xenfra 0.4.2__py3-none-any.whl → 0.4.4__py3-none-any.whl

xenfra/commands/__init__.py

@@ -1,3 +1,3 @@
-"""
-CLI command modules for Xenfra.
-"""
+"""
+CLI command modules for Xenfra.
+"""

xenfra/commands/auth.py

@@ -1,144 +1,144 @@
-"""
-Authentication commands for Xenfra CLI.
-"""
-
-import base64
-import hashlib
-import secrets
-import urllib.parse
-import webbrowser
-from http.server import HTTPServer
-
-import click
-import httpx
-import keyring
-from rich.console import Console
-from tenacity import (
-    retry,
-    retry_if_exception_type,
-    stop_after_attempt,
-    wait_exponential,
-)
-
-from ..utils.auth import (
-    API_BASE_URL,
-    CLI_CLIENT_ID,
-    CLI_LOCAL_SERVER_END_PORT,
-    CLI_LOCAL_SERVER_START_PORT,
-    CLI_REDIRECT_PATH,
-    SERVICE_ID,
-    AuthCallbackHandler,
-    clear_tokens,
-    get_auth_token,
-)
-
-console = Console()
-
-# HTTP request timeout (30 seconds)
-HTTP_TIMEOUT = 30.0
-
-
-@click.group()
-def auth():
-    """Authentication commands (login, logout, whoami)."""
-    pass
-
-
-@retry(
-    stop=stop_after_attempt(3),
-    wait=wait_exponential(multiplier=1, min=2, max=10),
-    retry=retry_if_exception_type((httpx.TimeoutException, httpx.NetworkError)),
-    reraise=True,
-)
-def _exchange_code_for_tokens_with_retry(code: str, code_verifier: str, redirect_uri: str) -> dict:
-    """
-    Exchange authorization code for tokens with retry logic.
-
-    Returns token data dictionary.
-    """
-    with httpx.Client(timeout=HTTP_TIMEOUT) as client:
-        response = client.post(
-            f"{API_BASE_URL}/auth/token",
-            data={
-                "grant_type": "authorization_code",
-                "client_id": CLI_CLIENT_ID,
-                "code": code,
-                "code_verifier": code_verifier,
-                "redirect_uri": redirect_uri,
-            },
-            headers={"Accept": "application/json"},
-        )
-        response.raise_for_status()
-
-        # Safe JSON parsing with content-type check
-        content_type = response.headers.get("content-type", "")
-        if "application/json" not in content_type:
-            raise ValueError(f"Expected JSON response, got {content_type}")
-
-        try:
-            token_data = response.json()
-        except (ValueError, TypeError) as e:
-            raise ValueError(f"Failed to parse JSON response: {e}")
-
-        return token_data
-
-
-@auth.command()
-def login():
-    """Login to Xenfra using Device Authorization Flow (like GitHub CLI, Claude Code)."""
-    from .auth_device import device_login
-    device_login()
-
-    # Removed old PKCE flow - now using Device Authorization Flow
-
-
-@auth.command()
-def logout():
-    """Logout and clear stored tokens."""
-    try:
-        clear_tokens()
-        console.print("[bold green]Logged out successfully.[/bold green]")
-    except Exception as e:
-        console.print(f"[yellow]Warning: Error during logout: {e}[/yellow]")
-        console.print("[dim]Tokens may still be stored in keyring.[/dim]")
-
-
-@auth.command()
-@click.option("--token", is_flag=True, help="Show access token")
-def whoami(token):
-    """Show current authenticated user."""
-    access_token = get_auth_token()
-
-    if not access_token:
-        console.print("[bold red]Not logged in. Run 'xenfra login' first.[/bold red]")
-        return
-
-    try:
-        import base64
-        import json
-
-        # Manually decode JWT payload without verification
-        # JWT format: header.payload.signature
-        parts = access_token.split(".")
-        if len(parts) != 3:
-            console.print("[bold red]Invalid token format[/bold red]")
-            return
-
-        # Decode payload (second part)
-        payload_b64 = parts[1]
-        # Add padding if needed
-        padding = 4 - len(payload_b64) % 4
-        if padding != 4:
-            payload_b64 += "=" * padding
-
-        payload_bytes = base64.urlsafe_b64decode(payload_b64)
-        claims = json.loads(payload_bytes)
-
-        console.print("[bold green]Logged in as:[/bold green]")
-        console.print(f"  Email: {claims.get('sub', 'N/A')}")
-        console.print(f"  User ID: {claims.get('user_id', 'N/A')}")
-
-        if token:
-            console.print(f"\n[dim]Access Token:[/dim]\n{access_token}")
-    except Exception as e:
-        console.print(f"[bold red]Failed to decode token: {e}[/bold red]")
+"""
+Authentication commands for Xenfra CLI.
+"""
+
+import base64
+import hashlib
+import secrets
+import urllib.parse
+import webbrowser
+from http.server import HTTPServer
+
+import click
+import httpx
+import keyring
+from rich.console import Console
+from tenacity import (
+    retry,
+    retry_if_exception_type,
+    stop_after_attempt,
+    wait_exponential,
+)
+
+from ..utils.auth import (
+    API_BASE_URL,
+    CLI_CLIENT_ID,
+    CLI_LOCAL_SERVER_END_PORT,
+    CLI_LOCAL_SERVER_START_PORT,
+    CLI_REDIRECT_PATH,
+    SERVICE_ID,
+    AuthCallbackHandler,
+    clear_tokens,
+    get_auth_token,
+)
+
+console = Console()
+
+# HTTP request timeout (30 seconds)
+HTTP_TIMEOUT = 30.0
+
+
+@click.group()
+def auth():
+    """Authentication commands (login, logout, whoami)."""
+    pass
+
+
+@retry(
+    stop=stop_after_attempt(3),
+    wait=wait_exponential(multiplier=1, min=2, max=10),
+    retry=retry_if_exception_type((httpx.TimeoutException, httpx.NetworkError)),
+    reraise=True,
+)
+def _exchange_code_for_tokens_with_retry(code: str, code_verifier: str, redirect_uri: str) -> dict:
+    """
+    Exchange authorization code for tokens with retry logic.
+
+    Returns token data dictionary.
+    """
+    with httpx.Client(timeout=HTTP_TIMEOUT) as client:
+        response = client.post(
+            f"{API_BASE_URL}/auth/token",
+            data={
+                "grant_type": "authorization_code",
+                "client_id": CLI_CLIENT_ID,
+                "code": code,
+                "code_verifier": code_verifier,
+                "redirect_uri": redirect_uri,
+            },
+            headers={"Accept": "application/json"},
+        )
+        response.raise_for_status()
+
+        # Safe JSON parsing with content-type check
+        content_type = response.headers.get("content-type", "")
+        if "application/json" not in content_type:
+            raise ValueError(f"Expected JSON response, got {content_type}")
+
+        try:
+            token_data = response.json()
+        except (ValueError, TypeError) as e:
+            raise ValueError(f"Failed to parse JSON response: {e}")
+
+        return token_data
+
+
+@auth.command()
+def login():
+    """Login to Xenfra using Device Authorization Flow (like GitHub CLI, Claude Code)."""
+    from .auth_device import device_login
+    device_login()
+
+    # Removed old PKCE flow - now using Device Authorization Flow
+
+
+@auth.command()
+def logout():
+    """Logout and clear stored tokens."""
+    try:
+        clear_tokens()
+        console.print("[bold green]Logged out successfully.[/bold green]")
+    except Exception as e:
+        console.print(f"[yellow]Warning: Error during logout: {e}[/yellow]")
+        console.print("[dim]Tokens may still be stored in keyring.[/dim]")
+
+
+@auth.command()
+@click.option("--token", is_flag=True, help="Show access token")
+def whoami(token):
+    """Show current authenticated user."""
+    access_token = get_auth_token()
+
+    if not access_token:
+        console.print("[bold red]Not logged in. Run 'xenfra login' first.[/bold red]")
+        return
+
+    try:
+        import base64
+        import json
+
+        # Manually decode JWT payload without verification
+        # JWT format: header.payload.signature
+        parts = access_token.split(".")
+        if len(parts) != 3:
+            console.print("[bold red]Invalid token format[/bold red]")
+            return
+
+        # Decode payload (second part)
+        payload_b64 = parts[1]
+        # Add padding if needed
+        padding = 4 - len(payload_b64) % 4
+        if padding != 4:
+            payload_b64 += "=" * padding
+
+        payload_bytes = base64.urlsafe_b64decode(payload_b64)
+        claims = json.loads(payload_bytes)
+
+        console.print("[bold green]Logged in as:[/bold green]")
+        console.print(f"  Email: {claims.get('sub', 'N/A')}")
+        console.print(f"  User ID: {claims.get('user_id', 'N/A')}")
+
+        if token:
+            console.print(f"\n[dim]Access Token:[/dim]\n{access_token}")
+    except Exception as e:
+        console.print(f"[bold red]Failed to decode token: {e}[/bold red]")

xenfra/commands/auth_device.py

@@ -1,164 +1,164 @@
-"""
-Device Authorization Flow for Xenfra CLI.
-Modern OAuth flow used by GitHub CLI, AWS CLI, Claude Code, etc.
-"""
-
-import time
-import webbrowser
-from urllib.parse import urlencode
-
-import click
-import httpx
-import keyring
-from rich.console import Console
-from rich.panel import Panel
-
-from ..utils.auth import API_BASE_URL, CLI_CLIENT_ID, HTTP_TIMEOUT, SERVICE_ID
-
-console = Console()
-
-
-def device_login():
-    """
-    Device Authorization Flow (OAuth 2.0 Device Grant).
-
-    Flow:
-    1. CLI calls /auth/device/authorize to get device_code and user_code
-    2. User visits https://www.xenfra.tech/activate and enters user_code
-    3. CLI polls /auth/device/token until user authorizes
-    4. CLI receives access_token and stores it
-    """
-    try:
-        # Step 1: Request device code
-        console.print("[cyan]Initiating device authorization...[/cyan]")
-
-        with httpx.Client(timeout=HTTP_TIMEOUT) as client:
-            response = client.post(
-                f"{API_BASE_URL}/auth/device/authorize",
-                data={
-                    "client_id": CLI_CLIENT_ID,
-                    "scope": "openid profile",
-                },
-            )
-            response.raise_for_status()
-            device_data = response.json()
-
-        device_code = device_data["device_code"]
-        user_code = device_data["user_code"]
-        verification_uri = device_data["verification_uri"]
-        verification_uri_complete = device_data.get("verification_uri_complete")
-        expires_in = device_data["expires_in"]
-        interval = device_data.get("interval", 5)
-
-        # Step 2: Show user code and open browser
-        console.print()
-        console.print(
-            Panel.fit(
-                f"[bold white]{user_code}[/bold white]",
-                title="[bold green]Your Activation Code[/bold green]",
-                border_style="green",
-            )
-        )
-        console.print()
-        console.print(f"[bold]Visit:[/bold] [link]{verification_uri}[/link]")
-        console.print(f"[bold]Enter code:[/bold] [cyan]{user_code}[/cyan]")
-        console.print()
-
-        # Open browser automatically
-        try:
-            url_to_open = verification_uri_complete or verification_uri
-            webbrowser.open(url_to_open)
-            console.print("[dim]Opening browser...[/dim]")
-        except Exception:
-            console.print("[yellow]Could not open browser automatically. Please visit the URL above.[/yellow]")
-
-        # Step 3: Poll for authorization
-        console.print()
-        console.print("[cyan]Waiting for authorization...[/cyan]")
-        console.print("[dim](Press Ctrl+C to cancel)[/dim]")
-        console.print()
-
-        start_time = time.time()
-        poll_count = 0
-
-        with httpx.Client(timeout=HTTP_TIMEOUT) as client:
-            while True:
-                # Check timeout
-                if time.time() - start_time > expires_in:
-                    console.print("[bold red]✗ Authorization timed out. Please try again.[/bold red]")
-                    return False
-
-                # Poll the token endpoint
-                try:
-                    response = client.post(
-                        f"{API_BASE_URL}/auth/device/token",
-                        data={
-                            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
-                            "device_code": device_code,
-                            "client_id": CLI_CLIENT_ID,
-                        },
-                    )
-
-                    if response.status_code == 200:
-                        # Success! User authorized
-                        token_data = response.json()
-                        access_token = token_data["access_token"]
-                        refresh_token = token_data.get("refresh_token")
-
-                        # Store tokens (keyring or file fallback)
-                        try:
-                            keyring.set_password(SERVICE_ID, "access_token", access_token)
-                            if refresh_token:
-                                keyring.set_password(SERVICE_ID, "refresh_token", refresh_token)
-                        except keyring.errors.KeyringError as e:
-                            console.print(f"[dim]Keyring unavailable, using file storage: {e}[/dim]")
-                            # Fallback to file storage
-                            from ..utils.auth import _set_token_to_file
-                            _set_token_to_file("access_token", access_token)
-                            if refresh_token:
-                                _set_token_to_file("refresh_token", refresh_token)
-
-                        console.print()
-                        console.print("[bold green]✓ Successfully authenticated![/bold green]")
-                        console.print()
-                        return True
-
-                    elif response.status_code == 400:
-                        error_data = response.json()
-                        error = error_data.get("error", "unknown_error")
-
-                        if error == "authorization_pending":
-                            # Still waiting for user to authorize
-                            poll_count += 1
-                            if poll_count % 6 == 0:  # Every 30 seconds
-                                console.print("[dim]Still waiting...[/dim]")
-                            time.sleep(interval)
-                            continue
-
-                        elif error == "slow_down":
-                            # We're polling too fast
-                            interval += 5
-                            time.sleep(interval)
-                            continue
-
-                        else:
-                            # Other error
-                            error_desc = error_data.get("error_description", error)
-                            console.print(f"[bold red]✗ Authorization failed: {error_desc}[/bold red]")
-                            return False
-
-                    else:
-                        console.print(f"[bold red]✗ Unexpected response: {response.status_code}[/bold red]")
-                        return False
-
-                except httpx.HTTPError as e:
-                    console.print(f"[bold red]✗ Network error: {e}[/bold red]")
-                    return False
-
-    except KeyboardInterrupt:
-        console.print()
-        console.print("[yellow]Authorization cancelled.[/yellow]")
-        return False
-    except Exception as e:
-        console.print(f"[bold red]✗ Error: {e}[/bold red]")
-        return False
+"""
+Device Authorization Flow for Xenfra CLI.
+Modern OAuth flow used by GitHub CLI, AWS CLI, Claude Code, etc.
+"""
+
+import time
+import webbrowser
+from urllib.parse import urlencode
+
+import click
+import httpx
+import keyring
+from rich.console import Console
+from rich.panel import Panel
+
+from ..utils.auth import API_BASE_URL, CLI_CLIENT_ID, HTTP_TIMEOUT, SERVICE_ID
+
+console = Console()
+
+
+def device_login():
+    """
+    Device Authorization Flow (OAuth 2.0 Device Grant).
+
+    Flow:
+    1. CLI calls /auth/device/authorize to get device_code and user_code
+    2. User visits https://www.xenfra.tech/activate and enters user_code
+    3. CLI polls /auth/device/token until user authorizes
+    4. CLI receives access_token and stores it
+    """
+    try:
+        # Step 1: Request device code
+        console.print("[cyan]Initiating device authorization...[/cyan]")
+
+        with httpx.Client(timeout=HTTP_TIMEOUT) as client:
+            response = client.post(
+                f"{API_BASE_URL}/auth/device/authorize",
+                data={
+                    "client_id": CLI_CLIENT_ID,
+                    "scope": "openid profile",
+                },
+            )
+            response.raise_for_status()
+            device_data = response.json()
+
+        device_code = device_data["device_code"]
+        user_code = device_data["user_code"]
+        verification_uri = device_data["verification_uri"]
+        verification_uri_complete = device_data.get("verification_uri_complete")
+        expires_in = device_data["expires_in"]
+        interval = device_data.get("interval", 5)
+
+        # Step 2: Show user code and open browser
+        console.print()
+        console.print(
+            Panel.fit(
+                f"[bold white]{user_code}[/bold white]",
+                title="[bold green]Your Activation Code[/bold green]",
+                border_style="green",
+            )
+        )
+        console.print()
+        console.print(f"[bold]Visit:[/bold] [link]{verification_uri}[/link]")
+        console.print(f"[bold]Enter code:[/bold] [cyan]{user_code}[/cyan]")
+        console.print()
+
+        # Open browser automatically
+        try:
+            url_to_open = verification_uri_complete or verification_uri
+            webbrowser.open(url_to_open)
+            console.print("[dim]Opening browser...[/dim]")
+        except Exception:
+            console.print("[yellow]Could not open browser automatically. Please visit the URL above.[/yellow]")
+
+        # Step 3: Poll for authorization
+        console.print()
+        console.print("[cyan]Waiting for authorization...[/cyan]")
+        console.print("[dim](Press Ctrl+C to cancel)[/dim]")
+        console.print()
+
+        start_time = time.time()
+        poll_count = 0
+
+        with httpx.Client(timeout=HTTP_TIMEOUT) as client:
+            while True:
+                # Check timeout
+                if time.time() - start_time > expires_in:
+                    console.print("[bold red]✗ Authorization timed out. Please try again.[/bold red]")
+                    return False
+
+                # Poll the token endpoint
+                try:
+                    response = client.post(
+                        f"{API_BASE_URL}/auth/device/token",
+                        data={
+                            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+                            "device_code": device_code,
+                            "client_id": CLI_CLIENT_ID,
+                        },
+                    )
+
+                    if response.status_code == 200:
+                        # Success! User authorized
+                        token_data = response.json()
+                        access_token = token_data["access_token"]
+                        refresh_token = token_data.get("refresh_token")
+
+                        # Store tokens (keyring or file fallback)
+                        try:
+                            keyring.set_password(SERVICE_ID, "access_token", access_token)
+                            if refresh_token:
+                                keyring.set_password(SERVICE_ID, "refresh_token", refresh_token)
+                        except keyring.errors.KeyringError as e:
+                            console.print(f"[dim]Keyring unavailable, using file storage: {e}[/dim]")
+                            # Fallback to file storage
+                            from ..utils.auth import _set_token_to_file
+                            _set_token_to_file("access_token", access_token)
+                            if refresh_token:
+                                _set_token_to_file("refresh_token", refresh_token)
+
+                        console.print()
+                        console.print("[bold green]✓ Successfully authenticated![/bold green]")
+                        console.print()
+                        return True
+
+                    elif response.status_code == 400:
+                        error_data = response.json()
+                        error = error_data.get("error", "unknown_error")
+
+                        if error == "authorization_pending":
+                            # Still waiting for user to authorize
+                            poll_count += 1
+                            if poll_count % 6 == 0:  # Every 30 seconds
+                                console.print("[dim]Still waiting...[/dim]")
+                            time.sleep(interval)
+                            continue
+
+                        elif error == "slow_down":
+                            # We're polling too fast
+                            interval += 5
+                            time.sleep(interval)
+                            continue
+
+                        else:
+                            # Other error
+                            error_desc = error_data.get("error_description", error)
+                            console.print(f"[bold red]✗ Authorization failed: {error_desc}[/bold red]")
+                            return False
+
+                    else:
+                        console.print(f"[bold red]✗ Unexpected response: {response.status_code}[/bold red]")
+                        return False
+
+                except httpx.HTTPError as e:
+                    console.print(f"[bold red]✗ Network error: {e}[/bold red]")
+                    return False
+
+    except KeyboardInterrupt:
+        console.print()
+        console.print("[yellow]Authorization cancelled.[/yellow]")
+        return False
+    except Exception as e:
+        console.print(f"[bold red]✗ Error: {e}[/bold red]")
+        return False