aptunnel 1.0.0

package/src/commands/tunnel.js

@@ -0,0 +1,244 @@
+import { logger } from '../lib/logger.js';
+import { isInstalled, openTunnel, login } from '../lib/aptible.js';
+import {
+  getDatabase, getAllTunnelTargets, getDefaultEnv, readPassword, load, getEnvironment,
+} from '../lib/config-manager.js';
+import { isPortInUse, killProcess } from '../lib/platform.js';
+import {
+  isRunning, readPid, readConnectionInfo, saveConnectionInfo, savePid,
+  cleanup, toIdentifier, logFilePath,
+} from '../lib/process-manager.js';
+import chalk from 'chalk';
+
+// ─── Entry point ──────────────────────────────────────────────────────────────
+
+export async function runTunnel(args) {
+  if (!isInstalled()) {
+    logger.error('Aptible CLI not found. Run `aptunnel init` first.');
+    process.exit(1);
+  }
+
+  const target    = args[0];                               // db alias or "all"
+  const doClose   = args.includes('--close');
+  const doForce   = args.includes('--force');
+  const portArg   = parseFlag(args, '--port');
+  const envArg    = parseFlag(args, '--env');
+
+  if (target === 'all') {
+    await handleAll({ doClose, envArg, doForce });
+  } else {
+    await handleOne({ alias: target, doClose, doForce, portOverride: portArg ? Number(portArg) : null, envOverride: envArg });
+  }
+}
+
+// ─── Single tunnel ────────────────────────────────────────────────────────────
+
+async function handleOne({ alias, doClose, doForce, portOverride, envOverride }) {
+  const db = getDatabase(alias);
+  if (!db) {
+    logger.error(`Unknown database: "${alias}". Run \`aptunnel status\` or \`aptunnel --help\` to see available aliases.`);
+    process.exit(1);
+  }
+
+  // Environment override
+  const environment = envOverride
+    ? (getEnvironment(envOverride) ?? envOverride)
+    : db.environment;
+
+  const port = portOverride ?? db.port;
+  const id   = toIdentifier(db.alias);
+
+  if (doClose) {
+    await closeTunnel(id, port);
+    return;
+  }
+
+  await openOneTunnel({ db, environment, port, id, doForce });
+}
+
+// ─── All tunnels ──────────────────────────────────────────────────────────────
+
+async function handleAll({ doClose, envArg, doForce }) {
+  const config = load();
+  const envHandle = envArg
+    ? (getEnvironment(envArg) ?? envArg)
+    : (config.defaults?.environment ?? null);
+
+  if (!envHandle) {
+    logger.error('No default environment configured. Use --env=<alias> or run `aptunnel init`.');
+    process.exit(1);
+  }
+
+  const targets = getAllTunnelTargets(envHandle);
+  if (targets.length === 0) {
+    logger.warn(`No databases configured for environment: ${envHandle}`);
+    return;
+  }
+
+  if (doClose) {
+    for (const db of targets) {
+      const id = toIdentifier(db.alias);
+      await closeTunnel(id, db.port);
+    }
+    return;
+  }
+
+  logger.info(`Opening ${targets.length} tunnel(s) for environment: ${envHandle}`);
+  console.log('');
+
+  const results = [];
+  let sessionValid = false;
+
+  for (const db of targets) {
+    const id = toIdentifier(db.alias);
+    const result = await openOneTunnel({
+      db,
+      environment: envHandle,
+      port: db.port,
+      id,
+      doForce,
+      skipRelogin: sessionValid,
+      silent: false,
+    });
+    if (result?.success) sessionValid = true;
+    results.push({ db, ...result });
+  }
+
+  // Summary table
+  console.log('');
+  logger.section('Summary');
+  console.log('');
+  const labelW = Math.max(...results.map(r => r.db.alias.length), 8);
+  const header = `${'ALIAS'.padEnd(labelW)}  ${'PORT'.padEnd(6)}  STATUS`;
+  logger.plain(chalk.bold(header));
+  logger.plain('─'.repeat(header.length));
+  for (const r of results) {
+    const status = r.success ? chalk.green('UP') : chalk.red('FAILED');
+    logger.plain(`${r.db.alias.padEnd(labelW)}  ${String(r.db.port).padEnd(6)}  ${status}`);
+  }
+}
+
+// ─── Core open logic ──────────────────────────────────────────────────────────
+
+async function openOneTunnel({ db, environment, port, id, doForce, skipRelogin = false, silent = false }) {
+  // Already running?
+  if (isRunning(id)) {
+    const conn = readConnectionInfo(id);
+    logger.info(`${db.alias} tunnel already running (PID ${readPid(id)})`);
+    if (conn) printConnectionInfo(db.alias, port, conn);
+    return { success: true };
+  }
+
+  // Port in use by something else?
+  const portState = isPortInUse(port);
+  if (portState.inUse) {
+    if (doForce) {
+      logger.warn(`Killing process ${portState.pid} occupying port ${port}…`);
+      killProcess(portState.pid);
+      await sleep(500);
+    } else {
+      logger.warn(`Port ${port} is already in use (PID ${portState.pid}). Use --force to kill it or --port=<N> to use a different port.`);
+      return { success: false };
+    }
+  }
+
+  const ora = (await import('ora')).default;
+  const spinner = ora(`Opening tunnel to ${db.alias}…`).start();
+
+  async function attempt(isRetry) {
+    try {
+      const result = await openTunnel({ dbHandle: db.handle, environment, port });
+
+      savePid(id, result.pid);
+      saveConnectionInfo(id, {
+        url:      result.connectionUrl,
+        host:     result.credentials.host,
+        port:     result.credentials.port ?? port,
+        user:     result.credentials.user,
+        password: result.credentials.password,
+        dbName:   result.credentials.dbName,
+      });
+
+      spinner.succeed(`${db.alias} tunnel opened`);
+      printConnectionInfo(db.alias, port, readConnectionInfo(id));
+      return { success: true };
+    } catch (err) {
+      if (err.message === 'AUTH_EXPIRED' && !isRetry && !skipRelogin) {
+        spinner.warn('Token expired. Re-authenticating…');
+        const password = readPassword();
+        const config   = load();
+        const email    = config.credentials?.email;
+        if (!email || !password) {
+          spinner.fail('Cannot re-authenticate: credentials not found. Run `aptunnel login`.');
+          return { success: false };
+        }
+        const ok = await login({ email, password });
+        if (!ok) {
+          spinner.fail('Re-authentication failed. Run `aptunnel login`.');
+          return { success: false };
+        }
+        return attempt(true);
+      }
+
+      if (err.message === 'PORT_IN_USE') {
+        spinner.fail(`Port ${port} is in use. Use --port=<N> to specify a different port.`);
+        return { success: false };
+      }
+
+      spinner.fail(`Failed to open tunnel to ${db.alias}: ${err.message}`);
+      logger.dim(`  Log: ${logFilePath(id)}`);
+      return { success: false };
+    }
+  }
+
+  return attempt(false);
+}
+
+// ─── Close logic ──────────────────────────────────────────────────────────────
+
+async function closeTunnel(id, port) {
+  const pid = readPid(id);
+
+  if (!pid) {
+    logger.warn(`No tunnel found for ${id}.`);
+    return;
+  }
+
+  killProcess(pid);
+  await sleep(300);
+
+  // Verify port is freed
+  const portState = isPortInUse(port);
+  cleanup(id);
+
+  if (portState.inUse && portState.pid !== pid) {
+    logger.warn(`Port ${port} still in use by PID ${portState.pid} (not aptunnel).`);
+  } else {
+    logger.success(`${id} tunnel closed.`);
+  }
+}
+
+// ─── Print helpers ────────────────────────────────────────────────────────────
+
+function printConnectionInfo(alias, port, conn) {
+  if (!conn) return;
+  console.log('');
+  logger.detail('Port:',     String(conn.port ?? port));
+  logger.detail('Host:',     conn.host ?? 'localhost.aptible.in');
+  logger.detail('User:',     conn.user ?? 'aptible');
+  logger.detail('Password:', conn.password ? chalk.dim(conn.password) : chalk.dim('(not parsed)'));
+  logger.detail('URL:',      conn.url ? chalk.cyan(conn.url) : chalk.dim('(not parsed)'));
+  logger.detail('PID:',      String(readPid(toIdentifier(alias)) ?? '?'));
+  console.log('');
+}
+
+// ─── Utilities ────────────────────────────────────────────────────────────────
+
+function parseFlag(args, flag) {
+  const entry = args.find(a => a.startsWith(`${flag}=`));
+  return entry ? entry.slice(flag.length + 1) : null;
+}
+
+function sleep(ms) {
+  return new Promise(r => setTimeout(r, ms));
+}

package/src/index.js

@@ -0,0 +1,110 @@
+/**
+ * aptunnel — CLI router
+ *
+ * Parses argv and dispatches to the appropriate command handler.
+ * No third-party arg-parsing library — manual, minimal, fast.
+ */
+
+import { createRequire } from 'module';
+import { fileURLToPath } from 'url';
+import { dirname, resolve } from 'path';
+import { logger } from './lib/logger.js';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const require    = createRequire(import.meta.url);
+const pkg        = require(resolve(__dirname, '../package.json'));
+
+// ─── Signal handling — clean up tunnels on exit ───────────────────────────────
+
+async function gracefulShutdown(signal) {
+  // Only run cleanup if tunnels are open
+  try {
+    const { getAllRunningTunnels, cleanup } = await import('./lib/process-manager.js');
+    const { killProcess } = await import('./lib/platform.js');
+    const tunnels = getAllRunningTunnels();
+    if (tunnels.length > 0) {
+      process.stderr.write(`\n[aptunnel] Caught ${signal}. Closing ${tunnels.length} tunnel(s)…\n`);
+      for (const t of tunnels) {
+        if (t.running) killProcess(t.pid);
+        cleanup(t.identifier);
+      }
+    }
+  } catch { /* ignore errors during shutdown */ }
+  process.exit(0);
+}
+
+process.on('SIGINT',  () => gracefulShutdown('SIGINT'));
+process.on('SIGTERM', () => gracefulShutdown('SIGTERM'));
+if (process.platform === 'win32') {
+  process.on('SIGBREAK', () => gracefulShutdown('SIGBREAK'));
+}
+
+// ─── Main router ──────────────────────────────────────────────────────────────
+
+const argv = process.argv.slice(2);
+const [command, ...rest] = argv;
+
+// Global flags
+if (!command || command === '--help' || command === '-h' || command === 'help') {
+  const { runHelp } = await import('./commands/help.js');
+  runHelp();
+  process.exit(0);
+}
+
+if (command === '--version' || command === '-v') {
+  console.log(`aptunnel v${pkg.version}`);
+  process.exit(0);
+}
+
+// Route to command handlers
+try {
+  switch (command) {
+    case 'init': {
+      const { runInit } = await import('./commands/init.js');
+      await runInit(rest);
+      break;
+    }
+
+    case 'login': {
+      const { runLogin } = await import('./commands/login.js');
+      await runLogin(rest);
+      break;
+    }
+
+    case 'status': {
+      const { runStatus } = await import('./commands/status.js');
+      runStatus();
+      break;
+    }
+
+    case 'config': {
+      const { runConfig } = await import('./commands/config.js');
+      await runConfig(rest);
+      break;
+    }
+
+    case 'completions': {
+      const { runCompletions } = await import('./commands/completions.js');
+      await runCompletions(rest);
+      break;
+    }
+
+    default: {
+      // Any other command is treated as a db alias (or "all")
+      const { runTunnel } = await import('./commands/tunnel.js');
+      await runTunnel([command, ...rest]);
+      break;
+    }
+  }
+} catch (err) {
+  // Detect config-missing errors and give a friendly message
+  if (err.message?.includes('Run `aptunnel init`')) {
+    logger.error(err.message);
+  } else if (err.message?.includes('Config file is corrupted')) {
+    logger.error(err.message);
+  } else {
+    logger.error(`Unexpected error: ${err.message}`);
+    if (process.env.DEBUG) console.error(err.stack);
+  }
+  process.exit(1);
+}

package/src/lib/aptible.js

@@ -0,0 +1,335 @@
+import { spawnSync, spawn } from 'child_process';
+import { readFileSync, existsSync, writeFileSync, openSync, closeSync } from 'fs';
+import { homedir, tmpdir } from 'os';
+import { join } from 'path';
+
+// On Windows, .cmd wrappers require a shell to be resolved by CreateProcess.
+const SHELL_OPT = process.platform === 'win32' ? { shell: true } : {};
+
+function getTempDir() {
+  return process.env.APTUNNEL_TEMP_DIR ?? tmpdir();
+}
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function run(args, opts = {}) {
+  // Destructure to avoid `...opts` overwriting the merged env object below
+  const { env: envOverrides = {}, ...spawnOpts } = opts;
+  const env = { ...process.env, ...envOverrides };
+  return spawnSync('aptible', args, { encoding: 'utf8', env, ...SHELL_OPT, ...spawnOpts });
+}
+
+function parseJson(raw) {
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+// ─── Exports ─────────────────────────────────────────────────────────────────
+
+/**
+ * Check if the `aptible` binary is present in PATH.
+ * @returns {boolean}
+ */
+export function isInstalled() {
+  const result = spawnSync('aptible', ['version'], { encoding: 'utf8', ...SHELL_OPT });
+  return result.status === 0 && !result.error;
+}
+
+/**
+ * @returns {string} version string, e.g. "aptible-toolbelt v0.20.0"
+ */
+export function getVersion() {
+  const result = run(['version']);
+  return result.stdout?.trim() ?? 'unknown';
+}
+
+/**
+ * Log in to Aptible. Uses stdio: 'inherit' so 2FA prompts reach the terminal.
+ * @param {{ email: string, password: string, lifetime?: string, otp?: string }} opts
+ * @returns {Promise<boolean>}
+ */
+export function login({ email, password, lifetime = '7d', otp } = {}) {
+  return new Promise((resolve) => {
+    const args = ['login', `--lifetime=${lifetime}`];
+    if (email)    args.push(`--email=${email}`);
+    if (password) args.push(`--password=${password}`);
+    if (otp)      args.push(`--otp=${otp}`);
+
+    // Resume stdin so aptible can receive input (e.g. 2FA OTP prompt).
+    // readline.close() pauses process.stdin; we must unpause it before handing
+    // it to a child process, otherwise the child's read() never returns.
+    process.stdin.resume();
+
+    // stdio: 'inherit' is critical — aptible prompts for 2FA interactively
+    const child = spawn('aptible', args, { stdio: 'inherit', ...SHELL_OPT });
+
+    child.on('close', (code) => resolve(code === 0));
+    child.on('error', ()     => resolve(false));
+  });
+}
+
+/**
+ * Read and decode the current Aptible token from ~/.aptible/tokens.json
+ * @returns {{ email: string, issuedAt: Date, expiresAt: Date, remainingHours: number, isExpired: boolean } | null}
+ */
+export function getTokenInfo() {
+  const tokensPath = join(homedir(), '.aptible', 'tokens.json');
+  if (!existsSync(tokensPath)) return null;
+
+  let tokens;
+  try {
+    tokens = JSON.parse(readFileSync(tokensPath, 'utf8'));
+  } catch {
+    return null;
+  }
+
+  // tokens.json is an object keyed by URL; pick the first entry
+  const entries = Object.values(tokens);
+  if (!entries.length) return null;
+
+  const token = entries[0];
+
+  // Decode JWT payload (middle segment, base64url encoded)
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+
+    // base64url → base64
+    const payload = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+    const padded  = payload + '='.repeat((4 - payload.length % 4) % 4);
+    const decoded = JSON.parse(Buffer.from(padded, 'base64').toString('utf8'));
+
+    const issuedAt  = decoded.iat ? new Date(decoded.iat * 1000) : null;
+    const expiresAt = new Date(decoded.exp * 1000);
+    const now       = new Date();
+
+    const remainingMs    = expiresAt - now;
+    const remainingHours = Math.max(0, Math.floor(remainingMs / 3_600_000));
+    const isExpired      = remainingMs <= 0;
+
+    return {
+      email: decoded.email ?? decoded.sub ?? 'unknown',
+      issuedAt,
+      expiresAt,
+      remainingHours,
+      isExpired,
+    };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * List all Aptible environments the current user has access to.
+ * @returns {{ id: string, handle: string }[]}
+ */
+export function listEnvironments() {
+  const result = run(['environment:list'], {
+    env: { APTIBLE_OUTPUT_FORMAT: 'json' },
+  });
+
+  if (result.status !== 0) return [];
+
+  const data = parseJson(result.stdout);
+  if (!Array.isArray(data)) return [];
+
+  return data.map((e) => ({ id: String(e.id ?? e.ID ?? ''), handle: e.handle ?? e.Handle ?? '' }));
+}
+
+/**
+ * List databases for a given environment.
+ * @param {string} environmentHandle
+ * @returns {{ id: string, handle: string, type: string, status: string }[]}
+ */
+export function listDatabases(environmentHandle) {
+  const result = run(['db:list', '--environment', environmentHandle], {
+    env: { APTIBLE_OUTPUT_FORMAT: 'json' },
+  });
+
+  if (result.status !== 0) return [];
+
+  const data = parseJson(result.stdout);
+  if (!Array.isArray(data)) return [];
+
+  return data.map((db) => ({
+    id:     String(db.id ?? db.ID ?? ''),
+    handle: db.handle ?? db.Handle ?? '',
+    type:   db.type   ?? db.Type   ?? 'unknown',
+    status: db.status ?? db.Status ?? 'unknown',
+  }));
+}
+
+/**
+ * Open a tunnel to a database in the background.
+ *
+ * Spawns `aptible db:tunnel` detached, writes stdout to a log file,
+ * saves PID to a PID file, waits a few seconds, then parses connection info.
+ *
+ * @param {{ dbHandle: string, environment: string, port: number }} opts
+ * @returns {Promise<{ pid: number, port: number, connectionUrl: string, credentials: object }>}
+ */
+export function openTunnel({ dbHandle, environment, port }) {
+  return new Promise((resolve, reject) => {
+    const identifier = sanitize(dbHandle);
+    const logFile    = join(getTempDir(), `aptunnel-${identifier}.log`);
+
+    // Open the log file synchronously so we have a real fd to hand to spawn.
+    // createWriteStream has fd=null until 'open' fires; spawn rejects that.
+    const logFd = openSync(logFile, 'w');
+
+    const args = ['db:tunnel', dbHandle, '--environment', environment, '--port', String(port)];
+    const child = spawn('aptible', args, {
+      detached: true,
+      stdio:    ['ignore', logFd, logFd],
+      ...SHELL_OPT,
+    });
+
+    // Parent no longer needs the fd — the child has its own dup'd copy
+    closeSync(logFd);
+
+    child.unref();
+
+    // Poll the log file until aptible prints "Connect at" or an error, or we time out.
+    // A fixed 5s wait was too short for slow SSH connections.
+    const POLL_INTERVAL_MS = 500;
+    const TIMEOUT_MS       = 60_000; // 60 seconds max
+    let   elapsed          = 0;
+
+    const poll = setInterval(() => {
+      elapsed += POLL_INTERVAL_MS;
+
+      let logContent = '';
+      try { logContent = readFileSync(logFile, 'utf8'); } catch { /* file not yet created */ }
+
+      const lower = logContent.toLowerCase();
+
+      // Fatal errors — fail immediately
+      if (lower.includes('unauthorized') || lower.includes('token has expired') || lower.includes('not authenticated')) {
+        clearInterval(poll);
+        reject(new Error('AUTH_EXPIRED'));
+        return;
+      }
+      if (lower.includes('already in use') || lower.includes('address already in use')) {
+        clearInterval(poll);
+        reject(new Error('PORT_IN_USE'));
+        return;
+      }
+
+      // Process died unexpectedly
+      try { process.kill(child.pid, 0); } catch {
+        clearInterval(poll);
+        reject(new Error(`Tunnel process died. Log:\n${logContent.slice(-500)}`));
+        return;
+      }
+
+      // Success: aptible printed the connection URL
+      if (lower.includes('connect at') || lower.includes('connected.')) {
+        clearInterval(poll);
+        const conn = parseConnectionInfo(logContent, port);
+        resolve({ pid: child.pid, port, ...conn });
+        return;
+      }
+
+      // Timed out
+      if (elapsed >= TIMEOUT_MS) {
+        clearInterval(poll);
+        reject(new Error(`Tunnel timed out after ${TIMEOUT_MS / 1000}s. Log:\n${logContent.slice(-500)}`));
+      }
+    }, POLL_INTERVAL_MS);
+
+    child.on('error', (err) => {
+      clearInterval(poll);
+      reject(new Error(`Failed to spawn aptible: ${err.message}`));
+    });
+  });
+}
+
+/**
+ * Parse aptible db:tunnel output for connection info.
+ * Aptible prints something like:
+ *   Connect at postgresql://aptible:PASSWORD@localhost.aptible.in:PORT/db
+ * @param {string} log
+ * @param {number} port
+ * @returns {{ connectionUrl: string, credentials: { host, port, user, password, dbName } }}
+ */
+function parseConnectionInfo(log, port) {
+  // Try to find a connection URL in the log
+  const urlMatch = log.match(/Connect at (\S+:\/\/\S+)/i)
+    ?? log.match(/(postgresql|mysql|redis|mongodb):\/\/[^\s]+/i);
+
+  const connectionUrl = urlMatch?.[1] ?? '';
+
+  let credentials = { host: 'localhost.aptible.in', port, user: 'aptible', password: null, dbName: null };
+
+  if (connectionUrl) {
+    try {
+      const parsed = new URL(connectionUrl);
+      credentials = {
+        host:     parsed.hostname,
+        port:     parsed.port ? Number(parsed.port) : port,
+        user:     parsed.username ?? 'aptible',
+        password: parsed.password ?? null,
+        dbName:   parsed.pathname?.replace(/^\//, '') ?? null,
+      };
+    } catch { /* keep defaults */ }
+  } else {
+    // Fallback: extract individual fields from log lines
+    const hostMatch = log.match(/host[:\s]+([a-z0-9.-]+\.aptible\.in)/i);
+    const passMatch = log.match(/password[:\s]+([^\s]+)/i);
+    const userMatch = log.match(/user(?:name)?[:\s]+([^\s]+)/i);
+    if (hostMatch) credentials.host     = hostMatch[1];
+    if (passMatch) credentials.password = passMatch[1];
+    if (userMatch) credentials.user     = userMatch[1];
+  }
+
+  return { connectionUrl, credentials };
+}
+
+/**
+ * List apps for an environment.
+ * @param {string} environmentHandle
+ * @returns {{ id: string, handle: string, status: string }[]}
+ */
+export function listApps(environmentHandle) {
+  const result = run(['apps', '--environment', environmentHandle], {
+    env: { APTIBLE_OUTPUT_FORMAT: 'json' },
+  });
+
+  if (result.status !== 0) return [];
+
+  const data = parseJson(result.stdout);
+  if (!Array.isArray(data)) return [];
+
+  return data.map((app) => ({
+    id:     String(app.id ?? app.ID ?? ''),
+    handle: app.handle ?? app.Handle ?? '',
+    status: app.status ?? app.Status ?? 'unknown',
+  }));
+}
+
+/**
+ * Stream logs for an app to the terminal (blocking).
+ * @param {{ appHandle: string, environment: string }} opts
+ * @returns {Promise<void>}
+ */
+export function getLogs({ appHandle, environment }) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(
+      'aptible',
+      ['logs', '--app', appHandle, '--environment', environment],
+      { stdio: 'inherit', ...SHELL_OPT }
+    );
+    child.on('close', resolve);
+    child.on('error', reject);
+  });
+}
+
+// ─── Utilities ────────────────────────────────────────────────────────────────
+
+function sanitize(str) {
+  return str.replace(/[^a-zA-Z0-9-_]/g, '-');
+}
+