ctx7 0.4.5 → 0.5.1

package/dist/index.js

@@ -932,21 +932,11 @@ import { spawn } from "child_process";
 import { input, select as select2 } from "@inquirer/prompts";
 
 // src/utils/auth.ts
-import * as crypto from "crypto";
-import * as http from "http";
 import * as fs from "fs";
 import * as path from "path";
 import * as os from "os";
 var CONFIG_DIR = path.join(os.homedir(), ".context7");
 var CREDENTIALS_FILE = path.join(CONFIG_DIR, "credentials.json");
-function generatePKCE() {
-  const codeVerifier = crypto.randomBytes(32).toString("base64url");
-  const codeChallenge = crypto.createHash("sha256").update(codeVerifier).digest("base64url");
-  return { codeVerifier, codeChallenge };
-}
-function generateState() {
-  return crypto.randomBytes(16).toString("base64url");
-}
 function ensureConfigDir() {
   if (!fs.existsSync(CONFIG_DIR)) {
     fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
@@ -1017,149 +1007,75 @@ async function getValidAccessToken() {
     return null;
   }
 }
-var CALLBACK_PORT = 52417;
-function createCallbackServer(expectedState) {
-  let resolvePort;
-  let resolveResult;
-  let rejectResult;
-  let serverInstance = null;
-  const portPromise = new Promise((resolve3) => {
-    resolvePort = resolve3;
-  });
-  const resultPromise = new Promise((resolve3, reject) => {
-    resolveResult = resolve3;
-    rejectResult = reject;
-  });
-  const server = http.createServer((req, res) => {
-    const url = new URL(req.url || "/", `http://localhost`);
-    if (url.pathname === "/callback") {
-      const code = url.searchParams.get("code");
-      const state = url.searchParams.get("state");
-      const error = url.searchParams.get("error");
-      const errorDescription = url.searchParams.get("error_description");
-      res.writeHead(200, { "Content-Type": "text/html" });
-      if (error) {
-        res.end(errorPage(errorDescription || error));
-        serverInstance?.close();
-        rejectResult(new Error(errorDescription || error));
-        return;
-      }
-      if (!code || !state) {
-        res.end(errorPage("Missing authorization code or state"));
-        serverInstance?.close();
-        rejectResult(new Error("Missing authorization code or state"));
-        return;
-      }
-      if (state !== expectedState) {
-        res.end(errorPage("State mismatch - possible CSRF attack"));
-        serverInstance?.close();
-        rejectResult(new Error("State mismatch"));
-        return;
-      }
-      res.end(successPage());
-      serverInstance?.close();
-      resolveResult({ code, state });
-    } else {
-      res.writeHead(404);
-      res.end("Not found");
-    }
-  });
-  serverInstance = server;
-  server.on("error", (err) => {
-    rejectResult(err);
-  });
-  server.listen(CALLBACK_PORT, "127.0.0.1", () => {
-    resolvePort(CALLBACK_PORT);
-  });
-  const timeout = setTimeout(
-    () => {
-      server.close();
-      rejectResult(new Error("Login timed out after 5 minutes"));
-    },
-    5 * 60 * 1e3
-  );
-  return {
-    port: portPromise,
-    result: resultPromise,
-    close: () => {
-      clearTimeout(timeout);
-      server.close();
-    }
-  };
-}
-function successPage() {
-  return `<!DOCTYPE html>
-<html>
-  <head><title>Login Successful</title></head>
-  <body style="font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #f9fafb;">
-    <div style="text-align: center; padding: 2rem;">
-      <div style="width: 64px; height: 64px; background: #16a34a; border-radius: 50%; display: flex; align-items: center; justify-content: center; margin: 0 auto 1rem;">
-        <svg width="32" height="32" fill="none" stroke="white" stroke-width="3" viewBox="0 0 24 24">
-          <path d="M5 13l4 4L19 7" stroke-linecap="round" stroke-linejoin="round"/>
-        </svg>
-      </div>
-      <h1 style="color: #16a34a; margin: 0 0 0.5rem;">Login Successful!</h1>
-      <p style="color: #6b7280; margin: 0;">You can close this window and return to the terminal.</p>
-    </div>
-  </body>
-</html>`;
-}
-function escapeHtml(text) {
-  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
-}
-function errorPage(message) {
-  const safeMessage = escapeHtml(message);
-  return `<!DOCTYPE html>
-<html>
-  <head><title>Login Failed</title></head>
-  <body style="font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #f9fafb;">
-    <div style="text-align: center; padding: 2rem;">
-      <div style="width: 64px; height: 64px; background: #dc2626; border-radius: 50%; display: flex; align-items: center; justify-content: center; margin: 0 auto 1rem;">
-        <svg width="32" height="32" fill="none" stroke="white" stroke-width="3" viewBox="0 0 24 24">
-          <path d="M6 18L18 6M6 6l12 12" stroke-linecap="round" stroke-linejoin="round"/>
-        </svg>
-      </div>
-      <h1 style="color: #dc2626; margin: 0 0 0.5rem;">Login Failed</h1>
-      <p style="color: #6b7280; margin: 0;">${safeMessage}</p>
-      <p style="color: #9ca3af; margin: 1rem 0 0; font-size: 0.875rem;">You can close this window.</p>
-    </div>
-  </body>
-</html>`;
-}
-async function exchangeCodeForTokens(baseUrl3, code, codeVerifier, redirectUri, clientId) {
-  const response = await fetch(`${baseUrl3}/api/oauth/token`, {
+var DEVICE_CODE_GRANT = "urn:ietf:params:oauth:grant-type:device_code";
+var DEFAULT_DEVICE_POLL_INTERVAL_SECONDS = 5;
+async function startDeviceAuthorization(baseUrl3, clientId) {
+  const params = new URLSearchParams({ client_id: clientId });
+  try {
+    const hostname2 = os.hostname();
+    if (hostname2) params.set("hostname", hostname2);
+  } catch {
+  }
+  const response = await fetch(`${baseUrl3}/api/oauth/device/code`, {
     method: "POST",
     headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      grant_type: "authorization_code",
-      client_id: clientId,
-      code,
-      code_verifier: codeVerifier,
-      redirect_uri: redirectUri
-    }).toString()
+    body: params.toString()
   });
   if (!response.ok) {
     const err = await response.json().catch(() => ({}));
-    throw new Error(err.error_description || err.error || "Failed to exchange code for tokens");
+    throw new Error(err.error_description || err.error || "Failed to start device authorization");
   }
   return await response.json();
 }
-function buildAuthorizationUrl(baseUrl3, clientId, redirectUri, codeChallenge, state) {
-  const url = new URL(`${baseUrl3}/api/oauth/authorize`);
-  url.searchParams.set("client_id", clientId);
-  url.searchParams.set("redirect_uri", redirectUri);
-  url.searchParams.set("code_challenge", codeChallenge);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("state", state);
-  url.searchParams.set("scope", "profile email");
-  url.searchParams.set("response_type", "code");
-  return url.toString();
+async function pollDeviceToken(baseUrl3, clientId, deviceCode) {
+  let response;
+  try {
+    response = await fetch(`${baseUrl3}/api/oauth/device/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: DEVICE_CODE_GRANT,
+        device_code: deviceCode,
+        client_id: clientId
+      }).toString()
+    });
+  } catch (error) {
+    return {
+      status: "transient",
+      errorMessage: error instanceof Error ? error.message : "network error"
+    };
+  }
+  if (response.ok) {
+    const tokens = await response.json();
+    return { status: "approved", tokens };
+  }
+  if (response.status >= 500) {
+    const err2 = await response.json().catch(() => ({}));
+    return {
+      status: "transient",
+      errorMessage: err2.error_description || err2.error || `HTTP ${response.status}`
+    };
+  }
+  const err = await response.json().catch(() => ({}));
+  switch (err.error) {
+    case "authorization_pending":
+      return { status: "pending" };
+    case "slow_down":
+      return { status: "slow_down" };
+    case "access_denied":
+      return { status: "denied" };
+    case "expired_token":
+      return { status: "expired" };
+    default:
+      throw new Error(err.error_description || err.error || "Device token poll failed");
+  }
 }
 
 // src/commands/auth.ts
 import pc4 from "picocolors";
 import ora from "ora";
 import open from "open";
+import boxen from "boxen";
 var baseUrl2 = "https://context7.com";
 function setAuthBaseUrl(url) {
   baseUrl2 = url;
@@ -1175,63 +1091,126 @@ function registerAuthCommands(program2) {
     await whoamiCommand();
   });
 }
+function renderDeviceCodeBox(userCode, verificationUri, verificationUriComplete) {
+  const codeLine = `${pc4.dim("Your one-time code:")}
+
+    ${pc4.green(pc4.bold(userCode))}`;
+  const linkLine = verificationUriComplete ? `${pc4.dim("Open this link to approve:")}
+${pc4.cyan(verificationUriComplete)}
+
+${pc4.dim("Or visit")} ${pc4.cyan(verificationUri)} ${pc4.dim("and enter the code above.")}` : `${pc4.dim("Visit:")} ${pc4.cyan(verificationUri)}`;
+  return boxen(`${codeLine}
+
+${linkLine}`, {
+    title: "Sign in to Context7",
+    titleAlignment: "left",
+    padding: 1,
+    margin: { top: 1, bottom: 1, left: 2, right: 2 },
+    borderStyle: "round",
+    borderColor: "gray"
+  });
+}
+function waitForEnter(prompt) {
+  if (!process.stdin.isTTY) return Promise.resolve();
+  return new Promise((resolve3) => {
+    process.stdout.write(`  ${pc4.dim(prompt)} `);
+    const onData = (chunk) => {
+      if (chunk[0] === 3) {
+        process.stdin.removeListener("data", onData);
+        process.stdin.setRawMode?.(false);
+        process.stdin.pause();
+        process.stdout.write("\n");
+        process.exit(130);
+      }
+      process.stdin.removeListener("data", onData);
+      process.stdin.setRawMode?.(false);
+      process.stdin.pause();
+      process.stdout.write("\n");
+      resolve3();
+    };
+    process.stdin.setRawMode?.(true);
+    process.stdin.resume();
+    process.stdin.on("data", onData);
+  });
+}
+async function announceIdentity(accessToken) {
+  try {
+    const whoami = await fetchWhoami(accessToken);
+    const name = whoami.email || whoami.name;
+    if (!name) return "Login successful!";
+    const team = whoami.teamspace?.name;
+    return team ? `Logged in as ${pc4.bold(name)} ${pc4.dim(`(${team})`)}` : `Logged in as ${pc4.bold(name)}`;
+  } catch {
+    return "Login successful!";
+  }
+}
 async function performLogin(openBrowser = true) {
   const spinner = ora("Preparing login...").start();
+  let authorization;
   try {
-    const { codeVerifier, codeChallenge } = generatePKCE();
-    const state = generateState();
-    const callbackServer = createCallbackServer(state);
-    const port = await callbackServer.port;
-    const redirectUri = `http://localhost:${port}/callback`;
-    const authUrl = buildAuthorizationUrl(
-      baseUrl2,
-      CLI_CLIENT_ID,
-      redirectUri,
-      codeChallenge,
-      state
-    );
-    spinner.stop();
-    console.log("");
-    console.log(pc4.bold("Opening browser to log in..."));
-    console.log("");
-    if (openBrowser) {
-      await open(authUrl);
-      console.log(pc4.dim("If the browser didn't open, visit this URL:"));
-    } else {
-      console.log(pc4.dim("Open this URL in your browser:"));
+    authorization = await startDeviceAuthorization(baseUrl2, CLI_CLIENT_ID);
+  } catch (error) {
+    spinner.fail(pc4.red("Login failed"));
+    if (error instanceof Error) console.error(pc4.red(error.message));
+    return null;
+  }
+  spinner.stop();
+  console.log(
+    renderDeviceCodeBox(
+      authorization.user_code,
+      authorization.verification_uri,
+      authorization.verification_uri_complete
+    )
+  );
+  const target = authorization.verification_uri_complete ?? authorization.verification_uri;
+  if (openBrowser) {
+    await waitForEnter("Press Enter to open the browser, or Ctrl-C to quit...");
+    try {
+      await open(target);
+    } catch {
+      console.log(pc4.dim(`  Couldn't open a browser \u2014 visit the link above manually.`));
     }
-    console.log(pc4.cyan(authUrl));
+  } else {
+    console.log(pc4.dim("  Open the link above in any browser to continue."));
     console.log("");
-    const waitingSpinner = ora("Waiting for login...").start();
+  }
+  const waitingSpinner = ora({ text: "Waiting for authorization...", indent: 2 }).start();
+  const deadline = Date.now() + authorization.expires_in * 1e3;
+  let intervalMs = (authorization.interval ?? DEFAULT_DEVICE_POLL_INTERVAL_SECONDS) * 1e3;
+  while (Date.now() < deadline) {
+    await new Promise((resolve3) => setTimeout(resolve3, intervalMs));
     try {
-      const { code } = await callbackServer.result;
-      waitingSpinner.text = "Exchanging code for tokens...";
-      const tokens = await exchangeCodeForTokens(
-        baseUrl2,
-        code,
-        codeVerifier,
-        redirectUri,
-        CLI_CLIENT_ID
-      );
-      saveTokens(tokens);
-      callbackServer.close();
-      waitingSpinner.succeed(pc4.green("Login successful!"));
-      return tokens.access_token;
+      const result = await pollDeviceToken(baseUrl2, CLI_CLIENT_ID, authorization.device_code);
+      if (result.status === "approved" && result.tokens) {
+        saveTokens(result.tokens);
+        const successText = await announceIdentity(result.tokens.access_token);
+        waitingSpinner.succeed(pc4.green(successText));
+        return result.tokens.access_token;
+      }
+      if (result.status === "slow_down") {
+        intervalMs += 5e3;
+        continue;
+      }
+      if (result.status === "denied") {
+        waitingSpinner.fail(pc4.red("Authorization denied."));
+        return null;
+      }
+      if (result.status === "expired") {
+        waitingSpinner.fail(pc4.red("Code expired. Run login again."));
+        return null;
+      }
+      if (result.status === "transient") {
+        intervalMs += 5e3;
+        continue;
+      }
     } catch (error) {
-      callbackServer.close();
       waitingSpinner.fail(pc4.red("Login failed"));
-      if (error instanceof Error) {
-        console.error(pc4.red(error.message));
-      }
+      if (error instanceof Error) console.error(pc4.red(error.message));
       return null;
     }
-  } catch (error) {
-    spinner.fail(pc4.red("Login failed"));
-    if (error instanceof Error) {
-      console.error(pc4.red(error.message));
-    }
-    return null;
   }
+  waitingSpinner.fail(pc4.red("Code expired without approval."));
+  return null;
 }
 async function loginCommand(options) {
   trackEvent("command", { name: "login" });
@@ -2642,7 +2621,7 @@ import ora4 from "ora";
 import { select as select3 } from "@inquirer/prompts";
 import { mkdir as mkdir4, readFile as readFile4, writeFile as writeFile4 } from "fs/promises";
 import { dirname as dirname6, join as join8 } from "path";
-import { randomBytes as randomBytes2 } from "crypto";
+import { randomBytes } from "crypto";
 
 // src/setup/agents.ts
 import { access as access2 } from "fs/promises";
@@ -3237,7 +3216,7 @@ async function authenticateAndGenerateKey() {
         Authorization: `Bearer ${accessToken}`,
         "Content-Type": "application/json"
       },
-      body: JSON.stringify({ name: `ctx7-cli-${randomBytes2(3).toString("hex")}` })
+      body: JSON.stringify({ name: `ctx7-cli-${randomBytes(3).toString("hex")}` })
     });
     if (!response.ok) {
       const err = await response.json().catch(() => ({}));