promptarchitect 0.6.0

package/src/authService.ts

@@ -0,0 +1,556 @@
+/**
+ * PromptArchitect Authentication Service
+ * 
+ * Manages user authentication for the VS Code extension.
+ * Uses VS Code's built-in authentication API with a custom provider
+ * that connects to our backend.
+ */
+
+import * as vscode from 'vscode';
+
+const AUTH_PROVIDER_ID = 'promptarchitect';
+const AUTH_PROVIDER_LABEL = 'PromptArchitect';
+const SCOPES = ['user:read', 'prompts:write'];
+
+export interface UserSession {
+  id: string;
+  accessToken: string;
+  account: {
+    id: string;
+    email: string;
+    displayName: string;
+  };
+  expiresAt?: number;
+}
+
+export interface AuthState {
+  isAuthenticated: boolean;
+  session: UserSession | null;
+  error: string | null;
+}
+
+// API Response types
+interface CheckEmailResponse {
+  exists: boolean;
+}
+
+interface AuthResponse {
+  sessionId: string;
+  accessToken: string;
+  expiresIn?: number;
+  user: {
+    id: string;
+    email: string;
+    displayName?: string;
+  };
+}
+
+interface AuthErrorResponse {
+  message?: string;
+  error?: string;
+}
+
+export class AuthService implements vscode.Disposable {
+  private static instance: AuthService;
+  private _session: vscode.AuthenticationSession | null = null;
+  private _onDidChangeAuth = new vscode.EventEmitter<boolean>();
+  public readonly onDidChangeAuth = this._onDidChangeAuth.event;
+  
+  private context: vscode.ExtensionContext;
+  private apiEndpoint: string;
+  private disposables: vscode.Disposable[] = [];
+
+  private constructor(context: vscode.ExtensionContext, apiEndpoint: string) {
+    this.context = context;
+    this.apiEndpoint = apiEndpoint;
+
+    // Listen for session changes
+    this.disposables.push(
+      vscode.authentication.onDidChangeSessions((e) => {
+        if (e.provider.id === AUTH_PROVIDER_ID) {
+          this.checkAuthStatus();
+        }
+      })
+    );
+  }
+
+  static getInstance(context: vscode.ExtensionContext, apiEndpoint: string): AuthService {
+    if (!AuthService.instance) {
+      AuthService.instance = new AuthService(context, apiEndpoint);
+    }
+    return AuthService.instance;
+  }
+
+  /**
+   * Check if user is currently authenticated
+   */
+  async isAuthenticated(): Promise<boolean> {
+    // First check stored session
+    const storedSession = this.context.globalState.get<UserSession>('authSession');
+    if (storedSession && storedSession.expiresAt && storedSession.expiresAt > Date.now()) {
+      return true;
+    }
+
+    // Check with API
+    try {
+      const session = await this.getSession(false);
+      return session !== null;
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Get current session or prompt for login
+   */
+  async getSession(createIfNone: boolean = true): Promise<UserSession | null> {
+    // Check stored session first
+    const storedSession = this.context.globalState.get<UserSession>('authSession');
+    if (storedSession && storedSession.expiresAt && storedSession.expiresAt > Date.now()) {
+      return storedSession;
+    }
+
+    if (!createIfNone) {
+      return null;
+    }
+
+    // Prompt for login
+    return this.signIn();
+  }
+
+  /**
+   * Get access token for API requests
+   */
+  async getAccessToken(): Promise<string | null> {
+    const session = await this.getSession(false);
+    return session?.accessToken || null;
+  }
+
+  /**
+   * Sign in user - opens browser for OAuth flow
+   */
+  async signIn(): Promise<UserSession | null> {
+    const choice = await vscode.window.showInformationMessage(
+      '🔐 Welcome to PromptArchitect! Please sign in or create an account.',
+      { modal: true },
+      'Sign In',
+      'Create Account'
+    );
+
+    if (!choice) {
+      return null;
+    }
+
+    if (choice === 'Create Account') {
+      vscode.env.openExternal(vscode.Uri.parse('https://promptarchitectlabs.com/'));
+      return null;
+    }
+
+    // Sign In Flow
+    const providerChoice = await vscode.window.showQuickPick(
+      [
+        { label: '$(globe) Sign in with Google', value: 'google' },
+        { label: '$(github) Sign in with GitHub', value: 'github' },
+        { label: '$(mail) Sign in with Email', value: 'email' },
+      ],
+      {
+        placeHolder: 'Select a sign-in method',
+        title: 'Sign In to PromptArchitect',
+      }
+    );
+
+    if (!providerChoice) {
+      return null;
+    }
+
+    try {
+      const provider = providerChoice.value as 'google' | 'github' | 'email';
+
+      // For email, collect credentials
+      if (provider === 'email') {
+        return this.signInWithEmail();
+      }
+
+      // For OAuth providers, open browser
+      return this.signInWithOAuth(provider);
+    } catch (error) {
+      vscode.window.showErrorMessage(`Sign in failed: ${error}`);
+      return null;
+    }
+  }
+
+  /**
+   * Sign in with email/password
+   */
+  private async signInWithEmail(): Promise<UserSession | null> {
+    const email = await vscode.window.showInputBox({
+      prompt: 'Enter your email address',
+      placeHolder: 'you@example.com',
+      ignoreFocusOut: true,
+      validateInput: (value) => {
+        if (!value || !value.includes('@')) {
+          return 'Please enter a valid email address';
+        }
+        return null;
+      },
+    });
+
+    if (!email) return null;
+
+    const password = await vscode.window.showInputBox({
+      prompt: 'Enter your password',
+      password: true,
+      ignoreFocusOut: true,
+      validateInput: (value) => {
+        if (!value || value.length < 6) {
+          return 'Password must be at least 6 characters';
+        }
+        return null;
+      },
+    });
+
+    if (!password) return null;
+
+    // Check if this is a new user
+    const isNewUser = await this.checkIfNewUser(email);
+
+    if (isNewUser) {
+      const confirm = await vscode.window.showInformationMessage(
+        `No account found for ${email}. Create a new account?`,
+        { modal: true },
+        'Create Account',
+        'Cancel'
+      );
+
+      if (confirm !== 'Create Account') {
+        return null;
+      }
+
+      return this.createAccount(email, password);
+    }
+
+    return this.authenticateWithEmail(email, password);
+  }
+
+  /**
+   * Check if email is registered
+   */
+  private async checkIfNewUser(email: string): Promise<boolean> {
+    try {
+      const response = await fetch(`${this.apiEndpoint}/auth/check-email`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email }),
+      });
+      const data = await response.json() as CheckEmailResponse;
+      return !data.exists;
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Authenticate with email/password
+   */
+  private async authenticateWithEmail(email: string, password: string): Promise<UserSession | null> {
+    try {
+      const response = await fetch(`${this.apiEndpoint}/auth/login`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email, password, client: 'vscode' }),
+      });
+
+      if (!response.ok) {
+        const error = await response.json() as AuthErrorResponse;
+        throw new Error(error.message || 'Authentication failed');
+      }
+
+      const data = await response.json() as AuthResponse;
+      const session: UserSession = {
+        id: data.sessionId,
+        accessToken: data.accessToken,
+        account: {
+          id: data.user.id,
+          email: data.user.email,
+          displayName: data.user.displayName || email.split('@')[0],
+        },
+        expiresAt: Date.now() + (data.expiresIn || 86400) * 1000,
+      };
+
+      // Store session
+      await this.context.globalState.update('authSession', session);
+      this._onDidChangeAuth.fire(true);
+
+      vscode.window.showInformationMessage(`✅ Welcome back, ${session.account.displayName}!`);
+      return session;
+    } catch (error) {
+      vscode.window.showErrorMessage(`Login failed: ${error}`);
+      return null;
+    }
+  }
+
+  /**
+   * Create a new account
+   */
+  private async createAccount(email: string, password: string): Promise<UserSession | null> {
+    // Get display name
+    const displayName = await vscode.window.showInputBox({
+      prompt: 'Choose a display name',
+      placeHolder: 'Your Name',
+      ignoreFocusOut: true,
+      value: email.split('@')[0],
+    });
+
+    if (!displayName) return null;
+
+    try {
+      const response = await fetch(`${this.apiEndpoint}/auth/register`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email, password, displayName, client: 'vscode' }),
+      });
+
+      if (!response.ok) {
+        const error = await response.json() as AuthErrorResponse;
+        throw new Error(error.message || 'Registration failed');
+      }
+
+      const data = await response.json() as AuthResponse;
+      const session: UserSession = {
+        id: data.sessionId,
+        accessToken: data.accessToken,
+        account: {
+          id: data.user.id,
+          email: data.user.email,
+          displayName: data.user.displayName || displayName,
+        },
+        expiresAt: Date.now() + (data.expiresIn || 86400) * 1000,
+      };
+
+      // Store session
+      await this.context.globalState.update('authSession', session);
+      this._onDidChangeAuth.fire(true);
+
+      vscode.window.showInformationMessage(`🎉 Account created! Welcome, ${session.account.displayName}!`);
+      return session;
+    } catch (error) {
+      vscode.window.showErrorMessage(`Registration failed: ${error}`);
+      return null;
+    }
+  }
+
+  /**
+   * Sign in with OAuth (Google/GitHub)
+   */
+  private async signInWithOAuth(provider: 'google' | 'github'): Promise<UserSession | null> {
+    // Generate state for CSRF protection
+    const state = this.generateRandomString(32);
+    await this.context.globalState.update('authState', state);
+
+    // Build OAuth URL
+    // Use the official callback URL scheme
+    const callbackUri = await vscode.env.asExternalUri(
+      vscode.Uri.parse(`${vscode.env.uriScheme}://merabylabs.promptarchitect/callback`)
+    );
+
+    // Use frontend URL for auth
+    const authUrl = new URL(`https://promptarchitectlabs.com/vscode-auth`);
+    authUrl.searchParams.set('state', state);
+    authUrl.searchParams.set('redirect_uri', callbackUri.toString(true)); // Use true to skip encoding
+    authUrl.searchParams.set('client', 'vscode');
+    authUrl.searchParams.set('provider', provider);
+
+    // Open browser for OAuth
+    await vscode.env.openExternal(vscode.Uri.parse(authUrl.toString()));
+
+    // Wait for callback (with timeout)
+    return new Promise((resolve) => {
+      const timeout = setTimeout(() => {
+        disposable.dispose();
+        resolve(null);
+      }, 120000); // 2 minute timeout
+
+      const disposable = vscode.window.registerUriHandler({
+        handleUri: async (uri) => {
+          clearTimeout(timeout);
+          disposable.dispose();
+
+          if (uri.path === '/callback') {
+            const query = new URLSearchParams(uri.query);
+            const returnedState = query.get('state');
+            const code = query.get('code');
+            const token = query.get('token');
+            const uid = query.get('uid');
+            const email = query.get('email');
+            const displayName = query.get('displayName');
+            const error = query.get('error');
+
+            if (error) {
+              vscode.window.showErrorMessage(`Authentication failed: ${error}`);
+              resolve(null);
+              return;
+            }
+
+            // Verify state
+            const savedState = this.context.globalState.get<string>('authState');
+            if (returnedState !== savedState) {
+              vscode.window.showErrorMessage('Authentication failed: Invalid state');
+              resolve(null);
+              return;
+            }
+
+            if (token) {
+              // Implicit flow from frontend
+              const session: UserSession = {
+                id: uid || 'user',
+                accessToken: token,
+                account: {
+                  id: uid || 'user',
+                  email: email || 'user@example.com',
+                  displayName: displayName || 'User',
+                },
+                expiresAt: Date.now() + 3600 * 1000,
+              };
+              
+              await this.context.globalState.update('authSession', session);
+              this._onDidChangeAuth.fire(true);
+              vscode.window.showInformationMessage(`✅ Welcome, ${session.account.displayName}!`);
+              resolve(session);
+            } else if (code) {
+              const session = await this.exchangeCodeForSession(code, provider);
+              resolve(session);
+            } else {
+              resolve(null);
+            }
+          }
+        },
+      });
+    });
+  }
+
+  /**
+   * Exchange OAuth code for session
+   */
+  private async exchangeCodeForSession(code: string, provider: string): Promise<UserSession | null> {
+    try {
+      const response = await fetch(`${this.apiEndpoint}/auth/callback/${provider}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ code, client: 'vscode' }),
+      });
+
+      if (!response.ok) {
+        throw new Error('Failed to exchange code');
+      }
+
+      const data = await response.json() as AuthResponse;
+      const session: UserSession = {
+        id: data.sessionId,
+        accessToken: data.accessToken,
+        account: {
+          id: data.user.id,
+          email: data.user.email,
+          displayName: data.user.displayName || 'User',
+        },
+        expiresAt: Date.now() + (data.expiresIn || 86400) * 1000,
+      };
+
+      await this.context.globalState.update('authSession', session);
+      this._onDidChangeAuth.fire(true);
+
+      vscode.window.showInformationMessage(`✅ Welcome, ${session.account.displayName}!`);
+      return session;
+    } catch (error) {
+      vscode.window.showErrorMessage(`Authentication failed: ${error}`);
+      return null;
+    }
+  }
+
+  /**
+   * Sign out the current user
+   */
+  async signOut(): Promise<void> {
+    const session = await this.getSession(false);
+    
+    if (session) {
+      try {
+        // Revoke session on server
+        await fetch(`${this.apiEndpoint}/auth/logout`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${session.accessToken}`,
+          },
+        });
+      } catch {
+        // Ignore errors during logout
+      }
+    }
+
+    // Clear stored session
+    await this.context.globalState.update('authSession', undefined);
+    await this.context.globalState.update('authState', undefined);
+    this._session = null;
+    this._onDidChangeAuth.fire(false);
+
+    vscode.window.showInformationMessage('👋 Signed out successfully');
+  }
+
+  /**
+   * Get current user info
+   */
+  async getCurrentUser(): Promise<UserSession['account'] | null> {
+    const session = await this.getSession(false);
+    return session?.account || null;
+  }
+
+  /**
+   * Check auth status and update internal state
+   */
+  private async checkAuthStatus(): Promise<void> {
+    const isAuth = await this.isAuthenticated();
+    this._onDidChangeAuth.fire(isAuth);
+  }
+
+  /**
+   * Generate random string for CSRF state
+   */
+  private generateRandomString(length: number): string {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let result = '';
+    for (let i = 0; i < length; i++) {
+      result += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return result;
+  }
+
+  /**
+   * Show auth required message and prompt to sign in
+   */
+  async requireAuth(): Promise<boolean> {
+    const isAuth = await this.isAuthenticated();
+    
+    if (isAuth) {
+      return true;
+    }
+
+    const result = await vscode.window.showWarningMessage(
+      '🔐 Authentication Required\n\nSign in to continue using PromptArchitect. Your account enables prompt history, preferences, and access to all features.',
+      { modal: true },
+      'Sign In',
+      'Create Account'
+    );
+
+    if (result === 'Sign In' || result === 'Create Account') {
+      const session = await this.signIn();
+      return session !== null;
+    }
+
+    return false;
+  }
+
+  dispose(): void {
+    this._onDidChangeAuth.dispose();
+    this.disposables.forEach((d) => d.dispose());
+  }
+}