sparkecoder 0.1.100 → 0.1.102

package/dist/cli.js

@@ -16828,53 +16828,217 @@ program.command("slack-setup").description("Interactively configure Slack integr
     process.exit(1);
   }
 });
-program.command("cloudflared-setup").description("Print a copy-paste recipe for exposing this sparkecoder via cloudflared + Cloudflare Access").option("--port <port>", "Local sparkecoder web UI port", "6969").option("--api-port <port>", "Local sparkecoder API port", "3141").option("--hostname <host>", "Public hostname you want to assign (e.g. sf-mac-1.example.com)").option("--team <team>", "Your Cloudflare Access team subdomain (e.g. studyfetch -> studyfetch.cloudflareaccess.com)").option("--allowed-emails <emails>", "Comma-separated allow-listed emails").action(async (options) => {
+program.command("cloudflared-setup").description("Auto-detect cloudflared + set up a tunnel to this sparkecoder (interactive)").option("--port <port>", "Local sparkecoder web UI port", "6969").option("--api-port <port>", "Local sparkecoder API port", "3141").option("--hostname <host>", "Public hostname you want to assign (e.g. sf-mac-1.example.com)").option("--tunnel-name <name>", "Tunnel name to reuse or create", "sparkecoder").option("--team <team>", "Your Cloudflare Access team subdomain (e.g. studyfetch -> studyfetch.cloudflareaccess.com)").option("--allowed-emails <emails>", "Comma-separated allow-listed emails").option("-y, --yes", "Skip confirmations and do everything non-interactively", false).option("--print-only", "Skip auto-setup and just print the copy/paste recipe", false).action(async (options) => {
+  const { execSync: execSync2, spawnSync } = await import("child_process");
+  const { homedir: homedir2 } = await import("os");
+  const { copyFileSync } = await import("fs");
   const port = options.port || "6969";
   const apiPort = options.apiPort || "3141";
-  const hostname = options.hostname || "<your-public-hostname>";
+  const tunnelName = options.tunnelName || "sparkecoder";
   const team = options.team || "<your-team>";
   const emails = (options.allowedEmails || "").split(",").map((s) => s.trim()).filter(Boolean);
-  console.log(chalk.bold("Cloudflared + Cloudflare Access setup\n"));
-  console.log(chalk.dim("1. Install cloudflared:"));
-  console.log(chalk.cyan("   brew install cloudflared          # macOS"));
-  console.log(chalk.cyan("   # or download from https://github.com/cloudflare/cloudflared/releases\n"));
-  console.log(chalk.dim("2. Authenticate + create a named tunnel:"));
-  console.log(chalk.cyan("   cloudflared tunnel login"));
-  console.log(chalk.cyan("   cloudflared tunnel create sparkecoder"));
-  console.log(chalk.cyan(`   cloudflared tunnel route dns sparkecoder ${hostname}
-`));
-  console.log(chalk.dim("3. Create ~/.cloudflared/config.yml with:"));
-  console.log(chalk.cyan(`
-   tunnel: sparkecoder
-   credentials-file: /Users/$(whoami)/.cloudflared/<tunnel-id>.json
-   ingress:
-     - hostname: ${hostname}
-       service: http://localhost:${port}
-     - hostname: api-${hostname}
-       service: http://localhost:${apiPort}
-     - service: http_status:404
-`));
-  console.log(chalk.dim("4. Run the tunnel (or set it up as a system service):"));
-  console.log(chalk.cyan("   cloudflared tunnel run sparkecoder\n"));
-  console.log(chalk.dim("5. In Cloudflare Zero Trust > Access > Applications:"));
-  console.log(chalk.dim(`     - Add a self-hosted application for ${hostname}.`));
-  console.log(chalk.dim('     - Add an "Allow" policy with the emails you want.'));
-  console.log(chalk.dim(`     - Note the application AUD tag.
-`));
-  console.log(chalk.dim("6. Add an auth block to sparkecoder.config.json:"));
-  console.log(chalk.cyan(`
-   {
-     "auth": {
-       "cfAccess": {
-         "enabled": true,
-         "teamDomain": "${team}.cloudflareaccess.com",
-         "audTag": "<paste-aud-from-cf-dashboard>"
-       },
-       "allowedEmails": [${emails.length ? emails.map((e) => `"${e}"`).join(", ") : '"you@example.com"'}]
-     }
-   }
-`));
-  console.log(chalk.dim("7. Slack endpoint (/api/slack/events) and /health are exempt from CF Access automatically."));
+  const yes = !!options.yes;
+  if (options.printOnly) {
+    const hostname = options.hostname || "<your-public-hostname>";
+    console.log(chalk.bold("Cloudflared + Cloudflare Access setup (manual)\n"));
+    console.log(chalk.dim("1. brew install cloudflared"));
+    console.log(chalk.dim("2. cloudflared tunnel login"));
+    console.log(chalk.dim(`3. cloudflared tunnel create ${tunnelName}`));
+    console.log(chalk.dim(`4. cloudflared tunnel route dns ${tunnelName} ${hostname}`));
+    console.log(chalk.dim(`5. write ~/.cloudflared/config.yml pointing ${hostname} -> http://localhost:${port}, api-${hostname} -> http://localhost:${apiPort}`));
+    console.log(chalk.dim(`6. cloudflared tunnel run ${tunnelName}`));
+    console.log(chalk.dim("7. Cloudflare Zero Trust -> add a self-hosted Access app on the hostname"));
+    console.log(chalk.dim("8. Paste the AUD into sparkecoder.config.json under auth.cfAccess"));
+    return;
+  }
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  const ask = (q, def) => new Promise((res) => {
+    const prompt = def ? `${q} ${chalk.dim(`[${def}]`)} ` : `${q} `;
+    rl.question(prompt, (a) => res((a || "").trim() || def || ""));
+  });
+  const confirm = async (q, def = true) => {
+    if (yes) return true;
+    const a = (await ask(`${q} ${chalk.dim(def ? "(Y/n)" : "(y/N)")}`)).toLowerCase();
+    if (!a) return def;
+    return a.startsWith("y");
+  };
+  const which = (bin) => {
+    try {
+      return execSync2(`command -v ${bin}`, { stdio: ["ignore", "pipe", "ignore"] }).toString().trim() || null;
+    } catch {
+      return null;
+    }
+  };
+  const run = (cmd, args, opts = {}) => {
+    const r = spawnSync(cmd, args, { stdio: opts.inheritIO ? "inherit" : ["ignore", "pipe", "pipe"], encoding: "utf8" });
+    if (opts.check && r.status !== 0) {
+      throw new Error(`${cmd} ${args.join(" ")} failed (${r.status}): ${r.stderr || r.stdout}`);
+    }
+    return r;
+  };
+  try {
+    console.log(chalk.bold("Cloudflared auto-setup\n"));
+    let cfPath = which("cloudflared");
+    if (!cfPath) {
+      console.log(chalk.yellow("cloudflared is not installed."));
+      if (process.platform === "darwin" && which("brew")) {
+        if (await confirm("Install it now via `brew install cloudflared`?", true)) {
+          run("brew", ["install", "cloudflared"], { inheritIO: true, check: true });
+          cfPath = which("cloudflared");
+        }
+      }
+      if (!cfPath) {
+        console.log(chalk.red("Install cloudflared from https://github.com/cloudflare/cloudflared/releases and re-run."));
+        rl.close();
+        return;
+      }
+    }
+    const verOut = run("cloudflared", ["--version"]).stdout?.toString().split("\n")[0] || "installed";
+    console.log(chalk.green("\u2713"), "cloudflared:", chalk.dim(verOut));
+    const cfDir = join16(homedir2(), ".cloudflared");
+    const certPath = join16(cfDir, "cert.pem");
+    if (!existsSync21(certPath)) {
+      console.log(chalk.yellow("No Cloudflare login cert found."));
+      if (await confirm("Run `cloudflared tunnel login` now (opens a browser)?", true)) {
+        run("cloudflared", ["tunnel", "login"], { inheritIO: true, check: true });
+      } else {
+        console.log(chalk.red("Login required to continue."));
+        rl.close();
+        return;
+      }
+    } else {
+      console.log(chalk.green("\u2713"), "logged in:", chalk.dim(certPath));
+    }
+    let tunnels = [];
+    try {
+      const out = run("cloudflared", ["tunnel", "list", "--output", "json"]).stdout || "[]";
+      tunnels = JSON.parse(out);
+    } catch {
+    }
+    let tunnel = tunnels.find((t) => t.name === tunnelName);
+    if (tunnel) {
+      console.log(chalk.green("\u2713"), `reusing existing tunnel "${tunnelName}":`, chalk.dim(tunnel.id));
+    } else {
+      if (!await confirm(`No tunnel named "${tunnelName}" found. Create it?`, true)) {
+        rl.close();
+        return;
+      }
+      const r = run("cloudflared", ["tunnel", "create", tunnelName], { inheritIO: true });
+      if (r.status !== 0) {
+        console.log(chalk.red("Tunnel create failed."));
+        rl.close();
+        return;
+      }
+      try {
+        const out = run("cloudflared", ["tunnel", "list", "--output", "json"]).stdout || "[]";
+        tunnels = JSON.parse(out);
+        tunnel = tunnels.find((t) => t.name === tunnelName);
+      } catch {
+      }
+      if (!tunnel) {
+        console.log(chalk.red("Could not locate freshly-created tunnel. Check `cloudflared tunnel list`."));
+        rl.close();
+        return;
+      }
+    }
+    const credsFile = tunnel.credentials_file || join16(cfDir, `${tunnel.id}.json`);
+    if (!existsSync21(credsFile)) {
+      console.log(chalk.yellow(`Credentials file not found at ${credsFile}. The tunnel may still work via cert.pem.`));
+    }
+    let hostname = options.hostname;
+    if (!hostname) {
+      hostname = await ask("Public hostname for this sparkecoder (e.g. sf-mac-1.example.com):");
+    }
+    if (!hostname) {
+      console.log(chalk.red("A hostname is required to route DNS."));
+      rl.close();
+      return;
+    }
+    const dnsR = run("cloudflared", ["tunnel", "route", "dns", tunnelName, hostname]);
+    if (dnsR.status === 0) {
+      console.log(chalk.green("\u2713"), `DNS routed: ${hostname} -> ${tunnelName}`);
+    } else {
+      const err = (dnsR.stderr || dnsR.stdout || "").toString();
+      if (/already exists|with the same/i.test(err)) {
+        console.log(chalk.green("\u2713"), `DNS already routed for ${hostname}`);
+      } else {
+        console.log(chalk.yellow("DNS route warning:"), err.trim().split("\n").slice(-2).join(" "));
+      }
+    }
+    const configPath = join16(cfDir, "config.yml");
+    const configBody = `tunnel: ${tunnel.id}
+credentials-file: ${credsFile}
+ingress:
+  - hostname: ${hostname}
+    service: http://localhost:${port}
+  - hostname: api-${hostname}
+    service: http://localhost:${apiPort}
+  - service: http_status:404
+`;
+    let wroteConfig = false;
+    if (existsSync21(configPath)) {
+      const existing = readFileSync10(configPath, "utf8");
+      if (existing.trim() === configBody.trim()) {
+        console.log(chalk.green("\u2713"), `config.yml already up to date: ${configPath}`);
+        wroteConfig = true;
+      } else if (await confirm(`A different ${configPath} exists. Overwrite (a backup will be saved)?`, false)) {
+        copyFileSync(configPath, `${configPath}.bak.${Date.now()}`);
+        writeFileSync6(configPath, configBody);
+        console.log(chalk.green("\u2713"), `wrote ${configPath} (previous saved as .bak.*)`);
+        wroteConfig = true;
+      } else {
+        console.log(chalk.dim("Skipping config write. Suggested contents:"));
+        console.log(chalk.cyan(configBody));
+      }
+    } else {
+      writeFileSync6(configPath, configBody);
+      console.log(chalk.green("\u2713"), `wrote ${configPath}`);
+      wroteConfig = true;
+    }
+    let alreadyRunning = false;
+    try {
+      const psOut = execSync2("ps -axo command", { stdio: ["ignore", "pipe", "ignore"] }).toString();
+      alreadyRunning = /cloudflared.*tunnel.*run/.test(psOut);
+    } catch {
+    }
+    if (alreadyRunning) {
+      console.log(chalk.green("\u2713"), "cloudflared tunnel process detected \u2014 you may need to restart it to pick up config changes.");
+    } else if (wroteConfig) {
+      if (await confirm("Install cloudflared as a background service (`sudo cloudflared service install`)?", false)) {
+        run("sudo", ["cloudflared", "service", "install"], { inheritIO: true });
+      } else {
+        console.log(chalk.dim("Start it manually with:"), chalk.cyan(`cloudflared tunnel run ${tunnelName}`));
+      }
+    }
+    console.log("");
+    console.log(chalk.bold("Cloudflare Access (one manual step)"));
+    console.log(chalk.dim(`  1. Open https://one.dash.cloudflare.com -> Access -> Applications -> Add an application.`));
+    console.log(chalk.dim(`  2. Self-hosted, application domain = ${hostname} (and api-${hostname} if you also want the API protected).`));
+    console.log(
+      chalk.dim('  3. Add an "Allow" policy with emails:'),
+      chalk.cyan(emails.length ? emails.join(", ") : "you@example.com")
+    );
+    console.log(chalk.dim("  4. Copy the application AUD tag from the dashboard."));
+    console.log(chalk.dim(`  5. Paste it into sparkecoder.config.json:`));
+    console.log(chalk.cyan(`     {
+       "auth": {
+         "cfAccess": {
+           "enabled": true,
+           "teamDomain": "${team}.cloudflareaccess.com",
+           "audTag": "<paste-aud-from-cf-dashboard>"
+         },
+         "allowedEmails": [${emails.length ? emails.map((e) => `"${e}"`).join(", ") : '"you@example.com"'}]
+       }
+     }`));
+    console.log(chalk.dim("  (/api/slack/events, /api/inbox/* and /health are exempt from CF Access automatically.)"));
+    console.log("");
+    console.log(chalk.green("Done."), `Your sparkecoder should now be reachable at`, chalk.cyan(`https://${hostname}`));
+  } catch (err) {
+    console.error(chalk.red("Setup failed:"), err?.message || err);
+    process.exitCode = 1;
+  } finally {
+    rl.close();
+  }
 });
 program.command("sessions").description("List all sessions").option("-l, --limit <limit>", "Number of sessions to show", "20").option("-p, --port <port>", "Server port", "3141").option("-H, --host <host>", "Server host", "127.0.0.1").action(async (options) => {
   const baseUrl = `http://${options.host}:${options.port}`;