npm - nbound - Versions diffs - 1.0.5 → 1.1.0 - Mend

nbound 1.0.5 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/bin/nbound.js CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env bun
+#!/usr/bin/env node
 // @bun
 import { createRequire } from "node:module";
 var __create = Object.create;
@@ -5223,7 +5223,7 @@ var require_websocket = __commonJS((exports, module) => {
   var http = __require("http");
   var net = __require("net");
   var tls = __require("tls");
-  var { randomBytes: randomBytes2, createHash } = __require("crypto");
+  var { randomBytes: randomBytes3, createHash } = __require("crypto");
   var { Duplex, Readable } = __require("stream");
   var { URL: URL2 } = __require("url");
   var PerMessageDeflate = require_permessage_deflate();
@@ -5632,7 +5632,7 @@ var require_websocket = __commonJS((exports, module) => {
       }
     }
     const defaultPort = isSecure ? 443 : 80;
-    const key = randomBytes2(16).toString("base64");
+    const key = randomBytes3(16).toString("base64");
     const request2 = isSecure ? https.request : http.request;
     const protocolSet = new Set;
     let perMessageDeflate;
@@ -6441,7 +6441,8 @@ var {
 } = import__.default;
 // src/commands/login.ts
-import { createInterface } from "node:readline";
+import { createServer } from "node:http";
+import { randomBytes as randomBytes2 } from "node:crypto";
 // ../../node_modules/.pnpm/open@10.2.0/node_modules/open/index.js
 import process7 from "node:process";
@@ -6940,36 +6941,6 @@ defineLazyProperty(apps, "browser", () => "browser");
 defineLazyProperty(apps, "browserPrivate", () => "browserPrivate");
 var open_default = open;
-// ../../node_modules/.pnpm/nanoid@5.1.6/node_modules/nanoid/index.js
-import { webcrypto as crypto } from "node:crypto";
-// ../../node_modules/.pnpm/nanoid@5.1.6/node_modules/nanoid/url-alphabet/index.js
-var urlAlphabet = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
-// ../../node_modules/.pnpm/nanoid@5.1.6/node_modules/nanoid/index.js
-var POOL_SIZE_MULTIPLIER = 128;
-var pool;
-var poolOffset;
-function fillPool(bytes) {
-  if (!pool || pool.length < bytes) {
-    pool = Buffer.allocUnsafe(bytes * POOL_SIZE_MULTIPLIER);
-    crypto.getRandomValues(pool);
-    poolOffset = 0;
-  } else if (poolOffset + bytes > pool.length) {
-    crypto.getRandomValues(pool);
-    poolOffset = 0;
-  }
-  poolOffset += bytes;
-}
-function nanoid(size = 21) {
-  fillPool(size |= 0);
-  let id = "";
-  for (let i = poolOffset - size;i < poolOffset; i++) {
-    id += urlAlphabet[pool[i] & 63];
-  }
-  return id;
-}
 // src/lib/config.ts
 import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, renameSync, chmodSync } from "node:fs";
 import { homedir } from "node:os";
@@ -7166,20 +7137,6 @@ async function createEndpoint(token, input) {
   });
   return result;
 }
-async function exchangeCliCode(sessionId, code) {
-  const apiUrl = getApiUrl();
-  const response = await fetch(`${apiUrl}/api/auth/cli-exchange`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ sessionId, code }),
-    signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
-  });
-  const json = await response.json();
-  if (!response.ok || !json.success) {
-    throw new ApiError(response.status, json.error?.code ?? "UNKNOWN_ERROR", json.error?.message ?? "Failed to exchange code");
-  }
-  return json.data;
-}
 async function revokeCliToken(token) {
   const apiUrl = getApiUrl();
   try {
@@ -8555,18 +8512,130 @@ function createSpinner(text) {
 }
 // src/commands/login.ts
-function prompt(question) {
-  const rl = createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
+var DEFAULT_PORT = 9847;
+var PORT_RANGE_START = 9800;
+var PORT_RANGE_END = 9900;
+var AUTH_TIMEOUT_MS = 2 * 60 * 1000;
+function tryPort(port) {
   return new Promise((resolve) => {
-    rl.question(question, (answer) => {
-      rl.close();
-      resolve(answer.trim());
+    const server = createServer();
+    server.once("error", (err) => {
+      if (err.code === "EADDRINUSE") {
+        resolve(null);
+      } else {
+        resolve(null);
+      }
+    });
+    server.listen(port, "127.0.0.1", () => {
+      resolve(server);
     });
   });
 }
+async function findAvailablePort() {
+  const defaultServer = await tryPort(DEFAULT_PORT);
+  if (defaultServer) {
+    return { server: defaultServer, port: DEFAULT_PORT };
+  }
+  for (let i = 0;i < 10; i++) {
+    const port = PORT_RANGE_START + Math.floor(Math.random() * (PORT_RANGE_END - PORT_RANGE_START));
+    const server = await tryPort(port);
+    if (server) {
+      return { server, port };
+    }
+  }
+  return null;
+}
+function generateState() {
+  return randomBytes2(16).toString("hex");
+}
+var SUCCESS_HTML = `<!DOCTYPE html>
+<html>
+<head>
+  <title>Authenticated - nbound</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: #0a0a0a;
+      color: #fafafa;
+    }
+    .container {
+      text-align: center;
+      padding: 2rem;
+    }
+    .icon {
+      font-size: 4rem;
+      margin-bottom: 1rem;
+    }
+    h1 {
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin: 0 0 0.5rem;
+    }
+    p {
+      color: #a1a1aa;
+      margin: 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">&#10003;</div>
+    <h1>Authenticated!</h1>
+    <p>You can close this tab and return to your terminal.</p>
+  </div>
+  <script>window.close()</script>
+</body>
+</html>`;
+function errorHtml(message) {
+  return `<!DOCTYPE html>
+<html>
+<head>
+  <title>Authentication Failed - nbound</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: #0a0a0a;
+      color: #fafafa;
+    }
+    .container {
+      text-align: center;
+      padding: 2rem;
+    }
+    .icon {
+      font-size: 4rem;
+      margin-bottom: 1rem;
+      color: #ef4444;
+    }
+    h1 {
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin: 0 0 0.5rem;
+    }
+    p {
+      color: #a1a1aa;
+      margin: 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">&#10007;</div>
+    <h1>Authentication Failed</h1>
+    <p>${message}</p>
+  </div>
+</body>
+</html>`;
+}
 async function loginCommand(options) {
   const existingConfig = loadConfig();
   if (existingConfig && !options.token) {
@@ -8576,15 +8645,15 @@ async function loginCommand(options) {
       const expiry = checkTokenExpiry(existingConfig);
       if (expiry === "expiring_soon") {
         const daysLeft = getDaysUntilExpiry(existingConfig);
-        log.warning(`Your token expires in ${daysLeft} day${daysLeft === 1 ? "" : "s"}. Run: nbound login to refresh.`);
+        log.warning(`Your token expires in ${daysLeft} day${daysLeft === 1 ? "" : "s"}. Run: nbound logout && nbound login`);
       }
       log.dim("Run: nbound logout to switch accounts");
       return;
     } catch {}
   }
   if (options.token) {
-    const spinner2 = createSpinner("Validating token...");
-    spinner2.start();
+    const spinner = createSpinner("Validating token...");
+    spinner.start();
     try {
       const user = await getUser(options.token);
       const apiUrl2 = getApiUrl();
@@ -8594,21 +8663,70 @@ async function loginCommand(options) {
         apiUrl: apiUrl2,
         wsUrl: apiUrl2.replace("https://", "wss://").replace("http://", "ws://") + "/ws"
       });
-      spinner2.succeed(`Logged in as ${user.email}`);
+      spinner.succeed(`Logged in as ${user.email}`);
     } catch (error) {
-      spinner2.fail("Invalid token");
+      spinner.fail("Invalid token");
       if (error instanceof ApiError) {
         log.error(error.message);
       }
-      process.exit(2);
+      process.exit(1);
     }
     return;
   }
-  const sessionId = nanoid(21);
-  const apiUrl = getApiUrl();
-  const appUrl = apiUrl.replace("://api.", "://app.");
-  const authUrl = `${appUrl}/cli/auth?session=${sessionId}`;
   log.blank();
+  const portResult = await findAvailablePort();
+  if (!portResult) {
+    log.error("Could not find an available port for authentication callback.");
+    log.dim("Try closing other applications or run: nbound login --token <token>");
+    process.exit(1);
+  }
+  const { server, port } = portResult;
+  const state = generateState();
+  const apiUrl = getApiUrl();
+  const redirectUrl = `http://localhost:${port}/callback`;
+  const authUrl = `${apiUrl}/api/cli/auth?redirect=${encodeURIComponent(redirectUrl)}&state=${state}`;
+  const timeoutHandle = setTimeout(() => {
+    server.close();
+    log.blank();
+    log.error("Authentication timed out after 2 minutes.");
+    log.dim("Please try again: nbound login");
+    process.exit(1);
+  }, AUTH_TIMEOUT_MS);
+  const authPromise = new Promise((resolve, reject) => {
+    server.on("request", (req, res) => {
+      const url = new URL(req.url || "/", `http://localhost:${port}`);
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end("Not found");
+        return;
+      }
+      const receivedState = url.searchParams.get("state");
+      const token = url.searchParams.get("token");
+      const error = url.searchParams.get("error");
+      const expiresAt = url.searchParams.get("expiresAt");
+      if (error) {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(errorHtml(error));
+        reject(new Error(error));
+        return;
+      }
+      if (receivedState !== state) {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(errorHtml("Security validation failed. Please try again."));
+        reject(new Error("State mismatch - possible CSRF attack"));
+        return;
+      }
+      if (!token) {
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(errorHtml("No authentication token received."));
+        reject(new Error("No token received"));
+        return;
+      }
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end(SUCCESS_HTML);
+      resolve({ token, expiresAt: expiresAt || undefined });
+    });
+  });
   log.info("Opening browser to authenticate...");
   log.dim(authUrl);
   log.blank();
@@ -8619,31 +8737,37 @@ async function loginCommand(options) {
     log.info("Please open this URL in your browser:");
     log.info(authUrl);
   }
-  log.blank();
-  const code = await prompt("Enter the code from the browser: ");
-  if (!code) {
-    log.error("No code provided");
-    process.exit(4);
-  }
-  const spinner = createSpinner("Verifying code...");
-  spinner.start();
+  log.dim("Waiting for authentication...");
   try {
-    const { token, user, expiresAt } = await exchangeCliCode(sessionId, code);
-    saveConfig({
-      token,
-      user: { id: user.id, email: user.email },
-      apiUrl,
-      wsUrl: apiUrl.replace("https://", "wss://").replace("http://", "ws://") + "/ws",
-      expiresAt
-    });
-    spinner.succeed(`Logged in as ${user.email}`);
-    log.blank();
-  } catch (error) {
-    spinner.fail("Failed to verify code");
-    if (error instanceof ApiError) {
-      log.error(error.message);
+    const { token, expiresAt } = await authPromise;
+    clearTimeout(timeoutHandle);
+    server.close();
+    const spinner = createSpinner("Verifying token...");
+    spinner.start();
+    try {
+      const user = await getUser(token);
+      saveConfig({
+        token,
+        user: { id: user.id, email: user.email },
+        apiUrl,
+        wsUrl: apiUrl.replace("https://", "wss://").replace("http://", "ws://") + "/ws",
+        expiresAt
+      });
+      spinner.succeed(`Logged in as ${user.email}`);
+      log.blank();
+    } catch (error) {
+      spinner.fail("Failed to verify token");
+      if (error instanceof ApiError) {
+        log.error(error.message);
+      }
+      process.exit(1);
     }
-    process.exit(2);
+  } catch (error) {
+    clearTimeout(timeoutHandle);
+    server.close();
+    log.blank();
+    log.error(error instanceof Error ? error.message : "Authentication failed");
+    process.exit(1);
   }
 }
@@ -12796,7 +12920,7 @@ function getBackoffDelay(attempt, baseMs = 1000, maxMs = 30000, jitter = true) {
 // src/lib/ws-client.ts
 var PING_INTERVAL_MS = 30000;
 var PONG_TIMEOUT_MS = 1e4;
-var AUTH_TIMEOUT_MS = 1e4;
+var AUTH_TIMEOUT_MS2 = 1e4;
 class WebSocketClient {
   ws = null;
@@ -12851,10 +12975,15 @@ class WebSocketClient {
         this.options.onError(new Error(`Connection closed during auth: ${reasonStr}`));
       } else if (this.shouldReconnect && prevState === "connecting") {
         this.scheduleReconnect();
+      } else if (this.shouldReconnect && prevState === "authenticated") {
+        this.scheduleReconnect();
       }
     });
     this.ws.on("error", (error) => {
       if (this.state !== "subscribed" && this.shouldReconnect) {
+        if (this.state === "authenticated" || this.state === "authenticating") {
+          this.options.onDisconnected(`Connection error: ${error.message}`);
+        }
         this.scheduleReconnect();
       } else {
         this.options.onError(error);
@@ -12909,6 +13038,12 @@ class WebSocketClient {
         this.disconnect();
         break;
       }
+      case "session_replaced": {
+        this.shouldReconnect = false;
+        this.options.onError(new Error("Another CLI session connected to this endpoint."));
+        this.disconnect();
+        break;
+      }
       case "plan_changed": {
         const payload = message.payload;
         this.plan = payload.plan;
@@ -13014,7 +13149,7 @@ class WebSocketClient {
         this.options.onError(new Error("Authentication timed out"));
         this.disconnect();
       }
-    }, AUTH_TIMEOUT_MS);
+    }, AUTH_TIMEOUT_MS2);
   }
   clearAuthTimeout() {
     if (this.authTimeout) {
@@ -13580,7 +13715,7 @@ async function createCommand2(nameArg, options) {
 }
 // src/index.ts
-program.name("nbound").description("Forward webhooks to localhost for development").version("1.0.0");
+program.name("nbound").description("Forward webhooks to localhost for development").version("1.1.0");
 program.command("login").description("Authenticate with nbound").option("--token <token>", "Use an existing API token").action(loginCommand);
 program.command("logout").description("Clear stored credentials").action(logoutCommand);
 program.command("whoami").description("Show current authenticated user").action(whoamiCommand);