squads-cli 0.6.1 → 0.7.0

package/dist/chunk-Z2UKDBNL.js

@@ -0,0 +1,162 @@
+#!/usr/bin/env node
+
+// src/lib/auth.ts
+import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import http from "http";
+var PERSONAL_DOMAINS = [
+  "gmail.com",
+  "googlemail.com",
+  "yahoo.com",
+  "yahoo.co.uk",
+  "yahoo.fr",
+  "hotmail.com",
+  "outlook.com",
+  "live.com",
+  "msn.com",
+  "icloud.com",
+  "me.com",
+  "mac.com",
+  "aol.com",
+  "protonmail.com",
+  "proton.me",
+  "zoho.com",
+  "mail.com",
+  "yandex.com",
+  "yandex.ru",
+  "gmx.com",
+  "gmx.de",
+  "fastmail.com",
+  "tutanota.com",
+  "hey.com"
+];
+var AUTH_DIR = join(homedir(), ".squads-cli");
+var AUTH_PATH = join(AUTH_DIR, "auth.json");
+function isPersonalEmail(email) {
+  const domain = email.split("@")[1]?.toLowerCase();
+  return PERSONAL_DOMAINS.includes(domain);
+}
+function getEmailDomain(email) {
+  return email.split("@")[1]?.toLowerCase() || "";
+}
+function saveSession(session) {
+  if (!existsSync(AUTH_DIR)) {
+    mkdirSync(AUTH_DIR, { recursive: true, mode: 448 });
+  }
+  writeFileSync(AUTH_PATH, JSON.stringify(session, null, 2), { mode: 384 });
+}
+function loadSession() {
+  if (!existsSync(AUTH_PATH)) return null;
+  try {
+    return JSON.parse(readFileSync(AUTH_PATH, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function clearSession() {
+  try {
+    if (existsSync(AUTH_PATH)) {
+      unlinkSync(AUTH_PATH);
+    }
+  } catch {
+  }
+}
+function isLoggedIn() {
+  const session = loadSession();
+  return session !== null && session.status === "active";
+}
+async function verifyToken(apiUrl, token) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 5e3);
+  try {
+    const response = await fetch(`${apiUrl}/auth/cli/verify`, {
+      headers: { Authorization: `Bearer ${token}` },
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    if (!response.ok) return null;
+    const data = await response.json();
+    return {
+      email: String(data.email ?? ""),
+      tenantId: Number(data.tenant_id ?? 0),
+      tenantSlug: String(data.tenant_slug ?? ""),
+      tenantName: String(data.tenant_name ?? ""),
+      status: String(data.status ?? "")
+    };
+  } catch {
+    clearTimeout(timeout);
+    return null;
+  }
+}
+function escapeHtml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
+function startAuthCallbackServer(port = 54321) {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url || "", `http://localhost:${port}`);
+      if (url.pathname === "/callback") {
+        const email = url.searchParams.get("email");
+        const token = url.searchParams.get("token");
+        const error = url.searchParams.get("error");
+        if (error) {
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(`
+            <html>
+              <body style="font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0;">
+                <div style="text-align: center;">
+                  <h1 style="color: #ef4444;">Authentication failed: ${escapeHtml(error)}</h1>
+                  <p>You can close this window.</p>
+                </div>
+              </body>
+            </html>
+          `);
+          server.close();
+          reject(new Error(error));
+          return;
+        }
+        if (email && token) {
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(`
+            <html>
+              <body style="font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0;">
+                <div style="text-align: center;">
+                  <h1 style="color: #10b981;">Logged in!</h1>
+                  <p>Welcome, ${escapeHtml(email)}</p>
+                  <p style="color: #6b7280;">You can close this window and return to your terminal.</p>
+                </div>
+              </body>
+            </html>
+          `);
+          server.close();
+          resolve({ email, token });
+        } else {
+          res.writeHead(400, { "Content-Type": "text/plain" });
+          res.end("Missing email or token");
+        }
+      } else {
+        res.writeHead(404);
+        res.end();
+      }
+    });
+    server.listen(port, () => {
+    });
+    setTimeout(() => {
+      server.close();
+      reject(new Error("Login timed out"));
+    }, 5 * 60 * 1e3);
+  });
+}
+
+export {
+  isPersonalEmail,
+  getEmailDomain,
+  saveSession,
+  loadSession,
+  clearSession,
+  isLoggedIn,
+  verifyToken,
+  startAuthCallbackServer
+};
+//# sourceMappingURL=chunk-Z2UKDBNL.js.map

package/dist/chunk-Z2UKDBNL.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/lib/auth.ts"],"sourcesContent":["import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from 'fs';\nimport { join } from 'path';\nimport { homedir } from 'os';\nimport http from 'http';\n\n// Personal email domains to reject\nconst PERSONAL_DOMAINS = [\n  'gmail.com', 'googlemail.com',\n  'yahoo.com', 'yahoo.co.uk', 'yahoo.fr',\n  'hotmail.com', 'outlook.com', 'live.com', 'msn.com',\n  'icloud.com', 'me.com', 'mac.com',\n  'aol.com',\n  'protonmail.com', 'proton.me',\n  'zoho.com',\n  'mail.com',\n  'yandex.com', 'yandex.ru',\n  'gmx.com', 'gmx.de',\n  'fastmail.com',\n  'tutanota.com',\n  'hey.com',\n];\n\nconst AUTH_DIR = join(homedir(), '.squads-cli');\nconst AUTH_PATH = join(AUTH_DIR, 'auth.json');\n\nexport interface AuthSession {\n  email: string;\n  domain: string;\n  status: 'pending' | 'contacted' | 'active';\n  createdAt: string;\n  accessToken?: string;\n}\n\nexport function isPersonalEmail(email: string): boolean {\n  const domain = email.split('@')[1]?.toLowerCase();\n  return PERSONAL_DOMAINS.includes(domain);\n}\n\nexport function getEmailDomain(email: string): string {\n  return email.split('@')[1]?.toLowerCase() || '';\n}\n\nexport function saveSession(session: AuthSession): void {\n  if (!existsSync(AUTH_DIR)) {\n    mkdirSync(AUTH_DIR, { recursive: true, mode: 0o700 });\n  }\n  writeFileSync(AUTH_PATH, JSON.stringify(session, null, 2), { mode: 0o600 });\n}\n\nexport function loadSession(): AuthSession | null {\n  if (!existsSync(AUTH_PATH)) return null;\n  try {\n    return JSON.parse(readFileSync(AUTH_PATH, 'utf-8'));\n  } catch {\n    return null;\n  }\n}\n\nexport function clearSession(): void {\n  try {\n    if (existsSync(AUTH_PATH)) {\n      unlinkSync(AUTH_PATH);\n    }\n  } catch {\n    // File already removed or inaccessible\n  }\n}\n\nexport function isLoggedIn(): boolean {\n  const session = loadSession();\n  return session !== null && session.status === 'active';\n}\n\nexport interface VerifiedUser {\n  email: string;\n  tenantId: number;\n  tenantSlug: string;\n  tenantName: string;\n  status: string;\n}\n\n// Verify a token against the API and return user data (null on failure)\nexport async function verifyToken(apiUrl: string, token: string): Promise<VerifiedUser | null> {\n  const controller = new AbortController();\n  const timeout = setTimeout(() => controller.abort(), 5000);\n  try {\n    const response = await fetch(`${apiUrl}/auth/cli/verify`, {\n      headers: { Authorization: `Bearer ${token}` },\n      signal: controller.signal,\n    });\n    clearTimeout(timeout);\n    if (!response.ok) return null;\n    const data = await response.json() as Record<string, unknown>;\n    return {\n      email: String(data.email ?? ''),\n      tenantId: Number(data.tenant_id ?? 0),\n      tenantSlug: String(data.tenant_slug ?? ''),\n      tenantName: String(data.tenant_name ?? ''),\n      status: String(data.status ?? ''),\n    };\n  } catch {\n    clearTimeout(timeout);\n    return null;\n  }\n}\n\n// Escape HTML special characters to prevent XSS\nfunction escapeHtml(str: string): string {\n  return str\n    .replace(/&/g, '&amp;')\n    .replace(/</g, '&lt;')\n    .replace(/>/g, '&gt;')\n    .replace(/\"/g, '&quot;')\n    .replace(/'/g, '&#039;');\n}\n\n// Local callback server for OAuth flow\nexport function startAuthCallbackServer(port: number = 54321): Promise<{ email: string; token: string }> {\n  return new Promise((resolve, reject) => {\n    const server = http.createServer((req, res) => {\n      const url = new URL(req.url || '', `http://localhost:${port}`);\n\n      if (url.pathname === '/callback') {\n        const email = url.searchParams.get('email');\n        const token = url.searchParams.get('token');\n        const error = url.searchParams.get('error');\n\n        if (error) {\n          res.writeHead(200, { 'Content-Type': 'text/html' });\n          res.end(`\n            <html>\n              <body style=\"font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0;\">\n                <div style=\"text-align: center;\">\n                  <h1 style=\"color: #ef4444;\">Authentication failed: ${escapeHtml(error)}</h1>\n                  <p>You can close this window.</p>\n                </div>\n              </body>\n            </html>\n          `);\n          server.close();\n          reject(new Error(error));\n          return;\n        }\n\n        if (email && token) {\n          res.writeHead(200, { 'Content-Type': 'text/html' });\n          res.end(`\n            <html>\n              <body style=\"font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0;\">\n                <div style=\"text-align: center;\">\n                  <h1 style=\"color: #10b981;\">Logged in!</h1>\n                  <p>Welcome, ${escapeHtml(email)}</p>\n                  <p style=\"color: #6b7280;\">You can close this window and return to your terminal.</p>\n                </div>\n              </body>\n            </html>\n          `);\n          server.close();\n          resolve({ email, token });\n        } else {\n          res.writeHead(400, { 'Content-Type': 'text/plain' });\n          res.end('Missing email or token');\n        }\n      } else {\n        res.writeHead(404);\n        res.end();\n      }\n    });\n\n    server.listen(port, () => {\n      // Server started\n    });\n\n    // Timeout after 5 minutes\n    setTimeout(() => {\n      server.close();\n      reject(new Error('Login timed out'));\n    }, 5 * 60 * 1000);\n  });\n}\n"],"mappings":";;;AAAA,SAAS,YAAY,cAAc,eAAe,WAAW,kBAAkB;AAC/E,SAAS,YAAY;AACrB,SAAS,eAAe;AACxB,OAAO,UAAU;AAGjB,IAAM,mBAAmB;AAAA,EACvB;AAAA,EAAa;AAAA,EACb;AAAA,EAAa;AAAA,EAAe;AAAA,EAC5B;AAAA,EAAe;AAAA,EAAe;AAAA,EAAY;AAAA,EAC1C;AAAA,EAAc;AAAA,EAAU;AAAA,EACxB;AAAA,EACA;AAAA,EAAkB;AAAA,EAClB;AAAA,EACA;AAAA,EACA;AAAA,EAAc;AAAA,EACd;AAAA,EAAW;AAAA,EACX;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,WAAW,KAAK,QAAQ,GAAG,aAAa;AAC9C,IAAM,YAAY,KAAK,UAAU,WAAW;AAUrC,SAAS,gBAAgB,OAAwB;AACtD,QAAM,SAAS,MAAM,MAAM,GAAG,EAAE,CAAC,GAAG,YAAY;AAChD,SAAO,iBAAiB,SAAS,MAAM;AACzC;AAEO,SAAS,eAAe,OAAuB;AACpD,SAAO,MAAM,MAAM,GAAG,EAAE,CAAC,GAAG,YAAY,KAAK;AAC/C;AAEO,SAAS,YAAY,SAA4B;AACtD,MAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,cAAU,UAAU,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EACtD;AACA,gBAAc,WAAW,KAAK,UAAU,SAAS,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AAC5E;AAEO,SAAS,cAAkC;AAChD,MAAI,CAAC,WAAW,SAAS,EAAG,QAAO;AACnC,MAAI;AACF,WAAO,KAAK,MAAM,aAAa,WAAW,OAAO,CAAC;AAAA,EACpD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,eAAqB;AACnC,MAAI;AACF,QAAI,WAAW,SAAS,GAAG;AACzB,iBAAW,SAAS;AAAA,IACtB;AAAA,EACF,QAAQ;AAAA,EAER;AACF;AAEO,SAAS,aAAsB;AACpC,QAAM,UAAU,YAAY;AAC5B,SAAO,YAAY,QAAQ,QAAQ,WAAW;AAChD;AAWA,eAAsB,YAAY,QAAgB,OAA6C;AAC7F,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,GAAI;AACzD,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,MAAM,oBAAoB;AAAA,MACxD,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG;AAAA,MAC5C,QAAQ,WAAW;AAAA,IACrB,CAAC;AACD,iBAAa,OAAO;AACpB,QAAI,CAAC,SAAS,GAAI,QAAO;AACzB,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO;AAAA,MACL,OAAO,OAAO,KAAK,SAAS,EAAE;AAAA,MAC9B,UAAU,OAAO,KAAK,aAAa,CAAC;AAAA,MACpC,YAAY,OAAO,KAAK,eAAe,EAAE;AAAA,MACzC,YAAY,OAAO,KAAK,eAAe,EAAE;AAAA,MACzC,QAAQ,OAAO,KAAK,UAAU,EAAE;AAAA,IAClC;AAAA,EACF,QAAQ;AACN,iBAAa,OAAO;AACpB,WAAO;AAAA,EACT;AACF;AAGA,SAAS,WAAW,KAAqB;AACvC,SAAO,IACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,QAAQ;AAC3B;AAGO,SAAS,wBAAwB,OAAe,OAAkD;AACvG,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,SAAS,KAAK,aAAa,CAAC,KAAK,QAAQ;AAC7C,YAAM,MAAM,IAAI,IAAI,IAAI,OAAO,IAAI,oBAAoB,IAAI,EAAE;AAE7D,UAAI,IAAI,aAAa,aAAa;AAChC,cAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,cAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,cAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAE1C,YAAI,OAAO;AACT,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,cAAI,IAAI;AAAA;AAAA;AAAA;AAAA,uEAIqD,WAAW,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA,WAK7E;AACD,iBAAO,MAAM;AACb,iBAAO,IAAI,MAAM,KAAK,CAAC;AACvB;AAAA,QACF;AAEA,YAAI,SAAS,OAAO;AAClB,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAY,CAAC;AAClD,cAAI,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA,gCAKc,WAAW,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA,WAKtC;AACD,iBAAO,MAAM;AACb,kBAAQ,EAAE,OAAO,MAAM,CAAC;AAAA,QAC1B,OAAO;AACL,cAAI,UAAU,KAAK,EAAE,gBAAgB,aAAa,CAAC;AACnD,cAAI,IAAI,wBAAwB;AAAA,QAClC;AAAA,MACF,OAAO;AACL,YAAI,UAAU,GAAG;AACjB,YAAI,IAAI;AAAA,MACV;AAAA,IACF,CAAC;AAED,WAAO,OAAO,MAAM,MAAM;AAAA,IAE1B,CAAC;AAGD,eAAW,MAAM;AACf,aAAO,MAAM;AACb,aAAO,IAAI,MAAM,iBAAiB,CAAC;AAAA,IACrC,GAAG,IAAI,KAAK,GAAI;AAAA,EAClB,CAAC;AACH;","names":[]}