blok0 0.1.0 → 0.1.2

package/dist/auth/constants.js

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TIMEOUT_HTML = exports.ERROR_HTML = exports.SUCCESS_HTML = exports.CALLBACK_PATH = exports.PORT_RANGE = exports.DEFAULT_TIMEOUT = exports.AUTHORIZE_ENDPOINT = exports.AUTH_BASE_URL = void 0;
+exports.AUTH_BASE_URL = 'https://www.blok0.xyz';
+exports.AUTHORIZE_ENDPOINT = '/api/authorize/cli';
+exports.DEFAULT_TIMEOUT = 5 * 60 * 1000; // 5 minutes
+exports.PORT_RANGE = { min: 3000, max: 4000 };
+exports.CALLBACK_PATH = '/callback';
+exports.SUCCESS_HTML = `
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Authentication Successful</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: #f5f5f5;
+            margin: 0;
+            padding: 0;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+        }
+        .container {
+            background: white;
+            padding: 2rem;
+            border-radius: 8px;
+            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+            text-align: center;
+            max-width: 400px;
+        }
+        .success-icon {
+            color: #10b981;
+            font-size: 3rem;
+            margin-bottom: 1rem;
+        }
+        h1 {
+            color: #1f2937;
+            margin: 0 0 0.5rem 0;
+            font-size: 1.5rem;
+        }
+        p {
+            color: #6b7280;
+            margin: 0;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="success-icon">✓</div>
+        <h1>Authentication Successful!</h1>
+        <p>You can now close this window and return to your terminal.</p>
+    </div>
+</body>
+</html>
+`;
+exports.ERROR_HTML = `
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Authentication Failed</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: #f5f5f5;
+            margin: 0;
+            padding: 0;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+        }
+        .container {
+            background: white;
+            padding: 2rem;
+            border-radius: 8px;
+            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+            text-align: center;
+            max-width: 400px;
+        }
+        .error-icon {
+            color: #ef4444;
+            font-size: 3rem;
+            margin-bottom: 1rem;
+        }
+        h1 {
+            color: #1f2937;
+            margin: 0 0 0.5rem 0;
+            font-size: 1.5rem;
+        }
+        p {
+            color: #6b7280;
+            margin: 0;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="error-icon">✗</div>
+        <h1>Authentication Failed</h1>
+        <p>Please try again or contact support if the problem persists.</p>
+    </div>
+</body>
+</html>
+`;
+exports.TIMEOUT_HTML = `
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Authentication Timeout</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: #f5f5f5;
+            margin: 0;
+            padding: 0;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            height: 100vh;
+        }
+        .container {
+            background: white;
+            padding: 2rem;
+            border-radius: 8px;
+            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+            text-align: center;
+            max-width: 400px;
+        }
+        .timeout-icon {
+            color: #f59e0b;
+            font-size: 3rem;
+            margin-bottom: 1rem;
+        }
+        h1 {
+            color: #1f2937;
+            margin: 0 0 0.5rem 0;
+            font-size: 1.5rem;
+        }
+        p {
+            color: #6b7280;
+            margin: 0;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="timeout-icon">⏱</div>
+        <h1>Authentication Timeout</h1>
+        <p>The authentication request has timed out. Please try again.</p>
+    </div>
+</body>
+</html>
+`;

package/dist/auth/index.d.ts

@@ -0,0 +1,61 @@
+export interface AuthConfig {
+    apiEndpoint?: string;
+    refreshToken?: string;
+    tokenExpiry?: number;
+}
+export interface AuthCallback {
+    token: string;
+    expires_in?: number;
+    refresh_token?: string;
+}
+export interface AuthServerOptions {
+    port?: number;
+    timeout?: number;
+    state?: string;
+}
+export interface TokenResponse {
+    access_token: string;
+    refresh_token?: string;
+    expires_in?: number;
+    token_type?: string;
+}
+/**
+ * Load auth configuration from file
+ */
+export declare function loadAuthConfig(): AuthConfig;
+/**
+ * Save auth configuration to file
+ */
+export declare function saveAuthConfig(config: AuthConfig): void;
+/**
+ * Store access token securely
+ */
+export declare function storeAccessToken(token: string): Promise<void>;
+/**
+ * Get stored access token
+ */
+export declare function getAccessToken(): Promise<string | null>;
+/**
+ * Store refresh token securely
+ */
+export declare function storeRefreshToken(token: string): Promise<void>;
+/**
+ * Get stored refresh token
+ */
+export declare function getRefreshToken(): Promise<string | null>;
+/**
+ * Clear all stored credentials
+ */
+export declare function clearCredentials(): Promise<void>;
+/**
+ * Check if user is authenticated
+ */
+export declare function isAuthenticated(): Promise<boolean>;
+/**
+ * Validate token expiry (basic check)
+ */
+export declare function isTokenExpired(expiry?: number): boolean;
+/**
+ * Get authorization header for API requests
+ */
+export declare function getAuthHeader(): Promise<string | null>;

package/dist/auth/index.js

@@ -0,0 +1,168 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadAuthConfig = loadAuthConfig;
+exports.saveAuthConfig = saveAuthConfig;
+exports.storeAccessToken = storeAccessToken;
+exports.getAccessToken = getAccessToken;
+exports.storeRefreshToken = storeRefreshToken;
+exports.getRefreshToken = getRefreshToken;
+exports.clearCredentials = clearCredentials;
+exports.isAuthenticated = isAuthenticated;
+exports.isTokenExpired = isTokenExpired;
+exports.getAuthHeader = getAuthHeader;
+const keytar = __importStar(require("keytar"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const fs = __importStar(require("fs"));
+const SERVICE_NAME = 'blok0';
+const CONFIG_DIR = path.join(os.homedir(), '.blok0');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+/**
+ * Ensure config directory exists
+ */
+function ensureConfigDir() {
+    if (!fs.existsSync(CONFIG_DIR)) {
+        fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+}
+/**
+ * Load auth configuration from file
+ */
+function loadAuthConfig() {
+    try {
+        if (fs.existsSync(CONFIG_FILE)) {
+            const data = fs.readFileSync(CONFIG_FILE, 'utf-8');
+            return JSON.parse(data);
+        }
+    }
+    catch (error) {
+        console.warn('Failed to load auth config:', error);
+    }
+    return {};
+}
+/**
+ * Save auth configuration to file
+ */
+function saveAuthConfig(config) {
+    ensureConfigDir();
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+/**
+ * Store access token securely
+ */
+async function storeAccessToken(token) {
+    try {
+        await keytar.setPassword(SERVICE_NAME, 'access_token', token);
+    }
+    catch (error) {
+        console.error('Failed to store access token:', error);
+        throw new Error('Unable to securely store access token');
+    }
+}
+/**
+ * Get stored access token
+ */
+async function getAccessToken() {
+    try {
+        return await keytar.getPassword(SERVICE_NAME, 'access_token');
+    }
+    catch (error) {
+        console.error('Failed to retrieve access token:', error);
+        return null;
+    }
+}
+/**
+ * Store refresh token securely
+ */
+async function storeRefreshToken(token) {
+    try {
+        await keytar.setPassword(SERVICE_NAME, 'refresh_token', token);
+    }
+    catch (error) {
+        console.error('Failed to store refresh token:', error);
+        throw new Error('Unable to securely store refresh token');
+    }
+}
+/**
+ * Get stored refresh token
+ */
+async function getRefreshToken() {
+    try {
+        return await keytar.getPassword(SERVICE_NAME, 'refresh_token');
+    }
+    catch (error) {
+        console.error('Failed to retrieve refresh token:', error);
+        return null;
+    }
+}
+/**
+ * Clear all stored credentials
+ */
+async function clearCredentials() {
+    try {
+        await keytar.deletePassword(SERVICE_NAME, 'access_token');
+        await keytar.deletePassword(SERVICE_NAME, 'refresh_token');
+        if (fs.existsSync(CONFIG_FILE)) {
+            fs.unlinkSync(CONFIG_FILE);
+        }
+    }
+    catch (error) {
+        console.error('Failed to clear credentials:', error);
+        throw new Error('Unable to clear stored credentials');
+    }
+}
+/**
+ * Check if user is authenticated
+ */
+async function isAuthenticated() {
+    const token = await getAccessToken();
+    return token !== null;
+}
+/**
+ * Validate token expiry (basic check)
+ */
+function isTokenExpired(expiry) {
+    if (!expiry)
+        return false;
+    return Date.now() >= expiry;
+}
+/**
+ * Get authorization header for API requests
+ */
+async function getAuthHeader() {
+    const token = await getAccessToken();
+    return token ? `Bearer ${token}` : null;
+}

package/dist/auth/server.d.ts

@@ -0,0 +1,55 @@
+import { EventEmitter } from 'events';
+import { AuthCallback, AuthServerOptions } from './index';
+export declare class AuthServer extends EventEmitter {
+    private server?;
+    private port?;
+    private state;
+    private timeoutId?;
+    private resolveCallback?;
+    private rejectCallback?;
+    constructor(options?: AuthServerOptions);
+    /**
+     * Generate a random state parameter for CSRF protection
+     */
+    private generateState;
+    /**
+     * Find an available port in the configured range
+     */
+    private findAvailablePort;
+    /**
+     * Check if a port is available
+     */
+    private isPortAvailable;
+    /**
+     * Handle incoming HTTP requests
+     */
+    private handleRequest;
+    /**
+     * Handle the OAuth callback
+     */
+    private handleCallback;
+    /**
+     * Initialize the server by finding an available port
+     */
+    initialize(): Promise<void>;
+    /**
+     * Start the authentication server
+     */
+    start(): Promise<AuthCallback>;
+    /**
+     * Handle authentication timeout
+     */
+    private handleTimeout;
+    /**
+     * Get the authorization URL to open in browser
+     */
+    getAuthorizationUrl(): string;
+    /**
+     * Clean up server resources
+     */
+    private cleanup;
+    /**
+     * Stop the server
+     */
+    stop(): void;
+}

package/dist/auth/server.js

@@ -0,0 +1,236 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthServer = void 0;
+const http = __importStar(require("http"));
+const events_1 = require("events");
+const crypto_1 = require("crypto");
+const constants_1 = require("./constants");
+class AuthServer extends events_1.EventEmitter {
+    server;
+    port;
+    state;
+    timeoutId;
+    resolveCallback;
+    rejectCallback;
+    constructor(options = {}) {
+        super();
+        this.state = options.state || this.generateState();
+    }
+    /**
+     * Generate a random state parameter for CSRF protection
+     */
+    generateState() {
+        return (0, crypto_1.randomBytes)(32).toString('hex');
+    }
+    /**
+     * Find an available port in the configured range
+     */
+    async findAvailablePort() {
+        const { min, max } = constants_1.PORT_RANGE;
+        for (let port = min; port <= max; port++) {
+            if (await this.isPortAvailable(port)) {
+                return port;
+            }
+        }
+        throw new Error('No available ports found in range');
+    }
+    /**
+     * Check if a port is available
+     */
+    async isPortAvailable(port) {
+        return new Promise((resolve) => {
+            const testServer = http.createServer();
+            testServer.listen(port, '127.0.0.1', () => {
+                testServer.close(() => resolve(true));
+            });
+            testServer.on('error', () => resolve(false));
+        });
+    }
+    /**
+     * Handle incoming HTTP requests
+     */
+    handleRequest = (req, res) => {
+        try {
+            const fullUrl = `http://localhost:${this.port}${req.url}`;
+            const parsedUrl = new URL(fullUrl);
+            const pathname = parsedUrl.pathname;
+            // Handle callback endpoint
+            if (pathname === constants_1.CALLBACK_PATH && req.method === 'GET') {
+                this.handleCallback(parsedUrl, res);
+                return;
+            }
+            // Handle any other request with a 404
+            res.writeHead(404, { 'Content-Type': 'text/plain' });
+            res.end('Not found');
+        }
+        catch (error) {
+            console.error('Error parsing request URL:', error);
+            res.writeHead(400, { 'Content-Type': 'text/plain' });
+            res.end('Bad request');
+        }
+    };
+    /**
+     * Handle the OAuth callback
+     */
+    handleCallback(parsedUrl, res) {
+        const searchParams = parsedUrl.searchParams;
+        const state = searchParams.get('state');
+        const token = searchParams.get('token');
+        const error = searchParams.get('error');
+        // Validate state parameter
+        if (!state || state !== this.state) {
+            console.error('State parameter mismatch - possible CSRF attack');
+            console.error(`Expected: ${this.state}, Received: ${state}`);
+            res.writeHead(400, { 'Content-Type': 'text/html' });
+            res.end(constants_1.ERROR_HTML);
+            this.emit('error', new Error('Invalid state parameter'));
+            return;
+        }
+        // Handle error from authorization server
+        if (error) {
+            console.error('Authorization error:', error);
+            res.writeHead(400, { 'Content-Type': 'text/html' });
+            res.end(constants_1.ERROR_HTML);
+            this.emit('error', new Error(`Authorization failed: ${error}`));
+            return;
+        }
+        // Handle successful authorization
+        if (token) {
+            const authCallback = { token };
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(constants_1.SUCCESS_HTML);
+            this.emit('success', authCallback);
+            return;
+        }
+        // Handle missing token
+        console.error('No token received in callback');
+        res.writeHead(400, { 'Content-Type': 'text/html' });
+        res.end(constants_1.ERROR_HTML);
+        this.emit('error', new Error('No token received'));
+    }
+    /**
+     * Initialize the server by finding an available port
+     */
+    async initialize() {
+        if (!this.port) {
+            this.port = await this.findAvailablePort();
+        }
+    }
+    /**
+     * Start the authentication server
+     */
+    async start() {
+        return new Promise(async (resolve, reject) => {
+            this.resolveCallback = resolve;
+            this.rejectCallback = reject;
+            try {
+                // Initialize (find port) if not already done
+                await this.initialize();
+                // Create server
+                this.server = http.createServer(this.handleRequest);
+                // Set up event listeners
+                this.on('success', (callback) => {
+                    this.cleanup();
+                    this.resolveCallback(callback);
+                });
+                this.on('error', (error) => {
+                    this.cleanup();
+                    this.rejectCallback(error);
+                });
+                // Set timeout
+                this.timeoutId = setTimeout(() => {
+                    this.handleTimeout();
+                }, constants_1.DEFAULT_TIMEOUT);
+                // Start server
+                await new Promise((resolveServer, rejectServer) => {
+                    this.server.listen(this.port, '127.0.0.1', () => {
+                        console.log(`🔐 Authentication server started on http://localhost:${this.port}`);
+                        resolveServer();
+                    });
+                    this.server.on('error', rejectServer);
+                });
+            }
+            catch (error) {
+                this.cleanup();
+                reject(error);
+            }
+        });
+    }
+    /**
+     * Handle authentication timeout
+     */
+    handleTimeout() {
+        console.log('⏱️  Authentication timed out');
+        // Send timeout page to any open browser windows
+        if (this.server) {
+            // Note: In a real implementation, we'd track active connections
+            // For now, we'll just emit the error
+        }
+        this.emit('error', new Error('Authentication timed out'));
+    }
+    /**
+     * Get the authorization URL to open in browser
+     */
+    getAuthorizationUrl() {
+        const redirectUri = `http://localhost:${this.port}${constants_1.CALLBACK_PATH}`;
+        const params = new URLSearchParams({
+            redirect_uri: redirectUri,
+            state: this.state,
+        });
+        return `${constants_1.AUTH_BASE_URL}${constants_1.AUTHORIZE_ENDPOINT}?${params.toString()}`;
+    }
+    /**
+     * Clean up server resources
+     */
+    cleanup() {
+        if (this.timeoutId) {
+            clearTimeout(this.timeoutId);
+            this.timeoutId = undefined;
+        }
+        if (this.server) {
+            this.server.close();
+            this.server = undefined;
+        }
+        this.removeAllListeners();
+    }
+    /**
+     * Stop the server
+     */
+    stop() {
+        this.cleanup();
+    }
+}
+exports.AuthServer = AuthServer;