prismic 0.0.0-pr.28.59bf330

package/src/token-list.ts

@@ -0,0 +1,223 @@
+import { parseArgs } from "node:util";
+import * as v from "valibot";
+
+import { isAuthenticated } from "./lib/auth";
+import { safeGetRepositoryFromConfig } from "./lib/config";
+import { stringify } from "./lib/json";
+import {
+	ForbiddenRequestError,
+	type ParsedRequestResponse,
+	request,
+	UnauthorizedRequestError,
+} from "./lib/request";
+import { getRepoUrl } from "./lib/url";
+
+const HELP = `
+List all API tokens for a Prismic repository.
+
+By default, this command reads the repository from prismic.config.json at the
+project root.
+
+USAGE
+  prismic token list [flags]
+
+FLAGS
+      --json          Output as JSON
+  -r, --repo string   Repository domain
+  -h, --help          Show help for command
+
+LEARN MORE
+  Use \`prismic token <command> --help\` for more information about a command.
+`.trim();
+
+export async function tokenList(): Promise<void> {
+	const {
+		values: { help, repo = await safeGetRepositoryFromConfig(), json },
+	} = parseArgs({
+		args: process.argv.slice(4), // skip: node, script, "token", "list"
+		options: {
+			json: { type: "boolean" },
+			repo: { type: "string", short: "r" },
+			help: { type: "boolean", short: "h" },
+		},
+		allowPositionals: false,
+	});
+
+	if (help) {
+		console.info(HELP);
+		return;
+	}
+
+	if (!repo) {
+		console.error("Missing prismic.config.json or --repo option");
+		process.exitCode = 1;
+		return;
+	}
+
+	const authenticated = await isAuthenticated();
+	if (!authenticated) {
+		handleUnauthenticated();
+		return;
+	}
+
+	const [accessResponse, writeResponse] = await Promise.all([
+		getAccessTokens(repo),
+		getWriteTokens(repo),
+	]);
+
+	if (!accessResponse.ok) {
+		if (
+			accessResponse.error instanceof ForbiddenRequestError ||
+			accessResponse.error instanceof UnauthorizedRequestError
+		) {
+			handleUnauthenticated();
+		} else if (v.isValiError(accessResponse.error)) {
+			console.error(
+				`Failed to list access tokens: Invalid response: ${stringify(accessResponse.error.issues)}`,
+			);
+			process.exitCode = 1;
+		} else {
+			console.error(`Failed to list access tokens: ${stringify(accessResponse.value)}`);
+			process.exitCode = 1;
+		}
+		return;
+	}
+
+	if (!writeResponse.ok) {
+		if (
+			writeResponse.error instanceof ForbiddenRequestError ||
+			writeResponse.error instanceof UnauthorizedRequestError
+		) {
+			handleUnauthenticated();
+		} else if (v.isValiError(writeResponse.error)) {
+			console.error(
+				`Failed to list write tokens: Invalid response: ${stringify(writeResponse.error.issues)}`,
+			);
+			process.exitCode = 1;
+		} else {
+			console.error(`Failed to list write tokens: ${stringify(writeResponse.value)}`);
+			process.exitCode = 1;
+		}
+		return;
+	}
+
+	const accessTokens = accessResponse.value.flatMap((app: OAuthApp) =>
+		app.wroom_auths.map((auth: AccessToken) => ({
+			name: app.name,
+			appId: app.id,
+			authId: auth.id,
+			scope: auth.scope,
+			token: auth.token,
+			createdAt: auth.created_at.$date,
+		})),
+	);
+	const writeTokens = writeResponse.value.tokens;
+
+	if (json) {
+		console.info(stringify({ accessTokens, writeTokens }));
+	} else {
+		if (accessTokens.length > 0) {
+			console.info("ACCESS TOKENS");
+			for (const token of accessTokens) {
+				const truncated = truncateToken(token.token);
+				const date = formatDate(token.createdAt);
+				console.info(`  ${token.name}  ${token.scope}  ${truncated}  ${date}`);
+			}
+		} else {
+			console.info("ACCESS TOKENS  (none)");
+		}
+
+		console.info("");
+
+		if (writeTokens.length > 0) {
+			console.info("WRITE TOKENS");
+			for (const token of writeTokens) {
+				const truncated = truncateToken(token.token);
+				const date = formatDate(token.timestamp);
+				console.info(`  ${token.app_name}  ${truncated}  ${date}`);
+			}
+		} else {
+			console.info("WRITE TOKENS  (none)");
+		}
+	}
+}
+
+// MongoDB date format: { "$date": milliseconds }
+const MongoDBDateSchema = v.object({ $date: v.number() });
+type MongoDBDate = v.InferOutput<typeof MongoDBDateSchema>;
+
+// Access Token (from OAuth app's wroom_auths array)
+export const AccessTokenSchema = v.object({
+	id: v.string(),
+	origin: v.string(),
+	domain: v.string(),
+	app: v.string(),
+	scope: v.string(),
+	expired_at: MongoDBDateSchema,
+	created_at: MongoDBDateSchema,
+	owner: v.nullable(v.string()),
+	token: v.string(),
+});
+export type AccessToken = v.InferOutput<typeof AccessTokenSchema>;
+
+// OAuth App (container for access tokens)
+export const OAuthAppSchema = v.object({
+	id: v.string(),
+	secret: v.string(),
+	name: v.string(),
+	owner: v.string(),
+	created_at: MongoDBDateSchema,
+	authorized_domains: v.array(v.string()),
+	wroom_auths: v.array(AccessTokenSchema),
+});
+export type OAuthApp = v.InferOutput<typeof OAuthAppSchema>;
+
+// Write Token
+export const WriteTokenSchema = v.object({
+	app_name: v.string(),
+	token: v.string(),
+	timestamp: v.number(),
+});
+export type WriteToken = v.InferOutput<typeof WriteTokenSchema>;
+
+// Write Tokens List Response
+const WriteTokensInfoSchema = v.object({
+	max_tokens: v.number(),
+	tokens: v.array(WriteTokenSchema),
+});
+type WriteTokensInfo = v.InferOutput<typeof WriteTokensInfoSchema>;
+
+// Response schemas
+const GetAccessTokensResponseSchema = v.array(OAuthAppSchema);
+type GetAccessTokensResponse = v.InferOutput<typeof GetAccessTokensResponseSchema>;
+
+export async function getAccessTokens(
+	repo: string,
+): Promise<ParsedRequestResponse<GetAccessTokensResponse>> {
+	const url = new URL("settings/security/contentapi", await getRepoUrl(repo));
+	return await request(url, { schema: GetAccessTokensResponseSchema });
+}
+
+export async function getWriteTokens(
+	repo: string,
+): Promise<ParsedRequestResponse<WriteTokensInfo>> {
+	const url = new URL("settings/security/customtypesapi", await getRepoUrl(repo));
+	return await request(url, { schema: WriteTokensInfoSchema });
+}
+
+function truncateToken(token: string): string {
+	if (token.length <= 12) return token;
+	return `${token.slice(0, 8)}...${token.slice(-4)}`;
+}
+
+function formatDate(timestamp: number | MongoDBDate): string {
+	// MongoDB dates are in milliseconds, plain numbers are in seconds
+	const ms = typeof timestamp === "number" ? timestamp * 1000 : timestamp.$date;
+	const date = new Date(ms);
+	return date.toISOString().split("T")[0];
+}
+
+function handleUnauthenticated(): void {
+	console.error("Not logged in. Run `prismic login` first.");
+	process.exitCode = 1;
+}

package/src/token-set-name.ts

@@ -0,0 +1,193 @@
+import { parseArgs } from "node:util";
+import * as v from "valibot";
+
+import { isAuthenticated } from "./lib/auth";
+import { safeGetRepositoryFromConfig } from "./lib/config";
+import { stringify } from "./lib/json";
+import { ForbiddenRequestError, request, UnauthorizedRequestError } from "./lib/request";
+import { getRepoUrl } from "./lib/url";
+import {
+	getAccessTokens,
+	getWriteTokens,
+	type OAuthApp,
+	OAuthAppSchema,
+	type WriteToken,
+} from "./token-list";
+
+const HELP = `
+Set the name of a token in a Prismic repository.
+
+Note: Only access tokens can be renamed. Write tokens cannot be renamed without
+changing the token value.
+
+By default, this command reads the repository from prismic.config.json at the
+project root.
+
+USAGE
+  prismic token set-name <token> <name> [flags]
+
+ARGUMENTS
+  token   The token value (or partial match)
+  name    New name for the token
+
+FLAGS
+  -r, --repo string   Repository domain
+  -h, --help          Show help for command
+
+LEARN MORE
+  Use \`prismic token <command> --help\` for more information about a command.
+`.trim();
+
+export async function tokenSetName(): Promise<void> {
+	const {
+		values: { help, repo = await safeGetRepositoryFromConfig() },
+		positionals: [tokenValue, newName],
+	} = parseArgs({
+		args: process.argv.slice(4), // skip: node, script, "token", "set-name"
+		options: {
+			repo: { type: "string", short: "r" },
+			help: { type: "boolean", short: "h" },
+		},
+		allowPositionals: true,
+	});
+
+	if (help) {
+		console.info(HELP);
+		return;
+	}
+
+	if (!tokenValue) {
+		console.error("Missing required argument: token");
+		process.exitCode = 1;
+		return;
+	}
+
+	if (!newName) {
+		console.error("Missing required argument: name");
+		process.exitCode = 1;
+		return;
+	}
+
+	if (!repo) {
+		console.error("Missing prismic.config.json or --repo option");
+		process.exitCode = 1;
+		return;
+	}
+
+	const authenticated = await isAuthenticated();
+	if (!authenticated) {
+		handleUnauthenticated();
+		return;
+	}
+
+	// First, find the token in access tokens or write tokens
+	const [accessResponse, writeResponse] = await Promise.all([
+		getAccessTokens(repo),
+		getWriteTokens(repo),
+	]);
+
+	if (!accessResponse.ok) {
+		if (
+			accessResponse.error instanceof ForbiddenRequestError ||
+			accessResponse.error instanceof UnauthorizedRequestError
+		) {
+			handleUnauthenticated();
+		} else if (v.isValiError(accessResponse.error)) {
+			console.error(
+				`Failed to list access tokens: Invalid response: ${stringify(accessResponse.error.issues)}`,
+			);
+			process.exitCode = 1;
+		} else {
+			console.error(`Failed to list access tokens: ${stringify(accessResponse.value)}`);
+			process.exitCode = 1;
+		}
+		return;
+	}
+
+	if (!writeResponse.ok) {
+		if (
+			writeResponse.error instanceof ForbiddenRequestError ||
+			writeResponse.error instanceof UnauthorizedRequestError
+		) {
+			handleUnauthenticated();
+		} else if (v.isValiError(writeResponse.error)) {
+			console.error(
+				`Failed to list write tokens: Invalid response: ${stringify(writeResponse.error.issues)}`,
+			);
+			process.exitCode = 1;
+		} else {
+			console.error(`Failed to list write tokens: ${stringify(writeResponse.value)}`);
+			process.exitCode = 1;
+		}
+		return;
+	}
+
+	// Find in access tokens
+	let foundApp: OAuthApp | undefined;
+	for (const app of accessResponse.value) {
+		for (const auth of app.wroom_auths) {
+			if (
+				auth.token === tokenValue ||
+				auth.token.startsWith(tokenValue) ||
+				auth.token.endsWith(tokenValue)
+			) {
+				foundApp = app;
+				break;
+			}
+		}
+		if (foundApp) break;
+	}
+
+	if (foundApp) {
+		// Update OAuth app name
+		const url = new URL(`settings/security/oauthapp/${foundApp.id}`, await getRepoUrl(repo));
+		const response = await request(url, {
+			method: "POST",
+			body: { name: newName },
+			schema: OAuthAppSchema,
+		});
+
+		if (!response.ok) {
+			if (
+				response.error instanceof ForbiddenRequestError ||
+				response.error instanceof UnauthorizedRequestError
+			) {
+				handleUnauthenticated();
+			} else if (v.isValiError(response.error)) {
+				console.error(
+					`Failed to rename token: Invalid response: ${stringify(response.error.issues)}`,
+				);
+				process.exitCode = 1;
+			} else {
+				console.error(`Failed to rename token: ${stringify(response.value)}`);
+				process.exitCode = 1;
+			}
+			return;
+		}
+
+		console.info(`Token renamed to: ${newName}`);
+		return;
+	}
+
+	// Check if it's a write token
+	const foundWriteToken = writeResponse.value.tokens.find(
+		(t: WriteToken) =>
+			t.token === tokenValue || t.token.startsWith(tokenValue) || t.token.endsWith(tokenValue),
+	);
+
+	if (foundWriteToken) {
+		console.error(
+			"Write tokens cannot be renamed. Delete and create a new token with the desired name.",
+		);
+		process.exitCode = 1;
+		return;
+	}
+
+	console.error(`Token not found: ${tokenValue}`);
+	process.exitCode = 1;
+}
+
+function handleUnauthenticated(): void {
+	console.error("Not logged in. Run `prismic login` first.");
+	process.exitCode = 1;
+}

package/src/token.ts

@@ -0,0 +1,60 @@
+import { parseArgs } from "node:util";
+
+import { tokenCreate } from "./token-create";
+import { tokenDelete } from "./token-delete";
+import { tokenList } from "./token-list";
+import { tokenSetName } from "./token-set-name";
+
+const HELP = `
+Manage API tokens for a Prismic repository.
+
+USAGE
+  prismic token <command> [flags]
+
+COMMANDS
+  list        List all tokens
+  create      Create a new token
+  set-name    Set token name (access tokens only)
+  delete      Delete a token
+
+FLAGS
+  -h, --help   Show help for command
+
+LEARN MORE
+  Use \`prismic token <command> --help\` for more information about a command.
+`.trim();
+
+export async function token(): Promise<void> {
+	const {
+		positionals: [subcommand],
+	} = parseArgs({
+		args: process.argv.slice(3), // skip: node, script, "token"
+		options: {
+			help: { type: "boolean", short: "h" },
+		},
+		allowPositionals: true,
+		strict: false,
+	});
+
+	switch (subcommand) {
+		case "list":
+			await tokenList();
+			break;
+		case "create":
+			await tokenCreate();
+			break;
+		case "set-name":
+			await tokenSetName();
+			break;
+		case "delete":
+			await tokenDelete();
+			break;
+		default: {
+			if (subcommand) {
+				console.error(`Unknown token subcommand: ${subcommand}\n`);
+				process.exitCode = 1;
+			}
+			console.info(HELP);
+		}
+	}
+}

package/src/webhook-add-header.ts

@@ -0,0 +1,118 @@
+import { parseArgs } from "node:util";
+
+import { isAuthenticated } from "./lib/auth";
+import { safeGetRepositoryFromConfig } from "./lib/config";
+import { stringify } from "./lib/json";
+import { ForbiddenRequestError } from "./lib/request";
+import { updateWebhook } from "./webhook-enable";
+import { getWebhooks } from "./webhook-view";
+
+const HELP = `
+Add a custom HTTP header to a webhook.
+
+By default, this command reads the repository from prismic.config.json at the
+project root.
+
+USAGE
+  prismic webhook add-header <url> <key> <value> [flags]
+
+ARGUMENTS
+  <url>     Webhook URL
+  <key>     Header name
+  <value>   Header value
+
+FLAGS
+  -r, --repo string   Repository domain
+  -h, --help          Show help for command
+
+LEARN MORE
+  Use \`prismic <command> <subcommand> --help\` for more information about a command.
+`.trim();
+
+export async function webhookAddHeader(): Promise<void> {
+	const {
+		values: { help, repo = await safeGetRepositoryFromConfig() },
+		positionals: [webhookUrl, headerKey, headerValue],
+	} = parseArgs({
+		args: process.argv.slice(4), // skip: node, script, "webhook", "add-header"
+		options: {
+			repo: { type: "string", short: "r" },
+			help: { type: "boolean", short: "h" },
+		},
+		allowPositionals: true,
+	});
+
+	if (help) {
+		console.info(HELP);
+		return;
+	}
+
+	if (!webhookUrl) {
+		console.error("Missing required argument: <url>");
+		process.exitCode = 1;
+		return;
+	}
+
+	if (!headerKey) {
+		console.error("Missing required argument: <key>");
+		process.exitCode = 1;
+		return;
+	}
+
+	if (!headerValue) {
+		console.error("Missing required argument: <value>");
+		process.exitCode = 1;
+		return;
+	}
+
+	if (!repo) {
+		console.error("Missing prismic.config.json or --repo option");
+		process.exitCode = 1;
+		return;
+	}
+
+	const authenticated = await isAuthenticated();
+	if (!authenticated) {
+		handleUnauthenticated();
+		return;
+	}
+
+	const webhooksResponse = await getWebhooks(repo);
+	if (!webhooksResponse.ok) {
+		if (webhooksResponse.error instanceof ForbiddenRequestError) {
+			handleUnauthenticated();
+		} else {
+			console.error(`Failed to add header: ${stringify(webhooksResponse.value)}`);
+			process.exitCode = 1;
+		}
+		return;
+	}
+
+	const webhook = webhooksResponse.value.find((w) => w.config.url === webhookUrl);
+	if (!webhook) {
+		console.error(`Webhook not found: ${webhookUrl}`);
+		process.exitCode = 1;
+		return;
+	}
+
+	const updatedConfig = structuredClone(webhook.config);
+	updatedConfig.headers[headerKey] = headerValue;
+
+	const response = await updateWebhook(repo, webhook.config._id, updatedConfig);
+	if (!response.ok) {
+		if (response.error instanceof ForbiddenRequestError) {
+			handleUnauthenticated();
+		} else {
+			console.error(`Failed to add header: ${stringify(response.value)}`);
+			process.exitCode = 1;
+		}
+		return;
+	}
+
+	console.info(`Header added: ${headerKey}`);
+}
+
+function handleUnauthenticated() {
+	console.error("Not logged in. Run `prismic login` first.");
+	process.exitCode = 1;
+}