three-blocks-login 0.0.1

package/bin/login.js

@@ -0,0 +1,272 @@
+#!/usr/bin/env node
+// Minimal, dependency-free CLI
+// Node 18+ required (built-in fetch)
+
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+// Simple ANSI color helpers (no deps)
+const ESC = (n) => `\u001b[${n}m`;
+const reset = ESC(0);
+const bold = (s) => ESC(1) + s + reset;
+const dim = (s) => ESC(2) + s + reset;
+const red = (s) => ESC(31) + s + reset;
+const green = (s) => ESC(32) + s + reset;
+const yellow = (s) => ESC(33) + s + reset;
+const cyan = (s) => ESC(36) + s + reset;
+const plainBanner = "[three-blocks-login]";
+const banner = bold(cyan(plainBanner));
+
+const args = parseArgs(process.argv.slice(2));
+
+const SCOPE = (args.scope || "@three-blocks").replace(/^\s+|\s+$/g, "");
+
+const MODE = (args.mode || "env").toLowerCase(); // env | project | user
+const QUIET = !!args.quiet;
+const VERBOSE = !!args.verbose;
+
+// Load .env from current working directory (no deps)
+loadEnvFromDotfile(process.cwd());
+
+const BROKER_URL =
+  args.endpoint ||
+  process.env.THREE_BLOCKS_BROKER_URL ||
+  "http://localhost:3000/api/npm/token"; // your Astro broker endpoint
+
+const LICENSE =
+  args.license || process.env.THREE_BLOCKS_SECRET_KEY || process.env.THREE_BLOCKS_LICENSE_KEY;
+
+// Sanitize + validate license early to avoid header ByteString errors
+const LICENSE_CLEAN = sanitizeLicense(LICENSE);
+const invalidIdx = findFirstNonByteChar(LICENSE_CLEAN);
+if (invalidIdx !== -1) {
+  if (VERBOSE) log.warn(`[debug] license contains non-ASCII/byte char at index ${invalidIdx}`);
+  fail("License appears malformed. Please copy your tb_… key exactly without extra characters.");
+}
+if (!looksLikeLicense(LICENSE_CLEAN)) {
+  if (VERBOSE) log.warn(`[debug] license failed format check: ${truncate(LICENSE_CLEAN, 16)}`);
+  fail("License appears malformed. Please copy your tb_… key exactly.");
+}
+
+
+// Pretty logger (respects --quiet except for errors)
+const log = {
+  info: (msg) => { if (!QUIET) console.error(`${cyan("i")} ${msg}`); },
+  ok:   (msg) => { if (!QUIET) console.error(`${green("✔")} ${msg}`); },
+  warn: (msg) => { if (!QUIET) console.error(`${yellow("⚠")} ${msg}`); },
+  error:(msg) => { console.error(`${red("✖")} ${msg}`); }
+};
+
+if (!LICENSE) {
+  fail(
+    "Missing license key. Provide --license <key> or set THREE_BLOCKS_SECRET_KEY/THREE_BLOCKS_LICENSE_KEY (env or .env)."
+  );
+}
+
+(async () => {
+  try {
+    const tokenData = await fetchToken(BROKER_URL, LICENSE_CLEAN);
+    const { registry, token, expiresAt } = tokenData;
+
+    if (!registry || !token) fail("Broker response missing registry/token.");
+
+    const u = new URL(ensureTrailingSlash(registry));
+    const hostPath = `${u.host}${u.pathname}`; // e.g. my-domain-.../npm/my-repo/
+
+    const npmrcContent = [
+      `${normalizeScope(SCOPE)}:registry=${u.href}`,
+      `//${hostPath}:_authToken=${token}`,
+      `//${hostPath}:always-auth=true`
+    ].join(os.EOL) + os.EOL;
+
+    if (MODE === "env") {
+      // Write to a temp .npmrc and export env so the *current shell* can reuse it
+      const tmpFile = path.join(
+        os.tmpdir(),
+        `three-blocks-${Date.now()}-${Math.random().toString(36).slice(2)}.npmrc`
+      );
+      fs.writeFileSync(tmpFile, npmrcContent, { mode: 0o600 });
+
+      // Print shell exports; caller should `eval "$(npx -y three-blocks-login --mode env)"`
+      const lines = [
+        `# ${plainBanner} configure npm for current shell`,
+        `# scope: ${SCOPE} | registry: ${u.href} | expires: ${expiresAt ?? "unknown"}`,
+        `export NPM_CONFIG_USERCONFIG="${tmpFile}"`,
+        `export npm_config_userconfig="${tmpFile}"`,
+        `echo "${plainBanner} ${SCOPE} -> ${u.href} (expires ${expiresAt ?? "unknown"})"`
+      ];
+      console.log(lines.join("\n"));
+      return;
+    }
+
+    if (MODE === "project") {
+      // Write to local ./.npmrc (recommend users gitignore this)
+      const out = path.resolve(process.cwd(), ".npmrc");
+      fs.writeFileSync(out, npmrcContent, { mode: 0o600 });
+      log.ok(`${banner} wrote ${bold(out)} ${dim(`(${SCOPE} → ${u.href}, expires ${expiresAt ?? "unknown"})`)}`);
+      return;
+    }
+
+    if (MODE === "user") {
+      // Update user's npm config (requires npm on PATH)
+      await run("npm", ["config", "set", `${normalizeScope(SCOPE)}:registry`, u.href]);
+      await run("npm", [
+        "config",
+        "set",
+        `//${hostPath}:_authToken`,
+        token
+      ]);
+      await run("npm", [
+        "config",
+        "set",
+        `//${hostPath}:always-auth`,
+        "true"
+      ]);
+      log.ok(`${banner} updated user npm config ${dim(`(${SCOPE} → ${u.href}, expires ${expiresAt ?? "unknown"})`)}`);
+      return;
+    }
+
+    fail(`Unknown --mode "${MODE}". Use env | project | user.`);
+  } catch (e) {
+    const msg = e?.message || String(e);
+    if (VERBOSE) {
+      log.error(`[debug] ${msg}`);
+      return process.exit(1);
+    }
+    if (/ByteString/i.test(msg) || /character at index/i.test(msg)) {
+      return fail("License appears malformed. Please copy your tb_… key exactly and retry.");
+    }
+    return fail("Request failed. Please try again. Use --verbose for details.");
+  }
+})();
+
+function normalizeScope(scope) {
+  return scope.startsWith("@") ? scope : `@${scope}`;
+}
+
+function ensureTrailingSlash(url) {
+  return url.endsWith("/") ? url : url + "/";
+}
+
+function loadEnvFromDotfile(dir) {
+  try {
+    const file = path.join(dir, ".env");
+    if (!fs.existsSync(file)) return;
+    const txt = fs.readFileSync(file, "utf8");
+    for (const raw of txt.split(/\r?\n/)) {
+      const line = raw.trim();
+      if (!line || line.startsWith("#")) continue;
+      const eq = line.indexOf("=");
+      if (eq === -1) continue;
+      const key = line.slice(0, eq).trim();
+      let val = line.slice(eq + 1).trim();
+      if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+        val = val.slice(1, -1);
+      }
+      if (process.env[key] === undefined) process.env[key] = val;
+    }
+  } catch {}
+}
+
+async function fetchToken(endpoint, license) {
+  const res = await fetch(endpoint, {
+    method: "GET",
+    headers: {
+      "authorization": `Bearer ${license}`,
+      "accept": "application/json"
+    }
+  });
+  if (!res.ok) {
+    let body = "";
+    try { body = await res.text(); } catch {}
+    if (VERBOSE) {
+      log.warn(`[debug] broker response: status=${res.status} body=${truncate(body, 300)}`);
+    }
+    let msg = "Request failed. Please try again.";
+    if (res.status === 401 || res.status === 403) {
+      msg = "Authentication failed. Verify your license or access rights.";
+    } else if (res.status === 404) {
+      msg = "Service not found or endpoint misconfigured.";
+    } else if (res.status === 429) {
+      msg = "Too many requests. Please retry later.";
+    } else if (res.status >= 500) {
+      msg = "Upstream service error. Please retry later.";
+    }
+    throw new Error(msg);
+  }
+  const json = await res.json();
+  // expected: { registry, token, expiresAt? }
+  return json;
+}
+
+function truncate(s, n) {
+  if (!s) return s;
+  return s.length > n ? s.slice(0, n) + "…" : s;
+}
+
+function sanitizeLicense(x) {
+  if (!x) return "";
+  let s = String(x);
+  // Strip surrounding quotes
+  s = s.trim().replace(/^['"]+|['"]+$/g, "");
+  // Remove common pasted/hidden chars: bullet, zero-width, NBSP
+  s = s
+    .replace(/[\u2022\u2023\u25E6\u2043\u2219]/g, "") // bullets
+    .replace(/[\u200B-\u200D\uFEFF]/g, "")             // zero-width
+    .replace(/\u00A0/g, " ")                              // NBSP -> space
+    .replace(/\s+/g, "");                                 // remove whitespace
+  // Normalize fancy quotes to plain
+  s = s.replace(/[\u2018\u2019\u201C\u201D]/g, "");
+  return s;
+}
+
+function findFirstNonByteChar(s) {
+  if (!s) return -1;
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code > 255) return i;
+  }
+  return -1;
+}
+
+function looksLikeLicense(s) {
+  if (!s) return false;
+  // tb_ followed by base64url-ish payload
+  return /^tb_[A-Za-z0-9_-]{10,}$/.test(s);
+}
+
+async function run(cmd, args) {
+  const { spawn } = await import("node:child_process");
+  return new Promise((resolve, reject) => {
+    const p = spawn(cmd, args, { stdio: "inherit", shell: true });
+    p.on("close", (code) => {
+      if (code === 0) resolve(undefined);
+      else reject(new Error(`${cmd} ${args.join(" ")} exited with ${code}`));
+    });
+  });
+}
+
+function parseArgs(argv) {
+  const out = {};
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (!a.startsWith("-")) continue;
+    const key = a.replace(/^-+/, "");
+    const next = argv[i + 1];
+    if (["--quiet", "-q"].includes(a)) out.quiet = true;
+    else if (["--verbose", "-v"].includes(a)) out.verbose = true;
+    else if (next && !next.startsWith("-")) {
+      out[key] = next;
+      i++;
+    } else {
+      out[key] = true;
+    }
+  }
+  return out;
+}
+
+function fail(msg) {
+  console.error(`${red("✖")} ${banner} ${msg}`);
+  process.exit(1);
+}

package/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "three-blocks-login",
+  "version": "0.0.1",
+  "description": "Fetch a short-lived token from the three-blocks broker and configure npm for the current context.",
+  "type": "module",
+  "bin": {
+    "three-blocks-login": "bin/login.js"
+  },
+  "license": "MIT",
+  "files": ["bin/"],
+  "keywords": ["npm", "login", "three-blocks", "token", "ci"],
+  "dependencies": {},
+  "publishConfig": {
+    "access": "public"
+  }
+}