Re-worked login to get email, userId, claims directly from token. Switched to ES256 self signed tokens. Added codify edit command

kevinwang5658 · kevinwang5658 · commit 3643c4a22dee · 2025-10-01T10:08:52.000-04:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -29,6 +29,7 @@
     "ink-gradient": "^3.0.0",
     "ink-select-input": "^6.0.0",
     "jju": "^1.4.0",
+    "jose": "^6.1.0",
     "jotai": "^2.11.1",
     "js-yaml": "^4.1.0",
     "js-yaml-source-map": "^0.2.2",
@@ -42,8 +43,8 @@
     "semver": "^7.5.4",
     "socket.io": "^4.8.1",
     "supports-color": "^9.4.0",
-    "ws": "^8.18.3",
-    "uuid": "^10.0.0"
+    "uuid": "^10.0.0",
+    "ws": "^8.18.3"
   },
   "description": "Codify allows users to configure settings, install new packages, and automate their systems using code instead of the GUI. Get set up on a new laptop in one click, maintain a Codify file within your project so anyone can get started and never lose your cool apps or favourite settings again.",
   "devDependencies": {
diff --git a/src/api/dashboard/index.ts b/src/api/dashboard/index.ts
@@ -12,7 +12,7 @@ export const DashboardApiClient = {
 
     const res = await fetch(
       `${API_BASE_URL}/api/v1/documents/${id}`,
-      { method: 'GET', headers: { 'Content-Type': 'application/json', 'authorization': login.accessToken } },
+      { method: 'GET', headers: { 'Content-Type': 'application/json', 'authorization': `Bearer ${login.accessToken}` } },
     );
 
     if (!res.ok) {
@@ -24,23 +24,25 @@ export const DashboardApiClient = {
     return json;
   },
 
-  async getDefaultDocumentId(): Promise<string> {
+  async getDefaultDocumentId(): Promise<null | string> {
     const login = LoginHelper.get()?.credentials;
     if (!login) {
       throw new Error('Not logged in');
     }
 
-    // const res = await fetch(
-    //   `${API_BASE_URL}/api/v1/documents/default/id`,
-    //   { method: 'GET', headers: { 'Content-Type': 'application/json', 'authorization': login.accessToken } },
-    // );
+    console.log('Token', login.accessToken);
 
-    // const json = await res.json();
-    // if (!res.ok) {
-    //   throw new Error(JSON.stringify(json, null, 2));
-    // }
+    const res = await fetch(
+      `${API_BASE_URL}/api/v1/documents/default/id`,
+      { method: 'GET', headers: { 'Content-Type': 'application/json', 'authorization': `Bearer ${login.accessToken}` } },
+    );
+
+    const json = await res.json();
+    if (!res.ok) {
+      throw new Error(JSON.stringify(json, null, 2));
+    }
 
-    return '1b80818e-5304-4158-80a3-82e17ff2c79e';
+    return json.defaultDocumentId;
   },
 
   async saveDocumentUpdate(id: string, contents: string): Promise<void> {
diff --git a/src/commands/edit.ts b/src/commands/edit.ts
@@ -1,5 +1,7 @@
 import { BaseCommand } from '../common/base-command.js';
 import { ConnectOrchestrator } from '../orchestrators/connect.js';
+import { EditOrchestrator } from '../orchestrators/edit.js';
+import { LoginHelper } from '../connect/login-helper.js';
 
 export default class Edit extends BaseCommand {
   static description =
@@ -16,8 +18,10 @@ For more information, visit: https://docs.codifycli.com/commands/validate
   ]
 
   public async run(): Promise<void> {
-    const { flags } = await this.parse(Edit)
+    const { flags } = await this.parse(Edit);
+    const config = this.config;
+
+    await EditOrchestrator.run(config);
 
-    // await ConnectOrchestrator.run();
   }
 }
diff --git a/src/config.ts b/src/config.ts
@@ -6,5 +6,8 @@ export const config = {
     'https://dashboard.codifycli.com',
     'https://https://codify-dashboard.kevinwang5658.workers.dev',
     'http://localhost:3000'
-  ]
+  ],
+
+  dashboardUrl: 'https://dashboard.codifycli.com',
+  supabaseUrl: 'https://kdctbvqvqjfquplxhqrm.supabase.co',
 }
diff --git a/src/connect/http-routes/handlers/index.ts b/src/connect/http-routes/handlers/index.ts
@@ -9,7 +9,7 @@ const router = Router({
 router.post('/session', (req, res) => {
   const { clientId } = req.body;
   if (!clientId) {
-    throw new Error('connectionId is required');
+    throw new Error('clientId is required');
   }
 
   const socketServer = SocketServer.get();
diff --git a/src/connect/login-helper.ts b/src/connect/login-helper.ts
@@ -1,14 +1,20 @@
+import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
 import * as fs from 'node:fs/promises';
 import * as os from 'node:os';
 import * as path from 'node:path';
+import { config } from '../config.js';
 
 interface Credentials {
   accessToken: string;
   email: string;
   userId: string;
-  expiry: string;
+  expiry: number;
 }
 
+const PROJECT_JWKS = createRemoteJWKSet(
+  new URL(`${config.supabaseUrl}/auth/v1/.well-known/jwks.json`)
+)
+
 export class LoginHelper {
   private static instance: LoginHelper;
 
@@ -23,6 +29,8 @@ export class LoginHelper {
     }
 
     const credentials = await LoginHelper.read();
+
+    console.log('My credentials', credentials);
     if (!credentials) {
       LoginHelper.instance = new LoginHelper(false);
       return LoginHelper.instance;
@@ -41,19 +49,34 @@ export class LoginHelper {
     return LoginHelper.instance;
   }
 
-  static async save(credentials: Credentials) {
+  static async save(accessToken: string) {
     const credentialsPath = path.join(os.homedir(), '.codify', 'credentials.json');
     console.log(`Saving credentials to ${credentialsPath}`);
-    await fs.writeFile(credentialsPath, JSON.stringify(credentials));
+    await fs.writeFile(credentialsPath, JSON.stringify({ accessToken }));
   }
 
   private static async read(): Promise<Credentials | undefined> {
     const credentialsPath = path.join(os.homedir(), '.codify', 'credentials.json');
     try {
       const credentialsStr = await fs.readFile(credentialsPath, 'utf8');
-      return JSON.parse(credentialsStr);
-    } catch {
+      const { accessToken } = JSON.parse(credentialsStr);
+
+      await LoginHelper.verifyProjectJWT(accessToken);
+      const decoded = decodeJwt(accessToken);
+
+      return {
+        accessToken,
+        email: decoded.email as string,
+        userId: decoded.sub!,
+        expiry: decoded.exp!,
+      }
+    } catch(e) {
+      console.error(e);
       return undefined;
     }
   }
+
+  private static async verifyProjectJWT(jwt: string) {
+    return jwtVerify(jwt, PROJECT_JWKS)
+  }
 }
diff --git a/src/connect/socket-server.ts b/src/connect/socket-server.ts
@@ -124,7 +124,7 @@ export class SocketServer {
   private handleClientConnected = (ws: WebSocket) => {
     const clientId = uuid();
     this.mainConnections.set(clientId, ws);
-    ws.send(JSON.stringify({ key: 'opened', data: { clientId: uuid } }))
+    ws.send(JSON.stringify({ key: 'opened', data: { clientId } }))
 
     ws.on('close', () => {
       this.mainConnections.delete(clientId);
diff --git a/src/orchestrators/connect.ts b/src/orchestrators/connect.ts
@@ -6,12 +6,20 @@ import open from 'open';
 
 import { config } from '../config.js';
 import router from '../connect/http-routes/router.js';
+import { LoginHelper } from '../connect/login-helper.js';
 import { SocketServer } from '../connect/socket-server.js';
+import { LoginOrchestrator } from './login.js';
 
 export class ConnectOrchestrator {
   static rootCommand: string;
 
-  static async run(oclifConfig: Config) {
+  static async run(oclifConfig: Config, openBrowser = true, onOpen?: (connectionCode: string) => void) {
+    const login = LoginHelper.get()?.isLoggedIn;
+    if (!login) {
+      await LoginOrchestrator.run();
+      await LoginHelper.load();
+    }
+
     this.rootCommand = oclifConfig.options.root;
     
     const connectionSecret = ConnectOrchestrator.tokenGenerate()
@@ -31,11 +39,15 @@ export class ConnectOrchestrator {
         throw error;
       }
 
-      open(`http://localhost:3000/connection/success?code=${connectionSecret}`)
-      console.log(`Open browser window to store code.
+      if (openBrowser) {
+        open(`http://localhost:3000/connection/success?code=${connectionSecret}`)
+        console.log(`Open browser window to store code.
 
 If unsuccessful manually enter the code:
 ${connectionSecret}`)
+      }
+
+      onOpen?.(connectionSecret);
     });
 
     // const wsManager = WsServerManager.init(server, connectionSecret)
diff --git a/src/orchestrators/edit.ts b/src/orchestrators/edit.ts
@@ -0,0 +1,30 @@
+import { Config } from '@oclif/core';
+import { randomBytes } from 'node:crypto';
+import open from 'open';
+
+import { DashboardApiClient } from '../api/dashboard/index.js';
+import { config } from '../config.js';
+import { ConnectOrchestrator } from './connect.js';
+import { LoginHelper } from '../connect/login-helper.js';
+import { LoginOrchestrator } from './login.js';
+
+export class EditOrchestrator {
+  static rootCommand: string;
+
+  static async run(oclifConfig: Config) {
+    const login = LoginHelper.get()?.isLoggedIn;
+    if (!login) {
+      await LoginOrchestrator.run();
+      await LoginHelper.load();
+    }
+
+    const defaultDocumentId = await DashboardApiClient.getDefaultDocumentId();
+    const url = defaultDocumentId
+      ? `${config.dashboardUrl}/file/${defaultDocumentId}`
+      : config.dashboardUrl;
+
+    await ConnectOrchestrator.run(oclifConfig, false, (code) => {
+      open(`${url}?connection_code=${code}`);
+    });
+  }
+}
diff --git a/src/orchestrators/login.ts b/src/orchestrators/login.ts
@@ -11,15 +11,6 @@ const schema = {
   properties: {
     accessToken: {
       type: 'string',
-    },
-    email: {
-      type: 'string',
-    },
-    userId: {
-      type: 'string',
-    },
-    expiry: {
-      type: 'number',
     }
   },
   additionalProperties: false,
@@ -45,11 +36,12 @@ export class LoginOrchestrator {
         app.post('/', async (req, res) => {
           const body = req.body as Credentials;
 
-          if (!ajv.validate(schema, body)) {
-            return res.status(400).send({ message: ajv.errorsText() })
-          }
+          // if (!ajv.validate(schema, body)) {
+          //   console.error('Received invalid credentials', body)
+          //   return res.status(400).send({ message: ajv.errorsText() })
+          // }
 
-          await LoginHelper.save(body);
+          await LoginHelper.save(body.accessToken);
           res.sendStatus(200);
 
           resolve();

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`import { BaseCommand } from '../common/base-command.js';`
`2`	`2`	`import { ConnectOrchestrator } from '../orchestrators/connect.js';`
	`3`	`+import { EditOrchestrator } from '../orchestrators/edit.js';`
	`4`	`+import { LoginHelper } from '../connect/login-helper.js';`
`3`	`5`
`4`	`6`	`export default class Edit extends BaseCommand {`
`5`	`7`	`static description =`
`@@ -16,8 +18,10 @@ For more information, visit: https://docs.codifycli.com/commands/validate`
`16`	`18`	`]`
`17`	`19`
`18`	`20`	`public async run(): Promise<void> {`
`19`		`- const { flags } = await this.parse(Edit)`
	`21`	`+ const { flags } = await this.parse(Edit);`
	`22`	`+ const config = this.config;`
	`23`	`+`
	`24`	`+ await EditOrchestrator.run(config);`
`20`	`25`
`21`		`- // await ConnectOrchestrator.run();`
`22`	`26`	`}`
`23`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ const router = Router({`
`9`	`9`	`router.post('/session', (req, res) => {`
`10`	`10`	`const { clientId } = req.body;`
`11`	`11`	`if (!clientId) {`
`12`		`- throw new Error('connectionId is required');`
	`12`	`+ throw new Error('clientId is required');`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`const socketServer = SocketServer.get();`