neonctl 1.29.1 → 1.29.3

package/snapshotsResolver.cjs

@@ -1,32 +0,0 @@
-const path = require('path');
-
-module.exports = {
-  // resolves from test to snapshot path
-  resolveSnapshotPath: (testPath, snapshotExtension) => {
-    const p = path.relative(__dirname, testPath);
-    const parts = p.split(path.sep);
-    parts[0] = 'snapshots';
-    parts[parts.length - 1] = parts[parts.length - 1].replace(
-      '.js',
-      snapshotExtension,
-    );
-    const r = path.join(__dirname, ...parts);
-    return r;
-  },
-
-  // resolves from snapshot to test path
-  resolveTestPath: (snapshotFilePath, snapshotExtension) => {
-    const p = path.relative(__dirname, snapshotFilePath);
-    const parts = p.split(path.sep);
-    parts[0] = 'dist';
-    parts[parts.length - 1] = parts[parts.length - 1].replace(
-      snapshotExtension,
-      '.js',
-    );
-    const r = path.join(__dirname, ...parts);
-    return r;
-  },
-
-  // Example test path, used for preflight consistency check of the implementation above
-  testPathForConsistencyCheck: `${__dirname}/dist/example.test.js`,
-};

package/src/analytics.ts

@@ -1,95 +0,0 @@
-import { readFileSync } from 'node:fs';
-import { join } from 'node:path';
-
-import { Analytics } from '@segment/analytics-node';
-import { isAxiosError } from 'axios';
-
-import { CREDENTIALS_FILE } from './config.js';
-import { isCi } from './env.js';
-import { ErrorCode } from './errors.js';
-import { log } from './log.js';
-import pkg from './pkg.js';
-import { getApiClient } from './api.js';
-
-const WRITE_KEY = '3SQXn5ejjXWLEJ8xU2PRYhAotLtTaeeV';
-
-let client: Analytics | undefined;
-let userId = '';
-
-export const analyticsMiddleware = async (args: {
-  analytics: boolean;
-  apiKey?: string;
-  apiHost?: string;
-  configDir: string;
-  _: (string | number)[];
-  [key: string]: unknown;
-}) => {
-  if (!args.analytics) {
-    return;
-  }
-
-  try {
-    const credentialsPath = join(args.configDir, CREDENTIALS_FILE);
-    const credentials = readFileSync(credentialsPath, { encoding: 'utf-8' });
-    userId = JSON.parse(credentials).user_id;
-  } catch (err) {
-    log.debug('Failed to read credentials file', err);
-  }
-
-  try {
-    if (!userId && args.apiKey) {
-      const apiClient = getApiClient({
-        apiKey: args.apiKey,
-        apiHost: args.apiHost,
-      });
-      const resp = await apiClient?.getCurrentUserInfo?.();
-      userId = resp?.data?.id;
-    }
-  } catch (err) {
-    log.debug('Failed to get user id from api', err);
-  }
-
-  client = new Analytics({
-    writeKey: WRITE_KEY,
-    host: 'https://track.neon.tech',
-  });
-
-  client.identify({
-    userId: userId?.toString() ?? 'anonymous',
-  });
-
-  client.track({
-    userId: userId ?? 'anonymous',
-    event: 'CLI Started',
-    properties: {
-      version: pkg.version,
-      command: args._.join(' '),
-      flags: {
-        output: args.output,
-      },
-      ci: isCi(),
-    },
-  });
-  log.debug('Flushing CLI started event with userId: %s', userId);
-  await client.closeAndFlush();
-  log.debug('Flushed CLI started event with userId: %s', userId);
-};
-
-export const sendError = (err: Error, errCode: ErrorCode) => {
-  if (!client) {
-    return;
-  }
-  const axiosError = isAxiosError(err) ? err : undefined;
-  client.track({
-    event: 'CLI Error',
-    userId: userId ?? 'anonymous',
-    properties: {
-      message: err.message,
-      stack: err.stack,
-      errCode,
-      statusCode: axiosError?.response?.status,
-    },
-  });
-  client.closeAndFlush();
-  log.debug('Sent CLI error event: %s', errCode);
-};

package/src/api.ts

@@ -1,44 +0,0 @@
-import { createApiClient } from '@neondatabase/api-client';
-import { isAxiosError } from 'axios';
-
-import { log } from './log.js';
-import pkg from './pkg.js';
-
-export type ApiCallProps = {
-  apiKey: string;
-  apiHost?: string;
-};
-
-export const getApiClient = ({ apiKey, apiHost }: ApiCallProps) =>
-  createApiClient({
-    apiKey,
-    baseURL: apiHost,
-    timeout: 60000,
-    headers: {
-      'User-Agent': `neonctl v${pkg.version}`,
-    },
-  });
-
-const RETRY_COUNT = 5;
-const RETRY_DELAY = 3000;
-export const retryOnLock = async <T>(fn: () => Promise<T>): Promise<T> => {
-  let attempt = 0;
-  let errOut: unknown;
-  while (attempt < RETRY_COUNT) {
-    try {
-      return await fn();
-    } catch (err) {
-      errOut = err;
-      if (isAxiosError(err) && err.response?.status === 423) {
-        attempt++;
-        log.info(
-          `Resource is locked. Waiting ${RETRY_DELAY}ms before retrying...`,
-        );
-        await new Promise((resolve) => setTimeout(resolve, RETRY_DELAY));
-      } else {
-        throw err;
-      }
-    }
-  }
-  throw errOut;
-};

package/src/auth.ts

@@ -1,137 +0,0 @@
-import { custom, generators, Issuer, TokenSet } from 'openid-client';
-import { createServer } from 'node:http';
-import { createReadStream } from 'node:fs';
-import { join } from 'node:path';
-import open from 'open';
-
-import { log } from './log.js';
-import { AddressInfo } from 'node:net';
-import { fileURLToPath } from 'node:url';
-
-// oauth server timeouts
-const SERVER_TIMEOUT = 10_000;
-// where to wait for incoming redirect request from oauth server to arrive
-const REDIRECT_URI = (port: number) => `http://127.0.0.1:${port}/callback`;
-// These scopes cannot be cancelled, they are always needed.
-const ALWAYS_PRESENT_SCOPES = ['openid', 'offline', 'offline_access'] as const;
-
-const NEONCTL_SCOPES = [
-  ...ALWAYS_PRESENT_SCOPES,
-  'urn:neoncloud:projects:create',
-  'urn:neoncloud:projects:read',
-  'urn:neoncloud:projects:update',
-  'urn:neoncloud:projects:delete',
-] as const;
-
-export const defaultClientID = 'neonctl';
-
-export type AuthProps = {
-  oauthHost: string;
-  clientId: string;
-};
-
-custom.setHttpOptionsDefaults({
-  timeout: SERVER_TIMEOUT,
-});
-
-export const refreshToken = async (
-  { oauthHost, clientId }: AuthProps,
-  tokenSet: TokenSet,
-) => {
-  log.debug('Discovering oauth server');
-  const issuer = await Issuer.discover(oauthHost);
-
-  const neonOAuthClient = new issuer.Client({
-    token_endpoint_auth_method: 'none',
-    client_id: clientId,
-    response_types: ['code'],
-  });
-  return await neonOAuthClient.refresh(tokenSet);
-};
-
-export const auth = async ({ oauthHost, clientId }: AuthProps) => {
-  log.debug('Discovering oauth server');
-  const issuer = await Issuer.discover(oauthHost);
-
-  //
-  // Start HTTP server and wait till /callback is hit
-  //
-  const server = createServer();
-  server.listen(0, '127.0.0.1', function (this: typeof server) {
-    log.debug(`Listening on port ${(this.address() as AddressInfo).port}`);
-  });
-  await new Promise((resolve) => server.once('listening', resolve));
-  const listen_port = (server.address() as AddressInfo).port;
-
-  const neonOAuthClient = new issuer.Client({
-    token_endpoint_auth_method: 'none',
-    client_id: clientId,
-    redirect_uris: [REDIRECT_URI(listen_port)],
-    response_types: ['code'],
-  });
-
-  // https://datatracker.ietf.org/doc/html/rfc6819#section-4.4.1.8
-  const state = generators.state();
-
-  // we store the code_verifier in memory
-  const codeVerifier = generators.codeVerifier();
-
-  const codeChallenge = generators.codeChallenge(codeVerifier);
-
-  return new Promise<TokenSet>((resolve) => {
-    server.on('request', async (request, response) => {
-      //
-      // Wait for callback and follow oauth flow.
-      //
-      if (!request.url?.startsWith('/callback')) {
-        response.writeHead(404);
-        response.end();
-        return;
-      }
-
-      // process the CORS preflight OPTIONS request
-      if (request.method === 'OPTIONS') {
-        response.writeHead(200, {
-          'Access-Control-Allow-Origin': '*',
-          'Access-Control-Allow-Methods': 'GET, POST',
-          'Access-Control-Allow-Headers': 'Content-Type',
-        });
-        response.end();
-        return;
-      }
-
-      log.debug(`Callback received: ${request.url}`);
-      const params = neonOAuthClient.callbackParams(request);
-      const tokenSet = await neonOAuthClient.callback(
-        REDIRECT_URI(listen_port),
-        params,
-        {
-          code_verifier: codeVerifier,
-          state,
-        },
-      );
-
-      response.writeHead(200, { 'Content-Type': 'text/html' });
-      createReadStream(
-        join(fileURLToPath(new URL('.', import.meta.url)), './callback.html'),
-      ).pipe(response);
-      resolve(tokenSet);
-      server.close();
-    });
-
-    //
-    // Open browser to let user authenticate
-    //
-    const scopes =
-      clientId == defaultClientID ? NEONCTL_SCOPES : ALWAYS_PRESENT_SCOPES;
-
-    const authUrl = neonOAuthClient.authorizationUrl({
-      scope: scopes.join(' '),
-      state,
-      code_challenge: codeChallenge,
-      code_challenge_method: 'S256',
-    });
-
-    open(authUrl);
-  });
-};

package/src/commands/auth.test.ts

@@ -1,62 +0,0 @@
-import axios from 'axios';
-import {
-  beforeAll,
-  describe,
-  test,
-  jest,
-  afterAll,
-  expect,
-} from '@jest/globals';
-import { AddressInfo } from 'node:net';
-import { mkdtempSync, rmSync, readFileSync } from 'node:fs';
-import { Server } from 'node:http';
-
-import { startOauthServer } from '../test_utils/oauth_server';
-import { OAuth2Server } from 'oauth2-mock-server';
-import { runMockServer } from '../test_utils/mock_server';
-
-jest.unstable_mockModule('open', () => ({
-  __esModule: true,
-  default: jest.fn((url: string) => {
-    axios.get(url);
-  }),
-}));
-
-// "open" module should be imported after mocking
-const authModule = await import('./auth');
-
-describe('auth', () => {
-  let configDir = '';
-  let oauthServer: OAuth2Server;
-  let mockServer: Server;
-
-  beforeAll(async () => {
-    configDir = mkdtempSync('test-config');
-    oauthServer = await startOauthServer();
-    mockServer = await runMockServer('main');
-  });
-
-  afterAll(async () => {
-    rmSync(configDir, { recursive: true });
-    await oauthServer.stop();
-    await new Promise((resolve) => mockServer.close(resolve));
-  });
-
-  test('should auth', async () => {
-    await authModule.authFlow({
-      _: ['auth'],
-      apiHost: `http://localhost:${(mockServer.address() as AddressInfo).port}`,
-      clientId: 'test-client-id',
-      configDir,
-      forceAuth: true,
-      oauthHost: `http://localhost:${oauthServer.address().port}`,
-    });
-
-    const credentials = JSON.parse(
-      readFileSync(`${configDir}/credentials.json`, 'utf-8'),
-    );
-    expect(credentials.access_token).toEqual(expect.any(String));
-    expect(credentials.refresh_token).toEqual(expect.any(String));
-    expect(credentials.user_id).toEqual(expect.any(String));
-  });
-});

package/src/commands/auth.ts

@@ -1,148 +0,0 @@
-import { join } from 'node:path';
-import { writeFileSync, existsSync, readFileSync } from 'node:fs';
-import { TokenSet } from 'openid-client';
-import yargs from 'yargs';
-
-import { Api } from '@neondatabase/api-client';
-
-import { auth, refreshToken } from '../auth.js';
-import { log } from '../log.js';
-import { getApiClient } from '../api.js';
-import { isCi } from '../env.js';
-import { CREDENTIALS_FILE } from '../config.js';
-
-type AuthProps = {
-  _: (string | number)[];
-  configDir: string;
-  oauthHost: string;
-  apiHost: string;
-  clientId: string;
-  forceAuth: boolean;
-};
-
-export const command = 'auth';
-export const aliases = ['login'];
-export const describe = 'Authenticate';
-export const builder = (yargs: yargs.Argv) =>
-  yargs.option('context-file', {
-    hidden: true,
-  });
-export const handler = async (args: AuthProps) => {
-  await authFlow(args);
-};
-
-export const authFlow = async ({
-  configDir,
-  oauthHost,
-  clientId,
-  apiHost,
-  forceAuth,
-}: AuthProps) => {
-  if (!forceAuth && isCi()) {
-    throw new Error('Cannot run interactive auth in CI');
-  }
-  const tokenSet = await auth({
-    oauthHost: oauthHost,
-    clientId: clientId,
-  });
-
-  const credentialsPath = join(configDir, CREDENTIALS_FILE);
-  await preserveCredentials(
-    credentialsPath,
-    tokenSet,
-    getApiClient({
-      apiKey: tokenSet.access_token || '',
-      apiHost,
-    }),
-  );
-  log.info(`Saved credentials to ${credentialsPath}`);
-  log.info('Auth complete');
-  return tokenSet.access_token || '';
-};
-
-const preserveCredentials = async (
-  path: string,
-  credentials: TokenSet,
-  apiClient: Api<unknown>,
-) => {
-  const {
-    data: { id },
-  } = await apiClient.getCurrentUserInfo();
-  const contents = JSON.stringify({
-    ...credentials,
-    user_id: id,
-  });
-  // correctly sets needed permissions for the credentials file
-  writeFileSync(path, contents, {
-    mode: 0o700,
-  });
-};
-
-export const ensureAuth = async (
-  props: AuthProps & { apiKey: string; apiClient: Api<unknown>; help: boolean },
-) => {
-  if (props._.length === 0 || props.help) {
-    return;
-  }
-  if (props.apiKey || props._[0] === 'auth') {
-    props.apiClient = getApiClient({
-      apiKey: props.apiKey,
-      apiHost: props.apiHost,
-    });
-    return;
-  }
-  const credentialsPath = join(props.configDir, CREDENTIALS_FILE);
-  if (existsSync(credentialsPath)) {
-    try {
-      const tokenSetContents = await JSON.parse(
-        readFileSync(credentialsPath, 'utf8'),
-      );
-      const tokenSet = new TokenSet(tokenSetContents);
-      if (tokenSet.expired()) {
-        log.debug('using refresh token to update access token');
-        const refreshedTokenSet = await refreshToken(
-          {
-            oauthHost: props.oauthHost,
-            clientId: props.clientId,
-          },
-          tokenSet,
-        ).catch((e) => {
-          log.error('failed to refresh token\n%s', e?.message);
-          process.exit(1);
-        });
-
-        props.apiKey = refreshedTokenSet.access_token || 'UNKNOWN';
-        props.apiClient = getApiClient({
-          apiKey: props.apiKey,
-          apiHost: props.apiHost,
-        });
-        await preserveCredentials(
-          credentialsPath,
-          refreshedTokenSet,
-          props.apiClient,
-        );
-        return;
-      }
-      const token = tokenSet.access_token || 'UNKNOWN';
-
-      props.apiKey = token;
-      props.apiClient = getApiClient({
-        apiKey: props.apiKey,
-        apiHost: props.apiHost,
-      });
-      return;
-    } catch (e) {
-      if ((e as { code: string }).code !== 'ENOENT') {
-        // not a "file does not exist" error
-        throw e;
-      }
-      props.apiKey = await authFlow(props);
-    }
-  } else {
-    props.apiKey = await authFlow(props);
-  }
-  props.apiClient = getApiClient({
-    apiKey: props.apiKey,
-    apiHost: props.apiHost,
-  });
-};