npm - reallink-cli - Versions diffs - 0.1.0 - Mend

reallink-cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/rust/Cargo.toml ADDED Viewed

@@ -0,0 +1,15 @@
+[package]
+name = "reallink-cli"
+version = "0.1.0"
+edition = "2021"
+description = "CLI for Reallink auth and token workflows"
+license = "MIT"
+[dependencies]
+anyhow = "1.0"
+clap = { version = "4.5", features = ["derive"] }
+dirs = "5.0"
+reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+tokio = { version = "1.42", features = ["macros", "rt-multi-thread", "time"] }

package/rust/src/main.rs ADDED Viewed

@@ -0,0 +1,492 @@
+use anyhow::{anyhow, Context, Result};
+use clap::{ArgAction, Args, Parser, Subcommand};
+use reqwest::{Method, StatusCode};
+use serde::{Deserialize, Serialize};
+use std::fs;
+use std::path::PathBuf;
+use std::time::{Duration, SystemTime, UNIX_EPOCH};
+use tokio::time::sleep;
+const DEFAULT_BASE_URL: &str = "https://api.real-agent.link";
+#[derive(Parser)]
+#[command(name = "reallink", version, about = "Reallink CLI")]
+struct Cli {
+    #[command(subcommand)]
+    command: Commands,
+}
+#[derive(Subcommand)]
+enum Commands {
+    Login(LoginArgs),
+    Whoami(BaseArgs),
+    Logout,
+    Token {
+        #[command(subcommand)]
+        command: TokenCommands,
+    },
+}
+#[derive(Args)]
+struct BaseArgs {
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct LoginArgs {
+    #[arg(long, default_value = DEFAULT_BASE_URL)]
+    base_url: String,
+    #[arg(long, default_value = "reallink-cli")]
+    client_id: String,
+    #[arg(long = "scope", action = ArgAction::Append)]
+    scope: Vec<String>,
+}
+#[derive(Subcommand)]
+enum TokenCommands {
+    List(BaseArgs),
+    Create(TokenCreateArgs),
+    Revoke(TokenRevokeArgs),
+}
+#[derive(Args)]
+struct TokenCreateArgs {
+    #[arg(long)]
+    name: String,
+    #[arg(long = "scope", action = ArgAction::Append)]
+    scope: Vec<String>,
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    expires_in_days: Option<u32>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct TokenRevokeArgs {
+    #[arg(long)]
+    token_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize, Clone)]
+struct SessionConfig {
+    base_url: String,
+    access_token: String,
+    refresh_token: String,
+    session_id: String,
+    updated_at_epoch_ms: u128,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceCodeRequest {
+    client_id: String,
+    scope: Vec<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceCodeResponse {
+    device_code: String,
+    user_code: String,
+    verification_uri: String,
+    verification_uri_complete: String,
+    expires_in: u64,
+    interval: u64,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceTokenRequest {
+    grant_type: String,
+    device_code: String,
+    client_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct TokenPairResponse {
+    access_token: String,
+    refresh_token: String,
+    session_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct RefreshRequest {
+    refresh_token: String,
+    session_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct RefreshResponse {
+    tokens: TokenPairResponse,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceTokenSuccess {
+    access_token: String,
+    refresh_token: String,
+    session_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct DeviceTokenError {
+    error: String,
+    error_description: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct ApiTokenRecord {
+    id: String,
+    user_id: String,
+    org_id: Option<String>,
+    project_id: Option<String>,
+    name: String,
+    token_prefix: String,
+    scopes: Vec<String>,
+    created_at: String,
+    last_used_at: Option<String>,
+    expires_at: Option<String>,
+    revoked_at: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct ListApiTokensResponse {
+    tokens: Vec<ApiTokenRecord>,
+}
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+struct CreateApiTokenRequest {
+    name: String,
+    org_id: Option<String>,
+    project_id: Option<String>,
+    scopes: Vec<String>,
+    expires_in_days: Option<u32>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct CreateApiTokenResponse {
+    token: String,
+    token_id: String,
+    token_prefix: String,
+    scopes: Vec<String>,
+    expires_at: Option<String>,
+}
+fn normalize_base_url(input: &str) -> String {
+    input.trim().trim_end_matches('/').to_string()
+}
+fn now_epoch_ms() -> u128 {
+    SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap_or_else(|_| Duration::from_secs(0))
+        .as_millis()
+}
+fn config_path() -> Result<PathBuf> {
+    let base = dirs::config_dir().ok_or_else(|| anyhow!("Could not resolve config directory"))?;
+    Ok(base.join("reallink").join("session.json"))
+}
+fn save_session(session: &SessionConfig) -> Result<()> {
+    let path = config_path()?;
+    if let Some(parent) = path.parent() {
+        fs::create_dir_all(parent).with_context(|| format!("Failed to create {}", parent.display()))?;
+    }
+    let payload = serde_json::to_vec_pretty(session)?;
+    fs::write(&path, payload).with_context(|| format!("Failed to write {}", path.display()))?;
+    Ok(())
+}
+fn load_session() -> Result<SessionConfig> {
+    let path = config_path()?;
+    let raw = fs::read(&path).with_context(|| {
+        format!(
+            "No active session at {}. Run `reallink login` first.",
+            path.display()
+        )
+    })?;
+    let session: SessionConfig = serde_json::from_slice(&raw)
+        .with_context(|| format!("Invalid session format in {}", path.display()))?;
+    Ok(session)
+}
+fn clear_session() -> Result<()> {
+    let path = config_path()?;
+    if path.exists() {
+        fs::remove_file(&path).with_context(|| format!("Failed to remove {}", path.display()))?;
+    }
+    Ok(())
+}
+async fn read_error_body(response: reqwest::Response) -> String {
+    match response.text().await {
+        Ok(text) if !text.trim().is_empty() => text,
+        _ => "No response body".to_string(),
+    }
+}
+async fn authed_request(
+    client: &reqwest::Client,
+    session: &mut SessionConfig,
+    method: Method,
+    path: &str,
+    body: Option<serde_json::Value>,
+) -> Result<reqwest::Response> {
+    let url = format!("{}{}", normalize_base_url(&session.base_url), path);
+    let mut request = client
+        .request(method.clone(), &url)
+        .bearer_auth(&session.access_token);
+    if let Some(ref body_value) = body {
+        request = request.json(body_value);
+    }
+    let response = request.send().await?;
+    if response.status() != StatusCode::UNAUTHORIZED {
+        return Ok(response);
+    }
+    refresh_session(client, session).await?;
+    let mut retry = client
+        .request(method, &url)
+        .bearer_auth(&session.access_token);
+    if let Some(ref body_value) = body {
+        retry = retry.json(body_value);
+    }
+    Ok(retry.send().await?)
+}
+async fn refresh_session(client: &reqwest::Client, session: &mut SessionConfig) -> Result<()> {
+    let url = format!("{}/auth/refresh", normalize_base_url(&session.base_url));
+    let payload = RefreshRequest {
+        refresh_token: session.refresh_token.clone(),
+        session_id: session.session_id.clone(),
+    };
+    let response = client.post(url).json(&payload).send().await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("Refresh failed: {}", body));
+    }
+    let refreshed: RefreshResponse = response.json().await?;
+    session.access_token = refreshed.tokens.access_token;
+    session.refresh_token = refreshed.tokens.refresh_token;
+    session.session_id = refreshed.tokens.session_id;
+    session.updated_at_epoch_ms = now_epoch_ms();
+    save_session(session)?;
+    Ok(())
+}
+async fn login_command(client: &reqwest::Client, args: LoginArgs) -> Result<()> {
+    let base_url = normalize_base_url(&args.base_url);
+    let scope = if args.scope.is_empty() {
+        vec![
+            "core:read".to_string(),
+            "core:write".to_string(),
+            "assets:read".to_string(),
+            "assets:write".to_string(),
+            "trace:read".to_string(),
+            "trace:write".to_string(),
+            "org:admin".to_string(),
+            "project:admin".to_string(),
+        ]
+    } else {
+        args.scope
+    };
+    let device_code_response = client
+        .post(format!("{}/auth/device/code", base_url))
+        .json(&DeviceCodeRequest {
+            client_id: args.client_id.clone(),
+            scope,
+        })
+        .send()
+        .await?;
+    if !device_code_response.status().is_success() {
+        let body = read_error_body(device_code_response).await;
+        return Err(anyhow!("Failed to start device flow: {}", body));
+    }
+    let device_code: DeviceCodeResponse = device_code_response.json().await?;
+    println!("Open this URL in your browser and approve the login:");
+    println!("{}", device_code.verification_uri_complete);
+    println!("User code: {}", device_code.user_code);
+    let expires_at = std::time::Instant::now() + Duration::from_secs(device_code.expires_in);
+    let mut poll_interval = Duration::from_secs(device_code.interval.max(1));
+    loop {
+        if std::time::Instant::now() >= expires_at {
+            return Err(anyhow!("Device code expired before approval"));
+        }
+        sleep(poll_interval).await;
+        let token_response = client
+            .post(format!("{}/auth/device/token", base_url))
+            .json(&DeviceTokenRequest {
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code".to_string(),
+                device_code: device_code.device_code.clone(),
+                client_id: args.client_id.clone(),
+            })
+            .send()
+            .await?;
+        if token_response.status().is_success() {
+            let tokens: DeviceTokenSuccess = token_response.json().await?;
+            let session = SessionConfig {
+                base_url: base_url.clone(),
+                access_token: tokens.access_token,
+                refresh_token: tokens.refresh_token,
+                session_id: tokens.session_id,
+                updated_at_epoch_ms: now_epoch_ms(),
+            };
+            save_session(&session)?;
+            println!("Login successful.");
+            return Ok(());
+        }
+        let error_payload: DeviceTokenError = token_response
+            .json()
+            .await
+            .unwrap_or(DeviceTokenError {
+                error: "unknown_error".to_string(),
+                error_description: Some("Could not parse auth error".to_string()),
+            });
+        match error_payload.error.as_str() {
+            "authorization_pending" => continue,
+            "slow_down" => {
+                poll_interval += Duration::from_secs(1);
+                continue;
+            }
+            _ => {
+                return Err(anyhow!(
+                    "Device login failed: {} ({})",
+                    error_payload.error,
+                    error_payload.error_description.unwrap_or_default()
+                ))
+            }
+        }
+    }
+}
+async fn whoami_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
+    let mut session = load_session()?;
+    if let Some(base_url) = args.base_url {
+        session.base_url = normalize_base_url(&base_url);
+    }
+    let response = authed_request(client, &mut session, Method::GET, "/auth/me", None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("whoami failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn token_list_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
+    let mut session = load_session()?;
+    if let Some(base_url) = args.base_url {
+        session.base_url = normalize_base_url(&base_url);
+    }
+    let response = authed_request(client, &mut session, Method::GET, "/auth/tokens", None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("token list failed: {}", body));
+    }
+    let payload: ListApiTokensResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.tokens)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn token_create_command(client: &reqwest::Client, args: TokenCreateArgs) -> Result<()> {
+    let mut session = load_session()?;
+    if let Some(base_url) = args.base_url {
+        session.base_url = normalize_base_url(&base_url);
+    }
+    let scopes = if args.scope.is_empty() {
+        return Err(anyhow!("At least one --scope must be provided"));
+    } else {
+        args.scope
+    };
+    let body = serde_json::to_value(CreateApiTokenRequest {
+        name: args.name,
+        org_id: args.org_id,
+        project_id: args.project_id,
+        scopes,
+        expires_in_days: args.expires_in_days,
+    })?;
+    let response = authed_request(client, &mut session, Method::POST, "/auth/tokens", Some(body)).await?;
+    if !response.status().is_success() {
+        let body_text = read_error_body(response).await;
+        return Err(anyhow!("token create failed: {}", body_text));
+    }
+    let payload: CreateApiTokenResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn token_revoke_command(client: &reqwest::Client, args: TokenRevokeArgs) -> Result<()> {
+    let mut session = load_session()?;
+    if let Some(base_url) = args.base_url {
+        session.base_url = normalize_base_url(&base_url);
+    }
+    let path = format!("/auth/tokens/{}", args.token_id);
+    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("token revoke failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+#[tokio::main]
+async fn main() -> Result<()> {
+    let cli = Cli::parse();
+    let client = reqwest::Client::builder()
+        .user_agent("reallink-cli/0.1.0")
+        .build()?;
+    match cli.command {
+        Commands::Login(args) => login_command(&client, args).await?,
+        Commands::Whoami(args) => whoami_command(&client, args).await?,
+        Commands::Logout => {
+            clear_session()?;
+            println!("Logged out.");
+        }
+        Commands::Token { command } => match command {
+            TokenCommands::List(args) => token_list_command(&client, args).await?,
+            TokenCommands::Create(args) => token_create_command(&client, args).await?,
+            TokenCommands::Revoke(args) => token_revoke_command(&client, args).await?,
+        },
+    }
+    Ok(())
+}