attio 0.0.1-experimental.20250408 → 0.0.1-experimental.20250414

package/lib/api/api.js

@@ -1,16 +1,19 @@
 import { Fetcher } from "./fetcher.js";
 import { APP } from "../env.js";
 import { isErrored, complete, errored } from "@attio/fetchable";
-import { whoamiSchema, listDevWorkspacesResponseSchema, createVersionSchema, appInfoSchema, completeBundleUploadSchema, startUploadSchema, createDevVersionSchema, installationSchema, versionsSchema, TEST_WORKSPACES, TEST_APP_INFO, } from "./schemas.js";
-class CliApi {
+import { whoamiSchema, listDevWorkspacesResponseSchema, createVersionSchema, appInfoSchema, completeBundleUploadSchema, startUploadSchema, createDevVersionSchema, installationSchema, versionsSchema, TEST_WORKSPACES, TEST_APP_INFO, tokenResponseSchema, } from "./schemas.js";
+class ApiImpl {
     _fetcher;
     constructor() {
         this._fetcher = new Fetcher();
     }
     async whoami() {
-        const result = await this._fetcher.get(`${APP}/api/auth/whoami`, whoamiSchema);
+        const result = await this._fetcher.get({
+            path: `${APP}/api/auth/whoami`,
+            schema: whoamiSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "WHOAMI_ERROR", fetcherError: result.error });
+            return errored({ code: "WHOAMI_ERROR", error: result.error });
         }
         return complete(result.value.user);
     }
@@ -18,19 +21,26 @@ class CliApi {
         if (process.env.NODE_ENV === "test") {
             return complete(TEST_WORKSPACES);
         }
-        const result = await this._fetcher.get("/dev-workspaces", listDevWorkspacesResponseSchema);
+        const result = await this._fetcher.get({
+            path: "/dev-workspaces",
+            schema: listDevWorkspacesResponseSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "FETCH_WORKSPACES_ERROR", fetcherError: result.error });
+            return errored({ code: "FETCH_WORKSPACES_ERROR", error: result.error });
         }
         return complete(result.value.workspaces);
     }
     async createVersion({ appId, major, cliVersion, }) {
-        const result = await this._fetcher.post(`/apps/${appId}/prod-versions`, {
-            major,
-            cli_version: cliVersion,
-        }, createVersionSchema);
+        const result = await this._fetcher.post({
+            path: `/apps/${appId}/prod-versions`,
+            body: {
+                major,
+                cli_version: cliVersion,
+            },
+            schema: createVersionSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "CREATE_VERSION_ERROR", fetcherError: result.error });
+            return errored({ code: "CREATE_VERSION_ERROR", error: result.error });
         }
         return result;
     }
@@ -38,61 +48,119 @@ class CliApi {
         if (process.env.NODE_ENV === "test") {
             return complete(TEST_APP_INFO.app);
         }
-        const result = await this._fetcher.get(`/apps/by-slug/${appSlug}`, appInfoSchema);
+        const result = await this._fetcher.get({
+            path: `/apps/by-slug/${appSlug}`,
+            schema: appInfoSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "FETCH_APP_INFO_ERROR", fetcherError: result.error });
+            return errored({ code: "FETCH_APP_INFO_ERROR", error: result.error });
         }
         return complete(result.value.app);
     }
     async completeBundleUpload({ appId, devVersionId, bundleId, }) {
-        const result = await this._fetcher.post(`/apps/${appId}/dev-versions/${devVersionId}/bundles/${bundleId}/complete`, {}, completeBundleUploadSchema);
+        const result = await this._fetcher.post({
+            path: `/apps/${appId}/dev-versions/${devVersionId}/bundles/${bundleId}/complete`,
+            body: {},
+            schema: completeBundleUploadSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "COMPLETE_BUNDLE_UPLOAD_ERROR", fetcherError: result.error });
+            return errored({ code: "COMPLETE_BUNDLE_UPLOAD_ERROR", error: result.error });
         }
         return complete(undefined);
     }
     async completeProdBundleUpload({ appId, bundleId, major, minor, }) {
-        const result = await this._fetcher.post(`/apps/${appId}/prod-versions/${major}/${minor}/bundles/${bundleId}/complete`, {}, completeBundleUploadSchema);
+        const result = await this._fetcher.post({
+            path: `/apps/${appId}/prod-versions/${major}/${minor}/bundles/${bundleId}/complete`,
+            body: {},
+            schema: completeBundleUploadSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "COMPLETE_PROD_BUNDLE_UPLOAD_ERROR", fetcherError: result.error });
+            return errored({ code: "COMPLETE_PROD_BUNDLE_UPLOAD_ERROR", error: result.error });
         }
         return complete(undefined);
     }
     async startUpload({ appId, devVersionId, }) {
-        const result = await this._fetcher.post(`/apps/${appId}/dev-versions/${devVersionId}/bundles`, {}, startUploadSchema);
+        const result = await this._fetcher.post({
+            path: `/apps/${appId}/dev-versions/${devVersionId}/bundles`,
+            body: {},
+            schema: startUploadSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "START_UPLOAD_ERROR", fetcherError: result.error });
+            return errored({ code: "START_UPLOAD_ERROR", error: result.error });
         }
         return result;
     }
     async createDevVersion({ appId, cliVersion, targetWorkspaceId, environmentVariables, }) {
-        const result = await this._fetcher.post(`/apps/${appId}/dev-versions`, {
-            major: 1,
-            target_workspace_id: targetWorkspaceId,
-            environment_variables: environmentVariables,
-            cli_version: cliVersion,
-        }, createDevVersionSchema);
+        const result = await this._fetcher.post({
+            path: `/apps/${appId}/dev-versions`,
+            body: {
+                major: 1,
+                target_workspace_id: targetWorkspaceId,
+                environment_variables: environmentVariables,
+                cli_version: cliVersion,
+            },
+            schema: createDevVersionSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "CREATE_DEV_VERSION_ERROR", fetcherError: result.error });
+            return errored({ code: "CREATE_DEV_VERSION_ERROR", error: result.error });
         }
         return result;
     }
     async fetchInstallation({ appId, workspaceId, }) {
-        const result = await this._fetcher.get(`/apps/${appId}/workspace/${workspaceId}/dev-installation`, installationSchema);
+        const result = await this._fetcher.get({
+            path: `/apps/${appId}/workspace/${workspaceId}/dev-installation`,
+            schema: installationSchema,
+        });
         if (isErrored(result)) {
             if (result.error.code === "HTTP_ERROR" && result.error.status === 404) {
                 return complete(null);
             }
-            return errored({ code: "FETCH_INSTALLATION_ERROR", fetcherError: result.error });
+            return errored({ code: "FETCH_INSTALLATION_ERROR", error: result.error });
         }
         return result;
     }
     async fetchVersions(appId) {
-        const result = await this._fetcher.get(`/apps/${appId}/prod-versions`, versionsSchema);
+        const result = await this._fetcher.get({
+            path: `/apps/${appId}/prod-versions`,
+            schema: versionsSchema,
+        });
         if (isErrored(result)) {
-            return errored({ code: "FETCH_VERSIONS_ERROR", fetcherError: result.error });
+            return errored({ code: "FETCH_VERSIONS_ERROR", error: result.error });
         }
         return complete(result.value.app_prod_versions);
     }
+    async exchangeToken({ receivedCode, verifierString, redirectUri, clientId, }) {
+        const params = new URLSearchParams();
+        params.append("grant_type", "authorization_code");
+        params.append("code", receivedCode);
+        params.append("client_id", clientId);
+        params.append("redirect_uri", redirectUri);
+        params.append("code_verifier", verifierString);
+        const result = await this._fetcher.post({
+            path: `${APP}/oidc/token`,
+            body: params,
+            schema: tokenResponseSchema,
+            authenticated: "Not Authenticated",
+        });
+        if (isErrored(result)) {
+            return errored({ code: "GET_TOKEN_ERROR", error: result.error });
+        }
+        return result;
+    }
+    async refreshToken({ refreshToken, clientId, }) {
+        const params = new URLSearchParams();
+        params.append("grant_type", "refresh_token");
+        params.append("refresh_token", refreshToken);
+        params.append("client_id", clientId);
+        const result = await this._fetcher.post({
+            path: `${APP}/oidc/token`,
+            body: params,
+            schema: tokenResponseSchema,
+        });
+        if (isErrored(result)) {
+            return errored({ code: "REFRESH_TOKEN_ERROR", error: result.error });
+        }
+        return result;
+    }
 }
-export const API = new CliApi();
+export const api = new ApiImpl();

package/lib/api/fetcher.js

@@ -1,17 +1,24 @@
-import { complete, errored } from "@attio/fetchable";
+import { complete, errored, isErrored } from "@attio/fetchable";
 import { API } from "../env.js";
-import { ensureAuthed } from "../auth/ensure-authed.js";
-import chalk from "chalk";
+import { authenticator } from "../auth/auth.js";
 export class Fetcher {
-    async _fetch(path, fetchOptions, schema) {
-        const token = await ensureAuthed();
+    async _fetch({ path, fetchOptions, schema, authenticated, }) {
+        const tokenResult = authenticated === "Authenticated" ? await authenticator.ensureAuthed() : complete(null);
+        if (isErrored(tokenResult)) {
+            return errored({
+                code: "UNAUTHORIZED",
+                error: tokenResult.error,
+            });
+        }
+        const token = tokenResult.value;
         try {
             const response = await fetch(path.startsWith("https") ? path : `${API}${path}`, {
                 ...fetchOptions,
                 headers: {
                     "x-attio-platform": "developer-cli",
-                    "Authorization": `Bearer ${token}`,
+                    ...(token ? { Authorization: `Bearer ${token}` } : {}),
                     "Content-Type": "application/json",
+                    ...fetchOptions.headers,
                 },
             });
             if (!response.ok) {
@@ -39,27 +46,24 @@ export class Fetcher {
             });
         }
     }
-    async get(path, schema) {
-        return this._fetch(path, { method: "GET" }, schema);
-    }
-    async post(path, body, schema) {
-        return this._fetch(path, {
-            method: "POST",
-            body: JSON.stringify(body),
-        }, schema);
+    async get({ path, schema, headers = {}, authenticated = "Authenticated", }) {
+        return this._fetch({ path, fetchOptions: { method: "GET", headers }, schema, authenticated });
     }
-}
-export function printFetcherError(message, error) {
-    process.stderr.write(`${chalk.red("✖ ")}${message}\n`);
-    switch (error.code) {
-        case "HTTP_ERROR":
-            process.stderr.write(`HTTP Error (${error.status}): ${error.message}\n`);
-            break;
-        case "INVALID_RESPONSE":
-            process.stderr.write(`Invalid response: ${error.message}\n`);
-            break;
-        case "NETWORK_ERROR":
-            process.stderr.write(`Network error: ${error.message}\n`);
-            break;
+    async post({ path, body, schema, headers = {}, authenticated = "Authenticated", }) {
+        return this._fetch({
+            path,
+            fetchOptions: {
+                method: "POST",
+                body: body instanceof URLSearchParams ? body.toString() : JSON.stringify(body),
+                headers: {
+                    "Content-Type": body instanceof URLSearchParams
+                        ? "application/x-www-form-urlencoded"
+                        : "application/json",
+                    ...headers,
+                },
+            },
+            schema,
+            authenticated,
+        });
     }
 }

package/lib/api/schemas.js

@@ -74,3 +74,9 @@ export const versionSchema = z.object({
 export const versionsSchema = z.object({
     app_prod_versions: z.array(versionSchema),
 });
+export const tokenResponseSchema = z.object({
+    access_token: z.string(),
+    token_type: z.literal("Bearer"),
+    refresh_token: z.string(),
+    expires_in: z.number(),
+});

package/lib/auth/auth.js

@@ -4,118 +4,156 @@ import { randomBytes, createHash } from "crypto";
 import open from "open";
 import { APP } from "../env.js";
 import { findAvailablePort } from "../util/find-available-port.js";
-import { loadAuthToken, saveAuthToken, deleteAuthToken } from "./keychain.js";
-import { z } from "zod";
-import { hardExit } from "../util/hard-exit.js";
-import { API } from "../api/api.js";
-import { isComplete } from "@attio/fetchable";
-const CLIENT_ID = "f881c6f1-82d7-48a5-a581-649596167845";
-const tokenResponseSchema = z.object({
-    access_token: z.string(),
-    token_type: z.string(),
-    expires_in: z.number(),
-});
-async function exchangeCodeForToken(code, codeVerifier, redirectUri) {
-    const tokenUrl = `${APP}/oidc/token`;
-    const params = new URLSearchParams();
-    params.append("grant_type", "authorization_code");
-    params.append("code", code);
-    params.append("client_id", CLIENT_ID);
-    params.append("redirect_uri", redirectUri);
-    params.append("code_verifier", codeVerifier);
-    try {
-        const response = await fetch(tokenUrl, {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/x-www-form-urlencoded",
-            },
-            body: params.toString(),
-        });
-        if (!response.ok) {
-            const errorText = await response.text();
-            return hardExit(`Failed to exchange code for token: ${errorText} (status: ${response.status})`);
+import { keychain } from "./keychain.js";
+import { api } from "../api/api.js";
+import { isErrored, complete, errored } from "@attio/fetchable";
+import { printFetcherError, printKeychainError } from "../print-errors.js";
+class AuthenticatorImpl {
+    clientId = "f881c6f1-82d7-48a5-a581-649596167845";
+    refreshTimeout = null;
+    async ensureAuthed() {
+        const existingTokenResult = await keychain.load();
+        if (isErrored(existingTokenResult)) {
+            return this.promptToAuthenticate();
         }
-        const data = await response.json();
-        const result = tokenResponseSchema.safeParse(data);
-        if (!result.success) {
-            return hardExit("Invalid token response");
+        const existingToken = existingTokenResult.value;
+        if (existingToken === null || existingToken.expires_at < Date.now()) {
+            return this.promptToAuthenticate();
         }
-        return result.data;
-    }
-    catch (error) {
-        return hardExit(`Failed to exchange code for token: ${error instanceof Error ? error.message : String(error)}`);
+        this.scheduleRefresh(existingToken);
+        return complete(existingToken.access_token);
     }
-}
-export async function auth() {
-    const existingTokenResult = await loadAuthToken();
-    if (existingTokenResult !== null) {
-        const userResult = await API.whoami();
-        const user = isComplete(userResult) ? userResult.value : null;
-        if (user !== null) {
-            return existingTokenResult;
+    async promptToAuthenticate() {
+        if (process.env.NODE_ENV !== "test") {
+            process.stdout.write("You need to log in with Attio. Press Enter to continue...\n\n");
+            await new Promise((resolve) => process.stdin.once("data", resolve));
         }
-        await deleteAuthToken();
+        return this.authenticate();
     }
-    const verifier = randomBytes(32);
-    const verifierString = verifier.toString("base64url");
-    const hash = createHash("sha256");
-    hash.update(verifier);
-    const challenge = hash.digest();
-    const challengeString = challenge.toString("base64url");
-    const state = randomBytes(32).toString("base64url");
-    const port = await findAvailablePort(3000, 65000);
-    const redirectUri = `http://localhost:${port}`;
-    let resolveToken;
-    const tokenPromise = new Promise((resolve) => {
-        resolveToken = resolve;
-    });
-    const app = new Hono();
-    let serverRef;
-    app.get("/", async (c) => {
-        const query = c.req.query();
-        const receivedCode = query.authorization_code;
-        const receivedState = query.state;
-        if (receivedState !== state) {
-            hardExit("State mismatch - possible CSRF attack");
+    async authenticate() {
+        const existingTokenResult = await keychain.load();
+        if (isErrored(existingTokenResult)) {
+            return existingTokenResult;
         }
-        if (!receivedCode) {
-            hardExit("No authorization code received");
+        const existingToken = existingTokenResult.value;
+        if (existingToken !== null && existingToken.expires_at > Date.now()) {
+            return complete(existingToken.access_token);
         }
-        const tokenResult = await exchangeCodeForToken(receivedCode, verifierString, redirectUri);
-        setTimeout(() => {
-            serverRef.close();
-        }, 1000);
-        resolveToken(tokenResult.access_token);
-        return c.html(`
+        const verifier = randomBytes(32);
+        const verifierString = verifier.toString("base64url");
+        const hash = createHash("sha256");
+        hash.update(verifier);
+        const challenge = hash.digest();
+        const challengeString = challenge.toString("base64url");
+        const state = randomBytes(32).toString("base64url");
+        const port = await findAvailablePort(3000, 65000);
+        const redirectUri = `http://localhost:${port}`;
+        let resolveAsyncResult;
+        const asyncResult = new Promise((resolve) => {
+            resolveAsyncResult = resolve;
+        });
+        const app = new Hono();
+        let serverRef;
+        app.get("/", async (c) => {
+            const query = c.req.query();
+            const receivedCode = query.authorization_code;
+            const receivedState = query.state;
+            if (receivedState !== state) {
+                resolveAsyncResult(errored({ code: "OAUTH_STATE_MISMATCH" }));
+            }
+            if (!receivedCode) {
+                resolveAsyncResult(errored({ code: "NO_AUTHORIZATION_CODE" }));
+            }
+            const tokenResult = await api.exchangeToken({
+                receivedCode,
+                verifierString,
+                redirectUri,
+                clientId: this.clientId,
+            });
+            setTimeout(() => {
+                serverRef.close();
+                resolveAsyncResult(tokenResult);
+            }, 1_000);
+            return c.html(`
         <html>
           <body>
             <script>window.location.href = '${APP}/authorized';</script>
           </body>
         </html>
       `);
-    });
-    serverRef = serve({
-        fetch: app.fetch,
-        port,
-    });
-    try {
-        const authUrl = new URL(`${APP}/oidc/authorize`);
-        authUrl.searchParams.append("scope", "openid");
-        authUrl.searchParams.append("response_type", "code");
-        authUrl.searchParams.append("client_id", CLIENT_ID);
-        authUrl.searchParams.append("redirect_uri", redirectUri);
-        authUrl.searchParams.append("state", state);
-        authUrl.searchParams.append("code_challenge", challengeString);
-        authUrl.searchParams.append("code_challenge_method", "S256");
-        await open(authUrl.toString());
-        const token = await tokenPromise;
-        if (token) {
+        });
+        serverRef = serve({
+            fetch: app.fetch,
+            port,
+        });
+        try {
+            const authUrl = new URL(`${APP}/oidc/authorize`);
+            authUrl.searchParams.append("scope", "openid offline_access");
+            authUrl.searchParams.append("response_type", "code");
+            authUrl.searchParams.append("client_id", this.clientId);
+            authUrl.searchParams.append("redirect_uri", redirectUri);
+            authUrl.searchParams.append("state", state);
+            authUrl.searchParams.append("code_challenge", challengeString);
+            authUrl.searchParams.append("code_challenge_method", "S256");
+            await open(authUrl.toString());
+            const tokenResult = await asyncResult;
+            if (isErrored(tokenResult)) {
+                return tokenResult;
+            }
+            const token = tokenResult.value;
             process.stdout.write("🔑 Saving new token to keychain\n");
-            await saveAuthToken(token);
+            const keychainToken = {
+                access_token: token.access_token,
+                refresh_token: token.refresh_token,
+                token_type: token.token_type,
+                expires_at: Date.now() + token.expires_in * 1000,
+            };
+            const saveResult = await keychain.save(keychainToken);
+            if (isErrored(saveResult)) {
+                return saveResult;
+            }
+            this.scheduleRefresh(keychainToken);
+            return complete(token.access_token);
+        }
+        finally {
+            serverRef.close();
         }
-        return token;
     }
-    finally {
-        serverRef.close();
+    scheduleRefresh(token) {
+        if (this.refreshTimeout !== null) {
+            clearTimeout(this.refreshTimeout);
+        }
+        this.refreshTimeout = setTimeout(async () => await this.refreshToken(token), Math.max(0, token.expires_at - Date.now() - 5_000));
+    }
+    async refreshToken(token) {
+        const refreshTokenResult = await api.refreshToken({
+            refreshToken: token.refresh_token,
+            clientId: this.clientId,
+        });
+        if (isErrored(refreshTokenResult)) {
+            printFetcherError("Error refreshing token", refreshTokenResult.error);
+            return;
+        }
+        const refreshedToken = refreshTokenResult.value;
+        const keychainToken = {
+            access_token: refreshedToken.access_token,
+            refresh_token: refreshedToken.refresh_token,
+            token_type: refreshedToken.token_type,
+            expires_at: Date.now() + refreshedToken.expires_in * 1000,
+        };
+        const saveResult = await keychain.save(keychainToken);
+        if (isErrored(saveResult)) {
+            printKeychainError(saveResult.error);
+            return;
+        }
+        this.scheduleRefresh(keychainToken);
+    }
+    async logout() {
+        if (this.refreshTimeout !== null) {
+            clearTimeout(this.refreshTimeout);
+            this.refreshTimeout = null;
+        }
+        await keychain.delete();
     }
 }
+export const authenticator = new AuthenticatorImpl();