npm - estatehelm - Versions diffs - 1.0.4 → 1.0.6 - Mend

estatehelm 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1454,25 +1454,21 @@ function prompt(question) {
     });
   });
 }
-var ALLOWED_CALLBACK_PORTS = [11033, 11034, 11035];
 async function findAvailablePort() {
-  for (const port of ALLOWED_CALLBACK_PORTS) {
-    const available = await isPortAvailable(port);
-    if (available) {
-      return port;
-    }
-  }
-  throw new Error(
-    `No available ports for CLI callback. Ports ${ALLOWED_CALLBACK_PORTS.join(", ")} are all in use.`
-  );
-}
-function isPortAvailable(port) {
-  return new Promise((resolve) => {
+  return new Promise((resolve, reject) => {
     const server = http.createServer();
-    server.listen(port, "127.0.0.1", () => {
-      server.close(() => resolve(true));
+    server.listen(0, "127.0.0.1", () => {
+      const address = server.address();
+      const port = typeof address === "object" && address ? address.port : 0;
+      server.close(() => {
+        if (port > 0) {
+          resolve(port);
+        } else {
+          reject(new Error("Failed to find available port"));
+        }
+      });
     });
-    server.on("error", () => resolve(false));
+    server.on("error", reject);
   });
 }
 function createApiClient(token) {
@@ -1544,85 +1540,11 @@ async function decryptDeviceCredentials(encryptedPayload) {
   );
   return new Uint8Array(plaintext);
 }
-function generatePKCE() {
-  const verifierBytes = crypto.getRandomValues(new Uint8Array(32));
-  const verifier = base64Encode(verifierBytes).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-  const encoder = new TextEncoder();
-  const data = encoder.encode(verifier);
-  const hashBuffer = crypto.subtle.digestSync ? crypto.subtle.digestSync("SHA-256", data) : null;
-  const cryptoNode = require("crypto");
-  const hash = cryptoNode.createHash("sha256").update(verifier).digest();
-  const challenge = hash.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
-  return { verifier, challenge };
-}
-var GOOGLE_CLIENT_ID = "51644152299-ikanidsebtsn6sukgk0sg1hq5h95k2h6.apps.googleusercontent.com";
-async function createNativeLoginFlow() {
-  const response = await fetch(`${KRATOS_URL}/self-service/login/api`, {
-    method: "GET",
-    headers: { Accept: "application/json" }
-  });
-  if (!response.ok) {
-    const error = await response.text();
-    throw new Error(`Failed to create login flow: ${response.status} - ${error}`);
-  }
-  const flow = await response.json();
-  return flow.id;
-}
-async function submitIdTokenToKratos(flowId, idToken, provider = "google") {
-  const response = await fetch(`${KRATOS_URL}/self-service/login?flow=${flowId}`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Accept: "application/json"
-    },
-    body: JSON.stringify({
-      method: "oidc",
-      provider,
-      id_token: idToken
-    })
-  });
-  if (!response.ok) {
-    const error = await response.json().catch(() => ({}));
-    throw new Error(
-      error.error?.message || error.ui?.messages?.[0]?.text || `Kratos login failed: ${response.status}`
-    );
-  }
-  const result = await response.json();
-  if (!result.session_token) {
-    throw new Error("No session_token in Kratos response");
-  }
-  return result.session_token;
-}
-async function exchangeCodeForTokens(code, codeVerifier, redirectUri) {
-  const response = await fetch("https://oauth2.googleapis.com/token", {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      client_id: GOOGLE_CLIENT_ID,
-      code,
-      code_verifier: codeVerifier,
-      grant_type: "authorization_code",
-      redirect_uri: redirectUri
-    })
-  });
-  if (!response.ok) {
-    const error = await response.json().catch(() => ({}));
-    throw new Error(error.error_description || error.error || "Token exchange failed");
-  }
-  const tokens = await response.json();
-  if (!tokens.id_token) {
-    throw new Error("No id_token in Google response");
-  }
-  return {
-    idToken: tokens.id_token,
-    accessToken: tokens.access_token
-  };
-}
-function waitForOAuthCallback(port) {
+function waitForCallback(port) {
   return new Promise((resolve, reject) => {
     const server = http.createServer((req, res) => {
       const url = new URL(req.url || "/", `http://127.0.0.1:${port}`);
-      const code = url.searchParams.get("code");
+      const sessionToken = url.searchParams.get("session_token");
       const error = url.searchParams.get("error");
       if (error) {
         res.writeHead(400, { "Content-Type": "text/html" });
@@ -1638,7 +1560,7 @@ function waitForOAuthCallback(port) {
         reject(new Error(url.searchParams.get("error_description") || error));
         return;
       }
-      if (code) {
+      if (sessionToken) {
         res.writeHead(200, { "Content-Type": "text/html" });
         res.end(`
           <!DOCTYPE html>
@@ -1649,7 +1571,7 @@ function waitForOAuthCallback(port) {
           </html>
         `);
         server.close();
-        resolve(code);
+        resolve(sessionToken);
         return;
       }
       res.writeHead(404);
@@ -1666,35 +1588,22 @@ function waitForOAuthCallback(port) {
 async function login() {
   console.log("\nEstateHelm Login");
   console.log("================\n");
-  console.log("Creating login flow...");
-  const flowId = await createNativeLoginFlow();
+  console.log("Starting authentication server...");
   const port = await findAvailablePort();
-  const redirectUri = `http://127.0.0.1:${port}/callback`;
-  const { verifier, challenge } = generatePKCE();
-  const authUrl = new URL("https://accounts.google.com/o/oauth2/v2/auth");
-  authUrl.searchParams.set("client_id", GOOGLE_CLIENT_ID);
-  authUrl.searchParams.set("redirect_uri", redirectUri);
-  authUrl.searchParams.set("response_type", "code");
-  authUrl.searchParams.set("scope", "openid email profile");
-  authUrl.searchParams.set("code_challenge", challenge);
-  authUrl.searchParams.set("code_challenge_method", "S256");
-  authUrl.searchParams.set("access_type", "offline");
-  console.log("\nOpening browser for Google authentication...");
+  const callbackUrl = `http://127.0.0.1:${port}/callback`;
+  const loginUrl = `${APP_URL}/cli-auth?callback=${encodeURIComponent(callbackUrl)}`;
+  console.log("\nOpening browser for authentication...");
   console.log(`If the browser doesn't open, visit:
-${authUrl.toString()}
+${loginUrl}
 `);
-  const codePromise = waitForOAuthCallback(port);
-  await (0, import_open.default)(authUrl.toString());
+  const tokenPromise = waitForCallback(port);
+  await (0, import_open.default)(loginUrl);
   console.log("Waiting for authentication...");
-  const code = await codePromise;
-  console.log("Exchanging authorization code...");
-  const { idToken } = await exchangeCodeForTokens(code, verifier, redirectUri);
-  console.log("Completing authentication...");
-  const sessionToken = await submitIdTokenToKratos(flowId, idToken, "google");
+  const sessionToken = await tokenPromise;
   console.log("Authentication successful!");
   console.log(`Token: ${sanitizeToken(sessionToken)}`);
   await saveBearerToken(sessionToken);
-  await saveRefreshToken("");
+  await saveRefreshToken("kratos-session-no-refresh");
   const client = createApiClient(sessionToken);
   console.log("\nFetching encryption keys...");
   const serverWrapSecret = await getServerWrapSecret(client);