securenow 5.10.2 → 5.11.1

package/cli/config.js

@@ -1,117 +1,117 @@
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-const os = require('os');
-
-const CONFIG_DIR = path.join(os.homedir(), '.securenow');
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
-const CREDENTIALS_FILE = path.join(CONFIG_DIR, 'credentials.json');
-
-const DEFAULTS = {
-  apiUrl: 'https://api.securenow.ai',
-  appUrl: 'https://app.securenow.ai',
-  defaultApp: null,
-  output: 'table',
-};
-
-function ensureDir() {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
-  }
-}
-
-function loadJSON(filepath) {
-  try {
-    return JSON.parse(fs.readFileSync(filepath, 'utf8'));
-  } catch {
-    return {};
-  }
-}
-
-function saveJSON(filepath, data) {
-  ensureDir();
-  fs.writeFileSync(filepath, JSON.stringify(data, null, 2), { encoding: 'utf8', mode: 0o600 });
-  if (process.platform === 'win32') {
-    try {
-      const { execFileSync } = require('child_process');
-      execFileSync('icacls', [filepath, '/inheritance:r', '/grant:r', `${process.env.USERNAME}:F`], { stdio: 'ignore' });
-    } catch (_) {}
-  }
-}
-
-function loadConfig() {
-  return { ...DEFAULTS, ...loadJSON(CONFIG_FILE) };
-}
-
-function saveConfig(config) {
-  const existing = loadJSON(CONFIG_FILE);
-  saveJSON(CONFIG_FILE, { ...existing, ...config });
-}
-
-function getConfigValue(key) {
-  const config = loadConfig();
-  return config[key];
-}
-
-function setConfigValue(key, value) {
-  saveConfig({ [key]: value });
-}
-
-function loadCredentials() {
-  return loadJSON(CREDENTIALS_FILE);
-}
-
-function saveCredentials(creds) {
-  saveJSON(CREDENTIALS_FILE, creds);
-}
-
-function clearCredentials() {
-  try {
-    fs.unlinkSync(CREDENTIALS_FILE);
-  } catch {}
-}
-
-function getToken() {
-  const creds = loadCredentials();
-  if (!creds.token) return null;
-
-  if (creds.expiresAt && Date.now() > creds.expiresAt) {
-    return null;
-  }
-  return creds.token;
-}
-
-function setAuth(token, email, expiresAt) {
-  saveCredentials({ token, email, expiresAt });
-}
-
-function getApiUrl() {
-  return process.env.SECURENOW_API_URL || loadConfig().apiUrl;
-}
-
-function getAppUrl() {
-  return process.env.SECURENOW_APP_URL || loadConfig().appUrl;
-}
-
-function getDefaultApp() {
-  return process.env.SECURENOW_APP || loadConfig().defaultApp;
-}
-
-module.exports = {
-  CONFIG_DIR,
-  CONFIG_FILE,
-  CREDENTIALS_FILE,
-  loadConfig,
-  saveConfig,
-  getConfigValue,
-  setConfigValue,
-  loadCredentials,
-  saveCredentials,
-  clearCredentials,
-  getToken,
-  setAuth,
-  getApiUrl,
-  getAppUrl,
-  getDefaultApp,
-};
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const CONFIG_DIR = path.join(os.homedir(), '.securenow');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const CREDENTIALS_FILE = path.join(CONFIG_DIR, 'credentials.json');
+
+const DEFAULTS = {
+  apiUrl: 'https://api.securenow.ai',
+  appUrl: 'https://app.securenow.ai',
+  defaultApp: null,
+  output: 'table',
+};
+
+function ensureDir() {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+  }
+}
+
+function loadJSON(filepath) {
+  try {
+    return JSON.parse(fs.readFileSync(filepath, 'utf8'));
+  } catch {
+    return {};
+  }
+}
+
+function saveJSON(filepath, data) {
+  ensureDir();
+  fs.writeFileSync(filepath, JSON.stringify(data, null, 2), { encoding: 'utf8', mode: 0o600 });
+  if (process.platform === 'win32') {
+    try {
+      const { execFileSync } = require('child_process');
+      execFileSync('icacls', [filepath, '/inheritance:r', '/grant:r', `${process.env.USERNAME}:F`], { stdio: 'ignore' });
+    } catch (_) {}
+  }
+}
+
+function loadConfig() {
+  return { ...DEFAULTS, ...loadJSON(CONFIG_FILE) };
+}
+
+function saveConfig(config) {
+  const existing = loadJSON(CONFIG_FILE);
+  saveJSON(CONFIG_FILE, { ...existing, ...config });
+}
+
+function getConfigValue(key) {
+  const config = loadConfig();
+  return config[key];
+}
+
+function setConfigValue(key, value) {
+  saveConfig({ [key]: value });
+}
+
+function loadCredentials() {
+  return loadJSON(CREDENTIALS_FILE);
+}
+
+function saveCredentials(creds) {
+  saveJSON(CREDENTIALS_FILE, creds);
+}
+
+function clearCredentials() {
+  try {
+    fs.unlinkSync(CREDENTIALS_FILE);
+  } catch {}
+}
+
+function getToken() {
+  const creds = loadCredentials();
+  if (!creds.token) return null;
+
+  if (creds.expiresAt && Date.now() > creds.expiresAt) {
+    return null;
+  }
+  return creds.token;
+}
+
+function setAuth(token, email, expiresAt) {
+  saveCredentials({ token, email, expiresAt });
+}
+
+function getApiUrl() {
+  return process.env.SECURENOW_API_URL || loadConfig().apiUrl;
+}
+
+function getAppUrl() {
+  return process.env.SECURENOW_APP_URL || loadConfig().appUrl;
+}
+
+function getDefaultApp() {
+  return process.env.SECURENOW_APP || loadConfig().defaultApp;
+}
+
+module.exports = {
+  CONFIG_DIR,
+  CONFIG_FILE,
+  CREDENTIALS_FILE,
+  loadConfig,
+  saveConfig,
+  getConfigValue,
+  setConfigValue,
+  loadCredentials,
+  saveCredentials,
+  clearCredentials,
+  getToken,
+  setAuth,
+  getApiUrl,
+  getAppUrl,
+  getDefaultApp,
+};

package/cli/firewall.js

@@ -0,0 +1,81 @@
+'use strict';
+
+const { api, requireAuth } = require('./client');
+const ui = require('./ui');
+
+async function status(args, flags) {
+  requireAuth();
+  const s = ui.spinner('Checking firewall status');
+
+  try {
+    const data = await api.get('/firewall/status');
+
+    s.stop('Firewall status retrieved');
+
+    if (flags.json) {
+      ui.json(data);
+      return;
+    }
+
+    console.log('');
+    console.log(`  ${ui.c.bold(ui.c.green('Firewall: ENABLED'))}`);
+    console.log('');
+    ui.keyValue([
+      ['Blocked IPs', `${data.totalIps} total (${data.exactCount} exact + ${data.cidrCount} CIDR ranges)`],
+      ['Last updated', data.updatedAt || 'unknown'],
+      ['Sync TTL', `${data.ttl || 60}s`],
+    ]);
+    console.log('');
+    console.log(`  ${ui.c.dim('Manage your blocklist:')} securenow blocklist`);
+    console.log(`  ${ui.c.dim('Test an IP:')} securenow firewall test-ip <ip>`);
+    console.log('');
+  } catch (err) {
+    if (err.statusCode === 401 || err.status === 401) {
+      s.fail('Authentication failed');
+      ui.error('API key is invalid or missing the firewall:read scope.');
+      ui.info('Create an API key with firewall:read scope in the dashboard.');
+    } else {
+      s.fail('Failed to check firewall status');
+      throw err;
+    }
+  }
+}
+
+async function testIp(args, flags) {
+  requireAuth();
+  const ip = args[0];
+  if (!ip) {
+    ui.error('Usage: securenow firewall test-ip <ip-address>');
+    process.exit(1);
+  }
+
+  const s = ui.spinner(`Testing IP ${ip}`);
+
+  try {
+    const data = await api.get(`/firewall/check/${encodeURIComponent(ip)}`);
+
+    s.stop(`IP ${ip} checked`);
+
+    if (flags.json) {
+      ui.json(data);
+      return;
+    }
+
+    console.log('');
+    if (data.blocked) {
+      console.log(`  ${ui.c.bold(ui.c.red('BLOCKED'))} — ${ip} is in the blocklist`);
+      if (data.matchedEntry && data.matchedEntry !== ip) {
+        console.log(`  ${ui.c.dim(`Matched by: ${data.matchedEntry}`)}`);
+      }
+    } else {
+      console.log(`  ${ui.c.bold(ui.c.green('ALLOWED'))} — ${ip} is not in the blocklist`);
+    }
+    console.log(`  ${ui.c.dim(`Blocklist contains ${data.totalBlockedIps} entries`)}`);
+    console.log('');
+  } catch (err) {
+    s.fail('Failed to test IP');
+    throw err;
+  }
+}
+
+module.exports = { status, testIp };