hetzner-cli 2.0.0

package/dist/robot/types.d.ts

@@ -0,0 +1,352 @@
+export interface Server {
+    server_ip: string;
+    server_ipv6_net: string;
+    server_number: number;
+    server_name: string;
+    product: string;
+    dc: string;
+    traffic: string;
+    status: 'ready' | 'installing' | 'maintenance';
+    cancelled: boolean;
+    paid_until: string;
+    ip: string[];
+    subnet: ServerSubnet[];
+}
+export interface ServerSubnet {
+    ip: string;
+    mask: string;
+}
+export interface ServerDetails extends Server {
+    reset: boolean;
+    rescue: boolean;
+    vnc: boolean;
+    windows: boolean;
+    plesk: boolean;
+    cpanel: boolean;
+    wol: boolean;
+    hot_swap: boolean;
+}
+export interface Cancellation {
+    server_ip: string;
+    server_ipv6_net: string;
+    server_number: number;
+    server_name: string;
+    earliest_cancellation_date: string;
+    cancelled: boolean;
+    cancellation_date: string | null;
+    cancellation_reason: string[] | null;
+}
+export type ResetType = 'sw' | 'hw' | 'man' | 'power' | 'power_long';
+export interface Reset {
+    server_ip: string;
+    server_ipv6_net: string;
+    server_number: number;
+    type: ResetType[];
+    operating_status: string;
+}
+export interface BootConfig {
+    rescue: RescueConfig | null;
+    linux: LinuxConfig | null;
+    vnc: VncConfig | null;
+    windows: WindowsConfig | null;
+    plesk: PleskConfig | null;
+    cpanel: CpanelConfig | null;
+}
+interface BaseBootConfig {
+    server_ip: string;
+    server_ipv6_net: string;
+    server_number: number;
+    active: boolean;
+    password: string | null;
+}
+export interface RescueConfig extends BaseBootConfig {
+    os: string[];
+    arch: number[];
+    authorized_key: string[];
+    host_key: string[];
+}
+export interface LinuxConfig extends BaseBootConfig {
+    dist: string[];
+    arch: number[];
+    lang: string[];
+    authorized_key: string[];
+    host_key: string[];
+}
+export interface VncConfig extends BaseBootConfig {
+    dist: string[];
+    arch: number[];
+    lang: string[];
+}
+export interface WindowsConfig extends BaseBootConfig {
+    dist: string[];
+    lang: string[];
+}
+export interface PleskConfig extends BaseBootConfig {
+    dist: string[];
+    arch: number[];
+    lang: string[];
+    hostname: string | null;
+}
+export interface CpanelConfig extends BaseBootConfig {
+    dist: string[];
+    arch: number[];
+    lang: string[];
+    hostname: string | null;
+}
+export interface IP {
+    ip: string;
+    server_ip: string;
+    server_number: number;
+    locked: boolean;
+    separate_mac: string | null;
+    traffic_warnings: boolean;
+    traffic_hourly: number;
+    traffic_daily: number;
+    traffic_monthly: number;
+}
+export interface Mac {
+    ip: string;
+    mac: string;
+}
+export interface Subnet {
+    ip: string;
+    mask: string;
+    gateway: string;
+    server_ip: string;
+    server_number: number;
+    failover: boolean;
+    locked: boolean;
+    traffic_warnings: boolean;
+    traffic_hourly: number;
+    traffic_daily: number;
+    traffic_monthly: number;
+}
+export interface Failover {
+    ip: string;
+    netmask: string;
+    server_ip: string;
+    server_number: number;
+    active_server_ip: string;
+}
+export interface Rdns {
+    ip: string;
+    ptr: string;
+}
+export interface SshKey {
+    name: string;
+    fingerprint: string;
+    type: string;
+    size: number;
+    data: string;
+}
+export interface Firewall {
+    server_ip: string;
+    server_number: number;
+    status: 'active' | 'disabled' | 'in process';
+    filter_ipv6: boolean;
+    whitelist_hos: boolean;
+    port: 'main' | 'kvm';
+    rules: {
+        input: FirewallRule[];
+        output?: FirewallRule[];
+    };
+}
+export interface FirewallRule {
+    ip_version: string;
+    name: string;
+    dst_ip: string | null;
+    dst_port: string | null;
+    src_ip: string | null;
+    src_port: string | null;
+    protocol: string | null;
+    tcp_flags: string | null;
+    action: 'accept' | 'discard';
+}
+export interface FirewallTemplate {
+    id: number;
+    name: string;
+    filter_ipv6: boolean;
+    whitelist_hos: boolean;
+    is_default: boolean;
+    rules: {
+        input: FirewallRule[];
+        output?: FirewallRule[];
+    };
+}
+export interface VSwitch {
+    id: number;
+    name: string;
+    vlan: number;
+    cancelled: boolean;
+    server: VSwitchServer[];
+    subnet: VSwitchSubnet[];
+    cloud_network: VSwitchCloudNetwork[];
+}
+export interface VSwitchServer {
+    server_ip: string;
+    server_ipv6_net: string;
+    server_number: number;
+    status: 'ready' | 'in process' | 'failed';
+}
+export interface VSwitchSubnet {
+    ip: string;
+    mask: number;
+    gateway: string;
+}
+export interface VSwitchCloudNetwork {
+    id: number;
+    ip: string;
+    mask: number;
+    gateway: string;
+}
+export interface StorageBox {
+    id: number;
+    login: string;
+    name: string;
+    product: string;
+    cancelled: boolean;
+    locked: boolean;
+    location: string;
+    linked_server: number | null;
+    paid_until: string;
+    disk_quota: number;
+    disk_usage: number;
+    disk_usage_data: number;
+    disk_usage_snapshots: number;
+    webdav: boolean;
+    samba: boolean;
+    ssh: boolean;
+    external_reachability: boolean;
+    zfs: boolean;
+    server: string;
+    host_system: string;
+}
+export interface StorageBoxSnapshot {
+    name: string;
+    timestamp: string;
+    size: number;
+    size_formatted: string;
+}
+export interface StorageBoxSnapshotPlan {
+    status: 'enabled' | 'disabled';
+    minute: number;
+    hour: number;
+    day_of_week: number;
+    day_of_month: number;
+    max_snapshots: number;
+}
+export interface StorageBoxSubaccount {
+    username: string;
+    accountid: string;
+    server: string;
+    homedirectory: string;
+    samba: boolean;
+    ssh: boolean;
+    external_reachability: boolean;
+    webdav: boolean;
+    readonly: boolean;
+    createtime: string;
+    comment: string;
+}
+export interface Traffic {
+    ip: string;
+    type: 'day' | 'month' | 'year';
+    from: string;
+    to: string;
+    data: TrafficData[];
+}
+export interface TrafficData {
+    in: number;
+    out: number;
+    sum: number;
+    date?: string;
+}
+export interface Wol {
+    server_ip: string;
+    server_ipv6_net: string;
+    server_number: number;
+}
+export interface ServerProduct {
+    id: string;
+    name: string;
+    description: string[];
+    traffic: string;
+    dist: string[];
+    arch: number[];
+    lang: string[];
+    location: string[];
+    prices: ProductPrice[];
+    orderable_addons: string[];
+}
+export interface ProductPrice {
+    location: string;
+    price: {
+        net: string;
+        gross: string;
+    };
+    price_setup: {
+        net: string;
+        gross: string;
+    };
+    price_vat: {
+        net: string;
+        gross: string;
+    };
+    price_setup_vat: {
+        net: string;
+        gross: string;
+    };
+}
+export interface ServerMarketProduct {
+    id: number;
+    name: string;
+    description: string[];
+    traffic: string;
+    dist: string[];
+    arch: number[];
+    lang: string[];
+    cpu: string;
+    cpu_benchmark: number;
+    memory_size: number;
+    hdd_size: number;
+    hdd_text: string;
+    hdd_count: number;
+    datacenter: string;
+    network_speed: string;
+    price: string;
+    price_setup: string;
+    fixed_price: boolean;
+    next_reduce: number;
+    next_reduce_date: string;
+    orderable_addons: string[];
+}
+export interface ServerTransaction {
+    id: string;
+    date: string;
+    status: 'ready' | 'in process' | 'cancelled';
+    server_number: number | null;
+    server_ip: string | null;
+    authorized_key: string[];
+    host_key: string[];
+    comment: string;
+    product: ServerTransactionProduct;
+}
+export interface ServerTransactionProduct {
+    id: string;
+    name: string;
+    description: string[];
+    traffic: string;
+    dist: string;
+    arch: number;
+    lang: string;
+    location: string;
+}
+export type ApiResponse<T> = Record<string, T>;
+export interface ApiError {
+    error: {
+        status: number;
+        code: string;
+        message: string;
+    };
+}
+export {};

package/dist/robot/types.js

@@ -0,0 +1,5 @@
+// ============================================================================
+// Hetzner Robot API Types
+// Based on: https://robot.hetzner.com/doc/webservice/en.html
+// ============================================================================
+export {};

package/dist/shared/config.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Check if system keychain is available
+ */
+export declare function hasKeychainSupport(): Promise<boolean>;
+/**
+ * Get credentials from system keychain
+ */
+export declare function getKeychainCredentials(): Promise<{
+    user: string;
+    password: string;
+} | null>;
+/**
+ * Save credentials to system keychain
+ * @returns true if saved successfully, false otherwise
+ */
+export declare function saveToKeychain(user: string, password: string): Promise<boolean>;
+/**
+ * Clear credentials from system keychain
+ */
+export declare function clearKeychain(): Promise<void>;
+export type CredentialSource = 'environment' | 'keychain' | 'file' | null;
+export interface Config {
+    user?: string;
+    password?: string;
+}
+/**
+ * Load configuration from file
+ */
+export declare function loadConfig(): Config;
+/**
+ * Save configuration to file
+ */
+export declare function saveConfig(cfg: Config): void;
+/**
+ * Clear saved configuration from file
+ */
+export declare function clearConfigFile(): void;
+/**
+ * Clear saved configuration from all storage locations
+ */
+export declare function clearConfig(): Promise<void>;
+/**
+ * Get credentials from environment variables only (sync)
+ */
+export declare function getCredentialsFromEnv(): {
+    user: string;
+    password: string;
+} | null;
+/**
+ * Get credentials from config file only (sync)
+ */
+export declare function getCredentialsFromFile(): {
+    user: string;
+    password: string;
+} | null;
+/**
+ * Get credentials from environment variables, keychain, or config file
+ * Priority: env vars → keychain → config file
+ */
+export declare function getCredentials(): Promise<{
+    user: string;
+    password: string;
+    source: CredentialSource;
+} | null>;
+/**
+ * Check if credentials are configured (sync check - env and file only)
+ */
+export declare function hasCredentialsSync(): boolean;
+/**
+ * Check if credentials are configured (async - includes keychain)
+ */
+export declare function hasCredentials(): Promise<boolean>;
+/**
+ * Interactive login prompt
+ */
+export declare function promptLogin(): Promise<{
+    user: string;
+    password: string;
+}>;
+/**
+ * Get credentials, prompting if necessary
+ */
+export declare function requireCredentials(): Promise<{
+    user: string;
+    password: string;
+}>;

package/dist/shared/config.js

@@ -0,0 +1,273 @@
+import { config } from 'dotenv';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { input, password as passwordPrompt, confirm } from '@inquirer/prompts';
+config();
+const CONFIG_DIR = join(homedir(), '.hetzner-cli');
+const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+const KEYCHAIN_SERVICE = 'hetzner-cli';
+const KEYCHAIN_ACCOUNT = 'robot-api';
+// Lazy-loaded keytar module (optional dependency with native bindings)
+let keytarModule = null;
+let keytarLoadAttempted = false;
+/**
+ * Try to load keytar module (may fail if native deps unavailable)
+ */
+async function getKeytar() {
+    if (keytarLoadAttempted)
+        return keytarModule;
+    keytarLoadAttempted = true;
+    try {
+        keytarModule = await import('keytar');
+        return keytarModule;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Check if system keychain is available
+ */
+export async function hasKeychainSupport() {
+    const keytar = await getKeytar();
+    if (!keytar)
+        return false;
+    try {
+        // Try a read operation to verify keychain access
+        await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get credentials from system keychain
+ */
+export async function getKeychainCredentials() {
+    const keytar = await getKeytar();
+    if (!keytar)
+        return null;
+    try {
+        const stored = await keytar.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+        if (!stored)
+            return null;
+        const parsed = JSON.parse(stored);
+        if (parsed.user && parsed.password) {
+            return { user: parsed.user, password: parsed.password };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Save credentials to system keychain
+ * @returns true if saved successfully, false otherwise
+ */
+export async function saveToKeychain(user, password) {
+    const keytar = await getKeytar();
+    if (!keytar)
+        return false;
+    try {
+        await keytar.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, JSON.stringify({ user, password }));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Clear credentials from system keychain
+ */
+export async function clearKeychain() {
+    const keytar = await getKeytar();
+    if (!keytar)
+        return;
+    try {
+        await keytar.deletePassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+    }
+    catch {
+        // Ignore errors when clearing
+    }
+}
+/**
+ * Ensure config directory exists
+ */
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+/**
+ * Load configuration from file
+ */
+export function loadConfig() {
+    if (!existsSync(CONFIG_FILE)) {
+        return {};
+    }
+    try {
+        const data = readFileSync(CONFIG_FILE, 'utf-8');
+        return JSON.parse(data);
+    }
+    catch {
+        return {};
+    }
+}
+/**
+ * Save configuration to file
+ */
+export function saveConfig(cfg) {
+    ensureConfigDir();
+    writeFileSync(CONFIG_FILE, JSON.stringify(cfg, null, 2), { mode: 0o600 });
+}
+/**
+ * Clear saved configuration from file
+ */
+export function clearConfigFile() {
+    if (existsSync(CONFIG_FILE)) {
+        writeFileSync(CONFIG_FILE, '{}', { mode: 0o600 });
+    }
+}
+/**
+ * Clear saved configuration from all storage locations
+ */
+export async function clearConfig() {
+    await clearKeychain();
+    clearConfigFile();
+}
+/**
+ * Get credentials from environment variables only (sync)
+ */
+export function getCredentialsFromEnv() {
+    const envUser = process.env.HETZNER_ROBOT_USER;
+    const envPassword = process.env.HETZNER_ROBOT_PASSWORD;
+    if (envUser && envPassword) {
+        return { user: envUser, password: envPassword };
+    }
+    return null;
+}
+/**
+ * Get credentials from config file only (sync)
+ */
+export function getCredentialsFromFile() {
+    const cfg = loadConfig();
+    if (cfg.user && cfg.password) {
+        return { user: cfg.user, password: cfg.password };
+    }
+    return null;
+}
+/**
+ * Get credentials from environment variables, keychain, or config file
+ * Priority: env vars → keychain → config file
+ */
+export async function getCredentials() {
+    // First try environment variables
+    const envCreds = getCredentialsFromEnv();
+    if (envCreds) {
+        return { ...envCreds, source: 'environment' };
+    }
+    // Then try keychain
+    const keychainCreds = await getKeychainCredentials();
+    if (keychainCreds) {
+        return { ...keychainCreds, source: 'keychain' };
+    }
+    // Finally try config file
+    const fileCreds = getCredentialsFromFile();
+    if (fileCreds) {
+        return { ...fileCreds, source: 'file' };
+    }
+    return null;
+}
+/**
+ * Check if credentials are configured (sync check - env and file only)
+ */
+export function hasCredentialsSync() {
+    return getCredentialsFromEnv() !== null || getCredentialsFromFile() !== null;
+}
+/**
+ * Check if credentials are configured (async - includes keychain)
+ */
+export async function hasCredentials() {
+    return (await getCredentials()) !== null;
+}
+/**
+ * Interactive login prompt
+ */
+export async function promptLogin() {
+    console.log('');
+    console.log('Hetzner Robot API Authentication');
+    console.log('─'.repeat(40));
+    console.log('');
+    console.log('To get your API credentials:');
+    console.log('1. Go to https://robot.hetzner.com');
+    console.log('2. Navigate to: Settings > Web service settings');
+    console.log('3. Create a new web service user');
+    console.log('');
+    console.log('Note: This is separate from your main Hetzner login.');
+    console.log('');
+    // Check if we should offer migration from file to keychain
+    const keychainAvailable = await hasKeychainSupport();
+    const existingFileCreds = getCredentialsFromFile();
+    if (keychainAvailable && existingFileCreds) {
+        const migrate = await confirm({
+            message: 'Migrate existing credentials to secure keychain storage?',
+            default: true,
+        });
+        if (migrate) {
+            const saved = await saveToKeychain(existingFileCreds.user, existingFileCreds.password);
+            if (saved) {
+                clearConfigFile();
+                console.log('');
+                console.log('Credentials migrated to keychain.');
+                return existingFileCreds;
+            }
+        }
+    }
+    const user = await input({
+        message: 'Web service username:',
+        validate: (v) => v.length > 0 || 'Username is required',
+    });
+    const password = await passwordPrompt({
+        message: 'Web service password:',
+        validate: (v) => v.length > 0 || 'Password is required',
+    });
+    // Determine storage location based on keychain availability
+    const storageMessage = keychainAvailable
+        ? 'Save credentials to secure keychain?'
+        : 'Save credentials to ~/.hetzner-cli/config.json?';
+    const save = await confirm({
+        message: storageMessage,
+        default: true,
+    });
+    if (save) {
+        let savedToKeychain = false;
+        if (keychainAvailable) {
+            savedToKeychain = await saveToKeychain(user, password);
+        }
+        if (!savedToKeychain) {
+            // Fall back to file storage
+            saveConfig({ user, password });
+            console.log('');
+            console.warn('Warning: System keychain unavailable. Credentials stored in plaintext at ~/.hetzner-cli/config.json');
+            console.log('Credentials saved to config file.');
+        }
+        else {
+            console.log('');
+            console.log('Credentials saved to keychain.');
+        }
+    }
+    return { user, password };
+}
+/**
+ * Get credentials, prompting if necessary
+ */
+export async function requireCredentials() {
+    const creds = await getCredentials();
+    if (creds) {
+        return { user: creds.user, password: creds.password };
+    }
+    return promptLogin();
+}