learn-secrets-sdk 1.6.1 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -252,11 +252,23 @@ var SecretsManagement = class {
252
252
  );
253
253
  }
254
254
  const deviceData = await deviceResponse.json();
255
- console.log("\nTo authorize this device:");
256
- console.log(`1. Visit: ${deviceData.verification_uri}`);
257
- console.log(`2. Enter code: ${deviceData.user_code}`);
258
- console.log(`3. Complete 2FA verification`);
259
- console.log("\nOpening browser...\n");
255
+ console.log(`
256
+ Log in on ${this.baseUrl}`);
257
+ console.log("Login at:");
258
+ console.log(deviceData.verification_uri_complete);
259
+ console.log("\nPress ENTER to open in the browser...");
260
+ const readline = await import("readline");
261
+ const rl = readline.createInterface({
262
+ input: process.stdin,
263
+ output: process.stdout
264
+ });
265
+ await new Promise((resolve2) => {
266
+ rl.question("", () => {
267
+ rl.close();
268
+ resolve2();
269
+ });
270
+ });
271
+ console.log("Opening browser...\n");
260
272
  await this.openBrowser(deviceData.verification_uri_complete);
261
273
  let deviceAuthorized = false;
262
274
  const interval = deviceData.interval * 1e3;
@@ -306,14 +318,13 @@ var SecretsManagement = class {
306
318
  );
307
319
  }
308
320
  console.log("2FA code sent to your email.\n");
309
- const readline = await import("readline");
310
- const rl = readline.createInterface({
321
+ const rl2 = readline.createInterface({
311
322
  input: process.stdin,
312
323
  output: process.stdout
313
324
  });
314
325
  const tfaCode = await new Promise((resolve2) => {
315
- rl.question("Enter 2FA code from email: ", (answer) => {
316
- rl.close();
326
+ rl2.question("Enter 2FA code from email: ", (answer) => {
327
+ rl2.close();
317
328
  resolve2(answer);
318
329
  });
319
330
  });
@@ -1,11 +1,11 @@
1
- "use strict";var SecretsSDK=(()=>{var ee=Object.create;var D=Object.defineProperty;var te=Object.getOwnPropertyDescriptor;var re=Object.getOwnPropertyNames;var se=Object.getPrototypeOf,ne=Object.prototype.hasOwnProperty;var c=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var ie=(t,e)=>()=>(t&&(e=t(t=0)),e);var W=(t,e)=>{for(var r in e)D(t,r,{get:e[r],enumerable:!0})},B=(t,e,r,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of re(e))!ne.call(t,n)&&n!==r&&D(t,n,{get:()=>e[n],enumerable:!(s=te(e,n))||s.enumerable});return t};var w=(t,e,r)=>(r=t!=null?ee(se(t)):{},B(e||!t||!t.__esModule?D(r,"default",{value:t,enumerable:!0}):r,t)),oe=t=>B(D({},"__esModule",{value:!0}),t);var Y={};W(Y,{loadSecretsConfig:()=>z,resolveEnvInSecret:()=>L,resolveEnvInSecrets:()=>$,resolveEnvString:()=>m});function m(t){return t.replace(/\$\{([A-Z0-9_]+)\}|\$([A-Z0-9_]+)/g,(e,r,s)=>{let n=r||s,i=process.env[n];if(i===void 0)throw new Error(`Environment variable ${n} is not defined`);return i})}function L(t){let e={name:m(t.name),provider:m(t.provider),api_key:m(t.api_key)};return t.base_url&&(e.base_url=m(t.base_url)),t.auth_header&&(e.auth_header=m(t.auth_header)),t.auth_prefix&&(e.auth_prefix=m(t.auth_prefix)),e}function $(t){return t.map(L)}function z(t){let e=c("fs"),s=c("path").resolve(t);if(!e.existsSync(s))throw new Error(`Config file not found: ${s}`);let n=e.readFileSync(s,"utf-8"),i=JSON.parse(n);if(!i.version)throw new Error('Config file missing "version" field');if(!i.project)throw new Error('Config file missing "project" field');if(!Array.isArray(i.secrets))throw new Error('Config file missing "secrets" array');let a=$(i.secrets);return{version:i.version,project:i.project,secrets:a}}var J=ie(()=>{"use strict"});var ue={};W(ue,{InvalidTokenError:()=>b,OriginMismatchError:()=>v,RateLimitError:()=>x,SecretsManagement:()=>j,SecretsSDK:()=>R,SecretsSDKError:()=>o,deleteSDKCredentials:()=>G,getMachineId:()=>A,hasSDKCredentials:()=>V,loadSecretsConfig:()=>z,readAllCredentials:()=>C,readSDKCredentials:()=>k,resolveEnvInSecret:()=>L,resolveEnvInSecrets:()=>$,resolveEnvString:()=>m,writeAllCredentials:()=>O,writeSDKCredentials:()=>E});var o=class extends Error{constructor(r,s,n){super(r);this.status=s;this.response=n;this.name="SecretsSDKError"}},v=class extends o{constructor(e="Origin not allowed for this token"){super(e,403),this.name="OriginMismatchError"}},x=class extends o{constructor(e="Rate limit exceeded",r=60,s=0,n=100){super(e,429),this.name="RateLimitError",this.retryAfter=r,this.remaining=s,this.limit=n}},b=class extends o{constructor(e="Invalid or expired token"){super(e,401),this.name="InvalidTokenError"}};var R=class{constructor(e={}){this.rateLimitInfo=null;this.appId=e.appId||null,this.token=e.token||e.sessionToken||null,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4,this.retryOn429=e.retryOn429!==void 0?e.retryOn429:!0,this.zeroConfigMode=!this.appId&&!this.token}getUsage(){return this.rateLimitInfo}parseRateLimitHeaders(e){let r=e.get("X-RateLimit-Limit"),s=e.get("X-RateLimit-Remaining"),n=e.get("X-RateLimit-Reset");r&&s&&n&&(this.rateLimitInfo={limit:parseInt(r),remaining:parseInt(s),reset:parseInt(n)})}sleep(e){return new Promise(r=>setTimeout(r,e))}async fetchWithTimeout(e,r,s){let n=new AbortController,i=setTimeout(()=>n.abort(),s);try{return await fetch(e,{...r,signal:n.signal})}finally{clearTimeout(i)}}async call(e,r,s={}){let n=0,i=this.retryOn429?3:0;for(;;)try{let a=this.zeroConfigMode?`${this.baseUrl}/api/sdk/proxy`:`${this.baseUrl}/api/sdk/${this.appId}/proxy`,h={"Content-Type":"application/json"};!this.zeroConfigMode&&this.token&&(h.Authorization=`Bearer ${this.token}`);let u=await this.fetchWithTimeout(a,{method:"POST",headers:h,body:JSON.stringify({keyName:e,endpoint:r,method:s.method||"GET",body:s.body,headers:s.headers})},this.timeout);this.parseRateLimitHeaders(u.headers);let f=await u.json();if(!u.ok){let p=f.data?.message||f?.message||`Request failed with status ${u.status}`;if(u.status===403&&p.includes("Origin"))throw new v(p);if(u.status===401)throw new b(p);if(u.status===429){let H=this.rateLimitInfo?this.rateLimitInfo.reset-Math.floor(Date.now()/1e3):60,I=new x(p,H,this.rateLimitInfo?.remaining||0,this.rateLimitInfo?.limit||100);if(this.retryOn429&&n<i){n++;let M=Math.min(1e3*Math.pow(2,n-1),8e3);await this.sleep(M);continue}throw I}throw new o(p,u.status,f)}return f.data}catch(a){throw a instanceof o?a:a instanceof Error&&a.name==="AbortError"?new o("Request timeout",408):new o(a instanceof Error?a.message:"Unknown error occurred",500)}}async get(e,r,s){return this.call(e,r,{method:"GET",headers:s})}async post(e,r,s,n){return this.call(e,r,{method:"POST",body:s,headers:n})}async put(e,r,s,n){return this.call(e,r,{method:"PUT",body:s,headers:n})}async delete(e,r,s){return this.call(e,r,{method:"DELETE",headers:s})}async patch(e,r,s,n){return this.call(e,r,{method:"PATCH",body:s,headers:n})}setAppId(e){this.appId=e}async secretsRequest(e,r){if(!this.appId)throw new o("App ID required for secrets management. Call setAppId() first.",400);let s=await this.fetchWithTimeout(`${this.baseUrl}/api/projects/${this.appId}/secrets/manage?action=${e}`,{method:"POST",headers:{"Content-Type":"application/json"},body:r?JSON.stringify(r):void 0},this.timeout);if(!s.ok){let n=await s.json().catch(()=>({}));throw new o(n.message||`Secrets management failed: ${s.statusText}`,s.status,n)}return s.json()}async listSecrets(){return this.secretsRequest("list")}async createSecret(e){return this.secretsRequest("create",e)}async updateSecret(e){return this.secretsRequest("update",e)}async deleteSecret(e){return this.secretsRequest("delete",{name:e})}async syncEnv(e,r){return this.secretsRequest("sync",{secrets:e,provider:r})}};var d=w(c("fs")),P=w(c("path")),K=w(c("os"));function U(){let t=K.homedir(),e=P.join(t,".learn");return P.join(e,"credentials.json")}function ae(){let t=K.homedir(),e=P.join(t,".learn");d.existsSync(e)||d.mkdirSync(e,{recursive:!0,mode:448})}function C(){try{let t=U();if(!d.existsSync(t))return null;let e=d.readFileSync(t,"utf-8"),r=JSON.parse(e);return r.access_token&&!r["learn-secrets-sdk"]&&!r["learn-auth-sdk"]?{"learn-secrets-sdk":r}:r}catch{return null}}function O(t){ae();let e=U(),r=JSON.stringify(t,null,2);d.writeFileSync(e,r,{mode:384})}function k(t){let e=C();return e&&e[t]||null}function E(t,e){let r=C()||{};r[t]=e,O(r)}function G(t){let e=C();e&&(delete e[t],Object.keys(e).length===0?N():O(e))}function q(){return k("learn-secrets-sdk")}function N(){try{let t=U();d.existsSync(t)&&d.unlinkSync(t)}catch{}}function V(t){let e=k(t);return e!==null&&!!e.access_token}function X(){let t=q();return t?t.expires_at?new Date(t.expires_at)>new Date:!0:!1}var Z=c("child_process"),Q=c("util"),F=c("crypto"),g=w(c("os")),_=(0,Q.promisify)(Z.exec);async function A(){let t=process.platform;try{let e;if(t==="darwin")e=await ce();else if(t==="linux")e=await de();else if(t==="win32")e=await le();else throw new Error(`Unsupported platform: ${t}`);let r=(0,F.createHash)("sha256").update(e).digest("hex").substring(0,32),s=JSON.stringify({machineId:r,cpus:g.cpus().length,arch:g.arch(),platform:g.platform(),homedir:g.homedir()}),n=(0,F.createHash)("sha256").update(s).digest("hex");return{machineId:r,fingerprint:n}}catch(e){throw new Error(`Failed to get machine ID: ${e.message}`)}}async function ce(){try{let{stdout:t}=await _(`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`),{stdout:e}=await _("hostname"),r=t.trim(),s=e.trim();if(r&&s)return`${r}-${s}`;let{stdout:n}=await _(`ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`);return n.trim()}catch{throw new Error("Failed to get macOS machine ID")}}async function de(){try{let{stdout:t}=await _("cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"),e=t.trim();if(e)return e;throw new Error("Machine ID file not found")}catch{throw new Error("Failed to get Linux machine ID")}}async function le(){try{let{stdout:t}=await _("wmic csproduct get uuid"),r=t.split(`
2
- `).map(s=>s.trim()).find(s=>s&&s!=="UUID");if(r)return r;throw new Error("Failed to parse machine UUID from WMIC")}catch{throw new Error("Failed to get Windows machine ID")}}var j=class{constructor(e){this.appId=e.appId,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4}async openBrowser(e){let{exec:r}=await import("child_process"),{promisify:s}=await import("util"),n=s(r),i=process.platform;try{i==="darwin"?await n(`open "${e}"`):i==="win32"?await n(`start "${e}"`):await n(`xdg-open "${e}"`)}catch(a){throw console.error("Failed to open browser:",a),new o("Failed to open browser",500)}}sleep(e){return new Promise(r=>setTimeout(r,e))}async login(){let e="learn-secrets-sdk";try{console.log(`Authenticating with Learn (${e})...
3
- `);let r=await A(),s=k(e);if(s&&s.access_token){let l=await fetch(`${this.baseUrl}/api/auth/cli/check-authorization`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({machine_id:r.machineId,sdk_name:e})});if(l.ok){let y=await l.json();if(y.authorized)return console.log("This machine is already authorized."),console.log(`Logged in as: ${y.user_email||y.user_id}`),{success:!0,user:y.user_email||y.user_id}}}let n=await fetch(`${this.baseUrl}/api/auth/cli/device`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!n.ok)throw new o("Failed to generate device code",n.status);let i=await n.json();console.log(`
4
- To authorize this device:`),console.log(`1. Visit: ${i.verification_uri}`),console.log(`2. Enter code: ${i.user_code}`),console.log("3. Complete 2FA verification"),console.log(`
5
- Opening browser...
6
- `),await this.openBrowser(i.verification_uri_complete);let a=!1,h=i.interval*1e3,u=Math.ceil(i.expires_in/i.interval),f=0;for(;f<u;){await this.sleep(h),f++;let l=await fetch(`${this.baseUrl}/api/auth/cli/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:i.device_code})});if(l.status===202){process.stdout.write(".");continue}if(l.ok){a=!0;break}}if(!a)throw new o("Device authorization timeout",408);console.log(`
1
+ "use strict";var SecretsSDK=(()=>{var te=Object.create;var P=Object.defineProperty;var re=Object.getOwnPropertyDescriptor;var se=Object.getOwnPropertyNames;var ne=Object.getPrototypeOf,ie=Object.prototype.hasOwnProperty;var d=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var oe=(t,e)=>()=>(t&&(e=t(t=0)),e);var W=(t,e)=>{for(var r in e)P(t,r,{get:e[r],enumerable:!0})},B=(t,e,r,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of se(e))!ie.call(t,n)&&n!==r&&P(t,n,{get:()=>e[n],enumerable:!(s=re(e,n))||s.enumerable});return t};var y=(t,e,r)=>(r=t!=null?te(ne(t)):{},B(e||!t||!t.__esModule?P(r,"default",{value:t,enumerable:!0}):r,t)),ae=t=>B(P({},"__esModule",{value:!0}),t);var Y={};W(Y,{loadSecretsConfig:()=>J,resolveEnvInSecret:()=>j,resolveEnvInSecrets:()=>M,resolveEnvString:()=>p});function p(t){return t.replace(/\$\{([A-Z0-9_]+)\}|\$([A-Z0-9_]+)/g,(e,r,s)=>{let n=r||s,i=process.env[n];if(i===void 0)throw new Error(`Environment variable ${n} is not defined`);return i})}function j(t){let e={name:p(t.name),provider:p(t.provider),api_key:p(t.api_key)};return t.base_url&&(e.base_url=p(t.base_url)),t.auth_header&&(e.auth_header=p(t.auth_header)),t.auth_prefix&&(e.auth_prefix=p(t.auth_prefix)),e}function M(t){return t.map(j)}function J(t){let e=d("fs"),s=d("path").resolve(t);if(!e.existsSync(s))throw new Error(`Config file not found: ${s}`);let n=e.readFileSync(s,"utf-8"),i=JSON.parse(n);if(!i.version)throw new Error('Config file missing "version" field');if(!i.project)throw new Error('Config file missing "project" field');if(!Array.isArray(i.secrets))throw new Error('Config file missing "secrets" array');let a=M(i.secrets);return{version:i.version,project:i.project,secrets:a}}var H=oe(()=>{"use strict"});var pe={};W(pe,{InvalidTokenError:()=>x,OriginMismatchError:()=>b,RateLimitError:()=>v,SecretsManagement:()=>K,SecretsSDK:()=>O,SecretsSDKError:()=>o,deleteSDKCredentials:()=>G,getMachineId:()=>$,hasSDKCredentials:()=>V,loadSecretsConfig:()=>J,readAllCredentials:()=>I,readSDKCredentials:()=>k,resolveEnvInSecret:()=>j,resolveEnvInSecrets:()=>M,resolveEnvString:()=>p,writeAllCredentials:()=>L,writeSDKCredentials:()=>A});var o=class extends Error{constructor(r,s,n){super(r);this.status=s;this.response=n;this.name="SecretsSDKError"}},b=class extends o{constructor(e="Origin not allowed for this token"){super(e,403),this.name="OriginMismatchError"}},v=class extends o{constructor(e="Rate limit exceeded",r=60,s=0,n=100){super(e,429),this.name="RateLimitError",this.retryAfter=r,this.remaining=s,this.limit=n}},x=class extends o{constructor(e="Invalid or expired token"){super(e,401),this.name="InvalidTokenError"}};var O=class{constructor(e={}){this.rateLimitInfo=null;this.appId=e.appId||null,this.token=e.token||e.sessionToken||null,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4,this.retryOn429=e.retryOn429!==void 0?e.retryOn429:!0,this.zeroConfigMode=!this.appId&&!this.token}getUsage(){return this.rateLimitInfo}parseRateLimitHeaders(e){let r=e.get("X-RateLimit-Limit"),s=e.get("X-RateLimit-Remaining"),n=e.get("X-RateLimit-Reset");r&&s&&n&&(this.rateLimitInfo={limit:parseInt(r),remaining:parseInt(s),reset:parseInt(n)})}sleep(e){return new Promise(r=>setTimeout(r,e))}async fetchWithTimeout(e,r,s){let n=new AbortController,i=setTimeout(()=>n.abort(),s);try{return await fetch(e,{...r,signal:n.signal})}finally{clearTimeout(i)}}async call(e,r,s={}){let n=0,i=this.retryOn429?3:0;for(;;)try{let a=this.zeroConfigMode?`${this.baseUrl}/api/sdk/proxy`:`${this.baseUrl}/api/sdk/${this.appId}/proxy`,m={"Content-Type":"application/json"};!this.zeroConfigMode&&this.token&&(m.Authorization=`Bearer ${this.token}`);let u=await this.fetchWithTimeout(a,{method:"POST",headers:m,body:JSON.stringify({keyName:e,endpoint:r,method:s.method||"GET",body:s.body,headers:s.headers})},this.timeout);this.parseRateLimitHeaders(u.headers);let w=await u.json();if(!u.ok){let h=w.data?.message||w?.message||`Request failed with status ${u.status}`;if(u.status===403&&h.includes("Origin"))throw new b(h);if(u.status===401)throw new x(h);if(u.status===429){let T=this.rateLimitInfo?this.rateLimitInfo.reset-Math.floor(Date.now()/1e3):60,C=new v(h,T,this.rateLimitInfo?.remaining||0,this.rateLimitInfo?.limit||100);if(this.retryOn429&&n<i){n++;let D=Math.min(1e3*Math.pow(2,n-1),8e3);await this.sleep(D);continue}throw C}throw new o(h,u.status,w)}return w.data}catch(a){throw a instanceof o?a:a instanceof Error&&a.name==="AbortError"?new o("Request timeout",408):new o(a instanceof Error?a.message:"Unknown error occurred",500)}}async get(e,r,s){return this.call(e,r,{method:"GET",headers:s})}async post(e,r,s,n){return this.call(e,r,{method:"POST",body:s,headers:n})}async put(e,r,s,n){return this.call(e,r,{method:"PUT",body:s,headers:n})}async delete(e,r,s){return this.call(e,r,{method:"DELETE",headers:s})}async patch(e,r,s,n){return this.call(e,r,{method:"PATCH",body:s,headers:n})}setAppId(e){this.appId=e}async secretsRequest(e,r){if(!this.appId)throw new o("App ID required for secrets management. Call setAppId() first.",400);let s=await this.fetchWithTimeout(`${this.baseUrl}/api/projects/${this.appId}/secrets/manage?action=${e}`,{method:"POST",headers:{"Content-Type":"application/json"},body:r?JSON.stringify(r):void 0},this.timeout);if(!s.ok){let n=await s.json().catch(()=>({}));throw new o(n.message||`Secrets management failed: ${s.statusText}`,s.status,n)}return s.json()}async listSecrets(){return this.secretsRequest("list")}async createSecret(e){return this.secretsRequest("create",e)}async updateSecret(e){return this.secretsRequest("update",e)}async deleteSecret(e){return this.secretsRequest("delete",{name:e})}async syncEnv(e,r){return this.secretsRequest("sync",{secrets:e,provider:r})}};var l=y(d("fs")),E=y(d("path")),U=y(d("os"));function q(){let t=U.homedir(),e=E.join(t,".learn");return E.join(e,"credentials.json")}function ce(){let t=U.homedir(),e=E.join(t,".learn");l.existsSync(e)||l.mkdirSync(e,{recursive:!0,mode:448})}function I(){try{let t=q();if(!l.existsSync(t))return null;let e=l.readFileSync(t,"utf-8"),r=JSON.parse(e);return r.access_token&&!r["learn-secrets-sdk"]&&!r["learn-auth-sdk"]?{"learn-secrets-sdk":r}:r}catch{return null}}function L(t){ce();let e=q(),r=JSON.stringify(t,null,2);l.writeFileSync(e,r,{mode:384})}function k(t){let e=I();return e&&e[t]||null}function A(t,e){let r=I()||{};r[t]=e,L(r)}function G(t){let e=I();e&&(delete e[t],Object.keys(e).length===0?F():L(e))}function N(){return k("learn-secrets-sdk")}function F(){try{let t=q();l.existsSync(t)&&l.unlinkSync(t)}catch{}}function V(t){let e=k(t);return e!==null&&!!e.access_token}function X(){let t=N();return t?t.expires_at?new Date(t.expires_at)>new Date:!0:!1}var Z=d("child_process"),Q=d("util"),z=d("crypto"),g=y(d("os")),_=(0,Q.promisify)(Z.exec);async function $(){let t=process.platform;try{let e;if(t==="darwin")e=await de();else if(t==="linux")e=await le();else if(t==="win32")e=await ue();else throw new Error(`Unsupported platform: ${t}`);let r=(0,z.createHash)("sha256").update(e).digest("hex").substring(0,32),s=JSON.stringify({machineId:r,cpus:g.cpus().length,arch:g.arch(),platform:g.platform(),homedir:g.homedir()}),n=(0,z.createHash)("sha256").update(s).digest("hex");return{machineId:r,fingerprint:n}}catch(e){throw new Error(`Failed to get machine ID: ${e.message}`)}}async function de(){try{let{stdout:t}=await _(`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`),{stdout:e}=await _("hostname"),r=t.trim(),s=e.trim();if(r&&s)return`${r}-${s}`;let{stdout:n}=await _(`ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`);return n.trim()}catch{throw new Error("Failed to get macOS machine ID")}}async function le(){try{let{stdout:t}=await _("cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"),e=t.trim();if(e)return e;throw new Error("Machine ID file not found")}catch{throw new Error("Failed to get Linux machine ID")}}async function ue(){try{let{stdout:t}=await _("wmic csproduct get uuid"),r=t.split(`
2
+ `).map(s=>s.trim()).find(s=>s&&s!=="UUID");if(r)return r;throw new Error("Failed to parse machine UUID from WMIC")}catch{throw new Error("Failed to get Windows machine ID")}}var K=class{constructor(e){this.appId=e.appId,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4}async openBrowser(e){let{exec:r}=await import("child_process"),{promisify:s}=await import("util"),n=s(r),i=process.platform;try{i==="darwin"?await n(`open "${e}"`):i==="win32"?await n(`start "${e}"`):await n(`xdg-open "${e}"`)}catch(a){throw console.error("Failed to open browser:",a),new o("Failed to open browser",500)}}sleep(e){return new Promise(r=>setTimeout(r,e))}async login(){let e="learn-secrets-sdk";try{console.log(`Authenticating with Learn (${e})...
3
+ `);let r=await $(),s=k(e);if(s&&s.access_token){let c=await fetch(`${this.baseUrl}/api/auth/cli/check-authorization`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({machine_id:r.machineId,sdk_name:e})});if(c.ok){let f=await c.json();if(f.authorized)return console.log("This machine is already authorized."),console.log(`Logged in as: ${f.user_email||f.user_id}`),{success:!0,user:f.user_email||f.user_id}}}let n=await fetch(`${this.baseUrl}/api/auth/cli/device`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!n.ok)throw new o("Failed to generate device code",n.status);let i=await n.json();console.log(`
4
+ Log in on ${this.baseUrl}`),console.log("Login at:"),console.log(i.verification_uri_complete),console.log(`
5
+ Press ENTER to open in the browser...`);let a=await import("readline"),m=a.createInterface({input:process.stdin,output:process.stdout});await new Promise(c=>{m.question("",()=>{m.close(),c()})}),console.log(`Opening browser...
6
+ `),await this.openBrowser(i.verification_uri_complete);let u=!1,w=i.interval*1e3,h=Math.ceil(i.expires_in/i.interval),T=0;for(;T<h;){await this.sleep(w),T++;let c=await fetch(`${this.baseUrl}/api/auth/cli/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:i.device_code})});if(c.status===202){process.stdout.write(".");continue}if(c.ok){u=!0;break}}if(!u)throw new o("Device authorization timeout",408);console.log(`
7
7
 
8
- Device authorized! Sending 2FA code...`);let p=await fetch(`${this.baseUrl}/api/auth/2fa/send`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:i.device_code,sdk_name:e,machine_id:r.machineId})});if(!p.ok){let l=await p.json().catch(()=>({}));throw new o(l.message||"Failed to send 2FA code",p.status)}console.log(`2FA code sent to your email.
9
- `);let I=(await import("readline")).createInterface({input:process.stdin,output:process.stdout}),M=await new Promise(l=>{I.question("Enter 2FA code from email: ",y=>{I.close(),l(y)})}),T=await fetch(`${this.baseUrl}/api/auth/2fa/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:i.device_code,code:M.trim()})});if(!T.ok){let l=await T.json().catch(()=>({}));throw new o(l.message||"2FA verification failed",T.status)}let S=await T.json();return E(e,{access_token:S.access_token,refresh_token:null,expires_at:null,user_id:S.user_id,machine_id:r.machineId,sdk_name:e,authorized_at:new Date().toISOString()}),console.log(`
8
+ Device authorized! Sending 2FA code...`);let C=await fetch(`${this.baseUrl}/api/auth/2fa/send`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:i.device_code,sdk_name:e,machine_id:r.machineId})});if(!C.ok){let c=await C.json().catch(()=>({}));throw new o(c.message||"Failed to send 2FA code",C.status)}console.log(`2FA code sent to your email.
9
+ `);let D=a.createInterface({input:process.stdin,output:process.stdout}),ee=await new Promise(c=>{D.question("Enter 2FA code from email: ",f=>{D.close(),c(f)})}),R=await fetch(`${this.baseUrl}/api/auth/2fa/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:i.device_code,code:ee.trim()})});if(!R.ok){let c=await R.json().catch(()=>({}));throw new o(c.message||"2FA verification failed",R.status)}let S=await R.json();return A(e,{access_token:S.access_token,refresh_token:null,expires_at:null,user_id:S.user_id,machine_id:r.machineId,sdk_name:e,authorized_at:new Date().toISOString()}),console.log(`
10
10
  Authentication successful!`),console.log(`Logged in as: ${S.user_email||S.user_id}`),console.log(`This machine is now permanently authorized.
11
- `),{success:!0,user:S.user_email||S.user_id}}catch(r){throw r instanceof o?r:new o(r.message||"Login failed",r.status||500)}}async isAuthenticated(){return X()}logout(){N(),console.log("Logged out successfully")}getAccessToken(){let e=q();if(!e)throw new o("Not authenticated. Run login() first.",401);if(e.expires_at&&new Date(e.expires_at)<=new Date)throw new o("Token expired. Run login() again.",401);return e.access_token}async request(e,r,s){let n=this.getAccessToken(),i={method:e,headers:{"Content-Type":"application/json",Authorization:`Bearer ${n}`}};s&&(i.body=JSON.stringify(s));let a=await fetch(`${this.baseUrl}${r}`,i);if(!a.ok){let h=await a.json().catch(()=>({}));throw new o(h.message||`Request failed: ${a.statusText}`,a.status,h)}return a.json()}async list(){return(await this.request("GET",`/api/projects/${this.appId}/secrets`)).secrets}async sync(e,r){return await this.request("POST",`/api/projects/${this.appId}/secrets/sync`,{secrets:e,options:{deleteMissing:r?.deleteMissing??!1,dryRun:r?.dryRun??!1}})}async importSecrets(e){return this.request("POST",`/api/projects/${this.appId}/import-secrets`,{version:e.version||"1.0",origins:e.origins,secrets:e.secrets})}async importFromFile(e){let{loadSecretsConfig:r}=await Promise.resolve().then(()=>(J(),Y)),s=r(e);return this.importSecrets(s)}};J();return oe(ue);})();
11
+ `),{success:!0,user:S.user_email||S.user_id}}catch(r){throw r instanceof o?r:new o(r.message||"Login failed",r.status||500)}}async isAuthenticated(){return X()}logout(){F(),console.log("Logged out successfully")}getAccessToken(){let e=N();if(!e)throw new o("Not authenticated. Run login() first.",401);if(e.expires_at&&new Date(e.expires_at)<=new Date)throw new o("Token expired. Run login() again.",401);return e.access_token}async request(e,r,s){let n=this.getAccessToken(),i={method:e,headers:{"Content-Type":"application/json",Authorization:`Bearer ${n}`}};s&&(i.body=JSON.stringify(s));let a=await fetch(`${this.baseUrl}${r}`,i);if(!a.ok){let m=await a.json().catch(()=>({}));throw new o(m.message||`Request failed: ${a.statusText}`,a.status,m)}return a.json()}async list(){return(await this.request("GET",`/api/projects/${this.appId}/secrets`)).secrets}async sync(e,r){return await this.request("POST",`/api/projects/${this.appId}/secrets/sync`,{secrets:e,options:{deleteMissing:r?.deleteMissing??!1,dryRun:r?.dryRun??!1}})}async importSecrets(e){return this.request("POST",`/api/projects/${this.appId}/import-secrets`,{version:e.version||"1.0",origins:e.origins,secrets:e.secrets})}async importFromFile(e){let{loadSecretsConfig:r}=await Promise.resolve().then(()=>(H(),Y)),s=r(e);return this.importSecrets(s)}};H();return ae(pe);})();
package/dist/index.mjs CHANGED
@@ -1,11 +1,11 @@
1
- import{a as U,b as q,c as N,d as F}from"./chunk-AS6G7JYX.mjs";var i=class extends Error{constructor(t,r,n){super(t);this.status=r;this.response=n;this.name="SecretsSDKError"}},y=class extends i{constructor(e="Origin not allowed for this token"){super(e,403),this.name="OriginMismatchError"}},w=class extends i{constructor(e="Rate limit exceeded",t=60,r=0,n=100){super(e,429),this.name="RateLimitError",this.retryAfter=t,this.remaining=r,this.limit=n}},S=class extends i{constructor(e="Invalid or expired token"){super(e,401),this.name="InvalidTokenError"}};var _=class{constructor(e={}){this.rateLimitInfo=null;this.appId=e.appId||null,this.token=e.token||e.sessionToken||null,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4,this.retryOn429=e.retryOn429!==void 0?e.retryOn429:!0,this.zeroConfigMode=!this.appId&&!this.token}getUsage(){return this.rateLimitInfo}parseRateLimitHeaders(e){let t=e.get("X-RateLimit-Limit"),r=e.get("X-RateLimit-Remaining"),n=e.get("X-RateLimit-Reset");t&&r&&n&&(this.rateLimitInfo={limit:parseInt(t),remaining:parseInt(r),reset:parseInt(n)})}sleep(e){return new Promise(t=>setTimeout(t,e))}async fetchWithTimeout(e,t,r){let n=new AbortController,a=setTimeout(()=>n.abort(),r);try{return await fetch(e,{...t,signal:n.signal})}finally{clearTimeout(a)}}async call(e,t,r={}){let n=0,a=this.retryOn429?3:0;for(;;)try{let o=this.zeroConfigMode?`${this.baseUrl}/api/sdk/proxy`:`${this.baseUrl}/api/sdk/${this.appId}/proxy`,m={"Content-Type":"application/json"};!this.zeroConfigMode&&this.token&&(m.Authorization=`Bearer ${this.token}`);let l=await this.fetchWithTimeout(o,{method:"POST",headers:m,body:JSON.stringify({keyName:e,endpoint:t,method:r.method||"GET",body:r.body,headers:r.headers})},this.timeout);this.parseRateLimitHeaders(l.headers);let h=await l.json();if(!l.ok){let u=h.data?.message||h?.message||`Request failed with status ${l.status}`;if(l.status===403&&u.includes("Origin"))throw new y(u);if(l.status===401)throw new S(u);if(l.status===429){let M=this.rateLimitInfo?this.rateLimitInfo.reset-Math.floor(Date.now()/1e3):60,k=new w(u,M,this.rateLimitInfo?.remaining||0,this.rateLimitInfo?.limit||100);if(this.retryOn429&&n<a){n++;let T=Math.min(1e3*Math.pow(2,n-1),8e3);await this.sleep(T);continue}throw k}throw new i(u,l.status,h)}return h.data}catch(o){throw o instanceof i?o:o instanceof Error&&o.name==="AbortError"?new i("Request timeout",408):new i(o instanceof Error?o.message:"Unknown error occurred",500)}}async get(e,t,r){return this.call(e,t,{method:"GET",headers:r})}async post(e,t,r,n){return this.call(e,t,{method:"POST",body:r,headers:n})}async put(e,t,r,n){return this.call(e,t,{method:"PUT",body:r,headers:n})}async delete(e,t,r){return this.call(e,t,{method:"DELETE",headers:r})}async patch(e,t,r,n){return this.call(e,t,{method:"PATCH",body:r,headers:n})}setAppId(e){this.appId=e}async secretsRequest(e,t){if(!this.appId)throw new i("App ID required for secrets management. Call setAppId() first.",400);let r=await this.fetchWithTimeout(`${this.baseUrl}/api/projects/${this.appId}/secrets/manage?action=${e}`,{method:"POST",headers:{"Content-Type":"application/json"},body:t?JSON.stringify(t):void 0},this.timeout);if(!r.ok){let n=await r.json().catch(()=>({}));throw new i(n.message||`Secrets management failed: ${r.statusText}`,r.status,n)}return r.json()}async listSecrets(){return this.secretsRequest("list")}async createSecret(e){return this.secretsRequest("create",e)}async updateSecret(e){return this.secretsRequest("update",e)}async deleteSecret(e){return this.secretsRequest("delete",{name:e})}async syncEnv(e,t){return this.secretsRequest("sync",{secrets:e,provider:t})}};import*as c from"fs";import*as v from"path";import*as D from"os";function R(){let s=D.homedir(),e=v.join(s,".learn");return v.join(e,"credentials.json")}function z(){let s=D.homedir(),e=v.join(s,".learn");c.existsSync(e)||c.mkdirSync(e,{recursive:!0,mode:448})}function C(){try{let s=R();if(!c.existsSync(s))return null;let e=c.readFileSync(s,"utf-8"),t=JSON.parse(e);return t.access_token&&!t["learn-secrets-sdk"]&&!t["learn-auth-sdk"]?{"learn-secrets-sdk":t}:t}catch{return null}}function P(s){z();let e=R(),t=JSON.stringify(s,null,2);c.writeFileSync(e,t,{mode:384})}function b(s){let e=C();return e&&e[s]||null}function O(s,e){let t=C()||{};t[s]=e,P(t)}function J(s){let e=C();e&&(delete e[s],Object.keys(e).length===0?A():P(e))}function L(){return b("learn-secrets-sdk")}function A(){try{let s=R();c.existsSync(s)&&c.unlinkSync(s)}catch{}}function H(s){let e=b(s);return e!==null&&!!e.access_token}function K(){let s=L();return s?s.expires_at?new Date(s.expires_at)>new Date:!0:!1}import{exec as W}from"child_process";import{promisify as B}from"util";import{createHash as j}from"crypto";import*as p from"os";var x=B(W);async function E(){let s=process.platform;try{let e;if(s==="darwin")e=await G();else if(s==="linux")e=await V();else if(s==="win32")e=await X();else throw new Error(`Unsupported platform: ${s}`);let t=j("sha256").update(e).digest("hex").substring(0,32),r=JSON.stringify({machineId:t,cpus:p.cpus().length,arch:p.arch(),platform:p.platform(),homedir:p.homedir()}),n=j("sha256").update(r).digest("hex");return{machineId:t,fingerprint:n}}catch(e){throw new Error(`Failed to get machine ID: ${e.message}`)}}async function G(){try{let{stdout:s}=await x(`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`),{stdout:e}=await x("hostname"),t=s.trim(),r=e.trim();if(t&&r)return`${t}-${r}`;let{stdout:n}=await x(`ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`);return n.trim()}catch{throw new Error("Failed to get macOS machine ID")}}async function V(){try{let{stdout:s}=await x("cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"),e=s.trim();if(e)return e;throw new Error("Machine ID file not found")}catch{throw new Error("Failed to get Linux machine ID")}}async function X(){try{let{stdout:s}=await x("wmic csproduct get uuid"),t=s.split(`
1
+ import{a as q,b as N,c as F,d as z}from"./chunk-AS6G7JYX.mjs";var i=class extends Error{constructor(t,r,n){super(t);this.status=r;this.response=n;this.name="SecretsSDKError"}},w=class extends i{constructor(e="Origin not allowed for this token"){super(e,403),this.name="OriginMismatchError"}},S=class extends i{constructor(e="Rate limit exceeded",t=60,r=0,n=100){super(e,429),this.name="RateLimitError",this.retryAfter=t,this.remaining=r,this.limit=n}},b=class extends i{constructor(e="Invalid or expired token"){super(e,401),this.name="InvalidTokenError"}};var D=class{constructor(e={}){this.rateLimitInfo=null;this.appId=e.appId||null,this.token=e.token||e.sessionToken||null,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4,this.retryOn429=e.retryOn429!==void 0?e.retryOn429:!0,this.zeroConfigMode=!this.appId&&!this.token}getUsage(){return this.rateLimitInfo}parseRateLimitHeaders(e){let t=e.get("X-RateLimit-Limit"),r=e.get("X-RateLimit-Remaining"),n=e.get("X-RateLimit-Reset");t&&r&&n&&(this.rateLimitInfo={limit:parseInt(t),remaining:parseInt(r),reset:parseInt(n)})}sleep(e){return new Promise(t=>setTimeout(t,e))}async fetchWithTimeout(e,t,r){let n=new AbortController,a=setTimeout(()=>n.abort(),r);try{return await fetch(e,{...t,signal:n.signal})}finally{clearTimeout(a)}}async call(e,t,r={}){let n=0,a=this.retryOn429?3:0;for(;;)try{let o=this.zeroConfigMode?`${this.baseUrl}/api/sdk/proxy`:`${this.baseUrl}/api/sdk/${this.appId}/proxy`,u={"Content-Type":"application/json"};!this.zeroConfigMode&&this.token&&(u.Authorization=`Bearer ${this.token}`);let l=await this.fetchWithTimeout(o,{method:"POST",headers:u,body:JSON.stringify({keyName:e,endpoint:t,method:r.method||"GET",body:r.body,headers:r.headers})},this.timeout);this.parseRateLimitHeaders(l.headers);let g=await l.json();if(!l.ok){let m=g.data?.message||g?.message||`Request failed with status ${l.status}`;if(l.status===403&&m.includes("Origin"))throw new w(m);if(l.status===401)throw new b(m);if(l.status===429){let I=this.rateLimitInfo?this.rateLimitInfo.reset-Math.floor(Date.now()/1e3):60,y=new S(m,I,this.rateLimitInfo?.remaining||0,this.rateLimitInfo?.limit||100);if(this.retryOn429&&n<a){n++;let v=Math.min(1e3*Math.pow(2,n-1),8e3);await this.sleep(v);continue}throw y}throw new i(m,l.status,g)}return g.data}catch(o){throw o instanceof i?o:o instanceof Error&&o.name==="AbortError"?new i("Request timeout",408):new i(o instanceof Error?o.message:"Unknown error occurred",500)}}async get(e,t,r){return this.call(e,t,{method:"GET",headers:r})}async post(e,t,r,n){return this.call(e,t,{method:"POST",body:r,headers:n})}async put(e,t,r,n){return this.call(e,t,{method:"PUT",body:r,headers:n})}async delete(e,t,r){return this.call(e,t,{method:"DELETE",headers:r})}async patch(e,t,r,n){return this.call(e,t,{method:"PATCH",body:r,headers:n})}setAppId(e){this.appId=e}async secretsRequest(e,t){if(!this.appId)throw new i("App ID required for secrets management. Call setAppId() first.",400);let r=await this.fetchWithTimeout(`${this.baseUrl}/api/projects/${this.appId}/secrets/manage?action=${e}`,{method:"POST",headers:{"Content-Type":"application/json"},body:t?JSON.stringify(t):void 0},this.timeout);if(!r.ok){let n=await r.json().catch(()=>({}));throw new i(n.message||`Secrets management failed: ${r.statusText}`,r.status,n)}return r.json()}async listSecrets(){return this.secretsRequest("list")}async createSecret(e){return this.secretsRequest("create",e)}async updateSecret(e){return this.secretsRequest("update",e)}async deleteSecret(e){return this.secretsRequest("delete",{name:e})}async syncEnv(e,t){return this.secretsRequest("sync",{secrets:e,provider:t})}};import*as d from"fs";import*as T from"path";import*as R from"os";function P(){let s=R.homedir(),e=T.join(s,".learn");return T.join(e,"credentials.json")}function J(){let s=R.homedir(),e=T.join(s,".learn");d.existsSync(e)||d.mkdirSync(e,{recursive:!0,mode:448})}function _(){try{let s=P();if(!d.existsSync(s))return null;let e=d.readFileSync(s,"utf-8"),t=JSON.parse(e);return t.access_token&&!t["learn-secrets-sdk"]&&!t["learn-auth-sdk"]?{"learn-secrets-sdk":t}:t}catch{return null}}function O(s){J();let e=P(),t=JSON.stringify(s,null,2);d.writeFileSync(e,t,{mode:384})}function x(s){let e=_();return e&&e[s]||null}function L(s,e){let t=_()||{};t[s]=e,O(t)}function H(s){let e=_();e&&(delete e[s],Object.keys(e).length===0?A():O(e))}function E(){return x("learn-secrets-sdk")}function A(){try{let s=P();d.existsSync(s)&&d.unlinkSync(s)}catch{}}function W(s){let e=x(s);return e!==null&&!!e.access_token}function K(){let s=E();return s?s.expires_at?new Date(s.expires_at)>new Date:!0:!1}import{exec as B}from"child_process";import{promisify as G}from"util";import{createHash as j}from"crypto";import*as p from"os";var k=G(B);async function M(){let s=process.platform;try{let e;if(s==="darwin")e=await X();else if(s==="linux")e=await V();else if(s==="win32")e=await Q();else throw new Error(`Unsupported platform: ${s}`);let t=j("sha256").update(e).digest("hex").substring(0,32),r=JSON.stringify({machineId:t,cpus:p.cpus().length,arch:p.arch(),platform:p.platform(),homedir:p.homedir()}),n=j("sha256").update(r).digest("hex");return{machineId:t,fingerprint:n}}catch(e){throw new Error(`Failed to get machine ID: ${e.message}`)}}async function X(){try{let{stdout:s}=await k(`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | sed 's/"//g'`),{stdout:e}=await k("hostname"),t=s.trim(),r=e.trim();if(t&&r)return`${t}-${r}`;let{stdout:n}=await k(`ioreg -rd1 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk '{print $3}' | sed 's/"//g'`);return n.trim()}catch{throw new Error("Failed to get macOS machine ID")}}async function V(){try{let{stdout:s}=await k("cat /etc/machine-id 2>/dev/null || cat /var/lib/dbus/machine-id 2>/dev/null"),e=s.trim();if(e)return e;throw new Error("Machine ID file not found")}catch{throw new Error("Failed to get Linux machine ID")}}async function Q(){try{let{stdout:s}=await k("wmic csproduct get uuid"),t=s.split(`
2
2
  `).map(r=>r.trim()).find(r=>r&&r!=="UUID");if(t)return t;throw new Error("Failed to parse machine UUID from WMIC")}catch{throw new Error("Failed to get Windows machine ID")}}var $=class{constructor(e){this.appId=e.appId,this.baseUrl=e.baseUrl||"https://ctklearn.carsontkempf.workers.dev",this.timeout=e.timeout||3e4}async openBrowser(e){let{exec:t}=await import("child_process"),{promisify:r}=await import("util"),n=r(t),a=process.platform;try{a==="darwin"?await n(`open "${e}"`):a==="win32"?await n(`start "${e}"`):await n(`xdg-open "${e}"`)}catch(o){throw console.error("Failed to open browser:",o),new i("Failed to open browser",500)}}sleep(e){return new Promise(t=>setTimeout(t,e))}async login(){let e="learn-secrets-sdk";try{console.log(`Authenticating with Learn (${e})...
3
- `);let t=await E(),r=b(e);if(r&&r.access_token){let d=await fetch(`${this.baseUrl}/api/auth/cli/check-authorization`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({machine_id:t.machineId,sdk_name:e})});if(d.ok){let g=await d.json();if(g.authorized)return console.log("This machine is already authorized."),console.log(`Logged in as: ${g.user_email||g.user_id}`),{success:!0,user:g.user_email||g.user_id}}}let n=await fetch(`${this.baseUrl}/api/auth/cli/device`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!n.ok)throw new i("Failed to generate device code",n.status);let a=await n.json();console.log(`
4
- To authorize this device:`),console.log(`1. Visit: ${a.verification_uri}`),console.log(`2. Enter code: ${a.user_code}`),console.log("3. Complete 2FA verification"),console.log(`
5
- Opening browser...
6
- `),await this.openBrowser(a.verification_uri_complete);let o=!1,m=a.interval*1e3,l=Math.ceil(a.expires_in/a.interval),h=0;for(;h<l;){await this.sleep(m),h++;let d=await fetch(`${this.baseUrl}/api/auth/cli/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:a.device_code})});if(d.status===202){process.stdout.write(".");continue}if(d.ok){o=!0;break}}if(!o)throw new i("Device authorization timeout",408);console.log(`
3
+ `);let t=await M(),r=x(e);if(r&&r.access_token){let c=await fetch(`${this.baseUrl}/api/auth/cli/check-authorization`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({machine_id:t.machineId,sdk_name:e})});if(c.ok){let h=await c.json();if(h.authorized)return console.log("This machine is already authorized."),console.log(`Logged in as: ${h.user_email||h.user_id}`),{success:!0,user:h.user_email||h.user_id}}}let n=await fetch(`${this.baseUrl}/api/auth/cli/device`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!n.ok)throw new i("Failed to generate device code",n.status);let a=await n.json();console.log(`
4
+ Log in on ${this.baseUrl}`),console.log("Login at:"),console.log(a.verification_uri_complete),console.log(`
5
+ Press ENTER to open in the browser...`);let o=await import("readline"),u=o.createInterface({input:process.stdin,output:process.stdout});await new Promise(c=>{u.question("",()=>{u.close(),c()})}),console.log(`Opening browser...
6
+ `),await this.openBrowser(a.verification_uri_complete);let l=!1,g=a.interval*1e3,m=Math.ceil(a.expires_in/a.interval),I=0;for(;I<m;){await this.sleep(g),I++;let c=await fetch(`${this.baseUrl}/api/auth/cli/token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:a.device_code})});if(c.status===202){process.stdout.write(".");continue}if(c.ok){l=!0;break}}if(!l)throw new i("Device authorization timeout",408);console.log(`
7
7
 
8
- Device authorized! Sending 2FA code...`);let u=await fetch(`${this.baseUrl}/api/auth/2fa/send`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:a.device_code,sdk_name:e,machine_id:t.machineId})});if(!u.ok){let d=await u.json().catch(()=>({}));throw new i(d.message||"Failed to send 2FA code",u.status)}console.log(`2FA code sent to your email.
9
- `);let k=(await import("readline")).createInterface({input:process.stdin,output:process.stdout}),T=await new Promise(d=>{k.question("Enter 2FA code from email: ",g=>{k.close(),d(g)})}),I=await fetch(`${this.baseUrl}/api/auth/2fa/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:a.device_code,code:T.trim()})});if(!I.ok){let d=await I.json().catch(()=>({}));throw new i(d.message||"2FA verification failed",I.status)}let f=await I.json();return O(e,{access_token:f.access_token,refresh_token:null,expires_at:null,user_id:f.user_id,machine_id:t.machineId,sdk_name:e,authorized_at:new Date().toISOString()}),console.log(`
8
+ Device authorized! Sending 2FA code...`);let y=await fetch(`${this.baseUrl}/api/auth/2fa/send`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:a.device_code,sdk_name:e,machine_id:t.machineId})});if(!y.ok){let c=await y.json().catch(()=>({}));throw new i(c.message||"Failed to send 2FA code",y.status)}console.log(`2FA code sent to your email.
9
+ `);let v=o.createInterface({input:process.stdin,output:process.stdout}),U=await new Promise(c=>{v.question("Enter 2FA code from email: ",h=>{v.close(),c(h)})}),C=await fetch(`${this.baseUrl}/api/auth/2fa/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({device_code:a.device_code,code:U.trim()})});if(!C.ok){let c=await C.json().catch(()=>({}));throw new i(c.message||"2FA verification failed",C.status)}let f=await C.json();return L(e,{access_token:f.access_token,refresh_token:null,expires_at:null,user_id:f.user_id,machine_id:t.machineId,sdk_name:e,authorized_at:new Date().toISOString()}),console.log(`
10
10
  Authentication successful!`),console.log(`Logged in as: ${f.user_email||f.user_id}`),console.log(`This machine is now permanently authorized.
11
- `),{success:!0,user:f.user_email||f.user_id}}catch(t){throw t instanceof i?t:new i(t.message||"Login failed",t.status||500)}}async isAuthenticated(){return K()}logout(){A(),console.log("Logged out successfully")}getAccessToken(){let e=L();if(!e)throw new i("Not authenticated. Run login() first.",401);if(e.expires_at&&new Date(e.expires_at)<=new Date)throw new i("Token expired. Run login() again.",401);return e.access_token}async request(e,t,r){let n=this.getAccessToken(),a={method:e,headers:{"Content-Type":"application/json",Authorization:`Bearer ${n}`}};r&&(a.body=JSON.stringify(r));let o=await fetch(`${this.baseUrl}${t}`,a);if(!o.ok){let m=await o.json().catch(()=>({}));throw new i(m.message||`Request failed: ${o.statusText}`,o.status,m)}return o.json()}async list(){return(await this.request("GET",`/api/projects/${this.appId}/secrets`)).secrets}async sync(e,t){return await this.request("POST",`/api/projects/${this.appId}/secrets/sync`,{secrets:e,options:{deleteMissing:t?.deleteMissing??!1,dryRun:t?.dryRun??!1}})}async importSecrets(e){return this.request("POST",`/api/projects/${this.appId}/import-secrets`,{version:e.version||"1.0",origins:e.origins,secrets:e.secrets})}async importFromFile(e){let{loadSecretsConfig:t}=await import("./env-resolver-Y4SFGOKB.mjs"),r=t(e);return this.importSecrets(r)}};export{S as InvalidTokenError,y as OriginMismatchError,w as RateLimitError,$ as SecretsManagement,_ as SecretsSDK,i as SecretsSDKError,J as deleteSDKCredentials,E as getMachineId,H as hasSDKCredentials,F as loadSecretsConfig,C as readAllCredentials,b as readSDKCredentials,q as resolveEnvInSecret,N as resolveEnvInSecrets,U as resolveEnvString,P as writeAllCredentials,O as writeSDKCredentials};
11
+ `),{success:!0,user:f.user_email||f.user_id}}catch(t){throw t instanceof i?t:new i(t.message||"Login failed",t.status||500)}}async isAuthenticated(){return K()}logout(){A(),console.log("Logged out successfully")}getAccessToken(){let e=E();if(!e)throw new i("Not authenticated. Run login() first.",401);if(e.expires_at&&new Date(e.expires_at)<=new Date)throw new i("Token expired. Run login() again.",401);return e.access_token}async request(e,t,r){let n=this.getAccessToken(),a={method:e,headers:{"Content-Type":"application/json",Authorization:`Bearer ${n}`}};r&&(a.body=JSON.stringify(r));let o=await fetch(`${this.baseUrl}${t}`,a);if(!o.ok){let u=await o.json().catch(()=>({}));throw new i(u.message||`Request failed: ${o.statusText}`,o.status,u)}return o.json()}async list(){return(await this.request("GET",`/api/projects/${this.appId}/secrets`)).secrets}async sync(e,t){return await this.request("POST",`/api/projects/${this.appId}/secrets/sync`,{secrets:e,options:{deleteMissing:t?.deleteMissing??!1,dryRun:t?.dryRun??!1}})}async importSecrets(e){return this.request("POST",`/api/projects/${this.appId}/import-secrets`,{version:e.version||"1.0",origins:e.origins,secrets:e.secrets})}async importFromFile(e){let{loadSecretsConfig:t}=await import("./env-resolver-Y4SFGOKB.mjs"),r=t(e);return this.importSecrets(r)}};export{b as InvalidTokenError,w as OriginMismatchError,S as RateLimitError,$ as SecretsManagement,D as SecretsSDK,i as SecretsSDKError,H as deleteSDKCredentials,M as getMachineId,W as hasSDKCredentials,z as loadSecretsConfig,_ as readAllCredentials,x as readSDKCredentials,N as resolveEnvInSecret,F as resolveEnvInSecrets,q as resolveEnvString,O as writeAllCredentials,L as writeSDKCredentials};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "learn-secrets-sdk",
3
- "version": "1.6.1",
3
+ "version": "1.6.2",
4
4
  "description": "Secure API proxy SDK for static sites with domain-scoped tokens",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.esm.js",