three-blocks-login 0.1.8 → 0.1.9

package/LICENSE

@@ -0,0 +1,182 @@
+Three.js Blocks Software License Agreement
+
+Proprietary Software — All Rights Reserved
+Copyright (c) 2025 three-blocks
+
+================================================================================
+
+LICENSE NOTICE
+
+This software and all associated packages, including but not limited to:
+  - @three-blocks/core
+  - @three-blocks/starter
+  - create-three-blocks-starter
+  - All related tools, examples, and documentation code
+
+are licensed exclusively to active, paid subscribers of the threejs-blocks 
+project. Without a valid and current subscription, you are NOT permitted to 
+use this software.
+
+================================================================================
+
+PERMITTED USAGE (Active Subscribers Only)
+
+Subject to maintaining an active, paid subscription, you are granted a 
+non-exclusive, non-transferable license to:
+
+  ✓ Use the software in personal and commercial projects via the public API
+  ✓ Deploy applications incorporating the software to production environments
+  ✓ Integrate the software into your applications as a functional component
+  ✓ Access updates, bug fixes, and new features during active subscription
+
+================================================================================
+
+RESTRICTIONS
+
+You may NOT:
+
+  ✗ Reverse engineer, decompile, disassemble, or attempt to derive the source
+    code, underlying algorithms, or techniques employed in this software
+  ✗ Study, analyze, inspect, or learn from the implementation details, code
+    structure, or internal workings of this software
+  ✗ Modify, adapt, translate, or create derivative works
+  ✗ Copy, share, distribute, publish, or resell any part of the software
+  ✗ Sublicense or transfer rights to any third party
+  ✗ Remove, alter, or obscure this license header or any copyright notices
+  ✗ Use this software after your subscription has expired or been terminated
+
+================================================================================
+
+AI AND MACHINE LEARNING PROHIBITION
+
+The use of this source code for artificial intelligence and machine learning 
+purposes is strictly prohibited. Specifically, you may NOT:
+
+  ✗ Use this source code, in whole or in part, to train, fine-tune, or develop
+    any artificial intelligence models, machine learning systems, or large
+    language models (LLMs)
+  
+  ✗ Feed this code into AI-assisted development tools for the purpose of
+    generating derivative code or training said tools
+  
+  ✗ Use automated transformation tools or AI systems to create modified versions
+    or derivatives of this software
+  
+  ✗ Extract patterns, algorithms, or techniques from this code using automated
+    or AI-assisted analysis for incorporation into other software
+  
+  ✗ Use this code as training data for code completion, code generation, or
+    code suggestion tools
+
+This prohibition extends to any form of automated learning, pattern extraction,
+or knowledge transfer that involves processing this source code through machine
+learning pipelines, regardless of whether the output is used commercially or
+privately.
+
+================================================================================
+
+SUBSCRIPTION REQUIREMENT
+
+This license is valid only while you maintain an active, paid subscription to
+the threejs-blocks service. Upon expiration or termination of your subscription:
+
+  1. Your license to use this software immediately terminates
+  2. You must cease all use of the software
+  3. You must remove the software from all projects and systems
+  4. You must not deploy or distribute any applications containing this software
+
+Failure to comply with these requirements constitutes copyright infringement
+and breach of contract.
+
+================================================================================
+
+PACKAGE-SPECIFIC NOTES
+
+@three-blocks/core:
+  - Core library with proprietary algorithms and implementations
+  - Protected by code obfuscation and this license
+  - UNLICENSED - Subscription required
+
+@three-blocks/starter:
+  - Starter template for building Three.js applications
+  - Includes licensed code and dependencies on @three-blocks/core
+  - UNLICENSED - Subscription required
+
+create-three-blocks-starter:
+  - Scaffolding tool for creating new projects
+  - Publicly available for convenience but proprietary
+  - UNLICENSED - Creates projects that require subscription
+
+three-blocks-login:
+  - Authentication helper for accessing private packages
+  - MIT Licensed - May be used independently
+
+================================================================================
+
+ENFORCEMENT
+
+Unauthorized use, reproduction, distribution, or violation of the AI/ML 
+prohibition is strictly prohibited and may result in:
+
+  • Immediate termination of your license and subscription
+  • Legal action for copyright infringement
+  • Claims for damages and recovery of costs
+  • Civil liability under applicable copyright law
+  • Criminal penalties under applicable law
+
+We employ various technical and legal measures to detect unauthorized use,
+including but not limited to code fingerprinting, usage analytics, and
+regular compliance audits.
+
+================================================================================
+
+ACCEPTANCE OF TERMS
+
+By using this software, you acknowledge that you have read, understood, and 
+agree to be bound by the complete terms of this license agreement.
+
+If you do not agree to these terms, you are not authorized to use, access,
+or download this software.
+
+================================================================================
+
+DISCLAIMER OF WARRANTY
+
+THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
+
+================================================================================
+
+LIMITATION OF LIABILITY
+
+IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING
+FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.
+
+================================================================================
+
+CONTACT AND COMPLIANCE
+
+For licensing inquiries, subscription management, and compliance questions:
+
+  Web: https://threejs-blocks.com/license
+  Email: support@threejs-blocks.com
+
+For license violations or to report unauthorized use:
+  Email: legal@threejs-blocks.com
+
+================================================================================
+
+GOVERNING LAW
+
+This license shall be governed by and construed in accordance with the laws
+of the jurisdiction in which three-blocks operates, without regard to its
+conflict of law provisions.
+
+================================================================================
+
+Last Updated: January 2025
+Version: 1.0.0
+

package/README.md

@@ -9,7 +9,7 @@ Minimal, dependency-free CLI for authenticating to Three Blocks private npm regi
 npx -y three-blocks-login@latest
 
 # Using pnpm (recommended - no warnings)
-pnpm dlx three-blocks-login@latest@latest
+npx -y three-blocks-login@latest@latest
 ```
 
 ## Authentication Modes

package/bin/login.js

@@ -1,4 +1,9 @@
 #!/usr/bin/env node
+/*!
+  three-blocks-login
+  Copyright (c) 2025 three-blocks
+  MIT License - See https://threejs-blocks.com/license
+*/
 // Minimal, dependency-free CLI
 // Node 18+ required (built-in fetch)
 
@@ -379,7 +384,311 @@ const BROKER_URL =
   process.env.THREE_BLOCKS_BROKER_URL ||
   "https://www.threejs-blocks.com/api/npm/token"; // your Astro broker endpoint
 
-console.log( BROKER_URL );
+const OAUTH_DEVICE_CODE_URL =
+  process.env.THREE_BLOCKS_OAUTH_DEVICE_URL ||
+  "https://www.threejs-blocks.com/api/cli/device-code";
+
+const OAUTH_TOKEN_URL =
+  process.env.THREE_BLOCKS_OAUTH_TOKEN_URL ||
+  "https://www.threejs-blocks.com/api/cli/token";
+
+// Browser login method flag
+const USE_BROWSER_LOGIN = args[ 'browser' ] || args.browser;
+const USE_KEY_LOGIN = args[ 'key' ] || args.key;
+
+const openBrowser = async ( url ) => {
+
+	const { exec } = await import( "node:child_process" );
+	const platform = process.platform;
+	let command;
+
+	if ( platform === 'darwin' ) {
+
+		command = `open "${url}"`;
+
+	} else if ( platform === 'win32' ) {
+
+		command = `start "" "${url}"`;
+
+	} else {
+
+		// Linux and others
+		command = `xdg-open "${url}" || sensible-browser "${url}" || x-www-browser "${url}"`;
+
+	}
+
+	return new Promise( ( resolve ) => {
+
+		exec( command, ( error ) => {
+
+			resolve( ! error );
+
+		} );
+
+	} );
+
+};
+
+const promptChoice = async ( label, choices ) => {
+
+	return await new Promise( ( resolve ) => {
+
+		const stdin = process.stdin;
+		const stdout = process.stdout;
+		let selected = 0;
+		const cleanup = () => {
+
+			stdin.removeListener( 'data', onData );
+			if ( stdin.isTTY ) stdin.setRawMode( false );
+			stdin.pause();
+
+		};
+
+		const render = () => {
+
+			// Clear previous lines and redraw
+			for ( let i = 0; i < choices.length; i ++ ) {
+
+				const prefix = i === selected ? cyan( '› ' ) : '  ';
+				const text = i === selected ? bold( choices[ i ] ) : dim( choices[ i ] );
+				stdout.write( `${prefix}${text}\n` );
+
+			}
+
+		};
+
+		const clearLines = () => {
+
+			for ( let i = 0; i < choices.length; i ++ ) {
+
+				readline.moveCursor( stdout, 0, - 1 );
+				readline.clearLine( stdout, 0 );
+
+			}
+
+		};
+
+		const onData = ( chunk ) => {
+
+			const str = String( chunk );
+			for ( const ch of str ) {
+
+				if ( ch === '\u0003' ) {
+
+					cleanup();
+					process.exit( 1 );
+
+				}
+
+				if ( ch === '\r' || ch === '\n' ) {
+
+					cleanup();
+					return resolve( selected );
+
+				}
+
+				// Arrow keys come as escape sequences
+				if ( ch === '\u001b' ) continue;
+				if ( ch === '[' ) continue;
+				if ( ch === 'A' || ch === 'k' ) {
+
+					// Up
+					clearLines();
+					selected = ( selected - 1 + choices.length ) % choices.length;
+					render();
+
+				} else if ( ch === 'B' || ch === 'j' ) {
+
+					// Down
+					clearLines();
+					selected = ( selected + 1 ) % choices.length;
+					render();
+
+				} else if ( ch === '\t' || ch === ' ' ) {
+
+					// Tab or Space to toggle
+					clearLines();
+					selected = ( selected + 1 ) % choices.length;
+					render();
+
+				} else if ( ch === '1' ) {
+
+					cleanup();
+					return resolve( 0 );
+
+				} else if ( ch === '2' ) {
+
+					cleanup();
+					return resolve( 1 );
+
+				}
+
+			}
+
+		};
+
+		stdout.write( `${label}\n` );
+		render();
+		stdin.setEncoding( 'utf8' );
+		if ( stdin.isTTY ) stdin.setRawMode( true );
+		stdin.resume();
+		stdin.on( 'data', onData );
+
+	} );
+
+};
+
+const startDeviceCodeFlow = async () => {
+
+	logDebug( `POST ${OAUTH_DEVICE_CODE_URL}` );
+	const res = await fetch( OAUTH_DEVICE_CODE_URL, {
+		method: 'POST',
+		headers: {
+			'content-type': 'application/json',
+			'accept': 'application/json',
+		},
+		body: JSON.stringify( { client_id: 'three-blocks-cli' } ),
+	} );
+
+	if ( ! res.ok ) {
+
+		const text = await res.text().catch( () => '' );
+		throw new CliError(
+			`Failed to start browser login (HTTP ${res.status})`,
+			{ suggestion: 'Check your network connection and try again.', stdout: text }
+		);
+
+	}
+
+	return await res.json();
+
+};
+
+const pollForToken = async ( deviceCode, interval, expiresIn ) => {
+
+	const startTime = Date.now();
+	const expiresAt = startTime + ( expiresIn * 1000 );
+	let pollInterval = interval * 1000;
+
+	while ( Date.now() < expiresAt ) {
+
+		await new Promise( ( r ) => setTimeout( r, pollInterval ) );
+
+		logDebug( `Polling ${OAUTH_TOKEN_URL} for token...` );
+		const res = await fetch( OAUTH_TOKEN_URL, {
+			method: 'POST',
+			headers: {
+				'content-type': 'application/json',
+				'accept': 'application/json',
+			},
+			body: JSON.stringify( { device_code: deviceCode } ),
+		} );
+
+		const data = await res.json().catch( () => ( {} ) );
+
+		if ( res.ok && data.access_token ) {
+
+			return data.access_token;
+
+		}
+
+		if ( data.error === 'authorization_pending' ) {
+
+			// User hasn't authorized yet, keep polling
+			continue;
+
+		}
+
+		if ( data.error === 'slow_down' ) {
+
+			// Increase polling interval
+			pollInterval += 1000;
+			continue;
+
+		}
+
+		if ( data.error === 'expired_token' ) {
+
+			throw new CliError(
+				'Browser login timed out. Please try again.',
+				{ suggestion: 'Run the login command again and complete authorization in your browser.' }
+			);
+
+		}
+
+		if ( data.error ) {
+
+			throw new CliError(
+				`Browser login failed: ${data.error_description || data.error}`,
+				{ suggestion: 'Try again or use the secret key method instead.' }
+			);
+
+		}
+
+	}
+
+	throw new CliError(
+		'Browser login timed out.',
+		{ suggestion: 'Run the login command again and complete authorization within 15 minutes.' }
+	);
+
+};
+
+const browserLogin = async () => {
+
+	log.info( bold( cyan( 'Three Blocks CLI' ) ) + ' ' + dim( `[mode: ${MODE}]` ) );
+	log.info( dim( 'Opening browser to log in...' ) );
+	console.log( '' );
+
+	// Start device code flow
+	const deviceData = await startDeviceCodeFlow();
+	const { device_code, verification_uri, verification_uri_complete, expires_in, interval } = deviceData;
+
+	// Try to open browser
+	const browserOpened = await openBrowser( verification_uri_complete || verification_uri );
+
+	if ( ! browserOpened ) {
+
+		log.warn( 'Could not open browser automatically.' );
+
+	}
+
+	console.log( '' );
+	log.info( yellow( 'Browser didn\'t open? Use the URL below to sign in:' ) );
+	console.log( '' );
+	console.log( `  ${cyan( verification_uri_complete || verification_uri )}` );
+	console.log( '' );
+	log.info( dim( 'Waiting for authorization...' ) );
+
+	// Show a simple spinner while waiting
+	const spinnerFrames = [ '⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏' ];
+	let spinnerIdx = 0;
+	const spinnerInterval = setInterval( () => {
+
+		process.stdout.write( `\r${cyan( spinnerFrames[ spinnerIdx ] )} Waiting for browser authorization...` );
+		spinnerIdx = ( spinnerIdx + 1 ) % spinnerFrames.length;
+
+	}, 100 );
+
+	try {
+
+		const licenseKey = await pollForToken( device_code, interval || 2, expires_in || 900 );
+		clearInterval( spinnerInterval );
+		process.stdout.write( '\r' + ' '.repeat( 50 ) + '\r' ); // Clear spinner line
+		console.log( '' );
+		log.ok( green( 'Authorization successful!' ) );
+		return licenseKey;
+
+	} catch ( error ) {
+
+		clearInterval( spinnerInterval );
+		process.stdout.write( '\r' + ' '.repeat( 50 ) + '\r' );
+		throw error;
+
+	}
+
+};
+
 const promptHidden = async ( label ) => {
 
 	return await new Promise( ( resolve ) => {
@@ -490,15 +799,46 @@ const log = {
 
 			console.log( '' );
 			log.info( bold( yellow( 'Three Blocks Login' ) ) + ' ' + dim( `[mode: ${MODE}]` ) );
-			log.info( dim( 'Enter your license key to retrieve a scoped npm token.' ) );
-			log.info( dim( 'Tip: paste it here; input is hidden. Press Enter to submit.' ) );
-			LICENSE = await promptHidden( `${cyan( '›' )} License key ${dim( '(tb_…)' )}: ` );
-			if ( ! LICENSE ) {
+			console.log( '' );
 
-				fail(
-					"License key is required to continue.",
-					{ suggestion: "Paste your tb_… key or rerun with --license." }
-				);
+			// Determine login method
+			let useBrowserLogin = USE_BROWSER_LOGIN;
+			let useKeyLogin = USE_KEY_LOGIN;
+
+			// If neither flag is set and we're interactive, show menu
+			if ( ! useBrowserLogin && ! useKeyLogin ) {
+
+				log.info( dim( 'Select login method:' ) );
+				console.log( '' );
+				const choice = await promptChoice( '', [
+					'Log in with Three Blocks account (opens browser)',
+					'Paste Secret Key manually'
+				] );
+				console.log( '' );
+				useBrowserLogin = choice === 0;
+				useKeyLogin = choice === 1;
+
+			}
+
+			if ( useBrowserLogin ) {
+
+				// Browser-based OAuth login
+				LICENSE = await browserLogin();
+
+			} else {
+
+				// Manual secret key entry
+				log.info( dim( 'Enter your license key to retrieve a scoped npm token.' ) );
+				log.info( dim( 'Tip: paste it here; input is hidden. Press Enter to submit.' ) );
+				LICENSE = await promptHidden( `${cyan( '›' )} License key ${dim( '(tb_…)' )}: ` );
+				if ( ! LICENSE ) {
+
+					fail(
+						"License key is required to continue.",
+						{ suggestion: "Paste your tb_… key or rerun with --license." }
+					);
+
+				}
 
 			}
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "three-blocks-login",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "Fetch a short-lived token from the three-blocks broker and configure npm for the current context.",
   "type": "module",
   "bin": {