npm - unbound-cli - Versions diffs - 0.8.1 → 0.9.0 - Mend

unbound-cli 0.8.1 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json +1 -1
package/src/api.js +38 -3
package/src/auth.js +13 -6
package/src/commands/login.js +13 -8
package/src/commands/oacb.js +931 -0
package/src/commands/onboard.js +24 -15
package/src/commands/setup.js +22 -16
package/src/index.js +1 -0
package/test/config-normalize-url.test.js +43 -0
package/test/oacb.test.js +307 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "0.8.1",
+  "version": "0.9.0",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {

package/src/api.js CHANGED Viewed

@@ -29,15 +29,18 @@ class ApiError extends Error {
   }
 }
-function request(method, path, { body, query, apiKey } = {}) {
-  const baseUrl = config.getBaseUrl();
+function request(method, path, { body, query, apiKey, baseUrl } = {}) {
+  // Explicit baseUrl wins over env-var-aware getBaseUrl(). Used by login /
+  // setup / onboard so a user's just-passed --backend-url isn't shadowed by a
+  // stale UNBOUND_API_URL env var from a prior shell session.
+  const resolvedBaseUrl = baseUrl || config.getBaseUrl();
   const key = apiKey || config.getApiKey();
   if (!key) {
     return Promise.reject(new Error('Not logged in. Run `unbound login` first.'));
   }
-  const url = new URL(path, baseUrl);
+  const url = new URL(path, resolvedBaseUrl);
   if (query) {
     for (const [k, v] of Object.entries(query)) {
       if (v !== undefined && v !== null) {
@@ -101,10 +104,42 @@ function request(method, path, { body, query, apiKey } = {}) {
   });
 }
+// Plain unauthenticated GET to an arbitrary URL. Returns the raw response body
+// as a UTF-8 string. Callers that want JSON must do JSON.parse() themselves.
+// Used by `unbound oacb` to fetch baseline JSONs and hook scripts from GitHub.
+function getRaw(url) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const transport = parsed.protocol === 'https:' ? https : http;
+    const req = transport.get(url, { headers: { 'User-Agent': USER_AGENT } }, (res) => {
+      const chunks = [];
+      res.on('data', (chunk) => chunks.push(chunk));
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          resolve(Buffer.concat(chunks).toString('utf8'));
+        } else {
+          reject(new ApiError(res.statusCode, { error: `HTTP ${res.statusCode} fetching ${url}` }));
+        }
+      });
+      res.on('error', (err) => {
+        reject(new Error(`Network error fetching ${parsed.host}: ${err.message}`));
+      });
+    });
+    req.setTimeout(30000, () => {
+      req.destroy();
+      reject(new Error(`Request timed out fetching ${parsed.host}`));
+    });
+    req.on('error', (err) => {
+      reject(new Error(`Network error fetching ${parsed.host}: ${err.message}`));
+    });
+  });
+}
 module.exports = {
   ApiError,
   get: (path, opts) => request('GET', path, opts),
   post: (path, opts) => request('POST', path, opts),
   put: (path, opts) => request('PUT', path, opts),
   del: (path, opts) => request('DELETE', path, opts),
+  getRaw,
 };

package/src/auth.js CHANGED Viewed

@@ -107,13 +107,17 @@ async function loginWithBrowser(frontendUrl) {
  * Shows a spinner during validation and a success message with user info.
  *
  * @param {string} apiKey - The API key to validate and store
+ * @param {object} [opts]
+ * @param {string} [opts.baseUrl] - Explicit backend URL override. Used when the
+ *   caller just persisted a tenant URL via setUrls and wants validation to hit
+ *   that exact backend, regardless of any stale UNBOUND_API_URL env var.
  * @returns {Promise<true>}
  */
-async function loginWithApiKey(apiKey) {
+async function loginWithApiKey(apiKey, { baseUrl } = {}) {
   const spin = output.spinner('Authenticating...');
   let response;
   try {
-    response = await api.get('/api/v1/users/privileges/', { apiKey });
+    response = await api.get('/api/v1/users/privileges/', { apiKey, baseUrl });
   } catch (err) {
     let msg;
     if (err.statusCode === 401 || err.statusCode === 403) {
@@ -143,10 +147,14 @@ async function loginWithApiKey(apiKey) {
  * Ensures the user is logged in. If an apiKey is provided, validates and
  * stores it first. If not logged in, triggers browser-based login.
  * Returns true if logged in (or just logged in), false on failure.
+ *
+ * `baseUrl` and `frontendUrl` are explicit overrides for the URLs to validate
+ * against / open in the browser. Used by login/setup/onboard so a just-passed
+ * --backend-url / --frontend-url isn't shadowed by a stale env var.
  */
-async function ensureLoggedIn({ apiKey } = {}) {
+async function ensureLoggedIn({ apiKey, baseUrl, frontendUrl } = {}) {
   if (apiKey) {
-    await loginWithApiKey(apiKey);
+    await loginWithApiKey(apiKey, { baseUrl });
     return true;
   }
@@ -155,8 +163,7 @@ async function ensureLoggedIn({ apiKey } = {}) {
   }
   output.warn('Not logged in. Opening browser to authenticate...');
-  const frontendUrl = config.getFrontendUrl();
-  const result = await loginWithBrowser(frontendUrl);
+  const result = await loginWithBrowser(frontendUrl || config.getFrontendUrl());
   const parts = [];
   if (result.email) parts.push(`as ${result.email}`);

package/src/commands/login.js CHANGED Viewed

@@ -47,17 +47,21 @@ Examples:
         // --backend-url is the canonical visible flag; --base-url is a hidden
         // back-compat alias. setUrls writes all provided URLs atomically so
         // a malformed --frontend-url can't leave a fresh --backend-url half-applied.
-        config.setUrls({
+        const written = config.setUrls({
           backend: opts.backendUrl || opts.baseUrl,
           frontend: opts.frontendUrl,
           gateway: opts.gatewayUrl,
         });
-        let apiKey;
+        // Prefer just-persisted values over env-var-aware getters so a stale
+        // UNBOUND_*_URL from a prior shell session can't shadow the user's
+        // explicit --backend-url / --frontend-url and route validation at the
+        // wrong tenant.
+        const explicitBaseUrl = written.base_url;
+        const explicitFrontendUrl = written.frontend_url;
         if (opts.apiKey) {
           try {
-            await loginWithApiKey(opts.apiKey);
+            await loginWithApiKey(opts.apiKey, { baseUrl: explicitBaseUrl });
           } catch {
             process.exitCode = 1;
             return;
@@ -69,12 +73,13 @@ Examples:
           if (opts.domain) {
             frontendUrl = opts.domain.startsWith('http') ? opts.domain : `https://${opts.domain}`;
           } else {
-            frontendUrl = config.getFrontendUrl();
+            frontendUrl = explicitFrontendUrl || config.getFrontendUrl();
           }
           await loginWithBrowser(frontendUrl);
-          apiKey = config.getApiKey();
-          // Validate the stored key
-          await api.get('/api/v1/users/privileges/');
+          // Validate the just-stored key against the explicit backend if one
+          // was just persisted; otherwise fall back to the env-var-aware
+          // getter. api.get reads the stored key from config internally.
+          await api.get('/api/v1/users/privileges/', { baseUrl: explicitBaseUrl });
         }
         const cfg = config.readConfig();