npm - gamedev - Versions diffs - 0.2.2 → 0.2.4 - Mend

gamedev 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/app-server/cliAuth.js CHANGED Viewed

@@ -1,5 +1,3 @@
-import crypto from 'crypto'
-import http from 'http'
 import { spawn } from 'child_process'
 import { joinUrl, normalizeWorldAdminBaseUrl } from './helpers.js'
@@ -58,138 +56,6 @@ export async function fetchCliAuthStatus({ worldUrl, authToken }) {
   return data
 }
-function createCallbackServer({ worldId, worldUrl, state, timeoutMs = 10 * 60 * 1000 } = {}) {
-  const expectedState = typeof state === 'string' && state.trim() ? state.trim() : crypto.randomUUID()
-  let settled = false
-  let timeoutId = null
-  let server = null
-  let startupResolve = null
-  let startupReject = null
-  let startupState = 'pending'
-  const startup = new Promise((resolve, reject) => {
-    startupResolve = resolve
-    startupReject = reject
-  })
-  const close = async () => {
-    if (!server) return
-    const target = server
-    server = null
-    await new Promise(resolve => target.close(() => resolve()))
-  }
-  const result = new Promise((resolve, reject) => {
-    server = http.createServer(async (req, res) => {
-      res.setHeader('Access-Control-Allow-Origin', '*')
-      res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS')
-      res.setHeader('Access-Control-Allow-Headers', 'Content-Type')
-      if (req.method === 'OPTIONS') {
-        res.statusCode = 204
-        res.end()
-        return
-      }
-      if (req.method !== 'POST' || req.url !== '/callback') {
-        res.statusCode = 404
-        res.end('Not found')
-        return
-      }
-      const chunks = []
-      req.on('data', chunk => {
-        chunks.push(chunk)
-      })
-      req.on('error', async error => {
-        if (settled) return
-        settled = true
-        clearTimeout(timeoutId)
-        res.statusCode = 500
-        res.end(JSON.stringify({ error: 'callback_read_failed' }))
-        await close()
-        reject(error instanceof Error ? error : createError('callback_read_failed'))
-      })
-      req.on('end', async () => {
-        let payload
-        try {
-          payload = JSON.parse(Buffer.concat(chunks).toString('utf8') || '{}')
-        } catch {
-          res.statusCode = 400
-          res.end(JSON.stringify({ error: 'invalid_payload' }))
-          return
-        }
-        const receivedState = typeof payload?.state === 'string' ? payload.state.trim() : ''
-        const authToken = typeof payload?.authToken === 'string' ? payload.authToken.trim() : ''
-        const receivedWorldId = typeof payload?.worldId === 'string' ? payload.worldId.trim() : ''
-        const receivedWorldUrl = typeof payload?.worldUrl === 'string' ? payload.worldUrl.trim() : ''
-        if (!authToken || !receivedState || receivedState !== expectedState) {
-          res.statusCode = 400
-          res.end(JSON.stringify({ error: 'invalid_callback_state' }))
-          return
-        }
-        if (worldId && receivedWorldId && receivedWorldId !== worldId) {
-          res.statusCode = 409
-          res.end(JSON.stringify({ error: 'world_id_mismatch' }))
-          return
-        }
-        if (worldUrl && receivedWorldUrl && normalizeWorldAdminBaseUrl(receivedWorldUrl) !== normalizeWorldAdminBaseUrl(worldUrl)) {
-          res.statusCode = 409
-          res.end(JSON.stringify({ error: 'world_url_mismatch' }))
-          return
-        }
-        settled = true
-        clearTimeout(timeoutId)
-        res.statusCode = 200
-        res.setHeader('Content-Type', 'application/json')
-        res.end(JSON.stringify({ ok: true }))
-        await close()
-        resolve(payload)
-      })
-    })
-    server.listen(0, '127.0.0.1', () => {
-      if (startupState === 'pending') {
-        startupState = 'ready'
-        startupResolve()
-      }
-      timeoutId = setTimeout(async () => {
-        if (settled) return
-        settled = true
-        await close()
-        reject(createError('auth_timeout', 'Timed out waiting for browser authentication'))
-      }, timeoutMs)
-    })
-    server.on('error', async error => {
-      if (startupState === 'pending') {
-        startupState = 'failed'
-        startupReject(error instanceof Error ? error : createError('callback_server_failed'))
-      }
-      if (settled) return
-      settled = true
-      clearTimeout(timeoutId)
-      await close()
-      reject(error instanceof Error ? error : createError('callback_server_failed'))
-    })
-  })
-  return {
-    state: expectedState,
-    async getCallbackUrl() {
-      await startup
-      const address = server.address()
-      if (!address || typeof address === 'string') {
-        throw createError('callback_server_failed')
-      }
-      return `http://127.0.0.1:${address.port}/callback`
-    },
-    result,
-    close,
-  }
-}
 async function launchBrowser(url) {
   const commands =
     process.platform === 'darwin'
@@ -218,9 +84,7 @@ async function launchBrowser(url) {
 export function buildCliAuthUrl({
   worldUrl,
   worldId,
-  callbackUrl,
   sessionId,
-  state,
   requiredCapability = 'builder',
 } = {}) {
   const normalizedWorldUrl = normalizeWorldAdminBaseUrl(worldUrl)
@@ -228,10 +92,8 @@ export function buildCliAuthUrl({
     throw createError('invalid_world_url', 'Invalid world URL')
   }
   const url = new URL(joinUrl(normalizedWorldUrl, '/auth/cli'))
-  if (callbackUrl) url.searchParams.set('callback', callbackUrl)
   if (sessionId) url.searchParams.set('session', sessionId)
   if (worldId) url.searchParams.set('worldId', worldId)
-  if (state) url.searchParams.set('state', state)
   url.searchParams.set('required', normalizeCapability(requiredCapability))
   return url.toString()
 }
@@ -254,12 +116,6 @@ async function createRemoteCliAuthSession({ worldUrl, worldId, requiredCapabilit
   })
   const data = await response.json().catch(() => null)
   if (!response.ok) {
-    if (response.status === 404 || response.status === 405) {
-      throw createError('cli_auth_session_unsupported', 'World does not support server-mediated CLI auth sessions', {
-        status: response.status,
-        data,
-      })
-    }
     throw createError(
       data?.error || `session_create_failed:${response.status}`,
       data?.message || 'Failed to create CLI auth session',
@@ -333,7 +189,7 @@ async function openCliAuthUrl(authUrl, { log = console } = {}) {
   log?.log?.('Opening browser for world auth...')
 }
-async function runLoopbackBrowserCliAuth({
+export async function runBrowserCliAuth({
   rootDir = process.cwd(),
   worldUrl,
   worldId,
@@ -341,89 +197,33 @@ async function runLoopbackBrowserCliAuth({
   timeoutMs,
   log = console,
 } = {}) {
-  const callback = createCallbackServer({
+  const session = await createRemoteCliAuthSession({
+    worldUrl,
+    worldId,
+    requiredCapability,
+  })
+  const authUrl = buildCliAuthUrl({
+    worldUrl,
     worldId,
+    sessionId: session.sessionId,
+    requiredCapability,
+  })
+  await openCliAuthUrl(authUrl, { log })
+  const payload = await waitForRemoteCliAuthSession({
     worldUrl,
+    sessionId: session.sessionId,
     timeoutMs,
   })
-  try {
-    const callbackUrl = await callback.getCallbackUrl()
-    const authUrl = buildCliAuthUrl({
-      worldUrl,
-      worldId,
-      callbackUrl,
-      state: callback.state,
-      requiredCapability,
-    })
-    await openCliAuthUrl(authUrl, { log })
-    const payload = await callback.result
-    const entry = writeProjectAuthEntry(rootDir, {
-      worldUrl: payload.worldUrl || worldUrl,
-      worldId: payload.worldId || worldId,
-      authToken: payload.authToken,
-      userId: payload?.user?.id || null,
-      userName: payload?.user?.name || null,
-    })
-    return {
-      entry,
-      capabilities: payload?.capabilities || null,
-    }
-  } finally {
-    await callback.close().catch(() => {})
-  }
-}
-export async function runBrowserCliAuth({
-  rootDir = process.cwd(),
-  worldUrl,
-  worldId,
-  requiredCapability = 'builder',
-  timeoutMs,
-  log = console,
-} = {}) {
-  try {
-    const session = await createRemoteCliAuthSession({
-      worldUrl,
-      worldId,
-      requiredCapability,
-    })
-    const authUrl = buildCliAuthUrl({
-      worldUrl,
-      worldId,
-      sessionId: session.sessionId,
-      requiredCapability,
-    })
-    await openCliAuthUrl(authUrl, { log })
-    const payload = await waitForRemoteCliAuthSession({
-      worldUrl,
-      sessionId: session.sessionId,
-      timeoutMs,
-    })
-    const entry = writeProjectAuthEntry(rootDir, {
-      worldUrl: payload.worldUrl || worldUrl,
-      worldId: payload.worldId || worldId,
-      authToken: payload.authToken,
-      userId: payload?.user?.id || null,
-      userName: payload?.user?.name || null,
-    })
-    return {
-      entry,
-      capabilities: payload?.capabilities || null,
-    }
-  } catch (error) {
-    if (error?.code === 'cli_auth_session_unsupported') {
-      return runLoopbackBrowserCliAuth({
-        rootDir,
-        worldUrl,
-        worldId,
-        requiredCapability,
-        timeoutMs,
-        log,
-      })
-    }
-    throw error
+  const entry = writeProjectAuthEntry(rootDir, {
+    worldUrl: payload.worldUrl || worldUrl,
+    worldId: payload.worldId || worldId,
+    authToken: payload.authToken,
+    userId: payload?.user?.id || null,
+    userName: payload?.user?.name || null,
+  })
+  return {
+    entry,
+    capabilities: payload?.capabilities || null,
   }
 }

package/app-server/commands.js CHANGED Viewed

@@ -260,14 +260,14 @@ export class HyperfyCLI {
     return process.env.HYPERFY_TARGET_CONFIRM === 'true'
   }
-  async _connectAdminClient() {
+  async _connectAdminClient({ requiredCapability = 'builder' } = {}) {
     this._requireWorldUrl()
     this._requireWorldId()
     const auth = await ensureProjectAuth({
       rootDir: this.rootDir,
       worldUrl: this.worldUrl,
       worldId: this.worldId,
-      requiredCapability: 'builder',
+      requiredCapability,
       interactive: process.stdin.isTTY,
       log: console,
     })
@@ -411,7 +411,7 @@ export class HyperfyCLI {
     console.log(`🚀 Deploying app: ${appName}`)
-    const server = await this._connectAdminClient()
+    const server = await this._connectAdminClient({ requiredCapability: 'deploy' })
     try {
       if (!options.dryRun && !options.yes && this._shouldConfirmDeployTarget()) {
         const target = process.env.HYPERFY_TARGET ? ` "${process.env.HYPERFY_TARGET}"` : ''
@@ -452,7 +452,7 @@ export class HyperfyCLI {
   async rollback(snapshotId) {
     console.log(`⏪ Rolling back deploy snapshot...`)
-    const server = await this._connectAdminClient()
+    const server = await this._connectAdminClient({ requiredCapability: 'deploy' })
     try {
       const owner = `hyperfy-cli:${process.env.HYPERFY_TARGET || 'default'}:${process.pid}`
       const lock = await server.client.acquireDeployLock({ owner })
@@ -486,7 +486,7 @@ export class HyperfyCLI {
   async status() {
     console.log(`📊 Admin Status`)
-    const server = await this._connectAdminClient()
+    const server = await this._connectAdminClient({ requiredCapability: 'builder' })
     try {
       const snapshot = await server.client.getSnapshot()
       const blueprints = Array.isArray(snapshot?.blueprints) ? snapshot.blueprints.length : 0
@@ -572,7 +572,7 @@ export class HyperfyCLI {
       return false
     }
-    const server = await this._connectAdminClient()
+    const server = await this._connectAdminClient({ requiredCapability: 'deploy' })
     try {
       const result = await server.resolveSyncConflict(id, { use })
       if (result?.alreadyResolved) {
@@ -592,7 +592,7 @@ export class HyperfyCLI {
   }
   async syncResolveInteractive() {
-    const server = await this._connectAdminClient()
+    const server = await this._connectAdminClient({ requiredCapability: 'deploy' })
     try {
       const summary = await server.promptAndResolveSyncConflicts()
       if (!summary?.prompted && summary?.remaining > 0) {

package/bin/gamedev.mjs CHANGED Viewed

@@ -486,7 +486,7 @@ async function startCommand(args = []) {
       rootDir: projectDir,
       worldUrl: env.WORLD_URL,
       worldId: env.WORLD_ID,
-      requiredCapability: 'builder',
+      requiredCapability: 'deploy',
       interactive: process.stdin.isTTY,
       log: console,
     })
@@ -584,7 +584,7 @@ async function appServerCommand(args = []) {
       rootDir: projectDir,
       worldUrl: env.WORLD_URL,
       worldId: env.WORLD_ID,
-      requiredCapability: 'builder',
+      requiredCapability: 'deploy',
       interactive: process.stdin.isTTY,
       log: console,
     })
@@ -848,12 +848,12 @@ async function syncCommand(args) {
   return runSyncCommand({ command, args: commandArgs, rootDir: projectDir, helpPrefix: 'gamedev sync' })
 }
-async function connectAdminServer({ worldUrl, worldId, rootDir }) {
+async function connectAdminServer({ worldUrl, worldId, rootDir, requiredCapability = 'builder' }) {
   const auth = await ensureProjectAuth({
     rootDir,
     worldUrl,
     worldId,
-    requiredCapability: 'builder',
+    requiredCapability,
     interactive: process.stdin.isTTY,
     log: console,
   })
@@ -976,12 +976,18 @@ async function worldCommand(args) {
     let server
     try {
-      server = await connectAdminServer({ worldUrl, worldId, rootDir: projectDir })
       if (action === 'export') {
+        server = await connectAdminServer({ worldUrl, worldId, rootDir: projectDir })
         const includeBuiltScripts = actionArgs.includes('--include-built-scripts')
         await server.exportWorldToDisk(undefined, { includeBuiltScripts })
         console.log('✅ World export complete')
       } else {
+        server = await connectAdminServer({
+          worldUrl,
+          worldId,
+          rootDir: projectDir,
+          requiredCapability: 'deploy',
+        })
         await server.importWorldFromDisk()
         console.log('✅ World import complete')
       }

package/build/index.js CHANGED Viewed

@@ -61788,6 +61788,9 @@ async function admin(fastify2, {
     return { builder: true, deploy: true };
   }
   async function getCapabilitiesFromAuthToken(token) {
+    if (allowsOpenAdminAccess(process.env)) {
+      return { builder: true, deploy: true };
+    }
     if (!token || !db2) return { builder: false, deploy: false };
     const worldId = world2?.network?.worldId || process.env.WORLD_ID;
     const claims = await readJWT(token, { worldId });
@@ -62193,9 +62196,10 @@ async function admin(fastify2, {
             ws2.close();
             return;
           }
+          const openAdminAccess = allowsOpenAdminAccess(process.env);
           const codeCapabilities = getCapabilitiesFromAdminCode(data?.code);
-          let builderOk = codeCapabilities.builder;
-          let deployOk = codeCapabilities.deploy;
+          let builderOk = openAdminAccess || codeCapabilities.builder;
+          let deployOk = openAdminAccess || codeCapabilities.deploy;
           if (!builderOk || !deployOk) {
             const payloadToken = typeof data?.authToken === "string" ? data.authToken.trim() : "";
             const headerToken = getRuntimeAuthTokenFromRequest(req) || "";
@@ -63145,17 +63149,13 @@ async function createStandaloneGuestSession({
   };
 }
 function buildCliAuthPage({
-  callbackUrl,
   sessionId,
-  state,
   worldId,
   requiredCapability = "builder",
   publicAuthUrl = null
 } = {}) {
   const config = JSON.stringify({
-    callbackUrl: normalizeString2(callbackUrl),
     sessionId: normalizeString2(sessionId),
-    state: normalizeString2(state),
     worldId: normalizeString2(worldId),
     requiredCapability: normalizeString2(requiredCapability) || "builder",
     publicAuthUrl: hasValue2(publicAuthUrl) ? publicAuthUrl.trim() : null
@@ -63544,18 +63544,6 @@ function buildCliAuthPage({
         return !!capabilities?.builder
       }
-      function validateCallbackUrl(value) {
-        try {
-          const parsed = new URL(value)
-          const hostname = parsed.hostname
-          if (!hostname) return null
-          if (hostname !== '127.0.0.1' && hostname !== 'localhost' && hostname !== '::1') return null
-          return parsed.toString()
-        } catch {
-          return null
-        }
-      }
       async function fetchStatus(token) {
         const response = await fetch(\`\${apiBaseUrl()}/auth/cli/status\`, {
           headers: {
@@ -63613,47 +63601,24 @@ function buildCliAuthPage({
         return token
       }
-      async function submitToken(token, status) {
-        if (config.sessionId) {
-          const response = await fetch(\`\${apiBaseUrl()}/auth/cli/session/\${encodeURIComponent(config.sessionId)}\`, {
-            method: 'POST',
-            headers: {
-              'content-type': 'application/json',
-              accept: 'application/json',
-            },
-            body: JSON.stringify({
-              worldUrl: worldRootUrl(),
-              authToken: token,
-            }),
-          })
-          if (!response.ok) {
-            const payload = await response.json().catch(() => null)
-            throw new Error(payload?.error || 'session_complete_failed')
-          }
-          return
-        }
-        const callbackUrl = validateCallbackUrl(config.callbackUrl)
-        if (!callbackUrl) {
-          throw new Error('Invalid callback URL')
+      async function submitToken(token) {
+        if (!config.sessionId) {
+          throw new Error('Invalid session id')
         }
-        const response = await fetch(callbackUrl, {
+        const response = await fetch(\`\${apiBaseUrl()}/auth/cli/session/\${encodeURIComponent(config.sessionId)}\`, {
           method: 'POST',
           headers: {
             'content-type': 'application/json',
+            accept: 'application/json',
           },
           body: JSON.stringify({
-            state: config.state,
-            worldId: status?.worldId || config.worldId || '',
             worldUrl: worldRootUrl(),
             authToken: token,
-            user: status?.user || null,
-            capabilities: status?.capabilities || null,
           }),
         })
         if (!response.ok) {
           const payload = await response.json().catch(() => null)
-          throw new Error(payload?.error || 'callback_failed')
+          throw new Error(payload?.error || 'session_complete_failed')
         }
       }
@@ -63695,7 +63660,7 @@ function buildCliAuthPage({
               'success'
             )
             setHint('Permission confirmed. The CLI is storing this world token locally.', 'success')
-            await submitToken(token, status)
+            await submitToken(token)
             clearInterval(polling)
             setTimeout(() => {
               window.close()
@@ -65234,21 +65199,17 @@ async function handleCliAuthPage(req, reply) {
   if (!isRuntimeReady(runtimeState)) {
     return sendRuntimeNotReady2(reply, runtimeState, { html: true });
   }
-  const callbackUrl = typeof req.query?.callback === "string" ? req.query.callback.trim() : "";
   const sessionId = typeof req.query?.session === "string" ? req.query.session.trim() : "";
-  const state = typeof req.query?.state === "string" ? req.query.state.trim() : "";
   const worldId = typeof req.query?.worldId === "string" ? req.query.worldId.trim() : resolveBoundWorldId() || "";
   const requiredCapability = typeof req.query?.required === "string" ? req.query.required.trim() : "builder";
-  if (!sessionId && (!callbackUrl || !state)) {
+  if (!sessionId) {
     return reply.code(400).type("text/html").send(
-      "<!doctype html><html><body>Missing session or callback parameters.</body></html>"
+      "<!doctype html><html><body>Missing session.</body></html>"
     );
   }
   reply.type("text/html").send(
     buildCliAuthPage({
-      callbackUrl,
       sessionId,
-      state,
       worldId,
       requiredCapability,
       publicAuthUrl: process.env.PUBLIC_AUTH_URL || null