npm - vaulter-cli - Versions diffs - 2.3.4 → 2.3.5 - Mend

vaulter-cli 2.3.4 → 2.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/commands/sign-in.js +87 -93

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vaulter-cli",
-  "version": "2.3.4",
+  "version": "2.3.5",
   "description": "CLI tool for Vaulter - Secure API Key Manager",
   "author": "faris-sait",
   "repository": {

package/src/commands/sign-in.js CHANGED Viewed

@@ -1,107 +1,101 @@
-import http from 'http';
 import crypto from 'crypto';
 import open from 'open';
 import ora from 'ora';
-import { saveToken, getToken } from '../lib/auth.js';
+import { saveToken } from '../lib/auth.js';
 import { getApiUrl } from '../lib/config.js';
 import { printLogo } from '../assets/logo.js';
 import { success, error, info } from '../lib/ui.js';
+const POLL_INTERVAL_MS = 2000;
+const TIMEOUT_MS = 120000;
+function isSSH() {
+  return !!(process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION);
+}
 export async function signIn() {
+  const requestId = crypto.randomBytes(16).toString('hex');
   const state = crypto.randomBytes(16).toString('hex');
+  const apiUrl = getApiUrl();
+  // Register pending auth request on backend
+  const registerRes = await fetch(`${apiUrl}/api/cli/auth-request`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ request_id: requestId, state }),
+  });
+  if (!registerRes.ok) {
+    const data = await registerRes.json().catch(() => ({}));
+    error(`Failed to start authentication: ${data.error || registerRes.status}`);
+    return;
+  }
+  const authUrl = `${apiUrl}/cli-auth?request_id=${requestId}&state=${state}`;
+  console.log('');
+  if (isSSH()) {
+    info('Open this URL in your browser to authenticate:');
+    console.log(`  ${authUrl}`);
+  } else {
+    info('Opening browser for authentication...');
+    info(`If the browser doesn't open, visit:`);
+    console.log(`  ${authUrl}`);
+    open(authUrl);
+  }
+  console.log('');
+  const spinner = ora({
+    text: 'Waiting for browser authorization...',
+    color: 'magenta',
+  }).start();
-  return new Promise((resolve) => {
-    const server = http.createServer(async (req, res) => {
-      const url = new URL(req.url, `http://localhost`);
-      if (url.pathname === '/callback') {
-        const token = url.searchParams.get('token');
-        const returnedState = url.searchParams.get('state');
-        const denied = url.searchParams.get('error');
-        if (denied === 'denied') {
-          res.writeHead(200, { 'Content-Type': 'text/html' });
-          res.end('<html><body style="background:#0f172a;color:#c4b5fd;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Authorization denied. You can close this tab.</h2></body></html>');
-          spinner.fail('Authorization denied.');
-          server.close();
-          resolve();
-          return;
-        }
-        if (returnedState !== state) {
-          res.writeHead(400, { 'Content-Type': 'text/html' });
-          res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>State mismatch. Please try again.</h2></body></html>');
-          spinner.fail('State mismatch - possible CSRF attack. Try again.');
-          server.close();
-          resolve();
-          return;
-        }
-        if (token) {
-          saveToken(token);
-          // Verify the token works
-          try {
-            const verifyRes = await fetch(`${getApiUrl()}/api/keys`, {
-              headers: { 'Authorization': `Bearer ${token}` },
-            });
-            if (!verifyRes.ok) throw new Error('Verification failed');
-          } catch {
-            res.writeHead(200, { 'Content-Type': 'text/html' });
-            res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Token verification failed. Please try again.</h2></body></html>');
-            spinner.fail('Token verification failed.');
-            server.close();
-            resolve();
-            return;
-          }
-          res.writeHead(200, { 'Content-Type': 'text/html' });
-          res.end('<html><body style="background:#0f172a;color:#a78bfa;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><div style="text-align:center"><h2 style="color:#22c55e">Authenticated!</h2><p>You can close this tab and return to your terminal.</p></div></body></html>');
-          spinner.succeed('Authenticated successfully!');
-          await printLogo();
-          success('You are now signed in to Vaulter.');
-          info('Run `vaulter ls` to list your keys.');
-          server.close();
-          resolve();
-          return;
-        }
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Missing token. Please try again.</h2></body></html>');
-        spinner.fail('No token received.');
-        server.close();
-        resolve();
+  const deadline = Date.now() + TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+    let pollData;
+    try {
+      const pollRes = await fetch(`${apiUrl}/api/cli/auth-request/${requestId}`);
+      pollData = await pollRes.json();
+    } catch {
+      // Network hiccup — keep polling
+      continue;
+    }
+    if (pollData.status === 'completed') {
+      const token = pollData.token;
+      // Verify the token works
+      try {
+        const verifyRes = await fetch(`${apiUrl}/api/keys`, {
+          headers: { Authorization: `Bearer ${token}` },
+        });
+        if (!verifyRes.ok) throw new Error('Verification failed');
+      } catch {
+        spinner.fail('Token verification failed. Please try again.');
         return;
       }
-      res.writeHead(404);
-      res.end('Not found');
-    });
-    server.listen(0, () => {
-      const port = server.address().port;
-      const authUrl = `${getApiUrl()}/cli-auth?port=${port}&state=${state}`;
-      console.log('');
-      info('Opening browser for authentication...');
-      console.log('');
-      info(`If the browser doesn't open, visit:`);
-      console.log(`  ${authUrl}`);
-      console.log('');
-      open(authUrl);
-    });
-    const spinner = ora({
-      text: 'Waiting for browser authorization...',
-      color: 'magenta',
-    }).start();
-    // 120 second timeout
-    setTimeout(() => {
-      spinner.fail('Authorization timed out (120s). Please try again.');
-      server.close();
-      resolve();
-    }, 120000);
-  });
+      saveToken(token);
+      spinner.succeed('Authenticated successfully!');
+      await printLogo();
+      success('You are now signed in to Vaulter.');
+      info('Run `vaulter ls` to list your keys.');
+      return;
+    }
+    if (pollData.status === 'denied') {
+      spinner.fail('Authorization denied.');
+      return;
+    }
+    if (pollData.status === 'expired') {
+      spinner.fail('Authorization request expired. Please try again.');
+      return;
+    }
+  }
+  spinner.fail('Authorization timed out (120s). Please try again.');
 }