 Updated Files
+
+1. **cli/bin/arm.js** - Added new commands
+2. **cli/commands/tunnel.js** - Added new functions
+3. **cli/utils/api.js** - Added new API methods
+
+## 📦 No New Dependencies Required
+
+All new features use existing dependencies.
+
+## 🚀 Testing
+
+Test the new commands:
+```bash
+# Test HTTPS tunnel
+arm tunnel 3000 --protocol https --ssl
+
+# Test custom domain
+arm tunnel:domain <tunnel-id> test.example.com
+
+# Test SSL upload
+arm tunnel:ssl <tunnel-id> --cert cert.pem --key key.pem
+
+# Test OAuth
+arm tunnel:auth:oauth <tunnel-id> --provider google --client-id test --client-secret test --callback-url http://localhost/callback
+
+# Test ingress
+arm tunnel:ingress <tunnel-id> "/api=localhost:3000" --tls
+```
+
+## 📖 Help Output
+
+```bash
+arm --help
+arm tunnel --help
+arm tunnel:domain --help
+arm tunnel:ssl --help
+arm tunnel:auth:oauth --help
+arm tunnel:auth:oidc --help
+arm tunnel:auth:saml --help
+arm tunnel:ingress --help
+```

package/README.md

@@ -6,7 +6,7 @@ Command-line interface for API Response Manager. Manage tunnels, webhooks, and p
 
 ### Option 1: Install from npm (Recommended)
 ```bash
-npm install -g @arm/cli
+npm install -g @vijaypurohit322-arm/cli
 ```
 
 After installation, verify:
@@ -33,20 +33,44 @@ arm --version
 
 ### Option 3: Use with npx (No Installation)
 ```bash
-npx @arm/cli login
-npx @arm/cli tunnel 3000
-npx @arm/cli webhook
+npx @vijaypurohit322-arm/cli login
+npx @vijaypurohit322-arm/cli tunnel 3000
+npx @vijaypurohit322-arm/cli webhook
 ```
 
 ## Quick Start
 
 ### 1. Login
+
+**Interactive Login (Recommended)**
 ```bash
 arm login
-# Or provide credentials directly
+# Choose from: Email/Password, Google, GitHub, or Microsoft
+```
+
+**Email & Password**
+```bash
 arm login -e your@email.com -p yourpassword
 ```
 
+**Social Login (OAuth)**
+```bash
+# Login with Google
+arm login --provider google
+
+# Login with GitHub
+arm login --provider github
+
+# Login with Microsoft
+arm login --provider microsoft
+```
+
+The CLI will:
+1. Generate a unique device code
+2. Open your browser automatically
+3. Wait for you to authenticate
+4. Store your credentials securely
+
 ### 2. Start a Tunnel
 ```bash
 # Expose local port 3000
@@ -77,9 +101,59 @@ arm webhook --tunnel <tunnel-id>
 
 #### `arm login`
 Authenticate with API Response Manager
+
+**Options:**
+- `-e, --email <email>` - Email address (for email/password login)
+- `-p, --password <password>` - Password (for email/password login)
+- `--provider <provider>` - OAuth provider: google, github, or microsoft
+
+**Examples:**
 ```bash
+# Interactive login (choose method)
 arm login
-arm login -e email@example.com -p password
+
+# Email & Password
+arm login -e user@example.com -p mypassword
+
+# Social Login (OAuth Device Flow)
+arm login --provider github
+arm login --provider google
+arm login --provider microsoft
+```
+
+**OAuth Device Flow:**
+When using social login, the CLI will:
+1. Generate a unique device code (e.g., `ABCD-EFGH`)
+2. Display a verification URL
+3. Automatically open your browser
+4. Wait for you to complete authentication
+5. Store your token securely
+
+Example output:
+```bash
+$ arm login --provider github
+
+🌐 Logging in with github...
+
+📋 Please complete authentication:
+
+  1. Visit: https://localhost:5173/device
+  2. Enter code: ABCD-EFGH
+
+  Code expires in 600 seconds
+
+? Open browser automatically? (Y/n) 
+
+✓ Browser opened
+
+⠋ Waiting for authentication...
+✓ Authentication successful!
+
+User: John Doe
+Provider: github
+Token saved to: ~/.config/arm-cli/config.json
+
+✓ You can now use all ARM CLI commands
 ```
 
 #### `arm logout`
@@ -93,9 +167,23 @@ arm logout
 #### `arm tunnel <port>`
 Start a tunnel to expose local server
 ```bash
+# Basic HTTP tunnel
 arm tunnel 3000
-arm tunnel 3000 --subdomain myapi --name "My API"
-arm tunnel 3000 --auth --rate-limit 100
+
+# HTTPS tunnel with SSL
+arm tunnel 3000 --protocol https --ssl
+
+# TCP tunnel (for databases, etc.)
+arm tunnel 5432 --protocol tcp --subdomain postgres
+
+# WebSocket tunnel
+arm tunnel 8080 --protocol ws
+
+# With custom subdomain and authentication
+arm tunnel 3000 --subdomain myapi --name "My API" --auth --rate-limit 100
+
+# With custom domain
+arm tunnel 3000 --protocol https --ssl --domain api.yourdomain.com
 ```
 
 Options:
@@ -103,6 +191,9 @@ Options:
 - `-n, --name <name>` - Tunnel name
 - `-a, --auth` - Enable basic authentication
 - `-r, --rate-limit <limit>` - Rate limit (requests per minute, default: 60)
+- `-p, --protocol <protocol>` - Protocol: http, https, tcp, ws, wss (default: http)
+- `--ssl` - Enable SSL/HTTPS
+- `-d, --domain <domain>` - Custom domain
 
 #### `arm tunnel:list`
 List all active tunnels
@@ -128,6 +219,91 @@ Options:
 - `-f, --follow` - Follow log output (real-time)
 - `-n, --lines <number>` - Number of lines to show (default: 50)
 
+#### `arm tunnel:domain <tunnelId> <domain>`
+Set custom domain for tunnel
+```bash
+arm tunnel:domain 507f1f77bcf86cd799439011 api.yourdomain.com
+```
+
+#### `arm tunnel:ssl <tunnelId>`
+Upload SSL certificate for tunnel
+```bash
+arm tunnel:ssl 507f1f77bcf86cd799439011 --cert cert.pem --key key.pem
+arm tunnel:ssl 507f1f77bcf86cd799439011 --cert cert.pem --key key.pem --ca ca.pem
+```
+
+Options:
+- `--cert <path>` - Path to certificate file
+- `--key <path>` - Path to private key file
+- `--ca <path>` - Path to CA certificate file (optional)
+
+#### `arm tunnel:auth:oauth <tunnelId>`
+Configure OAuth authentication for tunnel
+```bash
+arm tunnel:auth:oauth 507f1f77bcf86cd799439011 \
+  --provider google \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://yourtunnel.arm.dev/auth/callback \
+  --scope openid,email,profile
+```
+
+Options:
+- `--provider <provider>` - OAuth provider: google, github, microsoft, custom
+- `--client-id <id>` - OAuth client ID
+- `--client-secret <secret>` - OAuth client secret
+- `--callback-url <url>` - OAuth callback URL
+- `--scope <scope>` - OAuth scope (comma-separated)
+
+#### `arm tunnel:auth:oidc <tunnelId>`
+Configure OpenID Connect authentication for tunnel
+```bash
+arm tunnel:auth:oidc 507f1f77bcf86cd799439011 \
+  --issuer https://accounts.google.com \
+  --client-id YOUR_CLIENT_ID \
+  --client-secret YOUR_SECRET \
+  --callback-url https://yourtunnel.arm.dev/auth/callback
+```
+
+Options:
+- `--issuer <url>` - OIDC issuer URL
+- `--client-id <id>` - OIDC client ID
+- `--client-secret <secret>` - OIDC client secret
+- `--callback-url <url>` - OIDC callback URL
+
+#### `arm tunnel:auth:saml <tunnelId>`
+Configure SAML authentication for tunnel
+```bash
+arm tunnel:auth:saml 507f1f77bcf86cd799439011 \
+  --entry-point https://idp.example.com/saml/sso \
+  --issuer https://yourtunnel.arm.dev \
+  --cert idp-cert.pem \
+  --callback-url https://yourtunnel.arm.dev/auth/saml/callback
+```
+
+Options:
+- `--entry-point <url>` - SAML entry point URL
+- `--issuer <issuer>` - SAML issuer
+- `--cert <path>` - Path to IdP certificate file
+- `--callback-url <url>` - SAML callback URL
+
+#### `arm tunnel:ingress <tunnelId> <rules>`
+Configure ingress rules for tunnel (path-based routing)
+```bash
+# Route different paths to different backends
+arm tunnel:ingress 507f1f77bcf86cd799439011 \
+  "/api=localhost:3000,/admin=localhost:4000" \
+  --tls
+
+# Single rule
+arm tunnel:ingress 507f1f77bcf86cd799439011 "/api=localhost:3000"
+```
+
+Options:
+- `--tls` - Enable TLS for ingress
+
+Rules format: `/path=host:port,/path2=host:port`
+
 ### Webhooks
 
 #### `arm webhook`
@@ -268,13 +444,53 @@ Default configuration:
 # Login
 arm login
 
-# Start tunnel on port 3000
-arm tunnel 3000 --subdomain myapp
+# Start HTTPS tunnel on port 3000
+arm tunnel 3000 --protocol https --ssl --subdomain myapp
 
 # Your local server is now accessible at:
 # https://myapp.tunnel.arm.dev
 ```
 
+### Secure Tunnel with OAuth Authentication
+```bash
+# Create HTTPS tunnel
+arm tunnel 3000 --protocol https --ssl --subdomain myapi
+
+# Configure Google OAuth
+arm tunnel:auth:oauth <tunnel-id> \
+  --provider google \
+  --client-id YOUR_GOOGLE_CLIENT_ID \
+  --client-secret YOUR_GOOGLE_SECRET \
+  --callback-url https://myapi.tunnel.arm.dev/auth/callback
+
+# Now your tunnel requires Google login to access
+```
+
+### TCP Tunnel for Database
+```bash
+# Expose PostgreSQL database
+arm tunnel 5432 --protocol tcp --subdomain mydb
+
+# Connect from anywhere:
+# psql -h mydb.tunnel.arm.dev -p 5432 -U username -d database
+```
+
+### Multi-Service Routing with Ingress
+```bash
+# Create tunnel
+arm tunnel 3000 --protocol https --ssl
+
+# Configure path-based routing
+arm tunnel:ingress <tunnel-id> \
+  "/api/v1=localhost:3000,/api/v2=localhost:4000,/admin=localhost:5000" \
+  --tls
+
+# Now:
+# https://yourtunnel.arm.dev/api/v1 -> localhost:3000
+# https://yourtunnel.arm.dev/api/v2 -> localhost:4000
+# https://yourtunnel.arm.dev/admin -> localhost:5000
+```
+
 ### Test Webhooks Locally
 ```bash
 # Create webhook that forwards to local server
@@ -328,6 +544,28 @@ arm config:set apiUrl https://your-api-url.com/api
 arm config:get
 ```
 
+## Troubleshooting
+
+### Command Not Found After Installation
+
+If you get `arm: command not found` after installing:
+
+**Windows:**
+1. Check npm prefix: `npm config get prefix`
+2. Add to PATH: `C:\Users\<YourUsername>\AppData\Roaming\npm`
+3. Restart terminal
+
+**macOS/Linux:**
+```bash
+echo 'export PATH="$(npm config get prefix)/bin:$PATH"' >> ~/.bashrc
+source ~/.bashrc
+```
+
+**Alternative - Use npx:**
+```bash
+npx @vijaypurohit322-arm/cli login
+```
+
 ## Publishing to npm
 
 See [PUBLISHING.md](./PUBLISHING.md) for detailed instructions on publishing this package to npm.

package/bin/arm.js

@@ -30,6 +30,7 @@ program
   .description('Authenticate with API Response Manager')
   .option('-e, --email <email>', 'Email address')
   .option('-p, --password <password>', 'Password')
+  .option('--provider <provider>', 'OAuth provider (google, github, microsoft)')
   .action(loginCommand);
 
 // Logout command
@@ -47,6 +48,9 @@ program
   .option('-n, --name <name>', 'Tunnel name')
   .option('-a, --auth', 'Enable basic authentication')
   .option('-r, --rate-limit <limit>', 'Rate limit (requests per minute)', '60')
+  .option('-p, --protocol <protocol>', 'Protocol (http, https, tcp, ws, wss)', 'http')
+  .option('--ssl', 'Enable SSL/HTTPS')
+  .option('-d, --domain <domain>', 'Custom domain')
   .action(tunnelCommand.start);
 
 program
@@ -68,6 +72,61 @@ program
   .option('-n, --lines <number>', 'Number of lines to show', '50')
   .action(tunnelCommand.logs);
 
+program
+  .command('tunnel:domain')
+  .description('Set custom domain for tunnel')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<domain>', 'Custom domain (e.g., api.yourdomain.com)')
+  .action(tunnelCommand.setDomain);
+
+program
+  .command('tunnel:ssl')
+  .description('Upload SSL certificate for tunnel')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--cert <path>', 'Path to certificate file')
+  .option('--key <path>', 'Path to private key file')
+  .option('--ca <path>', 'Path to CA certificate file (optional)')
+  .action(tunnelCommand.uploadSSL);
+
+program
+  .command('tunnel:auth:oauth')
+  .description('Configure OAuth authentication')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--provider <provider>', 'OAuth provider (google, github, microsoft, custom)')
+  .option('--client-id <id>', 'OAuth client ID')
+  .option('--client-secret <secret>', 'OAuth client secret')
+  .option('--callback-url <url>', 'OAuth callback URL')
+  .option('--scope <scope>', 'OAuth scope (comma-separated)')
+  .action(tunnelCommand.configureOAuth);
+
+program
+  .command('tunnel:auth:oidc')
+  .description('Configure OIDC authentication')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--issuer <url>', 'OIDC issuer URL')
+  .option('--client-id <id>', 'OIDC client ID')
+  .option('--client-secret <secret>', 'OIDC client secret')
+  .option('--callback-url <url>', 'OIDC callback URL')
+  .action(tunnelCommand.configureOIDC);
+
+program
+  .command('tunnel:auth:saml')
+  .description('Configure SAML authentication')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .option('--entry-point <url>', 'SAML entry point URL')
+  .option('--issuer <issuer>', 'SAML issuer')
+  .option('--cert <path>', 'Path to IdP certificate file')
+  .option('--callback-url <url>', 'SAML callback URL')
+  .action(tunnelCommand.configureSAML);
+
+program
+  .command('tunnel:ingress')
+  .description('Configure ingress rules for tunnel')
+  .argument('<tunnelId>', 'Tunnel ID')
+  .argument('<rules>', 'Ingress rules (e.g., "/api=localhost:3000,/admin=localhost:4000")')
+  .option('--tls', 'Enable TLS for ingress')
+  .action(tunnelCommand.configureIngress);
+
 // Webhook commands
 program
   .command('webhook')

package/commands/login.js

@@ -1,12 +1,38 @@
 const inquirer = require('inquirer');
 const chalk = require('chalk');
 const ora = require('ora');
+const open = require('open');
 const api = require('../utils/api');
 const config = require('../utils/config');
 
 async function login(options) {
   console.log(chalk.blue.bold('\n🔐 API Response Manager - Login\n'));
 
+  // Check if social login is requested
+  if (options.provider) {
+    return await socialLogin(options.provider);
+  }
+
+  // Ask for login method
+  const { method } = await inquirer.prompt([
+    {
+      type: 'list',
+      name: 'method',
+      message: 'Choose login method:',
+      choices: [
+        { name: '📧 Email & Password', value: 'email' },
+        { name: '🌐 Google', value: 'google' },
+        { name: '🐙 GitHub', value: 'github' },
+        { name: '🪟 Microsoft', value: 'microsoft' }
+      ]
+    }
+  ]);
+
+  if (method !== 'email') {
+    return await socialLogin(method);
+  }
+
+  // Traditional email/password login
   let email = options.email;
   let password = options.password;
 
@@ -85,4 +111,100 @@ async function login(options) {
   }
 }
 
+async function socialLogin(provider) {
+  console.log(chalk.blue(`\n🌐 Logging in with ${provider}...\n`));
+
+  const spinner = ora('Initiating OAuth flow...').start();
+
+  try {
+    // Request device code from backend
+    const deviceResponse = await api.requestDeviceCode(provider);
+    
+    spinner.stop();
+
+    const { device_code, user_code, verification_uri, expires_in } = deviceResponse;
+
+    console.log(chalk.yellow('\n📋 Please complete authentication:\n'));
+    console.log(chalk.white('  1. Visit:'), chalk.cyan.underline(verification_uri));
+    console.log(chalk.white('  2. Enter code:'), chalk.green.bold(user_code));
+    console.log(chalk.gray(`\n  Code expires in ${expires_in} seconds\n`));
+
+    // Open browser automatically
+    const { openBrowser } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'openBrowser',
+        message: 'Open browser automatically?',
+        default: true
+      }
+    ]);
+
+    if (openBrowser) {
+      await open(verification_uri);
+      console.log(chalk.gray('  ✓ Browser opened\n'));
+    }
+
+    const pollSpinner = ora('Waiting for authentication...').start();
+
+    // Poll for token
+    const pollInterval = 5000; // 5 seconds
+    const maxAttempts = Math.ceil(expires_in / (pollInterval / 1000));
+    let attempts = 0;
+
+    const pollForToken = async () => {
+      while (attempts < maxAttempts) {
+        attempts++;
+        
+        try {
+          const tokenResponse = await api.pollDeviceToken(device_code, provider);
+          
+          if (tokenResponse.token) {
+            pollSpinner.succeed(chalk.green('Authentication successful!'));
+            
+            // Store credentials
+            api.setToken(tokenResponse.token);
+            
+            const userId = tokenResponse.user?._id || tokenResponse.user?.id;
+            const userEmail = tokenResponse.user?.email;
+            const userName = tokenResponse.user?.name;
+            
+            if (userId) config.set('userId', userId);
+            if (userEmail) config.set('email', userEmail);
+            
+            console.log(chalk.gray('\nUser:'), chalk.white(userName || userEmail));
+            console.log(chalk.gray('Provider:'), chalk.white(provider));
+            console.log(chalk.gray('Token saved to:'), chalk.white(config.path));
+            console.log(chalk.green('\n✓ You can now use all ARM CLI commands\n'));
+            
+            return;
+          }
+        } catch (error) {
+          if (error.response?.status === 428) {
+            // Still pending, continue polling
+            await new Promise(resolve => setTimeout(resolve, pollInterval));
+            continue;
+          }
+          throw error;
+        }
+      }
+      
+      throw new Error('Authentication timeout - please try again');
+    };
+
+    await pollForToken();
+
+  } catch (error) {
+    spinner.stop();
+    console.error(chalk.red('\n✗ Social login failed'));
+    
+    if (error.response?.data?.msg) {
+      console.error(chalk.red(`✗ ${error.response.data.msg}\n`));
+    } else {
+      console.error(chalk.red(`✗ ${error.message}\n`));
+    }
+    
+    process.exit(1);
+  }
+}
+
 module.exports = login;

package/commands/tunnel.js

@@ -21,6 +21,9 @@ async function start(port, options) {
       name: options.name || `Tunnel-${port}`,
       subdomain: options.subdomain,
       localPort: parseInt(port),
+      protocol: options.protocol || 'http',
+      sslEnabled: options.ssl || options.protocol === 'https',
+      customDomain: options.domain,
       security: {
         requireAuth: options.auth || false
       },
@@ -222,9 +225,147 @@ async function logs(tunnelId, options) {
   }
 }
 
+// Set custom domain
+async function setDomain(tunnelId, domain) {
+  const spinner = ora('Setting custom domain...').start();
+
+  try {
+    await api.setTunnelDomain(tunnelId, domain);
+    spinner.succeed(chalk.green('Custom domain set successfully'));
+    console.log(chalk.cyan(`\n✓ Tunnel now accessible at: https://${domain}\n`));
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to set custom domain'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Upload SSL certificate
+async function uploadSSL(tunnelId, options) {
+  const spinner = ora('Uploading SSL certificate...').start();
+
+  try {
+    const fs = require('fs');
+    const cert = fs.readFileSync(options.cert, 'utf8');
+    const key = fs.readFileSync(options.key, 'utf8');
+    const ca = options.ca ? fs.readFileSync(options.ca, 'utf8') : null;
+
+    await api.uploadTunnelSSL(tunnelId, { cert, key, ca });
+    spinner.succeed(chalk.green('SSL certificate uploaded successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to upload SSL certificate'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure OAuth
+async function configureOAuth(tunnelId, options) {
+  const spinner = ora('Configuring OAuth...').start();
+
+  try {
+    await api.configureTunnelOAuth(tunnelId, {
+      provider: options.provider,
+      clientId: options.clientId,
+      clientSecret: options.clientSecret,
+      callbackUrl: options.callbackUrl,
+      scope: options.scope ? options.scope.split(',') : ['openid', 'email', 'profile']
+    });
+    spinner.succeed(chalk.green('OAuth configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure OAuth'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure OIDC
+async function configureOIDC(tunnelId, options) {
+  const spinner = ora('Configuring OIDC...').start();
+
+  try {
+    await api.configureTunnelOIDC(tunnelId, {
+      issuer: options.issuer,
+      clientId: options.clientId,
+      clientSecret: options.clientSecret,
+      callbackUrl: options.callbackUrl
+    });
+    spinner.succeed(chalk.green('OIDC configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure OIDC'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure SAML
+async function configureSAML(tunnelId, options) {
+  const spinner = ora('Configuring SAML...').start();
+
+  try {
+    const fs = require('fs');
+    const cert = fs.readFileSync(options.cert, 'utf8');
+
+    await api.configureTunnelSAML(tunnelId, {
+      entryPoint: options.entryPoint,
+      issuer: options.issuer,
+      cert,
+      callbackUrl: options.callbackUrl
+    });
+    spinner.succeed(chalk.green('SAML configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure SAML'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Configure ingress
+async function configureIngress(tunnelId, rules, options) {
+  const spinner = ora('Configuring ingress...').start();
+
+  try {
+    // Parse rules: "/api=localhost:3000,/admin=localhost:4000"
+    const parsedRules = rules.split(',').map(rule => {
+      const [path, backend] = rule.split('=');
+      const [host, port] = backend.split(':');
+      return {
+        path: path.trim(),
+        pathType: 'Prefix',
+        backend: {
+          host: host.trim(),
+          port: parseInt(port)
+        }
+      };
+    });
+
+    await api.configureTunnelIngress(tunnelId, {
+      enabled: true,
+      rules: parsedRules,
+      tls: { enabled: options.tls || false }
+    });
+    spinner.succeed(chalk.green('Ingress configured successfully'));
+    console.log();
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to configure ingress'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
 module.exports = {
   start,
   list,
   stop,
-  logs
+  logs,
+  setDomain,
+  uploadSSL,
+  configureOAuth,
+  configureOIDC,
+  configureSAML,
+  configureIngress
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "api-response-manager",
-  "version": "1.0.0",
+  "version": "2.3.0",
   "description": "Command-line interface for API Response Manager",
   "main": "index.js",
   "bin": {
@@ -21,17 +21,18 @@
   "author": "Vijay Singh Purohit",
   "license": "MIT",
   "dependencies": {
-    "commander": "^11.1.0",
     "axios": "^1.6.2",
+    "boxen": "^5.1.2",
     "chalk": "^4.1.2",
+    "cli-table3": "^0.6.3",
+    "commander": "^11.1.0",
+    "conf": "^10.2.0",
+    "dotenv": "^16.3.1",
     "inquirer": "^8.2.5",
+    "open": "^8.4.0",
     "ora": "^5.4.1",
-    "ws": "^8.14.2",
-    "dotenv": "^16.3.1",
-    "conf": "^10.2.0",
-    "boxen": "^5.1.2",
-    "cli-table3": "^0.6.3",
-    "update-notifier": "^6.0.2"
+    "update-notifier": "^6.0.2",
+    "ws": "^8.14.2"
   },
   "devDependencies": {
     "jest": "^29.7.0"

package/utils/api.js

@@ -58,6 +58,20 @@ class APIClient {
     return response.data;
   }
 
+  // OAuth Device Flow for CLI
+  async requestDeviceCode(provider) {
+    const response = await this.client.post('/auth/device/code', { provider });
+    return response.data;
+  }
+
+  async pollDeviceToken(deviceCode, provider) {
+    const response = await this.client.post('/auth/device/token', { 
+      device_code: deviceCode,
+      provider 
+    });
+    return response.data;
+  }
+
   // Tunnels
   async createTunnel(data) {
     const response = await this.client.post('/tunnels', data);
@@ -140,6 +154,37 @@ class APIClient {
     const response = await this.client.get(`/projects/${id}/responses`, { params });
     return response.data;
   }
+
+  // Advanced Tunnel Features
+  async setTunnelDomain(id, domain) {
+    const response = await this.client.post(`/tunnels/${id}/custom-domain`, { domain });
+    return response.data;
+  }
+
+  async uploadTunnelSSL(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/ssl`, data);
+    return response.data;
+  }
+
+  async configureTunnelOAuth(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/auth/oauth`, data);
+    return response.data;
+  }
+
+  async configureTunnelOIDC(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/auth/oidc`, data);
+    return response.data;
+  }
+
+  async configureTunnelSAML(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/auth/saml`, data);
+    return response.data;
+  }
+
+  async configureTunnelIngress(id, data) {
+    const response = await this.client.post(`/tunnels/${id}/ingress`, data);
+    return response.data;
+  }
 }
 
 module.exports = new APIClient();