moon-iq 0.2.0 → 0.2.1

package/src/auth.ts

@@ -1,332 +0,0 @@
-import { execSync } from "child_process";
-import * as crypto from "crypto";
-import * as fs from "fs";
-import * as http from "http";
-import * as os from "os";
-import * as path from "path";
-
-function generateCodeVerifier(): string {
-  return crypto.randomBytes(32).toString("base64url");
-}
-
-function generateCodeChallenge(verifier: string): string {
-  return crypto.createHash("sha256").update(verifier).digest("base64url");
-}
-
-const CONFIG_DIR = path.join(os.homedir(), ".config", "moon-iq");
-const CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
-const CREDENTIALS_PATH = path.join(CONFIG_DIR, "credentials.json");
-const CALLBACK_PORT = 3847;
-const CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;
-
-/** Built-in config used when no ~/.config/moon-iq/config.json exists. */
-export const DEFAULT_CONFIG: Config = {
-  baseUrl: "https://moon-iq.com",
-  clientId: "mooniq_zin3s5jz3olzkdfxpmbeaogv",
-};
-
-export type Config = {
-  baseUrl: string;
-  clientId: string;
-  clientSecret?: string;
-};
-
-export type Credentials = {
-  accessToken: string;
-  refreshToken: string | null;
-  expiresAt: number;
-  baseUrl: string;
-};
-
-function ensureConfigDir() {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true });
-  }
-}
-
-/** Returns config from file, or null if missing/invalid. Use getConfigOrDefault() for login flow. */
-export function getConfig(): Config | null {
-  if (!fs.existsSync(CONFIG_PATH)) {
-    return null;
-  }
-  try {
-    const data = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8"));
-    if (!data.baseUrl || !data.clientId) {
-      return null;
-    }
-    return data as Config;
-  } catch {
-    return null;
-  }
-}
-
-/** Returns config from file, or DEFAULT_CONFIG if none exists. Creates config file on first use. */
-export function getConfigOrDefault(baseUrl?: string): Config {
-  const fromFile = getConfig();
-  if (fromFile) return fromFile;
-
-  const config: Config = {
-    ...DEFAULT_CONFIG,
-    baseUrl: baseUrl ?? DEFAULT_CONFIG.baseUrl,
-  };
-  saveConfig(config);
-  return config;
-}
-
-export function getCredentials(): Credentials | null {
-  if (!fs.existsSync(CREDENTIALS_PATH)) {
-    return null;
-  }
-  try {
-    const data = JSON.parse(fs.readFileSync(CREDENTIALS_PATH, "utf-8"));
-    if (!data.accessToken || !data.baseUrl) {
-      return null;
-    }
-    return data as Credentials;
-  } catch {
-    return null;
-  }
-}
-
-export function saveCredentials(creds: Credentials) {
-  ensureConfigDir();
-  fs.writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), "utf-8");
-}
-
-export function saveConfig(config: Config) {
-  ensureConfigDir();
-  fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
-}
-
-export function clearCredentials() {
-  if (fs.existsSync(CREDENTIALS_PATH)) {
-    fs.unlinkSync(CREDENTIALS_PATH);
-  }
-}
-
-function openBrowser(url: string) {
-  const platform = process.platform;
-  const command =
-    platform === "darwin"
-      ? `open "${url}"`
-      : platform === "win32"
-        ? `start "" "${url}"`
-        : `xdg-open "${url}"`;
-  execSync(command);
-}
-
-export async function login(config: Config): Promise<Credentials> {
-  const state = crypto.randomUUID();
-  const usePkce = !config.clientSecret;
-
-  let codeVerifier: string | undefined;
-  if (usePkce) {
-    codeVerifier = generateCodeVerifier();
-  }
-
-  let resolveCallback: (code: string) => void;
-  const codePromise = new Promise<string>((resolve) => {
-    resolveCallback = resolve;
-  });
-
-  const sockets = new Set<import("net").Socket>();
-
-  const server = http.createServer((req, res) => {
-    const url = new URL(req.url ?? "/", `http://localhost:${CALLBACK_PORT}`);
-    if (url.pathname === "/callback") {
-      const code = url.searchParams.get("code");
-      const error = url.searchParams.get("error");
-      const errorDesc = url.searchParams.get("error_description");
-
-      if (error) {
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(
-          `<!DOCTYPE html><html><head><meta charset="utf-8"><title>OAuth Error</title></head><body style="font-family:system-ui,sans-serif;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:2rem;text-align:center;background:#fef2f2"><h1 style="color:#b91c1c;margin:0 0 1rem">OAuth Error</h1><p style="color:#991b1b;margin:0">${error}: ${errorDesc ?? "Unknown error"}</p></body></html>`,
-        );
-        resolveCallback("");
-        setTimeout(() => server.close(), 2000);
-      } else if (code) {
-        // Serve success page inline - don't redirect to app (it may not be running)
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(
-          `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Success</title></head><body style="font-family:system-ui,sans-serif;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:2rem;text-align:center;background:#f0fdf4"><h1 style="color:#166534;margin:0 0 1rem;font-size:1.5rem">✓ Success!</h1><p style="color:#15803d;margin:0;font-size:1.1rem">You can close this page and return to the terminal.</p></body></html>`,
-        );
-        resolveCallback(code);
-      } else {
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(
-          `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Error</title></head><body style="font-family:system-ui,sans-serif;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:2rem;text-align:center;background:#fef2f2"><h1 style="color:#b91c1c;margin:0 0 1rem">Error</h1><p style="color:#991b1b;margin:0">No authorization code received.</p></body></html>`,
-        );
-        resolveCallback("");
-        setTimeout(() => server.close(), 2000);
-      }
-    } else {
-      // Favicon etc - serve minimal response to avoid "site can't be reached"
-      res.writeHead(204);
-      res.end();
-    }
-  });
-
-  await new Promise<void>((resolve, reject) => {
-    server.on("error", (err: NodeJS.ErrnoException) => {
-      if (err.code === "EADDRINUSE") {
-        reject(
-          new Error(
-            `Port ${CALLBACK_PORT} is in use. Close the other process or run: lsof -i :${CALLBACK_PORT}`,
-          ),
-        );
-      } else {
-        reject(err);
-      }
-    });
-    // Track all connections so we can destroy them and allow the process to exit
-    server.on("connection", (socket) => {
-      sockets.add(socket);
-      socket.on("close", () => sockets.delete(socket));
-    });
-    // Bind to all interfaces so both 127.0.0.1 and ::1 (localhost) can connect
-    server.listen(CALLBACK_PORT, "0.0.0.0", () => resolve());
-  });
-
-  console.log(
-    `Waiting for callback at http://localhost:${CALLBACK_PORT}/callback`,
-  );
-
-  const authorizeParams = new URLSearchParams({
-    client_id: config.clientId,
-    redirect_uri: CALLBACK_URL,
-    response_type: "code",
-    scope: "profile email",
-    state,
-  });
-  if (usePkce && codeVerifier) {
-    authorizeParams.set("code_challenge", generateCodeChallenge(codeVerifier));
-    authorizeParams.set("code_challenge_method", "S256");
-  }
-
-  const authorizeUrl = `${config.baseUrl}/api/oauth/authorize?${authorizeParams.toString()}`;
-  console.log("Opening browser for authorization...");
-  console.log("(Make sure you're logged in to Moon IQ in your browser)\n");
-  openBrowser(authorizeUrl);
-
-  const code = await codePromise;
-  if (!code) {
-    throw new Error("No authorization code received");
-  }
-
-  const tokenParams: Record<string, string> = {
-    grant_type: "authorization_code",
-    code,
-    client_id: config.clientId,
-    redirect_uri: CALLBACK_URL,
-  };
-  if (config.clientSecret) {
-    tokenParams.client_secret = config.clientSecret;
-  }
-  if (usePkce && codeVerifier) {
-    tokenParams.code_verifier = codeVerifier;
-  }
-
-  const tokenResponse = await fetch(`${config.baseUrl}/api/oauth/token`, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams(tokenParams),
-  });
-
-  if (!tokenResponse.ok) {
-    const err = (await tokenResponse.json().catch(() => ({}))) as {
-      error?: string;
-      error_description?: string;
-    };
-    const msg = err.error_description ?? err.error ?? tokenResponse.statusText;
-    throw new Error(`Token exchange failed: ${msg}`);
-  }
-
-  const tokens = await tokenResponse.json();
-  const expiresAt = Date.now() + (tokens.expires_in ?? 3600) * 1000;
-
-  const creds: Credentials = {
-    accessToken: tokens.access_token,
-    refreshToken: tokens.refresh_token ?? null,
-    expiresAt,
-    baseUrl: config.baseUrl,
-  };
-
-  saveCredentials(creds);
-
-  // Close callback server and all connections so the process can exit (no hang after "Logged in successfully.")
-  server.close();
-  for (const socket of sockets) {
-    if ("destroy" in socket && typeof (socket as { destroy: () => void }).destroy === "function") {
-      (socket as { destroy: () => void }).destroy();
-    }
-  }
-  sockets.clear();
-
-  return creds;
-}
-
-export async function refreshCredentials(
-  creds: Credentials,
-  config: Config,
-): Promise<Credentials> {
-  if (!creds.refreshToken) {
-    throw new Error("No refresh token available");
-  }
-
-  const refreshParams: Record<string, string> = {
-    grant_type: "refresh_token",
-    refresh_token: creds.refreshToken,
-    client_id: config.clientId,
-  };
-  if (config.clientSecret) {
-    refreshParams.client_secret = config.clientSecret;
-  }
-
-  const tokenResponse = await fetch(`${config.baseUrl}/api/oauth/token`, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams(refreshParams),
-  });
-
-  if (!tokenResponse.ok) {
-    throw new Error("Token refresh failed");
-  }
-
-  const tokens = await tokenResponse.json();
-  const expiresAt = Date.now() + (tokens.expires_in ?? 3600) * 1000;
-
-  const newCreds: Credentials = {
-    accessToken: tokens.access_token,
-    refreshToken: tokens.refresh_token ?? creds.refreshToken,
-    expiresAt,
-    baseUrl: config.baseUrl,
-  };
-
-  saveCredentials(newCreds);
-  return newCreds;
-}
-
-const TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1000; // 5 minutes
-
-export async function getValidToken(): Promise<string | null> {
-  const creds = getCredentials();
-  if (!creds) return null;
-
-  const config = getConfig();
-  if (!config || config.baseUrl !== creds.baseUrl) return null;
-
-  if (Date.now() >= creds.expiresAt - TOKEN_EXPIRY_BUFFER_MS) {
-    if (creds.refreshToken) {
-      try {
-        const newCreds = await refreshCredentials(creds, config);
-        return newCreds.accessToken;
-      } catch {
-        return null;
-      }
-    }
-    return null;
-  }
-
-  return creds.accessToken;
-}

package/src/client.ts

@@ -1,68 +0,0 @@
-import {
-  getConfig,
-  getCredentials,
-  getValidToken,
-  refreshCredentials,
-} from "./auth";
-import { TOOL_NAMES } from "./generated/client";
-
-export { TOOL_NAMES } from "./generated/client";
-
-async function callToolWithToken(
-  baseUrl: string,
-  token: string,
-  toolName: string,
-  params: Record<string, unknown>
-): Promise<{ data: unknown; status: number }> {
-  const res = await fetch(`${baseUrl}/api/tools/${toolName}`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${token}`,
-    },
-    body: JSON.stringify(params),
-  });
-
-  const data = await res.json();
-  return { data, status: res.status };
-}
-
-export async function callToolWithAuth(
-  baseUrl: string,
-  toolName: string,
-  params: Record<string, unknown>
-): Promise<unknown> {
-  let token = await getValidToken();
-  if (!token) {
-    throw new Error(
-      "Not logged in. Run `mooniq login` first and ensure ~/.config/moon-iq/config.json has baseUrl and clientId."
-    );
-  }
-
-  let result = await callToolWithToken(baseUrl, token, toolName, params);
-
-  if (result.status === 401) {
-    const creds = getCredentials();
-    const config = getConfig();
-    if (creds?.refreshToken && config && config.baseUrl === creds.baseUrl) {
-      try {
-        const newCreds = await refreshCredentials(creds, config);
-        result = await callToolWithToken(
-          baseUrl,
-          newCreds.accessToken,
-          toolName,
-          params
-        );
-      } catch {
-        // Refresh failed, fall through and throw the original 401
-      }
-    }
-  }
-
-  if (result.status < 200 || result.status >= 300) {
-    const err = result.data as { error?: string };
-    throw new Error(err?.error ?? "Tool call failed");
-  }
-
-  return result.data;
-}