mobbdev 0.0.31 → 0.0.35

package/.env

@@ -1,5 +1,4 @@
-# production@v11
+# production@v12
 WEB_LOGIN_URL="https://app.mobb.ai/cli-login"
 API_URL="https://api.mobb.ai/v1/graphql"
-WEB_APP_URL="https://app.mobb.ai"
-GITHUB_CLIENT_ID="49d729663b401f91afe5"
+WEB_APP_URL="https://app.mobb.ai"

package/dist/index.js

@@ -69,7 +69,9 @@ var WEB_APP_URL = envVariables.WEB_APP_URL;
 var API_URL = envVariables.API_URL;
 
 // src/features/analysis/index.ts
+import crypto from "node:crypto";
 import fs3 from "node:fs";
+import os from "node:os";
 import path5 from "node:path";
 
 // src/utils/index.ts
@@ -135,83 +137,17 @@ var CliError = class extends Error {
 // src/features/analysis/index.ts
 import chalk3 from "chalk";
 import Configstore from "configstore";
-import Debug9 from "debug";
-import open3 from "open";
+import Debug8 from "debug";
+import open2 from "open";
 import semver from "semver";
 import tmp from "tmp";
 
-// src/features/analysis/callback-server.ts
-import * as http from "node:http";
-import * as querystring from "node:querystring";
-import { clearTimeout, setTimeout as setTimeout2 } from "node:timers";
-import Debug2 from "debug";
-import open from "open";
-import { z as z2 } from "zod";
-var debug2 = Debug2("mobbdev:web-login");
-async function callbackServer({
-  url,
-  redirectUrl
-}) {
-  debug2("web login start");
-  let responseResolver;
-  let responseRejecter;
-  const responseAwaiter = new Promise((resolve, reject) => {
-    responseResolver = resolve;
-    responseRejecter = reject;
-  });
-  const timerHandler = setTimeout2(() => {
-    debug2("timeout happened");
-    responseRejecter(new Error("No login happened in three minutes."));
-  }, 18e4);
-  const server = http.createServer((req, res) => {
-    debug2("incoming request");
-    let body = "";
-    req.on("data", (chunk) => {
-      debug2("http server get chunk %s", chunk);
-      body += chunk;
-    });
-    req.on("end", () => {
-      debug2("http server end %s", body);
-      res.writeHead(301, {
-        Location: redirectUrl
-      }).end();
-      const safeBody = z2.object({ token: z2.string() }).safeParse(querystring.parse(body));
-      if (!safeBody.success) {
-        return responseRejecter(new Error("Failed to parse the response"));
-      }
-      responseResolver({ token: safeBody.data.token });
-    });
-  });
-  debug2("http server starting");
-  const port = await new Promise((resolve, reject) => {
-    server.listen(0, "127.0.0.1", () => {
-      const address = server?.address();
-      if (typeof address === "string" || address == null) {
-        reject(new Error("Failed to get port"));
-      } else {
-        resolve(address.port);
-      }
-    });
-  });
-  debug2("http server started on port %d", port);
-  debug2("opening the browser on %s", `${url}?port=${port}`);
-  await open(`${url}?port=${port}`);
-  try {
-    debug2("waiting for http request");
-    return await responseAwaiter;
-  } finally {
-    debug2("http server close");
-    clearTimeout(timerHandler);
-    server.close();
-  }
-}
-
 // src/features/analysis/git.ts
-import Debug3 from "debug";
+import Debug2 from "debug";
 import { simpleGit } from "simple-git";
-var debug3 = Debug3("mobbdev:git");
+var debug2 = Debug2("mobbdev:git");
 async function getGitInfo(srcDirPath) {
-  debug3("getting git info for %s", srcDirPath);
+  debug2("getting git info for %s", srcDirPath);
   const git = simpleGit({
     baseDir: srcDirPath,
     maxConcurrentProcesses: 1,
@@ -226,11 +162,11 @@ async function getGitInfo(srcDirPath) {
     reference = await git.revparse(["--abbrev-ref", "HEAD"]) || "";
   } catch (e) {
     if (e instanceof Error) {
-      debug3("failed to run git %o", e);
+      debug2("failed to run git %o", e);
       if (e.message.includes(" spawn ")) {
-        debug3("git cli not installed");
+        debug2("git cli not installed");
       } else if (e.message.includes(" not a git repository ")) {
-        debug3("folder is not a git repo");
+        debug2("folder is not a git repo");
       } else {
         throw e;
       }
@@ -257,12 +193,12 @@ import stream from "node:stream";
 import { promisify } from "node:util";
 import { RequestError } from "@octokit/request-error";
 import chalk from "chalk";
-import Debug4 from "debug";
+import Debug3 from "debug";
 import extract from "extract-zip";
 import fetch from "node-fetch";
 import { Octokit } from "octokit";
 var pipeline = promisify(stream.pipeline);
-var debug4 = Debug4("mobbdev:github");
+var debug3 = Debug3("mobbdev:github");
 async function _getRepo({ owner, repo }, { token } = {}) {
   const octokit = new Octokit({ auth: token });
   return octokit.rest.repos.get({
@@ -271,7 +207,7 @@ async function _getRepo({ owner, repo }, { token } = {}) {
   });
 }
 function extractSlug(repoUrl) {
-  debug4("get default branch %s", repoUrl);
+  debug3("get default branch %s", repoUrl);
   let slug = repoUrl.replace(/https?:\/\/github\.com\//i, "");
   if (slug.endsWith("/")) {
     slug = slug.substring(0, slug.length - 1);
@@ -279,7 +215,7 @@ function extractSlug(repoUrl) {
   if (slug.endsWith(".git")) {
     slug = slug.substring(0, slug.length - ".git".length);
   }
-  debug4("slug %s", slug);
+  debug3("slug %s", slug);
   return slug;
 }
 function parseRepoUrl(repoUrl) {
@@ -309,7 +245,7 @@ async function getRepo(repoUrl, { token } = {}) {
     return res;
   } catch (e) {
     if (e instanceof RequestError) {
-      debug4("GH request failed %s %s", e.message, e.status);
+      debug3("GH request failed %s %s", e.message, e.status);
       throw new CliError(
         `Can't get repository, make sure you have access to : ${repoUrl}.`
       );
@@ -320,7 +256,7 @@ async function getRepo(repoUrl, { token } = {}) {
 async function downloadRepo({ repoUrl, reference, dirname, ci }, { token } = {}) {
   const { createSpinner: createSpinner3 } = Spinner({ ci });
   const repoSpinner = createSpinner3("\u{1F4BE} Downloading Repo").start();
-  debug4("download repo %s %s %s", repoUrl, reference, dirname);
+  debug3("download repo %s %s %s", repoUrl, reference, dirname);
   const zipFilePath = path3.join(dirname, "repo.zip");
   const response = await fetch(`${repoUrl}/zipball/${reference}`, {
     method: "GET",
@@ -329,7 +265,7 @@ async function downloadRepo({ repoUrl, reference, dirname, ci }, { token } = {})
     }
   });
   if (!response.ok) {
-    debug4("GH zipball request failed %s %s", response.body, response.status);
+    debug3("GH zipball request failed %s %s", response.body, response.status);
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(
       `Can't access the the branch ${chalk.bold(reference)} on ${chalk.bold(
@@ -347,13 +283,13 @@ async function downloadRepo({ repoUrl, reference, dirname, ci }, { token } = {})
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
-  debug4("repo root %s", repoRoot);
+  debug3("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
   return path3.join(dirname, repoRoot);
 }
 
 // src/features/analysis/graphql/gql.ts
-import Debug5 from "debug";
+import Debug4 from "debug";
 import { GraphQLClient } from "graphql-request";
 
 // src/features/analysis/graphql/mutations.ts
@@ -408,6 +344,20 @@ var CREATE_COMMUNITY_USER = gql`
     }
   }
 `;
+var CREATE_CLI_LOGIN = gql`
+  mutation CreateCliLogin($publicKey: String!) {
+    insert_cli_login_one(object: { publicKey: $publicKey }) {
+      id
+    }
+  }
+`;
+var PERFORM_CLI_LOGIN = gql`
+  mutation performCliLogin($loginId: String!) {
+    performCliLogin(loginId: $loginId) {
+      status
+    }
+  }
+`;
 
 // src/features/analysis/graphql/queries.ts
 import { gql as gql2 } from "graphql-request";
@@ -434,51 +384,58 @@ var GET_ORG_AND_PROJECT_ID = gql2`
     }
   }
 `;
+var GET_ENCRYPTED_API_TOKEN = gql2`
+  query GetEncryptedApiToken($loginId: uuid!) {
+    cli_login_by_pk(id: $loginId) {
+      encryptedApiToken
+    }
+  }
+`;
 
 // src/features/analysis/graphql/types.ts
-import { z as z3 } from "zod";
-var UploadFieldsZ = z3.object({
-  bucket: z3.string(),
-  "X-Amz-Algorithm": z3.string(),
-  "X-Amz-Credential": z3.string(),
-  "X-Amz-Date": z3.string(),
-  Policy: z3.string(),
-  "X-Amz-Signature": z3.string()
+import { z as z2 } from "zod";
+var UploadFieldsZ = z2.object({
+  bucket: z2.string(),
+  "X-Amz-Algorithm": z2.string(),
+  "X-Amz-Credential": z2.string(),
+  "X-Amz-Date": z2.string(),
+  Policy: z2.string(),
+  "X-Amz-Signature": z2.string()
 });
-var ReportUploadInfoZ = z3.object({
-  url: z3.string(),
-  fixReportId: z3.string(),
-  uploadFieldsJSON: z3.string().transform((str, ctx) => {
+var ReportUploadInfoZ = z2.object({
+  url: z2.string(),
+  fixReportId: z2.string(),
+  uploadFieldsJSON: z2.string().transform((str, ctx) => {
     try {
       return JSON.parse(str);
     } catch (e) {
       ctx.addIssue({ code: "custom", message: "Invalid JSON" });
-      return z3.NEVER;
+      return z2.NEVER;
     }
   }),
-  uploadKey: z3.string()
+  uploadKey: z2.string()
 }).transform(({ uploadFieldsJSON, ...input }) => ({
   ...input,
   uploadFields: uploadFieldsJSON
 }));
-var UploadS3BucketInfoZ = z3.object({
-  uploadS3BucketInfo: z3.object({
-    status: z3.string(),
-    error: z3.string().nullish(),
+var UploadS3BucketInfoZ = z2.object({
+  uploadS3BucketInfo: z2.object({
+    status: z2.string(),
+    error: z2.string().nullish(),
     reportUploadInfo: ReportUploadInfoZ,
     repoUploadInfo: ReportUploadInfoZ
   })
 });
-var GetOrgAndProjectIdQueryZ = z3.object({
-  users: z3.array(
-    z3.object({
-      userOrganizationsAndUserOrganizationRoles: z3.array(
-        z3.object({
-          organization: z3.object({
-            id: z3.string(),
-            projects: z3.array(
-              z3.object({
-                id: z3.string()
+var GetOrgAndProjectIdQueryZ = z2.object({
+  users: z2.array(
+    z2.object({
+      userOrganizationsAndUserOrganizationRoles: z2.array(
+        z2.object({
+          organization: z2.object({
+            id: z2.string(),
+            projects: z2.array(
+              z2.object({
+                id: z2.string()
               })
             ).nonempty()
           })
@@ -487,28 +444,51 @@ var GetOrgAndProjectIdQueryZ = z3.object({
     })
   ).nonempty()
 });
+var CreateCliLoginZ = z2.object({
+  insert_cli_login_one: z2.object({
+    id: z2.string()
+  })
+});
+var GetEncryptedApiTokenZ = z2.object({
+  cli_login_by_pk: z2.object({
+    encryptedApiToken: z2.string().nullable()
+  })
+});
 
 // src/features/analysis/graphql/gql.ts
-var debug5 = Debug5("mobbdev:gql");
+var debug4 = Debug4("mobbdev:gql");
+var API_KEY_HEADER_NAME = "x-mobb-key";
 var GQLClient = class {
   constructor(args) {
-    const { token, apiKey } = args;
-    debug5(`init with apiKey ${apiKey} token ${token}`);
-    const headers = apiKey ? { "x-mobb-key": apiKey } : {
-      authorization: `Bearer ${token}`
-    };
-    this._client = new GraphQLClient(API_URL, { headers });
+    const { apiKey } = args;
+    debug4(`init with apiKey ${apiKey}`);
+    this._client = new GraphQLClient(API_URL, {
+      headers: { [API_KEY_HEADER_NAME]: apiKey || "" }
+    });
   }
   async getUserInfo() {
     const { me } = await this._client.request(ME);
     return me;
   }
+  async createCliLogin(variables) {
+    const res = CreateCliLoginZ.parse(
+      await this._client.request(
+        CREATE_CLI_LOGIN,
+        variables,
+        {
+          // We may have outdated API key in the config storage. Avoid using it for the login request.
+          [API_KEY_HEADER_NAME]: ""
+        }
+      )
+    );
+    return res.insert_cli_login_one.id;
+  }
   async verifyToken() {
     await this.createCommunityUser();
     try {
-      await this._client.request(ME);
+      await this.getUserInfo();
     } catch (e) {
-      debug5("verify token failed %o", e);
+      debug4("verify token failed %o", e);
       return false;
     }
     return true;
@@ -526,11 +506,22 @@ var GQLClient = class {
       projectId: org.projects[0].id
     };
   }
+  async getEncryptedApiToken(variables) {
+    const res = await this._client.request(
+      GET_ENCRYPTED_API_TOKEN,
+      variables,
+      {
+        // We may have outdated API key in the config storage. Avoid using it for the login request.
+        [API_KEY_HEADER_NAME]: ""
+      }
+    );
+    return GetEncryptedApiTokenZ.parse(res).cli_login_by_pk.encryptedApiToken;
+  }
   async createCommunityUser() {
     try {
       await this._client.request(CREATE_COMMUNITY_USER);
     } catch (e) {
-      debug5("create community user failed %o", e);
+      debug4("create community user failed %o", e);
     }
   }
   async uploadS3BucketInfo() {
@@ -561,27 +552,36 @@ var GQLClient = class {
 import fs2 from "node:fs";
 import path4 from "node:path";
 import AdmZip from "adm-zip";
-import Debug6 from "debug";
+import Debug5 from "debug";
 import { globby } from "globby";
-var debug6 = Debug6("mobbdev:pack");
+import { isBinary } from "istextorbinary";
+var debug5 = Debug5("mobbdev:pack");
+var MAX_FILE_SIZE = 1024 * 1024 * 5;
 async function pack(srcDirPath) {
-  debug6("pack folder %s", srcDirPath);
+  debug5("pack folder %s", srcDirPath);
   const filepaths = await globby("**", {
     gitignore: true,
     onlyFiles: true,
     cwd: srcDirPath,
     followSymbolicLinks: false
   });
-  debug6("files found %d", filepaths.length);
+  debug5("files found %d", filepaths.length);
   const zip = new AdmZip();
-  debug6("compressing files");
+  debug5("compressing files");
   for (const filepath of filepaths) {
-    zip.addFile(
-      filepath.toString(),
-      fs2.readFileSync(path4.join(srcDirPath, filepath.toString()))
-    );
+    const absFilepath = path4.join(srcDirPath, filepath.toString());
+    if (fs2.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
+      debug5("ignoring %s because the size is > 5MB", filepath);
+      continue;
+    }
+    const data = fs2.readFileSync(absFilepath);
+    if (isBinary(null, data)) {
+      debug5("ignoring %s because is seems to be a binary file", filepath);
+      continue;
+    }
+    zip.addFile(filepath.toString(), data);
   }
-  debug6("get zip file buffer");
+  debug5("get zip file buffer");
   return zip.toBuffer();
 }
 
@@ -632,19 +632,19 @@ async function snykArticlePrompt() {
 import cp from "node:child_process";
 import { createRequire } from "node:module";
 import chalk2 from "chalk";
-import Debug7 from "debug";
+import Debug6 from "debug";
 import { createSpinner as createSpinner2 } from "nanospinner";
-import open2 from "open";
+import open from "open";
 import * as process2 from "process";
 import supportsColor from "supports-color";
 var { stdout: stdout2 } = supportsColor;
-var debug7 = Debug7("mobbdev:snyk");
+var debug6 = Debug6("mobbdev:snyk");
 var require2 = createRequire(import.meta.url);
 var SNYK_PATH = require2.resolve("snyk/bin/snyk");
 var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-application-code/snyk-code/getting-started-with-snyk-code/activating-snyk-code-using-the-web-ui/step-1-enabling-the-snyk-code-option";
-debug7("snyk executable path %s", SNYK_PATH);
+debug6("snyk executable path %s", SNYK_PATH);
 async function forkSnyk(args, { display }) {
-  debug7("fork snyk with args %o %s", args, display);
+  debug6("fork snyk with args %o %s", args, display);
   return new Promise((resolve, reject) => {
     const child = cp.fork(SNYK_PATH, args, {
       stdio: ["inherit", "pipe", "pipe", "ipc"],
@@ -652,11 +652,11 @@ async function forkSnyk(args, { display }) {
     });
     let out = "";
     const onData = (chunk) => {
-      debug7("chunk received from snyk std %s", chunk);
+      debug6("chunk received from snyk std %s", chunk);
       out += chunk;
     };
     if (!child || !child?.stdout || !child?.stderr) {
-      debug7("unable to fork snyk");
+      debug6("unable to fork snyk");
       reject(new Error("unable to fork snyk"));
     }
     child.stdout?.on("data", onData);
@@ -666,17 +666,17 @@ async function forkSnyk(args, { display }) {
       child.stderr?.pipe(process2.stderr);
     }
     child.on("exit", () => {
-      debug7("snyk exit");
+      debug6("snyk exit");
       resolve(out);
     });
     child.on("error", (err) => {
-      debug7("snyk error %o", err);
+      debug6("snyk error %o", err);
       reject(err);
     });
   });
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
-  debug7("get snyk report start %s %s", reportPath, repoRoot);
+  debug6("get snyk report start %s %s", reportPath, repoRoot);
   const config3 = await forkSnyk(["config"], { display: false });
   if (!config3.includes("api: ")) {
     const snykLoginSpinner = createSpinner2().start();
@@ -689,7 +689,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug7("no token in the config %s", config3);
+    debug6("no token in the config %s", config3);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -701,13 +701,13 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
   if (out.includes(
     "Snyk Code is not supported for org: enable in Settings > Snyk Code"
   )) {
-    debug7("snyk code is not enabled %s", out);
+    debug6("snyk code is not enabled %s", out);
     snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
     const answer = await snykArticlePrompt();
-    debug7("answer %s", answer);
+    debug6("answer %s", answer);
     if (answer) {
-      debug7("opening the browser");
-      await open2(SNYK_ARTICLE_URL);
+      debug6("opening the browser");
+      await open(SNYK_ARTICLE_URL);
     }
     console.log(
       chalk2.bgBlue(
@@ -721,28 +721,28 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 }
 
 // src/features/analysis/upload-file.ts
-import Debug8 from "debug";
+import Debug7 from "debug";
 import fetch2, { File, fileFrom, FormData } from "node-fetch";
-var debug8 = Debug8("mobbdev:upload-file");
+var debug7 = Debug7("mobbdev:upload-file");
 async function uploadFile({
   file,
   url,
   uploadKey,
   uploadFields
 }) {
-  debug8("upload file start %s", url);
-  debug8("upload fields %o", uploadFields);
-  debug8("upload key %s", uploadKey);
+  debug7("upload file start %s", url);
+  debug7("upload fields %o", uploadFields);
+  debug7("upload key %s", uploadKey);
   const form = new FormData();
   Object.entries(uploadFields).forEach(([key, value]) => {
     form.append(key, value);
   });
   form.append("key", uploadKey);
   if (typeof file === "string") {
-    debug8("upload file from path %s", file);
+    debug7("upload file from path %s", file);
     form.append("file", await fileFrom(file));
   } else {
-    debug8("upload file from buffer");
+    debug7("upload file from buffer");
     form.append("file", new File([file], "file"));
   }
   const response = await fetch2(url, {
@@ -750,17 +750,18 @@ async function uploadFile({
     body: form
   });
   if (!response.ok) {
-    debug8("error from S3 %s %s", response.body, response.status);
+    debug7("error from S3 %s %s", response.body, response.status);
     throw new Error(`Failed to upload the file: ${response.status}`);
   }
-  debug8("upload file done");
+  debug7("upload file done");
 }
 
 // src/features/analysis/index.ts
 var { CliError: CliError2, Spinner: Spinner2, keypress: keypress2, getDirName: getDirName2 } = utils_exports;
 var webLoginUrl = `${WEB_APP_URL}/cli-login`;
-var githubSubmitUrl = `${WEB_APP_URL}/gh-callback`;
 var githubAuthUrl = `${WEB_APP_URL}/github-auth`;
+var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var LOGIN_CHECK_DELAY = 5 * 1e3;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk3.bgBlue(
   "press any key to continue"
 )};`;
@@ -772,7 +773,7 @@ var getReportUrl = ({
   projectId,
   fixReportId
 }) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
-var debug9 = Debug9("mobbdev:index");
+var debug8 = Debug8("mobbdev:index");
 var packageJson = JSON.parse(
   fs3.readFileSync(path5.join(getDirName2(), "../package.json"), "utf8")
 );
@@ -781,8 +782,8 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
     `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
   );
 }
-var config2 = new Configstore(packageJson.name, { token: "" });
-debug9("config %o", config2);
+var config2 = new Configstore(packageJson.name, { apiToken: "" });
+debug8("config %o", config2);
 async function runAnalysis(params, options) {
   try {
     await _scan(
@@ -806,13 +807,12 @@ async function _scan({
   commitHash,
   ref
 }, { skipPrompts = false } = {}) {
-  debug9("start %s %s", dirname, repo);
+  debug8("start %s %s", dirname, repo);
   const { createSpinner: createSpinner3 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
-  let token = config2.get("token");
-  debug9("token %s", token);
-  apiKey ?? debug9("token %s", apiKey);
-  let gqlClient = new GQLClient(apiKey ? { apiKey } : { token });
+  let gqlClient = new GQLClient({
+    apiKey: apiKey || config2.get("apiToken")
+  });
   await handleMobbLogin();
   const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
   const {
@@ -828,7 +828,7 @@ async function _scan({
   const userInfo = await gqlClient.getUserInfo();
   let { githubToken } = userInfo;
   const isRepoAvailable = await canReachRepo(repo, {
-    token: userInfo.githubToken
+    token: githubToken
   });
   if (!isRepoAvailable) {
     if (ci) {
@@ -836,13 +836,20 @@ async function _scan({
         `Cannot access repo ${repo} with the provided token, please visit ${githubAuthUrl} to refresh your Github token`
       );
     }
-    const { token: token2 } = await handleGithubIntegration();
-    githubToken = token2;
+    githubToken = await handleGithubIntegration(githubToken);
+    const isRepoAvailable2 = await canReachRepo(repo, {
+      token: githubToken
+    });
+    if (!isRepoAvailable2) {
+      throw new Error(
+        `Cannot access repo ${repo} with the provided credentials`
+      );
+    }
   }
   const reference = ref ?? (await getRepo(repo, { token: githubToken })).data.default_branch;
-  debug9("org id %s", organizationId);
-  debug9("project id %s", projectId);
-  debug9("default branch %s", reference);
+  debug8("org id %s", organizationId);
+  debug8("project id %s", projectId);
+  debug8("default branch %s", reference);
   const repositoryRoot = await downloadRepo(
     {
       repoUrl: repo,
@@ -887,7 +894,7 @@ async function _scan({
   async function getReportFromSnyk() {
     const reportPath2 = path5.join(dirname, "report.json");
     if (!await getSnykReport(reportPath2, repositoryRoot, { skipPrompts })) {
-      debug9("snyk code is not enabled");
+      debug8("snyk code is not enabled");
       throw new CliError2("Snyk code is not enabled");
     }
     return reportPath2;
@@ -901,49 +908,75 @@ async function _scan({
     !ci && console.log("You can access the report at: \n");
     console.log(chalk3.bold(reportUrl));
     !skipPrompts && await mobbAnalysisPrompt();
-    !ci && open3(reportUrl);
+    !ci && open2(reportUrl);
     !ci && console.log(
       chalk3.bgBlue("\n\n  My work here is done for now, see you soon! \u{1F575}\uFE0F\u200D\u2642\uFE0F  ")
     );
   }
   async function handleMobbLogin() {
-    if (token && await gqlClient.verifyToken() || apiKey && await gqlClient.verifyToken()) {
+    if (await gqlClient.verifyToken()) {
       createSpinner3().start().success({
         text: "\u{1F513} Logged in to Mobb successfully"
       });
       return;
-    }
-    if (apiKey && !await gqlClient.verifyToken()) {
+    } else if (apiKey) {
       createSpinner3().start().error({
         text: "\u{1F513} Logged in to Mobb failed - check your api-key"
       });
       throw new CliError2();
     }
-    const mobbLoginSpinner = createSpinner3().start();
+    const loginSpinner = createSpinner3().start();
     if (!skipPrompts) {
-      mobbLoginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
+      loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
       await keypress2();
     }
-    mobbLoginSpinner.update({
+    loginSpinner.update({
       text: "\u{1F513} Waiting for Mobb login..."
     });
-    const loginResponse = await callbackServer({
-      url: webLoginUrl,
-      redirectUrl: `${webLoginUrl}?done=true`
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+      modulusLength: 2048
+    });
+    const loginId = await gqlClient.createCliLogin({
+      publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
     });
-    token = loginResponse.token;
-    gqlClient = new GQLClient({ token });
-    if (!await gqlClient.verifyToken()) {
-      mobbLoginSpinner.error({
+    const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+    !ci && console.log(
+      `If the page does not open automatically, kindly access it through ${browserUrl}.`
+    );
+    await open2(browserUrl);
+    let newApiToken = null;
+    for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+      const encryptedApiToken = await gqlClient.getEncryptedApiToken({
+        loginId
+      });
+      loginSpinner.spin();
+      if (encryptedApiToken) {
+        debug8("encrypted API token received %s", encryptedApiToken);
+        newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+        debug8("API token decrypted");
+        break;
+      }
+      await sleep(LOGIN_CHECK_DELAY);
+    }
+    if (!newApiToken) {
+      loginSpinner.error({
+        text: "Login timeout error"
+      });
+      throw new CliError2();
+    }
+    gqlClient = new GQLClient({ apiKey: newApiToken });
+    if (await gqlClient.verifyToken()) {
+      debug8("set api token %s", newApiToken);
+      config2.set("apiToken", newApiToken);
+      loginSpinner.success({ text: "\u{1F513} Login to Mobb successful!" });
+    } else {
+      loginSpinner.error({
         text: "Something went wrong, API token is invalid."
       });
       throw new CliError2();
     }
-    debug9("set token %s", token);
-    config2.set("token", token);
-    mobbLoginSpinner.success({ text: "\u{1F513} Login to Mobb successful!" });
   }
-  async function handleGithubIntegration() {
+  async function handleGithubIntegration(oldToken) {
     const addGithubIntegration = skipPrompts ? true : await githubIntegrationPrompt();
     const githubSpinner = createSpinner3(
       "\u{1F517} Waiting for github integration..."
@@ -952,12 +985,23 @@ async function _scan({
       githubSpinner.error();
       throw Error("Could not reach github repo");
     }
-    const result = await callbackServer({
-      url: githubAuthUrl,
-      redirectUrl: `${githubSubmitUrl}?done=true`
+    console.log(
+      `If the page does not open automatically, kindly access it through ${githubAuthUrl}.`
+    );
+    await open2(githubAuthUrl);
+    for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+      const { githubToken: githubToken2 } = await gqlClient.getUserInfo();
+      if (githubToken2 && githubToken2 !== oldToken) {
+        githubSpinner.success({ text: "\u{1F517} Github integration successful!" });
+        return githubToken2;
+      }
+      githubSpinner.spin();
+      await sleep(LOGIN_CHECK_DELAY);
+    }
+    githubSpinner.error({
+      text: "Github login timeout error"
     });
-    githubSpinner.success({ text: "\u{1F517} Github integration successful!" });
-    return result;
+    throw new CliError2("Github login timeout");
   }
   async function uploadExistingRepo() {
     if (!srcPath || !reportPath) {
@@ -976,7 +1020,7 @@ async function _scan({
         uploadKey: reportUploadInfo.uploadKey
       });
     } catch (e) {
-      uploadReportSpinner2.error({ text: "\u{1F4C1} Repo upload failed" });
+      uploadReportSpinner2.error({ text: "\u{1F4C1} Report upload failed" });
       throw e;
     }
     uploadReportSpinner2.success({
@@ -991,7 +1035,7 @@ async function _scan({
         uploadKey: repoUploadInfo.uploadKey
       });
     } catch (e) {
-      uploadRepoSpinner.error({ text: "\u{1F4C1} Report upload failed" });
+      uploadRepoSpinner.error({ text: "\u{1F4C1} Repo upload failed" });
       throw e;
     }
     uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
@@ -1094,7 +1138,7 @@ var commitHashOption = {
 // src/args/validation.ts
 import chalk5 from "chalk";
 import path6 from "path";
-import { z as z4 } from "zod";
+import { z as z3 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -1112,7 +1156,7 @@ Example:
   throw new CliError(formattedErrorMessage);
 }
 var GITHUB_REPO_URL_PATTERN = new RegExp("https://github.com/[\\w-]+/[\\w-]+");
-var UrlZ = z4.string({
+var UrlZ = z3.string({
   invalid_type_error: "is not a valid github URL"
 }).regex(GITHUB_REPO_URL_PATTERN, {
   message: "is not a valid github URL"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.31",
+  "version": "0.0.35",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",
@@ -13,7 +13,7 @@
     "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx .",
     "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx .",
     "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx",
-    "prepack": "pnpm build && dotenv-vault pull production .env"
+    "prepack": "dotenv-vault pull production .env && pnpm build"
   },
   "bin": {
     "mobbdev": "bin/cli.mjs"
@@ -22,16 +22,17 @@
   "license": "MIT",
   "dependencies": {
     "adm-zip": "0.5.10",
-    "chalk-animation": "2.0.3",
     "chalk": "5.3.0",
+    "chalk-animation": "2.0.3",
     "configstore": "6.0.0",
     "debug": "4.3.4",
     "dotenv": "16.0.3",
     "extract-zip": "2.0.1",
     "globby": "13.2.2",
-    "graphql-request": "5.0.0",
     "graphql": "16.6.0",
+    "graphql-request": "5.0.0",
     "inquirer": "9.2.7",
+    "istextorbinary": "6.0.0",
     "nanospinner": "1.1.0",
     "node-fetch": "3.3.1",
     "octokit": "2.0.14",
@@ -57,10 +58,10 @@
     "@types/yargs": "17.0.24",
     "@typescript-eslint/eslint-plugin": "5.44.0",
     "@typescript-eslint/parser": "5.44.0",
+    "eslint": "8.36.0",
     "eslint-plugin-import": "2.27.5",
     "eslint-plugin-prettier": "4.2.1",
     "eslint-plugin-simple-import-sort": "10.0.0",
-    "eslint": "8.36.0",
     "prettier": "2.8.4",
     "tsup": "7.2.0",
     "typescript": "4.9.3",