reportify-cli 0.1.48__tar.gz → 0.1.50__tar.gz

{reportify_cli-0.1.48 → reportify_cli-0.1.50}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: reportify-cli
-Version: 0.1.48
+Version: 0.1.50
 Summary: CLI wrapper for Reportify SDK - Access Reportify API through command line
 Project-URL: Homepage, https://reportify.ai
 Project-URL: Documentation, https://docs.reportify.ai

{reportify_cli-0.1.48 → reportify_cli-0.1.50}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "reportify-cli"
-version = "0.1.48"
+version = "0.1.50"
 description = "CLI wrapper for Reportify SDK - Access Reportify API through command line"
 readme = "README.md"
 requires-python = ">=3.10"

{reportify_cli-0.1.48 → reportify_cli-0.1.50}/src/commands/auth.py

@@ -7,9 +7,9 @@
     reportify-cli auth status      # 显示当前登录状态
 
 后端契约（新 oauth_server 端点）：
-    POST {base}/v1/oauth/device/code  (form: client_id, resource, scope?)
-    POST {base}/v1/oauth/token        (form: grant_type, device_code, client_id, resource)
-    POST {base}/v1/oauth/token        (form: grant_type=refresh_token, refresh_token, client_id, resource)
+    POST {base}/v2/oauth/device/code  (form: client_id, resource, scope?)
+    POST {base}/v2/oauth/token        (form: grant_type, device_code, client_id, resource)
+    POST {base}/v2/oauth/token        (form: grant_type=refresh_token, refresh_token, client_id, resource)
 
 返回的 access_token 是 **JWT**（aud=https://api.reportify.cn），客户端把它当
 Bearer 直接发给主 API；主 API 的 TokenMiddleware 会本地验签校验 audience。
@@ -34,15 +34,19 @@ from src.settings import get_api_base_url
 
 app = typer.Typer(help="Authentication", rich_markup_mode="rich")
 
-CLIENT_NAME = "Reportify CLI"
+# Reportify CLI 是 first-party 客户端, 用预注册的稳定 client_id (后端配置在
+# OAUTH_FIRSTPARTY_CLIENTS 里), 不走 DCR. 这样可以拿到 api 域的 token (DCR
+# 注册的客户端默认只能拿 mcp 域).
+#
+# Public client (PKCE 防 code 截获), client_id 公开不构成安全风险.
+CLIENT_ID = "reportify-cli"
 RESOURCE = "https://api.reportify.cn"
 SCOPE = "api"
 GRANT_TYPE_DEVICE = "urn:ietf:params:oauth:grant-type:device_code"
 GRANT_TYPE_REFRESH = "refresh_token"
 
-ENDPOINT_REGISTER = "/v1/oauth/register"
-ENDPOINT_DEVICE_CODE = "/v1/oauth/device/code"
-ENDPOINT_TOKEN = "/v1/oauth/token"
+ENDPOINT_DEVICE_CODE = "/v2/oauth/device/code"
+ENDPOINT_TOKEN = "/v2/oauth/token"
 
 
 # ------------------------------------------------------------------ #
@@ -70,25 +74,6 @@ def _oauth_error(response: httpx.Response) -> tuple[str, str]:
     return ("unknown_error", str(detail))
 
 
-def _register_client(client: httpx.Client) -> str:
-    """RFC 7591 Dynamic Client Registration —— 注册本地 CLI 实例, 返回 client_id。"""
-    resp = client.post(
-        ENDPOINT_REGISTER,
-        json={
-            "client_name": CLIENT_NAME,
-            "redirect_uris": [],  # device flow 不需要
-            "grant_types": [GRANT_TYPE_DEVICE, GRANT_TYPE_REFRESH],
-            "response_types": [],
-            "token_endpoint_auth_method": "none",
-            "scope": SCOPE,
-        },
-    )
-    if resp.status_code != 200:
-        err, desc = _oauth_error(resp)
-        _err(f"failed to register client ({err}): {desc}")
-    return resp.json()["client_id"]
-
-
 def _request_device_code(client: httpx.Client, client_id: str) -> dict:
     resp = client.post(
         ENDPOINT_DEVICE_CODE,
@@ -103,7 +88,7 @@ def _request_device_code(client: httpx.Client, client_id: str) -> dict:
 def _poll_token(
     client: httpx.Client, device_code: str, client_id: str, interval: int, expires_in: int
 ) -> dict:
-    """轮询 /v1/oauth/token (grant_type=device_code)，直到拿到 JWT 或超时/被拒。"""
+    """轮询 /v2/oauth/token (grant_type=device_code)，直到拿到 JWT 或超时/被拒。"""
     deadline = time.monotonic() + expires_in
     current_interval = max(interval, 1)
     typer.echo("Waiting for authorization", nl=False)
@@ -199,14 +184,9 @@ def login(
     automatically; expired tokens are silently refreshed.
     """
     base_url = get_api_base_url().rstrip("/")
-    # 复用已注册的 client_id（30 天 TTL）；不存在则发起 DCR
-    existing = load_credential()
-    client_id = existing.client_id if existing and existing.client_id else None
+    client_id = CLIENT_ID  # first-party 预注册, 不走 DCR
 
     with httpx.Client(base_url=base_url, timeout=30.0) as client:
-        if not client_id:
-            client_id = _register_client(client)
-
         device_resp = _request_device_code(client, client_id)
 
         verification_uri_complete = device_resp.get("verification_uri_complete")

{reportify_cli-0.1.48 → reportify_cli-0.1.50}/tests/test_commands/test_auth_commands.py

@@ -81,7 +81,7 @@ def _register_payload() -> dict:
 
 
 def _token_payload() -> dict:
-    """oauth_server /v1/oauth/token (grant_type=device_code) 的响应。
+    """oauth_server /v2/oauth/token (grant_type=device_code) 的响应。
 
     JWT 格式不重要（CLI 不解码），随便给个 header.payload.signature。
     """
@@ -166,9 +166,9 @@ class TestLoginHappyPath:
         self, tmp_config, fast_sleep, patch_client
     ):
         patch_client.post.side_effect = [
-            _ok(_register_payload()),          # /v1/oauth/register (DCR)
-            _ok(_device_code_payload()),       # /v1/oauth/device/code
-            _ok(_token_payload()),             # /v1/oauth/token (approved)
+            _ok(_register_payload()),          # /v2/oauth/register (DCR)
+            _ok(_device_code_payload()),       # /v2/oauth/device/code
+            _ok(_token_payload()),             # /v2/oauth/token (approved)
         ]
 
         result = runner.invoke(app, ["login", "--no-browser"])