hereya-cli 0.33.0 → 0.35.0

package/dist/backend/cloud/login.js

@@ -0,0 +1,145 @@
+/* eslint-disable n/no-unsupported-features/node-builtins */
+import machineId from 'node-machine-id';
+import crypto from 'node:crypto';
+import http from 'node:http';
+import net from 'node:net';
+import { browserUtils } from './utils.js';
+export async function loginToCloudBackend(url) {
+    const registerResult = await registerDevice(url);
+    if (!registerResult.success) {
+        return registerResult;
+    }
+    const { clientId } = registerResult;
+    const codeVerifier = crypto.randomBytes(32).toString('hex');
+    const codeChallengeRaw = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(codeVerifier));
+    const codeChallenge = Buffer.from(codeChallengeRaw).toString('base64');
+    const availablePort = await getAvailablePort(3000);
+    const myRedirectUri = `http://localhost:${availablePort}/auth/cli/callback`;
+    const redirectUrl = `${url}/auth/cli/login?client_id=${clientId}&code_challenge=${codeChallenge}&redirect_uri=${myRedirectUri}`;
+    console.log('Opening browser to', redirectUrl);
+    browserUtils.open(redirectUrl);
+    const codeResult = await waitForAuthorizationCode(availablePort);
+    if (!codeResult.success) {
+        return {
+            error: codeResult.error,
+            success: false,
+        };
+    }
+    const { code } = codeResult;
+    const formData = new FormData();
+    formData.append('clientId', clientId);
+    formData.append('code', code);
+    formData.append('codeVerifier', codeVerifier);
+    const tokenResult = await fetch(`${url}/auth/cli/code`, {
+        body: formData,
+        method: 'POST',
+    });
+    if (!tokenResult.ok) {
+        return {
+            error: `Failed to get token: ${JSON.stringify(await tokenResult.json())}`,
+            success: false,
+        };
+    }
+    const token = (await tokenResult.json());
+    return {
+        accessToken: token.data.accessToken,
+        clientId,
+        refreshToken: token.data.refreshToken,
+        success: true,
+    };
+}
+export async function registerDevice(url) {
+    const registerUrl = `${url}/auth/cli/register`;
+    const deviceId = await machineId.machineId();
+    const formData = new FormData();
+    formData.append('deviceId', deviceId);
+    const response = await fetch(registerUrl, {
+        body: formData,
+        method: 'POST',
+    });
+    if (!response.ok) {
+        return {
+            error: `Failed to register device: ${JSON.stringify(await response.json())}`,
+            success: false,
+        };
+    }
+    const result = (await response.json());
+    return {
+        clientId: result.data.clientId,
+        success: true,
+    };
+}
+async function getAvailablePort(startPort) {
+    return new Promise((resolve) => {
+        const server = net.createServer();
+        server.unref();
+        server.on('error', () => {
+            server.listen(++startPort);
+        });
+        server.listen(startPort, () => {
+            server.close(() => resolve(startPort));
+        });
+    });
+}
+async function waitForAuthorizationCode(port) {
+    return new Promise((resolve) => {
+        const server = http.createServer((req, res) => {
+            const searchParams = new URLSearchParams(req.url.split('?')[1]);
+            const code = searchParams.get('code');
+            if (code) {
+                resolve({ code, success: true });
+            }
+            else {
+                resolve({ error: 'No authorization code received', success: false });
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(`
+<!DOCTYPE html>
+<html>
+<head>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      height: 100vh;
+      margin: 0;
+      background: #f5f5f5;
+    }
+    .card {
+      background: white;
+      padding: 2rem;
+      border-radius: 8px;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+      text-align: center;
+    }
+    .success-icon {
+      color: #10B981;
+      font-size: 3rem;
+      margin-bottom: 1rem;
+    }
+    .message {
+      color: #666;
+      font-size: 0.9rem;
+      margin-top: 1rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="success-icon">✓</div>
+    <h2>Authorization Successful!</h2>
+    <p class="message">You can close this tab now (Ctrl+W or Cmd+W)</p>
+  </div>
+</body>
+</html>
+`);
+            server.closeAllConnections();
+            server.close();
+        });
+        server.listen(port, () => {
+            console.log(`Waiting for authorization code on port ${port}...`);
+        });
+    });
+}

package/dist/backend/cloud/logout.d.ts

@@ -0,0 +1,9 @@
+export declare function logoutFromCloudBackend({ secret, url }: {
+    secret: null | {
+        refreshToken: string;
+    };
+    url: string;
+}): Promise<Response | {
+    didDelete: boolean;
+    success: boolean;
+}>;

package/dist/backend/cloud/logout.js

@@ -0,0 +1,12 @@
+/* eslint-disable n/no-unsupported-features/node-builtins */
+export async function logoutFromCloudBackend({ secret, url }) {
+    if (!secret) {
+        return { didDelete: false, success: true };
+    }
+    return fetch(`${url}/auth/cli/logout`, {
+        headers: {
+            Authorization: `Bearer ${secret.refreshToken}`,
+        },
+        method: 'POST',
+    });
+}

package/dist/backend/cloud/utils.d.ts

@@ -0,0 +1,3 @@
+export declare const browserUtils: {
+    open(url: string): void;
+};

package/dist/backend/cloud/utils.js

@@ -0,0 +1,6 @@
+import open from 'open';
+export const browserUtils = {
+    open(url) {
+        open(url);
+    },
+};

package/dist/backend/common.d.ts

@@ -133,6 +133,7 @@ export type GetStateOutput = {
     found: true;
 } | {
     found: false;
+    reason?: string;
 };
 export type DeleteWorkspaceInput = {
     name: string;
@@ -158,6 +159,7 @@ export type GetProvisioningIdOutput = {
     success: false;
 };
 export type SetEnvVarInput = {
+    infrastructure: InfrastructureType;
     name: string;
     value: string;
     workspace: string;
@@ -169,6 +171,7 @@ export type SetEnvVarOutput = {
     success: true;
 };
 export type UnsetEnvVarInput = {
+    infrastructure: InfrastructureType;
     name: string;
     workspace: string;
 };

package/dist/backend/config.d.ts

@@ -1,10 +1,37 @@
-import { BackendType } from "./index.js";
+import { BackendType } from './index.js';
 export declare function getCurrentBackendType(): Promise<BackendType>;
 export declare function setBackendType(type: BackendType): Promise<void>;
-export declare function loadBackendConfig(): Promise<{
-    current: BackendType;
+export declare function loadBackendConfig(): Promise<BackendConfig>;
+export declare function saveCloudCredentials(credentials: {
+    accessToken: string;
+    clientId: string;
+    refreshToken: string;
+    url: string;
+}): Promise<void>;
+export declare function deleteCloudCredentials(): Promise<{
+    didDelete: boolean;
+    originalConfig: {
+        cloud?: {
+            clientId: string;
+            url: string;
+        };
+        current: BackendType;
+    };
+    secret: {
+        accessToken: string;
+        refreshToken: string;
+    } | null;
+    success: boolean;
 }>;
+export declare function getCloudCredentials(clientId: string): Promise<{
+    accessToken: string;
+    refreshToken: string;
+} | null>;
 export declare function getBackendConfigPath(): string;
 export type BackendConfig = {
+    cloud?: {
+        clientId: string;
+        url: string;
+    };
     current: BackendType;
 };

package/dist/backend/config.js

@@ -1,7 +1,8 @@
 import os from 'node:os';
 import path from 'node:path';
-import { load, save } from "../lib/yaml-utils.js";
-import { BackendType } from "./index.js";
+import { load, save } from '../lib/yaml-utils.js';
+import { BackendType } from './index.js';
+import { secretManager } from './secrets.js';
 export async function getCurrentBackendType() {
     const config = await loadBackendConfig();
     return config.current;
@@ -18,6 +19,39 @@ export async function loadBackendConfig() {
     }
     return data;
 }
+export async function saveCloudCredentials(credentials) {
+    await secretManager.saveSecret(credentials.clientId, {
+        accessToken: credentials.accessToken,
+        refreshToken: credentials.refreshToken,
+    });
+    const config = await loadBackendConfig();
+    config.cloud = {
+        clientId: credentials.clientId,
+        url: credentials.url,
+    };
+    config.current = BackendType.Cloud;
+    await save(config, getBackendConfigPath());
+}
+export async function deleteCloudCredentials() {
+    const config = await loadBackendConfig();
+    const originalConfig = { ...config };
+    if (!config.cloud) {
+        return { didDelete: false, originalConfig, secret: null, success: true };
+    }
+    const secret = await secretManager.getSecret(config.cloud.clientId);
+    if (secret) {
+        await secretManager.deleteSecret(config.cloud.clientId);
+    }
+    config.cloud = undefined;
+    if (config.current === BackendType.Cloud) {
+        config.current = BackendType.Local;
+    }
+    await save(config, getBackendConfigPath());
+    return { didDelete: true, originalConfig, secret, success: true };
+}
+export async function getCloudCredentials(clientId) {
+    return secretManager.getSecret(clientId);
+}
 export function getBackendConfigPath() {
     return path.join(os.homedir(), '.hereya', 'backend.yaml');
 }

package/dist/backend/file.js

@@ -24,7 +24,7 @@ export class FileBackend {
         const { workspace } = workspace$;
         if (workspace.mirrorOf) {
             return {
-                reason: `Cannot add package to mirrored workspace ${input.workspace}`,
+                reason: `Cannot add package to mirroring workspace ${input.workspace}`,
                 success: false,
             };
         }
@@ -372,7 +372,7 @@ export class FileBackend {
         const { workspace } = workspace$;
         workspace.env = {
             ...workspace.env,
-            [input.name]: input.value,
+            [input.name]: `${input.infrastructure}:${input.value}`,
         };
         await this.saveWorkspace(workspace, input.workspace);
         return {

package/dist/backend/index.d.ts

@@ -1,6 +1,8 @@
 import { Backend } from './common.js';
-export declare function getBackend(): Promise<Backend>;
+export declare function getBackend(type?: BackendType): Promise<Backend>;
+export declare function setBackendType(type: BackendType): void;
 export declare enum BackendType {
+    Cloud = "cloud",
     Local = "local",
     S3 = "s3"
 }

package/dist/backend/index.js

@@ -1,14 +1,33 @@
 import { getAwsConfig } from '../infrastructure/aws-config.js';
-import { getCurrentBackendType } from './config.js';
+import { CloudBackend } from './cloud/cloud-backend.js';
+import { getCloudCredentials, loadBackendConfig } from './config.js';
 import { LocalFileBackend } from './local.js';
 import { S3FileBackend } from './s3.js';
 let backend;
-export async function getBackend() {
+let currentBackendType;
+export async function getBackend(type) {
     if (backend) {
         return backend;
     }
-    const backendType = await getCurrentBackendType();
+    const backendConfig = await loadBackendConfig();
+    const backendType = type ?? currentBackendType ?? backendConfig.current;
     switch (backendType) {
+        case BackendType.Cloud: {
+            if (!backendConfig.cloud) {
+                throw new Error('Cloud credentials not found. Please run `hereya login` first.');
+            }
+            const credentials = await getCloudCredentials(backendConfig.cloud.clientId);
+            if (!credentials) {
+                throw new Error('Cloud credentials not found. Please run `hereya login` first.');
+            }
+            backend = new CloudBackend({
+                accessToken: credentials.accessToken,
+                clientId: backendConfig.cloud.clientId,
+                refreshToken: credentials.refreshToken,
+                url: backendConfig.cloud.url,
+            });
+            break;
+        }
         case BackendType.Local: {
             backend = new LocalFileBackend();
             break;
@@ -27,8 +46,12 @@ export async function getBackend() {
     }
     return backend;
 }
+export function setBackendType(type) {
+    currentBackendType = type;
+}
 export var BackendType;
 (function (BackendType) {
+    BackendType["Cloud"] = "cloud";
     BackendType["Local"] = "local";
     BackendType["S3"] = "s3";
 })(BackendType || (BackendType = {}));

package/dist/backend/secrets.d.ts

@@ -0,0 +1,5 @@
+export declare const secretManager: {
+    deleteSecret(name: string): Promise<void>;
+    getSecret<T>(name: string): Promise<null | T>;
+    saveSecret<T>(name: string, value: T): Promise<void>;
+};

package/dist/backend/secrets.js

@@ -0,0 +1,66 @@
+import fs from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+const SECRETS_DIR = path.join(os.homedir(), '.hereya', 'secrets');
+async function ensureSecretsDir() {
+    try {
+        await fs.mkdir(SECRETS_DIR, { recursive: true });
+    }
+    catch {
+        // Ignore if directory already exists
+    }
+}
+async function getSecretPath(name) {
+    await ensureSecretsDir();
+    return path.join(SECRETS_DIR, `${name}.json`);
+}
+export const secretManager = {
+    async deleteSecret(name) {
+        try {
+            const keytar = await import('keytar').then((m) => m.default);
+            await keytar.deletePassword('hereya', name);
+        }
+        catch {
+            // Fallback to file-based storage
+            const secretPath = await getSecretPath(name);
+            try {
+                await fs.unlink(secretPath);
+            }
+            catch {
+                // Ignore if file doesn't exist
+            }
+        }
+    },
+    async getSecret(name) {
+        try {
+            const keytar = await import('keytar').then((m) => m.default);
+            const value = await keytar.getPassword('hereya', name);
+            if (!value) {
+                return null;
+            }
+            return JSON.parse(value);
+        }
+        catch {
+            // Fallback to file-based storage
+            const secretPath = await getSecretPath(name);
+            try {
+                const value = await fs.readFile(secretPath, 'utf8');
+                return JSON.parse(value);
+            }
+            catch {
+                return null;
+            }
+        }
+    },
+    async saveSecret(name, value) {
+        try {
+            const keytar = await import('keytar').then((m) => m.default);
+            await keytar.setPassword('hereya', name, JSON.stringify(value));
+        }
+        catch {
+            // Fallback to file-based storage
+            const secretPath = await getSecretPath(name);
+            await fs.writeFile(secretPath, JSON.stringify(value), 'utf8');
+        }
+    },
+};

package/dist/commands/bootstrap/index.js

@@ -1,28 +1,36 @@
 import { Args, Command, Flags } from '@oclif/core';
+import { BackendType, setBackendType } from '../../backend/index.js';
 import { getInfrastructure } from '../../infrastructure/index.js';
+import { getLogPath, setDebug } from '../../lib/log.js';
 export default class Bootstrap extends Command {
     static args = {
         infrastructureType: Args.string({
             description: 'infrastructure to bootstrap. Options are local, aws',
-            required: true
-        })
+            required: true,
+        }),
     };
     static description = 'Install necessary resources for hereya operations in an infrastructure.';
-    static examples = [
-        '<%= config.bin %> <%= command.id %> aws',
-        '<%= config.bin %> <%= command.id %> local'
-    ];
+    static examples = ['<%= config.bin %> <%= command.id %> aws', '<%= config.bin %> <%= command.id %> local'];
     static flags = {
         force: Flags.boolean({ char: 'f', description: 'redeploy hereya resources if already deployed' }),
     };
     async run() {
         const { args, flags } = await this.parse(Bootstrap);
+        setBackendType(BackendType.Local);
         const infrastructure$ = getInfrastructure({ type: args.infrastructureType });
         if (!infrastructure$.supported) {
             this.warn(infrastructure$.reason);
             return;
         }
         const { infrastructure } = infrastructure$;
-        await infrastructure.bootstrap({ force: flags.force });
+        setDebug(true);
+        try {
+            await infrastructure.bootstrap({ force: flags.force });
+        }
+        catch (error) {
+            this.error(`${error.message}
+
+See ${getLogPath()} for more details`);
+        }
     }
 }

package/dist/commands/init/index.js

@@ -36,7 +36,7 @@ export default class Init extends Command {
             workspace: flags.workspace,
         });
         const content = {
-            project: initProjectOutput.project.id,
+            project: initProjectOutput.project.name,
             workspace: initProjectOutput.workspace.name,
         };
         await configManager.saveConfig({ config: content, projectRootDir });

package/dist/commands/login/index.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class Login extends Command {
+    static args: {
+        url: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+}

package/dist/commands/login/index.js

@@ -0,0 +1,27 @@
+import { Args, Command } from '@oclif/core';
+import { loginToCloudBackend } from '../../backend/cloud/login.js';
+import { saveCloudCredentials } from '../../backend/config.js';
+export default class Login extends Command {
+    static args = {
+        url: Args.string({ description: 'URL of the Hereya Cloud backend', required: true }),
+    };
+    static description = 'Login to the Hereya Cloud backend';
+    static examples = [
+        '<%= config.bin %> <%= command.id %> https://cloud.hereya.dev',
+        '<%= config.bin %> <%= command.id %> http://localhost:5173',
+    ];
+    async run() {
+        const { args } = await this.parse(Login);
+        const result = await loginToCloudBackend(args.url);
+        if (!result.success) {
+            this.error(result.error);
+        }
+        await saveCloudCredentials({
+            accessToken: result.accessToken,
+            clientId: result.clientId,
+            refreshToken: result.refreshToken,
+            url: args.url,
+        });
+        this.log(`Logged in to ${args.url}`);
+    }
+}

package/dist/commands/logout/index.d.ts

@@ -0,0 +1,6 @@
+import { Command } from '@oclif/core';
+export default class Logout extends Command {
+    static description: string;
+    static examples: string[];
+    run(): Promise<void>;
+}

package/dist/commands/logout/index.js

@@ -0,0 +1,23 @@
+import { Command } from '@oclif/core';
+import { logoutFromCloudBackend } from '../../backend/cloud/logout.js';
+import { deleteCloudCredentials } from '../../backend/config.js';
+export default class Logout extends Command {
+    static description = 'Logout from Hereya Cloud';
+    static examples = ['<%= config.bin %> <%= command.id %>'];
+    async run() {
+        await this.parse(Logout);
+        const result = await deleteCloudCredentials();
+        if (result.originalConfig.cloud) {
+            await logoutFromCloudBackend({
+                secret: result.secret,
+                url: result.originalConfig.cloud.url,
+            });
+        }
+        if (result.didDelete) {
+            this.log('Logged out from Hereya Cloud');
+        }
+        else {
+            this.log('Not logged in to Hereya Cloud');
+        }
+    }
+}

package/dist/commands/unbootstrap/index.js

@@ -1,5 +1,7 @@
 import { Args, Command, Flags } from '@oclif/core';
+import { BackendType, setBackendType } from '../../backend/index.js';
 import { getInfrastructure } from '../../infrastructure/index.js';
+import { getLogPath, setDebug } from '../../lib/log.js';
 export default class Unbootstrap extends Command {
     static args = {
         infrastructureType: Args.string({
@@ -17,12 +19,21 @@ export default class Unbootstrap extends Command {
     };
     async run() {
         const { args, flags } = await this.parse(Unbootstrap);
+        setBackendType(BackendType.Local);
         const infrastructure$ = getInfrastructure({ type: args.infrastructureType });
         if (!infrastructure$.supported) {
             this.warn(infrastructure$.reason);
             return;
         }
         const { infrastructure } = infrastructure$;
-        await infrastructure.unbootstrap({ force: flags.force });
+        setDebug(true);
+        try {
+            await infrastructure.unbootstrap({ force: flags.force });
+        }
+        catch (error) {
+            this.error(`${error.message}
+      
+      See ${getLogPath()} for more details`);
+        }
     }
 }

package/dist/executor/local.js

@@ -76,8 +76,9 @@ export class LocalExecutor {
             return { reason: setEnvVarOutput.reason, success: false };
         }
         return backend.setEnvVar({
+            infrastructure: input.infra,
             name: input.name,
-            value: `${input.infra}:${setEnvVarOutput.value}`,
+            value: setEnvVarOutput.value,
             workspace: input.workspace,
         });
     }
@@ -116,6 +117,7 @@ export class LocalExecutor {
             };
         }
         return backend.unsetEnvVar({
+            infrastructure: infra,
             name: input.name,
             workspace: input.workspace,
         });

package/dist/infrastructure/aws-config.js

@@ -1,12 +1,23 @@
 import { GetParameterCommand, SSMClient } from '@aws-sdk/client-ssm';
+import { getDefaultLogger } from '../lib/log.js';
 const configKey = '/hereya-bootstrap/config';
 export function getAwsConfigKey() {
     return configKey;
 }
 export async function getAwsConfig() {
-    const ssmClient = new SSMClient({});
-    const ssmParameter = await ssmClient.send(new GetParameterCommand({
-        Name: configKey,
-    }));
-    return JSON.parse(ssmParameter.Parameter?.Value ?? '{}');
+    try {
+        const ssmClient = new SSMClient({});
+        const ssmParameter = await ssmClient.send(new GetParameterCommand({
+            Name: configKey,
+        }));
+        return JSON.parse(ssmParameter.Parameter?.Value ?? '{}');
+    }
+    catch (error) {
+        getDefaultLogger().error(`Could not get AWS config: ${error.message}`);
+        return {
+            backendBucket: '',
+            terraformStateBucketName: '',
+            terraformStateLockTableName: '',
+        };
+    }
 }