PyPI - tsk-cli - Versions diffs - 0.1.0__tar.gz → 0.1.5__tar.gz - Mend

tsk-cli 0.1.0tar.gz → 0.1.5tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

{tsk_cli-0.1.0 → tsk_cli-0.1.5}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tsk-cli
-Version: 0.1.0
+Version: 0.1.5
 Summary: CLI for TSK — pull projects and things for editor agents
 Author: Rob Crosby
 License: MIT

{tsk_cli-0.1.0 → tsk_cli-0.1.5}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "tsk-cli"
-version = "0.1.0"
+version = "0.1.5"
 description = "CLI for TSK — pull projects and things for editor agents"
 readme = "README.md"
 license = {text = "MIT"}

{tsk_cli-0.1.0 → tsk_cli-0.1.5}/tsk_cli/api.py RENAMED Viewed

@@ -5,11 +5,12 @@ HTTP client that uses stored session cookies to talk to the TSK backend.
 from __future__ import annotations
 import sys
+from urllib.parse import urlparse
 import click
 import requests
-from .config import get_auth, get_server_url
+from .config import get_auth, get_server_url, save_auth
 def create_session() -> requests.Session:
@@ -23,9 +24,31 @@ def create_session() -> requests.Session:
     if csrftoken:
         s.cookies.set("csrftoken", csrftoken)
         s.headers["X-CSRFToken"] = csrftoken
+    # Django's CSRF middleware requires Origin (or Referer on HTTPS) for unsafe
+    # methods. Browsers send these automatically; urllib3/requests does not.
+    base = get_server_url().rstrip("/")
+    parsed = urlparse(base)
+    if parsed.scheme in ("http", "https") and parsed.netloc:
+        origin = f"{parsed.scheme}://{parsed.netloc}"
+        s.headers.setdefault("Origin", origin)
+        s.headers.setdefault("Referer", f"{origin}/")
     return s
+def _persist_csrf_from_response(resp: requests.Response) -> None:
+    """If the server rotated csrftoken, keep ~/.config/tsk/auth.json in sync."""
+    new = resp.cookies.get("csrftoken")
+    if not new:
+        return
+    auth = get_auth()
+    sid = auth.get("sessionid", "")
+    if not sid:
+        return
+    save_auth(sessionid=sid, csrftoken=new)
 def require_auth() -> tuple[requests.Session, str]:
     """
     Return (session, server_url) or exit with an error message
@@ -42,14 +65,35 @@ def require_auth() -> tuple[requests.Session, str]:
     return session, server_url
+def _check_auth_response(resp: requests.Response) -> None:
+    """Exit with a helpful message on 401/403."""
+    if resp.status_code == 401:
+        click.echo("Session expired. Run: tsk login", err=True)
+        sys.exit(1)
+    if resp.status_code == 403:
+        detail = ""
+        try:
+            detail = resp.json().get("detail", "")
+        except Exception:
+            pass
+        if "CSRF" in detail:
+            click.echo("CSRF check failed. Run: tsk login", err=True)
+        else:
+            click.echo(
+                f"Permission denied ({detail or 'no details'}). "
+                "You may need a higher org role, or run: tsk login",
+                err=True,
+            )
+        sys.exit(1)
 def api_get(path: str) -> dict | list:
     """GET an API endpoint. Exits on auth failure."""
     session, server_url = require_auth()
     resp = session.get(f"{server_url}{path}")
-    if resp.status_code == 401 or resp.status_code == 403:
-        click.echo("Session expired. Run: tsk login", err=True)
-        sys.exit(1)
+    _check_auth_response(resp)
     resp.raise_for_status()
+    _persist_csrf_from_response(resp)
     return resp.json()
@@ -57,10 +101,9 @@ def api_post(path: str, json_data: dict) -> dict:
     """POST to an API endpoint. Exits on auth failure."""
     session, server_url = require_auth()
     resp = session.post(f"{server_url}{path}", json=json_data)
-    if resp.status_code in (401, 403):
-        click.echo("Session expired. Run: tsk login", err=True)
-        sys.exit(1)
+    _check_auth_response(resp)
     resp.raise_for_status()
+    _persist_csrf_from_response(resp)
     return resp.json()
@@ -68,8 +111,7 @@ def api_patch(path: str, json_data: dict) -> dict:
     """PATCH an API endpoint. Exits on auth failure."""
     session, server_url = require_auth()
     resp = session.patch(f"{server_url}{path}", json=json_data)
-    if resp.status_code in (401, 403):
-        click.echo("Session expired. Run: tsk login", err=True)
-        sys.exit(1)
+    _check_auth_response(resp)
     resp.raise_for_status()
+    _persist_csrf_from_response(resp)
     return resp.json()

{tsk_cli-0.1.0 → tsk_cli-0.1.5}/tsk_cli.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tsk-cli
-Version: 0.1.0
+Version: 0.1.5
 Summary: CLI for TSK — pull projects and things for editor agents
 Author: Rob Crosby
 License: MIT