gitspace 0.2.0-rc.1

package/src/commands/auth.ts

@@ -0,0 +1,364 @@
+/**
+ * Authentication commands for gitspace.sh
+ *
+ * Handles 'gssh auth login', 'gssh auth logout', 'gssh auth status'
+ */
+
+import open from 'open';
+import os from 'os';
+import { getSecret, setSecret, deleteSecret } from '../utils/secrets.js';
+import { loadKeypair, keypairExists, getPublicKeyWithoutPassword } from '../core/identity.js';
+import { sign, serializeIdentity } from '../lib/tmux-lite/crypto/identity.js';
+import { promptPassword } from '../utils/prompts.js';
+import { logger } from '../utils/logger.js';
+import { NoIdentityError, SpacesError } from '../types/errors.js';
+
+// API Configuration
+const API_BASE = process.env.GITSPACE_API_URL || 'https://api.gitspace.sh';
+
+/**
+ * Fetch GitHub Client ID from the API
+ */
+async function getGitHubClientId(): Promise<string> {
+  const res = await fetch(`${API_BASE}/config`);
+  if (!res.ok) {
+    throw new SpacesError('Failed to fetch config from API', 'SYSTEM_ERROR');
+  }
+  const config = await res.json() as { github_client_id: string };
+  if (!config.github_client_id) {
+    throw new SpacesError('GitHub Client ID not configured on server', 'SYSTEM_ERROR');
+  }
+  return config.github_client_id;
+}
+
+// ============================================================================
+// Types
+// ============================================================================
+
+interface DeviceCodeResponse {
+  device_code: string;
+  user_code: string;
+  verification_uri: string;
+  expires_in: number;
+  interval: number;
+}
+
+interface GitHubTokenResponse {
+  access_token?: string;
+  token_type?: string;
+  scope?: string;
+  error?: string;
+  error_description?: string;
+}
+
+interface GitspaceAuthResponse {
+  token: string;
+  user: {
+    id: string;
+    github_username: string;
+    email: string | null;
+    name: string | null;
+    avatar_url: string | null;
+  };
+}
+
+// ============================================================================
+// Login Command
+// ============================================================================
+
+/**
+ * Login to gitspace.sh using GitHub Device Flow
+ */
+export async function authLogin(): Promise<void> {
+  // Check if identity exists
+  if (!keypairExists()) {
+    throw new NoIdentityError();
+  }
+
+  // Load identity (requires password for signing)
+  logger.info('Loading identity...');
+  const password = await promptPassword('Enter identity password:');
+  if (!password) {
+    logger.info('Cancelled');
+    return;
+  }
+
+  let identity;
+  try {
+    identity = await loadKeypair(password);
+  } catch (error) {
+    if (error instanceof SpacesError) {
+      throw error;
+    }
+    throw new SpacesError('Failed to load identity', 'USER_ERROR');
+  }
+
+  // Step 1: Get GitHub Client ID from API
+  logger.info('Starting GitHub authentication...');
+  const githubClientId = await getGitHubClientId();
+
+  // Step 2: Request device code from GitHub
+  const deviceRes = await fetch('https://github.com/login/device/code', {
+    method: 'POST',
+    headers: {
+      Accept: 'application/json',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      client_id: githubClientId,
+      scope: 'read:user user:email',
+    }),
+  });
+
+  if (!deviceRes.ok) {
+    throw new SpacesError(
+      `GitHub device flow failed: ${await deviceRes.text()}`,
+      'SYSTEM_ERROR'
+    );
+  }
+
+  const deviceData: DeviceCodeResponse = await deviceRes.json();
+  const { device_code, user_code, verification_uri, interval } = deviceData;
+
+  // Step 2: Display code and open browser
+  logger.log('');
+  logger.bold(`! First, copy your one-time code: ${user_code}`);
+  logger.log('');
+
+  // Try to open browser, with fallback for headless/SSH environments
+  const canOpenBrowser = process.stdout.isTTY && !process.env.SSH_CLIENT;
+
+  if (canOpenBrowser) {
+    logger.log(`Press Enter to open ${verification_uri} in your browser...`);
+    await waitForEnter();
+
+    try {
+      await open(verification_uri);
+      logger.info('Browser opened. Waiting for authorization...');
+    } catch {
+      // Browser open failed (WSL, headless, etc.)
+      logger.log('');
+      logger.log(`Could not open browser automatically.`);
+      logger.log(`Please open this URL manually: ${verification_uri}`);
+      logger.log('');
+      logger.info('Waiting for authorization...');
+    }
+  } else {
+    // Headless environment (SSH, CI, etc.)
+    logger.log(`Open this URL in your browser: ${verification_uri}`);
+    logger.log(`Enter the code: ${user_code}`);
+    logger.log('');
+    logger.info('Waiting for authorization...');
+  }
+
+  // Step 3: Poll GitHub for access token
+  const githubToken = await pollForGitHubToken(device_code, interval, githubClientId);
+
+  // Step 4: Exchange GitHub token for gitspace.sh token with signature
+  logger.info('Completing authentication...');
+
+  const authTimestamp = Date.now();
+  const authMessage = `gitspace-device-auth:${authTimestamp}`;
+  const messageBytes = new TextEncoder().encode(authMessage);
+  const signatureBytes = sign(messageBytes, identity.signing.secretKey);
+  const authSignature = Buffer.from(signatureBytes).toString('base64');
+
+  const serialized = serializeIdentity(identity);
+
+  const response = await fetch(`${API_BASE}/auth/github/device`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      github_token: githubToken,
+      machine_pubkey: serialized.signingPublicKey,
+      device_name: os.hostname(),
+      auth_timestamp: authTimestamp,
+      auth_signature: authSignature,
+    }),
+  });
+
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({ error: 'Unknown error' }));
+    throw new SpacesError(
+      `Authentication failed: ${error.error || response.statusText}`,
+      'USER_ERROR'
+    );
+  }
+
+  const { token, user }: GitspaceAuthResponse = await response.json();
+
+  // Step 5: Save token to keychain
+  await setSecret('GITSPACE_TOKEN', token);
+
+  logger.log('');
+  logger.success('Authentication complete');
+  logger.success(`Logged in as ${user.github_username}`);
+  logger.success('Token saved to keychain');
+}
+
+// ============================================================================
+// Logout Command
+// ============================================================================
+
+/**
+ * Logout from gitspace.sh (clear local credentials)
+ */
+export async function authLogout(): Promise<void> {
+  const token = await getSecret('GITSPACE_TOKEN');
+
+  if (!token) {
+    logger.log('Not logged in');
+    return;
+  }
+
+  await deleteSecret('GITSPACE_TOKEN');
+  logger.success('Logged out');
+}
+
+// ============================================================================
+// Status Command
+// ============================================================================
+
+/**
+ * Show current authentication status
+ */
+export async function authStatus(): Promise<void> {
+  const token = await getSecret('GITSPACE_TOKEN');
+
+  if (!token) {
+    logger.log('Not logged in');
+    logger.dim('Run: gssh auth login');
+    return;
+  }
+
+  // Verify token with API
+  try {
+    const deviceFingerprint = getDeviceFingerprint();
+    if (!deviceFingerprint) {
+      logger.log('Identity not found. Run: gssh identity init');
+      return;
+    }
+
+    const res = await fetch(`${API_BASE}/me`, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'X-Device-Fingerprint': deviceFingerprint,
+      },
+    });
+
+    if (!res.ok) {
+      logger.log('Session expired or invalid');
+      logger.dim('Run: gssh auth login');
+      return;
+    }
+
+    const user = await res.json();
+    logger.log(`Logged in as: ${user.github_username}`);
+    logger.log(`Email: ${user.email || '(not set)'}`);
+    if (user.name) {
+      logger.log(`Name: ${user.name}`);
+    }
+  } catch {
+    logger.log('Could not verify session (API unreachable)');
+    logger.dim('Token is saved locally');
+  }
+}
+
+// ============================================================================
+// Helper Functions
+// ============================================================================
+
+function getDeviceFingerprint(): string | null {
+  try {
+    const identity = getPublicKeyWithoutPassword();
+    return identity?.signingPublicKey ?? null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Wait for Enter key press
+ */
+function waitForEnter(): Promise<void> {
+  return new Promise((resolve) => {
+    if (process.stdin.isTTY) {
+      process.stdin.setRawMode(true);
+      process.stdin.resume();
+      process.stdin.once('data', () => {
+        process.stdin.setRawMode(false);
+        process.stdin.pause(); // Release the event loop
+        resolve();
+      });
+    } else {
+      resolve();
+    }
+  });
+}
+
+/**
+ * Poll GitHub for access token (Device Flow)
+ */
+async function pollForGitHubToken(
+  deviceCode: string,
+  interval: number,
+  clientId: string
+): Promise<string> {
+  const maxAttempts = 60; // ~5 minutes with default 5s interval
+  let currentInterval = interval;
+
+  for (let i = 0; i < maxAttempts; i++) {
+    await Bun.sleep(currentInterval * 1000);
+
+    // Show polling indicator
+    process.stdout.write('.');
+
+    const res = await fetch('https://github.com/login/oauth/access_token', {
+      method: 'POST',
+      headers: {
+        Accept: 'application/json',
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        client_id: clientId,
+        device_code: deviceCode,
+        grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+      }),
+    });
+
+    const data: GitHubTokenResponse = await res.json();
+
+    if (data.access_token) {
+      return data.access_token;
+    }
+
+    if (data.error === 'authorization_pending') {
+      // User hasn't authorized yet, keep polling
+      continue;
+    }
+
+    if (data.error === 'slow_down') {
+      // Rate limited, increase interval
+      currentInterval += 5;
+      continue;
+    }
+
+    if (data.error === 'expired_token') {
+      throw new SpacesError(
+        'Authorization expired. Please try again.',
+        'USER_ERROR'
+      );
+    }
+
+    if (data.error === 'access_denied') {
+      throw new SpacesError('Authorization denied by user.', 'USER_ERROR');
+    }
+
+    throw new SpacesError(
+      `GitHub auth error: ${data.error_description || data.error}`,
+      'SYSTEM_ERROR'
+    );
+  }
+
+  throw new SpacesError('Authorization timeout. Please try again.', 'USER_ERROR');
+}

package/src/commands/connect.ts

@@ -0,0 +1,287 @@
+/**
+ * Connect command implementation
+ *
+ * Handles 'gssh connect <invite>' to connect to a remote machine
+ * via an invite token or URL, or lists available machines when no
+ * invite is provided.
+ */
+
+import { logger } from '../utils/logger.js';
+import { promptPassword, promptConfirm } from '../utils/prompts.js';
+import { loadKeypair, keypairExists } from '../core/identity.js';
+import { parseInviteToken, isInviteExpired } from '../lib/tmux-lite/crypto/invites.js';
+import { RelayClient } from '../lib/tmux-lite/relay-client.js';
+import {
+  NoIdentityError,
+  SpacesError,
+} from '../types/errors.js';
+import type { InviteToken } from '../types/identity.js';
+
+/**
+ * Connect to a remote machine via invite token
+ *
+ * @param inviteTokenOrUrl - Invite token (base64url) or URL containing token
+ * @param options - Command options
+ */
+export async function connectToRemote(
+  inviteTokenOrUrl?: string,
+  options: { relay?: string } = {}
+): Promise<void> {
+  // Invite is required for connection
+  if (!inviteTokenOrUrl) {
+    throw new SpacesError(
+      'Invite token or URL required.\n\nUsage:\n  gssh connect <invite-url>\n  gssh connect <invite-token>\n\nGet an invite from the machine owner using:\n  gssh share create',
+      'USER_ERROR',
+      1
+    );
+  }
+
+  // Step 1: Parse invite from URL or raw token
+  const token = extractAndValidateToken(inviteTokenOrUrl);
+
+  // Step 2: Display connection details and confirm
+  displayConnectionDetails(token);
+
+  const confirmed = await promptConfirm('Connect to this machine?', true);
+  if (!confirmed) {
+    logger.info('Cancelled');
+    return;
+  }
+
+  // Step 3: Load local identity
+  if (!keypairExists()) {
+    throw new NoIdentityError();
+  }
+
+  const password = await promptPassword('Enter password to unlock identity:');
+  if (!password) {
+    logger.info('Cancelled');
+    return;
+  }
+
+  const identity = await loadKeypair(password);
+  if (!identity) {
+    throw new SpacesError(
+      'Failed to unlock identity. Check your password.',
+      'USER_ERROR',
+      1
+    );
+  }
+
+  // Step 4: Connect to relay and perform handshake
+  const relayUrl = options.relay ?? token.relayUrl;
+
+  logger.info('Connecting to relay...');
+
+  const client = new RelayClient(
+    {
+      relayUrl,
+      machineId: token.machineId,
+      identity,
+      inviteToken: inviteTokenOrUrl.includes('#')
+        ? extractTokenFromUrl(inviteTokenOrUrl) ?? inviteTokenOrUrl
+        : inviteTokenOrUrl,
+    },
+    {
+      onConnect: () => {
+        logger.success('Connected!');
+      },
+      onDisconnect: (code, reason) => {
+        logger.info(`Disconnected: ${code} ${reason}`);
+        process.exit(0);
+      },
+      onError: (error) => {
+        logger.error(`Connection error: ${error.message}`);
+        process.exit(1);
+      },
+      onStateChange: (state) => {
+        if (state === 'handshaking') {
+          logger.info('Authenticating...');
+        }
+      },
+      onHandshakeComplete: (peerIdentityId, accessType, sessionId) => {
+        logger.success(`Session established with ${peerIdentityId.substring(0, 12)}...`);
+        logger.log('');
+        logger.dim(`Access: ${accessType === 'full' ? 'Full access' : 'Session invite'}`);
+        if (sessionId) {
+          logger.dim(`Session: ${sessionId}`);
+        }
+        logger.log('');
+        logger.dim('Press Ctrl+D to disconnect');
+        logger.log('');
+
+        // Enter terminal session
+        startTerminalSession(client);
+      },
+      onMessage: (_streamId, data) => {
+        // Write received data to stdout
+        process.stdout.write(data);
+      },
+    }
+  );
+
+  try {
+    await client.connect();
+  } catch (error) {
+    if (error instanceof Error) {
+      throw new SpacesError(
+        `Connection failed: ${error.message}`,
+        'SYSTEM_ERROR',
+        2
+      );
+    }
+    throw error;
+  }
+
+  // Keep process alive
+  await new Promise(() => {
+    // Never resolves - process stays alive until disconnect
+  });
+}
+
+/**
+ * Extract token from URL or validate raw token
+ */
+function extractAndValidateToken(input: string): InviteToken {
+  // Try to extract from URL
+  let rawToken = input;
+
+  if (input.includes('#')) {
+    const extracted = extractTokenFromUrl(input);
+    if (extracted) {
+      rawToken = extracted;
+    }
+  }
+
+  // Parse and validate token
+  const token = parseInviteToken(rawToken);
+  if (!token) {
+    throw new SpacesError(
+      'Invalid invite token. Check that the token is complete and not corrupted.',
+      'USER_ERROR',
+      1
+    );
+  }
+
+  if (isInviteExpired(token)) {
+    throw new SpacesError(
+      'This invite has expired. Please request a new one.',
+      'USER_ERROR',
+      1
+    );
+  }
+
+  return token;
+}
+
+/**
+ * Extract token from a URL like https://gitspace.sh/join#TOKEN
+ */
+function extractTokenFromUrl(url: string): string | null {
+  try {
+    const urlObj = new URL(url);
+    const hash = urlObj.hash;
+    if (hash && hash.length > 1) {
+      return hash.substring(1); // Remove leading #
+    }
+    return null;
+  } catch {
+    // Not a valid URL, might be raw token
+    if (url.includes('#')) {
+      return url.split('#')[1] || null;
+    }
+    return null;
+  }
+}
+
+/**
+ * Display connection details from invite token
+ */
+function displayConnectionDetails(token: InviteToken): void {
+  const expiresAt = new Date(token.expiresAt);
+  const now = new Date();
+  const hoursRemaining = Math.round(
+    (expiresAt.getTime() - now.getTime()) / (1000 * 60 * 60)
+  );
+
+  let expiryStr: string;
+  if (hoursRemaining < 1) {
+    const minutesRemaining = Math.round(
+      (expiresAt.getTime() - now.getTime()) / (1000 * 60)
+    );
+    expiryStr = `${minutesRemaining} minutes`;
+  } else if (hoursRemaining < 24) {
+    expiryStr = `${hoursRemaining} hours`;
+  } else {
+    const daysRemaining = Math.round(hoursRemaining / 24);
+    expiryStr = `${daysRemaining} days`;
+  }
+
+  logger.log('');
+  logger.bold('Remote Connection Details:');
+  logger.log('');
+  logger.log(`  Machine:     ${token.machineId}`);
+  logger.log(`  Access:      ${token.accessType === 'full' ? 'Full access' : 'Session invite'}`);
+  if (token.sessionId) {
+    logger.log(`  Session:     ${token.sessionId}`);
+  }
+  logger.log(`  Expires:     ${expiryStr} (${expiresAt.toLocaleString()})`);
+  logger.log(`  Relay:       ${token.relayUrl}`);
+  if (token.singleUse) {
+    logger.dim('  (Single-use invite)');
+  }
+  logger.log('');
+}
+
+/**
+ * Start interactive terminal session
+ */
+function startTerminalSession(client: RelayClient): void {
+  // Set stdin to raw mode for character-by-character input
+  if (process.stdin.isTTY) {
+    process.stdin.setRawMode(true);
+  }
+  process.stdin.resume();
+
+  // Forward stdin to remote
+  process.stdin.on('data', (data) => {
+    // Check for Ctrl+D (EOF)
+    if (data.length === 1 && data[0] === 0x04) {
+      logger.log('');
+      logger.info('Disconnecting...');
+      client.disconnect();
+      process.exit(0);
+    }
+
+    client.send(data);
+  });
+
+  // Handle terminal resize
+  if (process.stdout.isTTY) {
+    process.stdout.on('resize', () => {
+      // Send resize event to remote (using a control message)
+      const cols = process.stdout.columns;
+      const rows = process.stdout.rows;
+      const resizeMsg = JSON.stringify({ type: 'resize', cols, rows });
+      client.send(Buffer.from(resizeMsg), 1); // Stream ID 1 for control
+    });
+
+    // Send initial size
+    const cols = process.stdout.columns;
+    const rows = process.stdout.rows;
+    const resizeMsg = JSON.stringify({ type: 'resize', cols, rows });
+    client.send(Buffer.from(resizeMsg), 1);
+  }
+
+  // Handle SIGINT (Ctrl+C)
+  process.on('SIGINT', () => {
+    // Forward Ctrl+C to remote instead of terminating
+    client.send(Buffer.from([0x03]));
+  });
+
+  // Handle process termination
+  process.on('SIGTERM', () => {
+    client.disconnect();
+    process.exit(0);
+  });
+}

package/src/commands/directory.ts

@@ -0,0 +1,16 @@
+import { getCurrentProject, getProjectDir } from '../core/config'
+import { SpacesError } from '../types/errors'
+import { logger } from '../utils/logger'
+
+export async function getProjectDirectory(options: {
+	json?: boolean
+	verbose?: boolean
+}): Promise<void> {
+	const currentProject = getCurrentProject()
+	if (!currentProject) {
+		throw new SpacesError('No project found', 'USER_ERROR', 1)
+	}
+
+	const projectDirectory = getProjectDir(currentProject)
+	console.log(projectDirectory)
+}