fastpass-cli 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/cli.js +1 -0
- package/src/commands/protect.js +10 -6
package/package.json
CHANGED
package/src/cli.js
CHANGED
|
@@ -27,6 +27,7 @@ export function run() {
|
|
|
27
27
|
.description('Protect a domain with Cloudflare Access')
|
|
28
28
|
.option('--auth <method>', 'Auth method(s): email, github, google (comma-separated for multiple)')
|
|
29
29
|
.option('--allow <rule>', 'Who can access: email, *@domain.com, or "everyone"')
|
|
30
|
+
.option('--hidden', 'Hide email addresses from terminal output')
|
|
30
31
|
.action(async (domain, opts) => {
|
|
31
32
|
printBanner();
|
|
32
33
|
const creds = await getCredentials();
|
package/src/commands/protect.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import pc from 'picocolors';
|
|
2
|
-
import { input, select, confirm } from '@inquirer/prompts';
|
|
2
|
+
import { input, password, select, confirm } from '@inquirer/prompts';
|
|
3
3
|
import { getTeamName } from '../auth.js';
|
|
4
4
|
import { ensureEmailOtp } from '../idp/email-otp.js';
|
|
5
5
|
import { ensureGitHub } from '../idp/github.js';
|
|
@@ -61,7 +61,7 @@ export async function protect(api, opts = {}) {
|
|
|
61
61
|
console.log('');
|
|
62
62
|
|
|
63
63
|
// Resolve who gets access
|
|
64
|
-
const { include, includeType } = await resolveAccess(opts.allow);
|
|
64
|
+
const { include, includeType } = await resolveAccess(opts.allow, opts.hidden);
|
|
65
65
|
console.log('');
|
|
66
66
|
|
|
67
67
|
// Get team name for OAuth callback URLs
|
|
@@ -84,7 +84,9 @@ export async function protect(api, opts = {}) {
|
|
|
84
84
|
const policyInclude = buildIncludeRules(include, includeType);
|
|
85
85
|
|
|
86
86
|
// Describe access for the summary
|
|
87
|
-
const accessLabel =
|
|
87
|
+
const accessLabel = (opts.hidden && includeType === 'emails')
|
|
88
|
+
? pc.dim('(hidden)')
|
|
89
|
+
: describeAccess(include, includeType);
|
|
88
90
|
|
|
89
91
|
// Show confirmation summary (skip when all CLI flags provided)
|
|
90
92
|
const allFlagsProvided = opts.domain && opts.auth && opts.allow;
|
|
@@ -171,7 +173,7 @@ export async function validateDomain(api, domain) {
|
|
|
171
173
|
}
|
|
172
174
|
}
|
|
173
175
|
|
|
174
|
-
export async function resolveAccess(allowFlag) {
|
|
176
|
+
export async function resolveAccess(allowFlag, hidden) {
|
|
175
177
|
// If --allow flag was passed, parse it
|
|
176
178
|
if (allowFlag) {
|
|
177
179
|
if (allowFlag.startsWith('*@')) {
|
|
@@ -187,6 +189,8 @@ export async function resolveAccess(allowFlag) {
|
|
|
187
189
|
return { include: allowFlag.split(',').map((e) => e.trim()), includeType: 'emails' };
|
|
188
190
|
}
|
|
189
191
|
|
|
192
|
+
const emailPrompt = hidden ? password : input;
|
|
193
|
+
|
|
190
194
|
// Interactive
|
|
191
195
|
const accessType = await select({
|
|
192
196
|
message: 'Who should have access?',
|
|
@@ -195,7 +199,7 @@ export async function resolveAccess(allowFlag) {
|
|
|
195
199
|
|
|
196
200
|
switch (accessType) {
|
|
197
201
|
case 'me': {
|
|
198
|
-
const email = await
|
|
202
|
+
const email = await emailPrompt({
|
|
199
203
|
message: 'Your email address:',
|
|
200
204
|
validate: (v) => v.includes('@') || 'Enter a valid email',
|
|
201
205
|
});
|
|
@@ -216,7 +220,7 @@ export async function resolveAccess(allowFlag) {
|
|
|
216
220
|
return { include: [org.trim()], includeType: 'github_org' };
|
|
217
221
|
}
|
|
218
222
|
case 'emails': {
|
|
219
|
-
const emails = await
|
|
223
|
+
const emails = await emailPrompt({
|
|
220
224
|
message: 'Email addresses (comma-separated):',
|
|
221
225
|
validate: (v) => v.includes('@') || 'Enter at least one email',
|
|
222
226
|
});
|