tokenhoggers 0.1.0__py3-none-any.whl

collectors/cli/auth.py

@@ -0,0 +1,247 @@
+"""Browser-based OAuth login and token refresh for Token Hoggers CLI."""
+
+import base64
+import json
+import socket
+import sys
+import threading
+import time
+import webbrowser
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from typing import Optional
+from urllib.error import HTTPError
+from urllib.request import Request, urlopen
+
+from collectors.cli.config import Config
+
+SUPABASE_URL = "https://aaxkbwyolbhjgovmcael.supabase.co"
+SUPABASE_ANON_KEY = (
+    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
+    "eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFheGtid3lvbGJoamdvdm1jYWVsIiwi"
+    "cm9sZSI6ImFub24iLCJpYXQiOjE3NzQxODM4MTUsImV4cCI6MjA4OTc1OTgxNX0."
+    "nNDUcYm2xzpGW6ervqNQEIXQdENi1qYXpQo4Rp0JrI8"
+)
+SYNC_API_URL = f"{SUPABASE_URL}/functions/v1/sync"
+
+_PORT_RANGE = range(19876, 19900)
+_LOGIN_TIMEOUT = 120  # seconds
+
+# HTML page served at /callback — reads hash fragment and POSTs tokens back
+_CALLBACK_HTML = """<!DOCTYPE html>
+<html>
+<head>
+  <title>Token Hoggers</title>
+  <style>
+    body { font-family: -apple-system, system-ui, sans-serif; display: flex;
+           justify-content: center; align-items: center; min-height: 100vh;
+           margin: 0; background: #0f0f0f; color: #e0e0e0; }
+    .card { text-align: center; padding: 48px; border-radius: 16px;
+            background: #1a1a1a; border: 1px solid #333; max-width: 400px; }
+    h2 { margin: 0 0 8px; color: #fff; }
+    p { margin: 0; color: #888; font-size: 14px; }
+    .err { color: #ff6b6b; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div id="status"><h2>Completing login...</h2></div>
+  </div>
+  <script>
+    (function() {
+      var hash = window.location.hash.substring(1);
+      if (!hash) {
+        document.getElementById('status').innerHTML =
+          '<h2 class="err">Login failed</h2><p>No auth tokens received. Please try again.</p>';
+        return;
+      }
+      var params = new URLSearchParams(hash);
+      var data = {
+        access_token: params.get('access_token'),
+        refresh_token: params.get('refresh_token'),
+        expires_in: parseInt(params.get('expires_in') || '3600', 10),
+        token_type: params.get('token_type')
+      };
+      if (!data.access_token) {
+        document.getElementById('status').innerHTML =
+          '<h2 class="err">Login failed</h2><p>Missing access token. Please try again.</p>';
+        return;
+      }
+      fetch('/receive-tokens', {
+        method: 'POST',
+        headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify(data)
+      }).then(function(r) { return r.json(); }).then(function() {
+        document.getElementById('status').innerHTML =
+          '<h2>Login successful!</h2><p>You can close this tab and return to your terminal.</p>';
+      }).catch(function(e) {
+        document.getElementById('status').innerHTML =
+          '<h2 class="err">Error</h2><p>' + e.message + '</p>';
+      });
+    })();
+  </script>
+</body>
+</html>"""
+
+
+def _find_available_port() -> int:
+    """Find an available port in the designated range."""
+    for port in _PORT_RANGE:
+        try:
+            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+                s.bind(("127.0.0.1", port))
+                return port
+        except OSError:
+            continue
+    raise RuntimeError(
+        f"No available port in range {_PORT_RANGE.start}-{_PORT_RANGE.stop - 1}. "
+        "Close other applications or use: tokenhoggers config --token <JWT>"
+    )
+
+
+def browser_login() -> dict:
+    """Open browser for Google OAuth and capture tokens via local HTTP server.
+
+    Returns dict with access_token, refresh_token, expires_in.
+    Raises TimeoutError if user doesn't complete login within the timeout.
+    Raises RuntimeError on other failures.
+    """
+    port = _find_available_port()
+    tokens = {}
+    token_event = threading.Event()
+
+    class CallbackHandler(BaseHTTPRequestHandler):
+        def do_GET(self):
+            if self.path.startswith("/callback"):
+                self.send_response(200)
+                self.send_header("Content-Type", "text/html")
+                self.end_headers()
+                self.wfile.write(_CALLBACK_HTML.encode())
+            else:
+                self.send_response(404)
+                self.end_headers()
+
+        def do_POST(self):
+            if self.path == "/receive-tokens":
+                length = int(self.headers.get("Content-Length", 0))
+                body = json.loads(self.rfile.read(length))
+                tokens.update(body)
+                token_event.set()
+                self.send_response(200)
+                self.send_header("Content-Type", "application/json")
+                self.end_headers()
+                self.wfile.write(b'{"ok":true}')
+            else:
+                self.send_response(404)
+                self.end_headers()
+
+        def log_message(self, format, *args):
+            pass  # suppress HTTP server logging
+
+    server = HTTPServer(("127.0.0.1", port), CallbackHandler)
+    server_thread = threading.Thread(target=server.serve_forever, daemon=True)
+    server_thread.start()
+
+    auth_url = (
+        f"{SUPABASE_URL}/auth/v1/authorize"
+        f"?provider=google"
+        f"&redirect_to=http://localhost:{port}/callback"
+    )
+
+    opened = webbrowser.open(auth_url)
+    if not opened:
+        print(f"\n  Could not open browser. Please visit this URL manually:\n")
+        print(f"  {auth_url}\n")
+
+    if not token_event.wait(timeout=_LOGIN_TIMEOUT):
+        server.shutdown()
+        raise TimeoutError("Login timed out. Please try again.")
+
+    server.shutdown()
+
+    if not tokens.get("access_token"):
+        raise RuntimeError("No access token received.")
+
+    return tokens
+
+
+def decode_jwt_exp(token: str) -> int:
+    """Decode a JWT and return the exp (expiry) claim as a Unix timestamp.
+
+    Does NOT verify the signature — only used for local expiry checks.
+    Returns 0 if the token is malformed or has no exp claim.
+    """
+    try:
+        parts = token.split(".")
+        if len(parts) != 3:
+            return 0
+        payload = parts[1]
+        # Add base64 padding
+        padding = 4 - len(payload) % 4
+        if padding != 4:
+            payload += "=" * padding
+        decoded = base64.urlsafe_b64decode(payload)
+        claims = json.loads(decoded)
+        return int(claims.get("exp", 0))
+    except Exception:
+        return 0
+
+
+def refresh_access_token(refresh_token: str) -> dict:
+    """Exchange a refresh token for a new access token pair.
+
+    Returns dict with access_token, refresh_token, expires_in.
+    Raises RuntimeError if refresh fails (token revoked/expired).
+    """
+    url = f"{SUPABASE_URL}/auth/v1/token?grant_type=refresh_token"
+    body = json.dumps({"refresh_token": refresh_token}).encode()
+    req = Request(
+        url,
+        data=body,
+        headers={
+            "apikey": SUPABASE_ANON_KEY,
+            "Content-Type": "application/json",
+        },
+        method="POST",
+    )
+    try:
+        with urlopen(req, timeout=15) as resp:
+            data = json.loads(resp.read().decode())
+            return {
+                "access_token": data["access_token"],
+                "refresh_token": data["refresh_token"],
+                "expires_in": data.get("expires_in", 3600),
+            }
+    except HTTPError as e:
+        if e.code in (400, 401, 403):
+            raise RuntimeError(
+                "Session expired. Please run `tokenhoggers login` again."
+            )
+        raise RuntimeError(f"Token refresh failed (HTTP {e.code})")
+
+
+def refresh_if_needed(config: Config) -> Config:
+    """Check if the access token is expired and refresh it if possible.
+
+    Modifies and saves config in-place if a refresh occurs.
+    Returns the (possibly updated) config.
+    """
+    if not config.token:
+        return config
+
+    exp = decode_jwt_exp(config.token)
+    now = int(time.time())
+
+    # Token still valid for more than 60 seconds
+    if exp > 0 and (exp - now) > 60:
+        return config
+
+    # No refresh token available (manual token setup)
+    if not config.refresh_token:
+        return config
+
+    tokens = refresh_access_token(config.refresh_token)
+    config.token = tokens["access_token"]
+    config.refresh_token = tokens["refresh_token"]
+    config.token_expiry = now + tokens.get("expires_in", 3600)
+    config.save()
+    return config

collectors/cli/config.py

@@ -0,0 +1,44 @@
+"""User configuration for the Token Hoggers CLI."""
+
+import json
+from dataclasses import dataclass
+from typing import Optional
+
+from collectors.cli.paths import config_dir
+
+
+@dataclass
+class Config:
+    api_url: str = ""
+    token: str = ""
+    refresh_token: str = ""
+    token_expiry: int = 0
+    enable_fluency: bool = False
+
+    @classmethod
+    def load(cls) -> "Config":
+        path = config_dir() / "config.json"
+        if path.exists():
+            data = json.loads(path.read_text())
+            return cls(
+                api_url=data.get("api_url", ""),
+                token=data.get("token", ""),
+                refresh_token=data.get("refresh_token", ""),
+                token_expiry=data.get("token_expiry", 0),
+                enable_fluency=data.get("enable_fluency", False),
+            )
+        return cls()
+
+    def save(self) -> None:
+        path = config_dir() / "config.json"
+        path.write_text(json.dumps({
+            "api_url": self.api_url,
+            "token": self.token,
+            "refresh_token": self.refresh_token,
+            "token_expiry": self.token_expiry,
+            "enable_fluency": self.enable_fluency,
+        }, indent=2))
+
+    @property
+    def is_configured(self) -> bool:
+        return bool(self.api_url and self.token)

collectors/cli/daemon.py

@@ -0,0 +1,186 @@
+"""Auto-sync daemon setup — LaunchAgent (macOS) or cron (Linux)."""
+
+import os
+import platform
+import shutil
+import subprocess
+import sys
+from pathlib import Path
+
+from collectors.cli.paths import config_dir
+
+_LABEL = "ai.tokenhoggers.sync"
+_INTERVAL_SECONDS = 14400  # 4 hours
+_CRON_MARKER = "# tokenhoggers-autosync"
+
+
+def _plist_path() -> Path:
+    return Path.home() / "Library" / "LaunchAgents" / f"{_LABEL}.plist"
+
+
+def _find_executable() -> str:
+    """Find the tokenhoggers executable path."""
+    path = shutil.which("tokenhoggers")
+    if path:
+        return path
+    # Fallback: run as python module
+    return sys.executable
+
+
+def _executable_args() -> list:
+    """Return the command + args list for running tokenhoggers sync."""
+    path = shutil.which("tokenhoggers")
+    if path:
+        return [path, "sync"]
+    return [sys.executable, "-m", "collectors.cli.main", "sync"]
+
+
+def _log_path() -> str:
+    return str(config_dir() / "sync.log")
+
+
+# ---------- macOS LaunchAgent ----------
+
+def _install_launchagent() -> None:
+    args = _executable_args()
+    prog_args = "\n".join(f"        <string>{a}</string>" for a in args)
+    log = _log_path()
+
+    plist = f"""<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
+  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>{_LABEL}</string>
+    <key>ProgramArguments</key>
+    <array>
+{prog_args}
+    </array>
+    <key>StartInterval</key>
+    <integer>{_INTERVAL_SECONDS}</integer>
+    <key>StandardOutPath</key>
+    <string>{log}</string>
+    <key>StandardErrorPath</key>
+    <string>{log}</string>
+    <key>RunAtLoad</key>
+    <true/>
+</dict>
+</plist>
+"""
+    plist_file = _plist_path()
+    plist_file.parent.mkdir(parents=True, exist_ok=True)
+
+    # Unload if already loaded (ignore errors)
+    _unload_launchagent()
+
+    plist_file.write_text(plist)
+
+    uid = os.getuid()
+    subprocess.run(
+        ["launchctl", "bootstrap", f"gui/{uid}", str(plist_file)],
+        capture_output=True,
+    )
+
+
+def _unload_launchagent() -> None:
+    plist_file = _plist_path()
+    uid = os.getuid()
+    subprocess.run(
+        ["launchctl", "bootout", f"gui/{uid}", str(plist_file)],
+        capture_output=True,
+    )
+    if plist_file.exists():
+        plist_file.unlink()
+
+
+def _launchagent_status() -> str:
+    plist_file = _plist_path()
+    if not plist_file.exists():
+        return "not installed"
+    result = subprocess.run(
+        ["launchctl", "list", _LABEL],
+        capture_output=True,
+    )
+    if result.returncode == 0:
+        return "installed and running"
+    return "installed but not loaded"
+
+
+# ---------- Linux cron ----------
+
+def _get_crontab() -> str:
+    result = subprocess.run(
+        ["crontab", "-l"], capture_output=True, text=True
+    )
+    if result.returncode != 0:
+        return ""
+    return result.stdout
+
+
+def _set_crontab(content: str) -> None:
+    subprocess.run(
+        ["crontab", "-"], input=content, text=True, check=True
+    )
+
+
+def _install_cron() -> None:
+    args = _executable_args()
+    cmd = " ".join(args)
+    log = _log_path()
+    cron_line = f"0 */4 * * * {cmd} >> {log} 2>&1 {_CRON_MARKER}"
+
+    existing = _get_crontab()
+
+    # Remove old entry if present
+    lines = [l for l in existing.splitlines() if _CRON_MARKER not in l]
+    lines.append(cron_line)
+
+    _set_crontab("\n".join(lines) + "\n")
+
+
+def _uninstall_cron() -> None:
+    existing = _get_crontab()
+    if not existing:
+        return
+    lines = [l for l in existing.splitlines() if _CRON_MARKER not in l]
+    _set_crontab("\n".join(lines) + "\n" if lines else "")
+
+
+def _cron_status() -> str:
+    existing = _get_crontab()
+    if _CRON_MARKER in existing:
+        return "installed (cron)"
+    return "not installed"
+
+
+# ---------- Public API ----------
+
+def install_daemon() -> None:
+    """Install auto-sync daemon for the current platform."""
+    system = platform.system()
+    if system == "Darwin":
+        _install_launchagent()
+    elif system == "Linux":
+        _install_cron()
+    else:
+        raise RuntimeError(f"Auto-sync not supported on {system} yet")
+
+
+def uninstall_daemon() -> None:
+    """Remove auto-sync daemon."""
+    system = platform.system()
+    if system == "Darwin":
+        _unload_launchagent()
+    elif system == "Linux":
+        _uninstall_cron()
+
+
+def daemon_status() -> str:
+    """Return human-readable daemon status."""
+    system = platform.system()
+    if system == "Darwin":
+        return _launchagent_status()
+    elif system == "Linux":
+        return _cron_status()
+    return "not supported on this platform"