create-middag-ui 0.1.4 → 0.2.0

package/lib/auth.js

@@ -0,0 +1,210 @@
+/* global console, process */
+/**
+ * auth.js — GitHub token flow (ask, validate, save to ~/.npmrc).
+ *
+ * Token is stored in ~/.npmrc (global), never in project-local .npmrc.
+ * Two lines are written:
+ *   @middag-io:registry=https://npm.pkg.github.com
+ *   //npm.pkg.github.com/:_authToken=TOKEN
+ */
+
+import { existsSync, readFileSync, writeFileSync, appendFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { spawnSync } from "node:child_process";
+import { askSecret, confirm } from "./prompts.js";
+import { success, warn, error, info, createSpinner } from "./ui.js";
+
+const REGISTRY_URL = "https://npm.pkg.github.com";
+const SCOPE_LINE = `@middag-io:registry=${REGISTRY_URL}`;
+const TOKEN_PREFIX = `//npm.pkg.github.com/:_authToken=`;
+
+/**
+ * Check if ~/.npmrc already has a valid GitHub Packages token for @middag-io.
+ *
+ * @returns {{ hasScope: boolean, hasToken: boolean }}
+ */
+export function checkExistingAuth() {
+  const npmrcPath = join(homedir(), ".npmrc");
+  if (!existsSync(npmrcPath)) {
+    return { hasScope: false, hasToken: false };
+  }
+
+  try {
+    const content = readFileSync(npmrcPath, "utf-8");
+    const hasScope = content.includes(SCOPE_LINE);
+    const hasToken = content.includes(TOKEN_PREFIX);
+    return { hasScope, hasToken };
+  } catch {
+    return { hasScope: false, hasToken: false };
+  }
+}
+
+/**
+ * Validate a GitHub token by running `npm whoami` against GitHub Packages.
+ *
+ * @param {string} token - GitHub personal access token
+ * @returns {{ valid: boolean, username: string|null }}
+ */
+export function validateToken(token) {
+  try {
+    const result = spawnSync(
+      "npm",
+      ["whoami", `--registry=${REGISTRY_URL}`],
+      {
+        env: {
+          ...process.env,
+          // Temporarily set the token for this check
+          npm_config__npm_pkg_github_com__authToken: token,
+        },
+        timeout: 15000,
+        stdio: ["ignore", "pipe", "pipe"],
+        encoding: "utf-8",
+      },
+    );
+
+    if (result.status === 0 && result.stdout) {
+      return { valid: true, username: result.stdout.trim() };
+    }
+    return { valid: false, username: null };
+  } catch {
+    return { valid: false, username: null };
+  }
+}
+
+/**
+ * Save scope + token to ~/.npmrc (global).
+ * Appends only the lines that are missing.
+ *
+ * @param {string} token - GitHub personal access token
+ */
+export function saveTokenToGlobalNpmrc(token) {
+  const npmrcPath = join(homedir(), ".npmrc");
+  let content = "";
+
+  if (existsSync(npmrcPath)) {
+    try {
+      content = readFileSync(npmrcPath, "utf-8");
+    } catch (err) {
+      throw new Error(`Cannot read ~/.npmrc: ${err.message}`, { cause: err });
+    }
+  }
+
+  // If an existing token line exists, replace it in-place
+  if (content.includes(TOKEN_PREFIX)) {
+    const updated = content.replace(
+      new RegExp(`${TOKEN_PREFIX.replace(/[/]/g, "\\/")}.*`, "g"),
+      `${TOKEN_PREFIX}${token}`,
+    );
+    try {
+      writeFileSync(npmrcPath, updated);
+    } catch (err) {
+      throw new Error(`Cannot write ~/.npmrc: ${err.message}`, { cause: err });
+    }
+    // Still need to add scope if missing
+    if (!content.includes(SCOPE_LINE)) {
+      try {
+        appendFileSync(npmrcPath, `\n${SCOPE_LINE}\n`);
+      } catch (err) {
+        throw new Error(`Cannot append to ~/.npmrc: ${err.message}`, { cause: err });
+      }
+    }
+    return;
+  }
+
+  // No existing token — append new lines
+  const lines = [];
+  if (!content.includes(SCOPE_LINE)) {
+    lines.push(SCOPE_LINE);
+  }
+  lines.push(`${TOKEN_PREFIX}${token}`);
+
+  const prefix = content && !content.endsWith("\n") ? "\n" : "";
+  try {
+    appendFileSync(npmrcPath, `${prefix}${lines.join("\n")}\n`);
+  } catch (err) {
+    throw new Error(`Cannot write to ~/.npmrc: ${err.message}`, { cause: err });
+  }
+}
+
+/**
+ * Interactive GitHub token flow.
+ *
+ * 1. Ask for token (masked input)
+ * 2. Validate with npm whoami
+ * 3. Save to ~/.npmrc if valid
+ * 4. If invalid, offer fallback to npm publico
+ *
+ * @returns {Promise<'github'|'public'>} Which registry path was chosen
+ */
+export async function runTokenFlow() {
+  // Check if already configured
+  const existing = checkExistingAuth();
+  if (existing.hasScope && existing.hasToken) {
+    const spinner = createSpinner("Checking existing GitHub Packages auth...");
+    const result = spawnSync(
+      "npm",
+      ["whoami", `--registry=${REGISTRY_URL}`],
+      {
+        timeout: 15000,
+        stdio: ["ignore", "pipe", "pipe"],
+        encoding: "utf-8",
+      },
+    );
+    spinner.stop();
+
+    if (result.status === 0 && result.stdout) {
+      success(`Already authenticated as ${result.stdout.trim()} on GitHub Packages`);
+      return "github";
+    }
+    warn("Existing GitHub Packages token is invalid or expired");
+  }
+
+  console.log("");
+  info("Create a GitHub Personal Access Token at:");
+  info("  https://github.com/settings/tokens");
+  info("Required scope: read:packages");
+  console.log("");
+
+  const token = await askSecret("  GitHub token: ");
+
+  if (!token) {
+    warn("No token provided");
+    const useFallback = await confirm("Continue without token? (uses npm public registry)", true);
+    if (useFallback) {
+      return "public";
+    }
+    process.exit(1);
+  }
+
+  // Validate
+  const spinner = createSpinner("Validating token...");
+  const result = validateToken(token);
+  if (result.valid) {
+    spinner.stop(`Token valid \u2014 authenticated as ${result.username}`);
+  } else {
+    spinner.fail("Token invalid or missing read:packages scope");
+    console.log("");
+    info("Make sure your token has the read:packages scope.");
+    info("Create one at: https://github.com/settings/tokens");
+    console.log("");
+    const useFallback = await confirm("Continue without token? (uses npm public registry)", true);
+    if (useFallback) {
+      return "public";
+    }
+    process.exit(1);
+  }
+
+  // Save to ~/.npmrc
+  try {
+    saveTokenToGlobalNpmrc(token);
+    success("Saved registry + token to ~/.npmrc (global)");
+  } catch (err) {
+    error(`Failed to save token: ${err.message}`);
+    warn("You can add it manually to ~/.npmrc:");
+    info(`  ${SCOPE_LINE}`);
+    info(`  ${TOKEN_PREFIX}<your-token>`);
+  }
+
+  return "github";
+}

package/lib/detect.js

@@ -0,0 +1,29 @@
+/**
+ * detect.js — Host detection (Moodle / WordPress / Custom).
+ *
+ * Checks for marker files in the working directory.
+ */
+
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+
+export const HOSTS = {
+  moodle: { name: "Moodle", detect: "version.php", port: 5174 },
+  wordpress: { name: "WordPress", detect: "wp-config.php", port: 5175 },
+  custom: { name: "Custom", detect: null, port: 5176 },
+};
+
+/**
+ * Detect host platform by checking for marker files.
+ *
+ * @param {string} cwd - Directory to check
+ * @returns {string|null} Host key ('moodle', 'wordpress') or null
+ */
+export function detectHost(cwd) {
+  for (const [key, host] of Object.entries(HOSTS)) {
+    if (host.detect && existsSync(join(cwd, host.detect))) {
+      return key;
+    }
+  }
+  return null;
+}

package/lib/install.js

@@ -0,0 +1,92 @@
+/* global console, process */
+/**
+ * install.js — npm install runner with spinner.
+ *
+ * Spawns `npm install` in the target directory, shows a spinner,
+ * and surfaces errors clearly if it fails.
+ */
+
+import { spawn } from "node:child_process";
+import { createSpinner, error, warn, info } from "./ui.js";
+
+/**
+ * Run `npm install` in the target directory.
+ *
+ * Shows a spinner while running. On failure, prints the npm error
+ * output and suggests troubleshooting steps.
+ *
+ * @param {string} targetDir - Absolute path to the directory
+ * @param {'github'|'public'} registryPath - Which registry was chosen
+ * @returns {Promise<boolean>} true if install succeeded
+ */
+export async function runNpmInstall(targetDir, registryPath) {
+  const registryLabel =
+    registryPath === "github" ? "GitHub Packages" : "npm public registry";
+
+  const spinner = createSpinner(
+    `Installing dependencies from ${registryLabel}...`,
+  );
+
+  return new Promise((resolve) => {
+    const child = spawn("npm", ["install"], {
+      cwd: targetDir,
+      stdio: ["ignore", "pipe", "pipe"],
+      env: process.env,
+    });
+
+    let stderr = "";
+
+    child.stdout.on("data", () => {
+      // consume stdout silently
+    });
+
+    child.stderr.on("data", (data) => {
+      stderr += data.toString();
+    });
+
+    child.on("error", (err) => {
+      spinner.fail("npm install failed to start");
+      error(`Could not run npm: ${err.message}`);
+      info("Make sure npm is installed and in your PATH.");
+      resolve(false);
+    });
+
+    child.on("close", (code) => {
+      if (code === 0) {
+        spinner.stop("Dependencies installed");
+        resolve(true);
+      } else {
+        spinner.fail("npm install failed");
+
+        // Show the npm error, trimmed
+        if (stderr) {
+          const lines = stderr.trim().split("\n");
+          // Show last 15 lines max (most relevant npm errors are at the end)
+          const relevant = lines.slice(-15);
+          console.log("");
+          for (const line of relevant) {
+            console.log(`    ${line}`);
+          }
+          console.log("");
+        }
+
+        // Suggest troubleshooting based on path
+        if (registryPath === "github") {
+          warn("Troubleshooting:");
+          info("  1. Check your GitHub token has read:packages scope");
+          info("  2. Verify token in ~/.npmrc:");
+          info("     cat ~/.npmrc | grep github");
+          info("  3. Try: npm whoami --registry=https://npm.pkg.github.com");
+          info("  4. Or re-run: npx create-middag-ui (choose 'No' for GitHub access)");
+        } else {
+          warn("Troubleshooting:");
+          info("  1. Check your internet connection");
+          info("  2. Try running manually: cd " + targetDir + " && npm install");
+          info("  3. Check npm registry: npm config get registry");
+        }
+
+        resolve(false);
+      }
+    });
+  });
+}

package/lib/prompts.js

@@ -0,0 +1,120 @@
+/* global console, process */
+/**
+ * prompts.js — readline helpers (ask, select, confirm).
+ *
+ * Uses Node.js built-in readline. No external deps.
+ */
+
+import { createInterface } from "node:readline";
+
+/**
+ * Ask a free-text question. Returns trimmed answer.
+ */
+export function ask(question) {
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) =>
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    }),
+  );
+}
+
+/**
+ * Ask a free-text question with masked input (for tokens/passwords).
+ * Characters are replaced with '*' on screen.
+ */
+export function askSecret(question) {
+  return new Promise((resolve) => {
+    const rl = createInterface({ input: process.stdin, terminal: false });
+    process.stdout.write(question);
+
+    // Disable echo by switching stdin to raw mode
+    if (process.stdin.isTTY) {
+      process.stdin.setRawMode(true);
+    }
+    process.stdin.resume();
+
+    let input = "";
+    const onData = (ch) => {
+      const c = ch.toString();
+      // Enter
+      if (c === "\n" || c === "\r" || c === "\u0004") {
+        if (process.stdin.isTTY) {
+          process.stdin.setRawMode(false);
+        }
+        process.stdin.removeListener("data", onData);
+        process.stdin.pause();
+        rl.close();
+        process.stdout.write("\n");
+        resolve(input.trim());
+        return;
+      }
+      // Ctrl+C
+      if (c === "\u0003") {
+        if (process.stdin.isTTY) {
+          process.stdin.setRawMode(false);
+        }
+        process.stdin.removeListener("data", onData);
+        rl.close();
+        process.stdout.write("\n");
+        process.exit(1);
+      }
+      // Backspace
+      if (c === "\u007F" || c === "\b") {
+        if (input.length > 0) {
+          input = input.slice(0, -1);
+          process.stdout.write("\b \b");
+        }
+        return;
+      }
+      input += c;
+      process.stdout.write("*");
+    };
+
+    process.stdin.on("data", onData);
+  });
+}
+
+/**
+ * Show numbered options, return the selected value.
+ *
+ * @param {string} question - Prompt text
+ * @param {{ label: string, value: string }[]} options - Choices
+ * @param {string} [defaultValue] - Default if user presses Enter
+ * @returns {Promise<string>} Selected value
+ */
+export async function select(question, options, defaultValue) {
+  for (let i = 0; i < options.length; i++) {
+    const marker = options[i].value === defaultValue ? " (default)" : "";
+    console.log(`  ${i + 1}) ${options[i].label}${marker}`);
+  }
+  const answer = await ask(`\n  ${question} [1-${options.length}]: `);
+
+  if (!answer && defaultValue) {
+    return defaultValue;
+  }
+
+  const idx = parseInt(answer, 10) - 1;
+  if (idx >= 0 && idx < options.length) {
+    return options[idx].value;
+  }
+
+  return defaultValue || options[0].value;
+}
+
+/**
+ * Yes/No confirmation. Returns boolean.
+ *
+ * @param {string} question - Prompt text
+ * @param {boolean} [defaultYes=true] - Default if user presses Enter
+ * @returns {Promise<boolean>}
+ */
+export async function confirm(question, defaultYes = true) {
+  const hint = defaultYes ? "[Y/n]" : "[y/N]";
+  const answer = await ask(`  ${question} ${hint}: `);
+
+  if (!answer) return defaultYes;
+
+  return answer.toLowerCase().startsWith("y");
+}