npm - estatehelm - Versions diffs - 1.0.0 → 1.0.1 - Mend

estatehelm 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -27,6 +27,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var import_commander = require("commander");
 // src/login.ts
+var http = __toESM(require("http"));
 var readline = __toESM(require("readline"));
 var import_open = __toESM(require("open"));
@@ -1312,16 +1313,7 @@ var KEYTAR_ACCOUNTS = {
   DEVICE_CREDENTIALS: "device-credentials"
 };
 var API_BASE_URL = process.env.ESTATEHELM_API_URL || "https://api.estatehelm.com";
-var OAUTH_CONFIG = {
-  // OAuth authorization URL (opens in browser)
-  authUrl: `${API_BASE_URL}/.ory/self-service/login/browser`,
-  // OAuth token exchange endpoint
-  tokenUrl: `${API_BASE_URL}/api/v2/auth/device-token`,
-  // Device code flow endpoint
-  deviceCodeUrl: `${API_BASE_URL}/api/v2/auth/device-code`,
-  // Client ID for CLI app
-  clientId: "estatehelm-cli"
-};
+var APP_URL = process.env.ESTATEHELM_APP_URL || "https://app.estatehelm.com";
 var DEFAULT_CONFIG = {
   defaultMode: "full"
 };
@@ -1447,6 +1439,76 @@ function prompt(question) {
     });
   });
 }
+async function findAvailablePort(startPort = 19847) {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer();
+    server.listen(startPort, "127.0.0.1", () => {
+      const address = server.address();
+      const port = typeof address === "object" && address ? address.port : startPort;
+      server.close(() => resolve(port));
+    });
+    server.on("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        resolve(findAvailablePort(startPort + 1));
+      } else {
+        reject(err);
+      }
+    });
+  });
+}
+function waitForCallback(port) {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url || "/", `http://127.0.0.1:${port}`);
+      const sessionToken = url.searchParams.get("session_token");
+      if (sessionToken) {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(`
+          <!DOCTYPE html>
+          <html>
+          <head>
+            <title>CLI Authentication Successful</title>
+            <style>
+              body { font-family: system-ui, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: linear-gradient(115deg, #fff1be 28%, #ee87cb 70%, #b060ff 100%); }
+              .card { background: white; padding: 2rem; border-radius: 1rem; box-shadow: 0 10px 25px rgba(0,0,0,0.1); text-align: center; }
+              h1 { color: #059669; margin: 0 0 0.5rem; }
+              p { color: #6b7280; margin: 0; }
+            </style>
+          </head>
+          <body>
+            <div class="card">
+              <h1>\u2713 Authentication Successful</h1>
+              <p>You can close this window and return to your terminal.</p>
+            </div>
+          </body>
+          </html>
+        `);
+        server.close();
+        resolve(sessionToken);
+      } else {
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(`
+          <!DOCTYPE html>
+          <html>
+          <head><title>Authentication Failed</title></head>
+          <body>
+            <h1>Authentication Failed</h1>
+            <p>No session token received. Please try again.</p>
+          </body>
+          </html>
+        `);
+      }
+    });
+    server.listen(port, "127.0.0.1", () => {
+      console.log(`Callback server listening on http://127.0.0.1:${port}`);
+    });
+    server.on("error", reject);
+    setTimeout(() => {
+      server.close();
+      reject(new Error("Authentication timed out. Please try again."));
+    }, 5 * 60 * 1e3);
+  });
+}
 function createApiClient(token) {
   return new ApiClient({
     baseUrl: API_BASE_URL,
@@ -1454,54 +1516,6 @@ function createApiClient(token) {
     auth: new TokenAuthAdapter(async () => token)
   });
 }
-async function startDeviceCodeFlow() {
-  const response = await fetch(`${API_BASE_URL}/api/v2/auth/device-code`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify({
-      clientId: OAUTH_CONFIG.clientId,
-      scope: "openid profile email offline_access"
-    })
-  });
-  if (!response.ok) {
-    const error = await response.json().catch(() => ({}));
-    throw new Error(error.message || `Device code request failed: ${response.status}`);
-  }
-  return response.json();
-}
-async function pollForToken(deviceCode, interval, expiresIn) {
-  const startTime = Date.now();
-  const expireTime = startTime + expiresIn * 1e3;
-  while (Date.now() < expireTime) {
-    await new Promise((resolve) => setTimeout(resolve, interval * 1e3));
-    const response = await fetch(`${API_BASE_URL}/api/v2/auth/device-token`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        clientId: OAUTH_CONFIG.clientId,
-        deviceCode,
-        grantType: "urn:ietf:params:oauth:grant-type:device_code"
-      })
-    });
-    if (response.ok) {
-      return response.json();
-    }
-    const error = await response.json().catch(() => ({}));
-    if (error.error === "authorization_pending") {
-      continue;
-    }
-    if (error.error === "slow_down") {
-      interval += 5;
-      continue;
-    }
-    throw new Error(error.message || `Token request failed: ${response.status}`);
-  }
-  throw new Error("Device code expired");
-}
 async function getServerWrapSecret(client) {
   const response = await client.post("/webauthn/initialize", {});
   return base64Decode(response.serverWrapSecret);
@@ -1567,25 +1581,23 @@ async function decryptDeviceCredentials(encryptedPayload) {
 async function login() {
   console.log("\nEstateHelm Login");
   console.log("================\n");
-  console.log("Starting authentication...");
-  const deviceCodeResponse = await startDeviceCodeFlow();
+  console.log("Starting authentication server...");
+  const port = await findAvailablePort();
+  const callbackUrl = `http://127.0.0.1:${port}/callback`;
+  const loginUrl = `${APP_URL}/signin?redirect=/cli-auth?callback=${encodeURIComponent(callbackUrl)}`;
   console.log(`
-Please visit: ${deviceCodeResponse.verificationUri}`);
-  console.log(`Enter code: ${deviceCodeResponse.userCode}
+Opening browser for authentication...`);
+  console.log(`If the browser doesn't open, visit: ${loginUrl}
 `);
-  console.log("Opening browser...");
-  await (0, import_open.default)(deviceCodeResponse.verificationUri);
+  const callbackPromise = waitForCallback(port);
+  await (0, import_open.default)(loginUrl);
   console.log("Waiting for authentication...");
-  const tokenResponse = await pollForToken(
-    deviceCodeResponse.deviceCode,
-    deviceCodeResponse.interval,
-    deviceCodeResponse.expiresIn
-  );
+  const sessionToken = await callbackPromise;
   console.log("Authentication successful!");
-  console.log(`Token: ${sanitizeToken(tokenResponse.accessToken)}`);
-  await saveBearerToken(tokenResponse.accessToken);
-  await saveRefreshToken(tokenResponse.refreshToken);
-  const client = createApiClient(tokenResponse.accessToken);
+  console.log(`Token: ${sanitizeToken(sessionToken)}`);
+  await saveBearerToken(sessionToken);
+  await saveRefreshToken("");
+  const client = createApiClient(sessionToken);
   console.log("\nFetching encryption keys...");
   const serverWrapSecret = await getServerWrapSecret(client);
   const keyBundle = await getCurrentKeyBundle(client);