CLI: Implement auth login command

cli/commands/auth/login.ts

@@ -0,0 +1,99 @@
+import { password } from '@inquirer/prompts';
+import { __ } from '@wordpress/i18n';
+import { SupportedLocale } from 'common/lib/locale';
+import { getAuthenticationUrl } from 'common/lib/oauth';
+import { AuthCommandLoggerAction as LoggerAction } from 'common/logger-actions';
+import wpcomFactory from 'src/lib/wpcom-factory';
+import wpcomXhrRequest from 'src/lib/wpcom-xhr-request-factory';
+import { z } from 'zod';
+import { validateAccessToken } from 'cli/lib/api';
+import { lockAppdata, readAppdata, saveAppdata, unlockAppdata } from 'cli/lib/appdata';
+import { openBrowser } from 'cli/lib/browser';
+import { Logger, LoggerError } from 'cli/logger';
+import { StudioArgv } from 'cli/types';
+
+const meResponseSchema = z.object( {
+	ID: z.number(),
+	email: z.string().email(),
+	display_name: z.string(),
+} );
+
+const CLI_REDIRECT_URI = `https://developer.wordpress.com/copy-oauth-token`;
+
+export async function runCommand( locale: SupportedLocale = 'en' ): Promise< void > {
+	const logger = new Logger< LoggerAction >();
+
+	try {
+		const existingData = await readAppdata();
+		if ( existingData.authToken?.accessToken ) {
+			await validateAccessToken( existingData.authToken.accessToken );
+			logger.reportSuccess( __( 'Already authenticated with WordPress.com' ) );
+			return;
+		}
+
+		logger.reportStart( LoggerAction.LOGIN, __( 'Opening browser for authentication…' ) );
+
+		const authUrl = getAuthenticationUrl( locale, CLI_REDIRECT_URI );
+		await openBrowser( authUrl );
+		logger.reportSuccess( __( 'Browser opened successfully' ) );
+
+		console.log( __( 'Please complete authentication in your browser.' ) );
+		console.log( '' );
+
+		const accessToken = await password( {
+			message: __( 'Authentication token:' ),
+		} );
+
+		logger.reportSuccess( __( 'Authentication completed successfully!' ) );
+
+		const wpcom = wpcomFactory( accessToken, wpcomXhrRequest );
+		const rawResponse = await wpcom.req.get( '/me', { fields: 'ID,login,email,display_name' } );
+		const user = meResponseSchema.parse( rawResponse );
+
+		const now = new Date();
+		const twoWeeksInSeconds = 2 * 7 * 24 * 60 * 60;
+
+		try {
+			await lockAppdata();
+			const userData = await readAppdata();
+			userData.authToken = {
+				accessToken,
+				id: user.ID,
+				email: user.email,
+				displayName: user.display_name,
+				expiresIn: twoWeeksInSeconds,
+				expirationTime: now.getTime() + twoWeeksInSeconds,
+			};
+			await saveAppdata( userData );
+		} finally {
+			await unlockAppdata();
+		}
+
+		logger.reportKeyValuePair( 'email', user.email );
+		logger.reportKeyValuePair( 'display_name', user.display_name );
+	} catch ( error ) {
+		if ( error instanceof LoggerError ) {
+			logger.reportError( error );
+		} else {
+			logger.reportError( new LoggerError( __( 'Authentication failed' ), error ) );
+		}
+		throw error;
+	}
+}
+
+export const registerCommand = ( yargs: StudioArgv ) => {
+	return yargs.command( {
+		command: 'login',
+		describe: __( 'Log in to WordPress.com' ),
+		builder: ( yargs ) => {
+			return yargs.option( 'locale', {
+				type: 'string',
+				default: 'en',
+				description: __( 'Locale for the authentication flow' ),
+			} );
+		},
+		handler: async ( argv ) => {
+			await runCommand( argv.locale as SupportedLocale );
+		},
+	} );
+};

cli/index.ts

@@ -1,6 +1,7 @@
 import 'cli/polyfills/browser-globals.js';
 import path from 'node:path';
 import { __ } from '@wordpress/i18n';
+import { registerCommand as registerAuthLoginCommand } from 'cli/commands/auth/login';
 import { suppressPunycodeWarning } from 'common/lib/suppress-punycode-warning';
 import { StatsGroup, StatsMetric } from 'common/types/stats';
 import yargs from 'yargs';
@@ -45,6 +46,10 @@ async function main() {
 				);
 			}
 		} )
+		.command( 'auth', __( 'Manage authentication' ), ( authYargs ) => {
+			registerAuthLoginCommand( authYargs );
+			authYargs.demandCommand( 1, __( 'You must provide a valid auth command' ) );
+		} )
 		.command( 'preview', __( 'Manage preview sites' ), ( previewYargs ) => {
 			registerCreateCommand( previewYargs );
 			registerListCommand( previewYargs );

cli/lib/appdata.ts

@@ -46,7 +46,11 @@ const userDataSchema = z
 		authToken: z
 			.object( {
 				accessToken: z.string().min( 1, __( 'Access token cannot be empty' ) ),
+				expiresIn: z.number(),
+				expirationTime: z.number(),
 				id: z.number().optional(),
+				email: z.string(),
+				displayName: z.string().default( '' ),
 			} )
 			.passthrough()
 			.optional(),

cli/lib/browser.ts

@@ -0,0 +1,53 @@
+import { spawn } from 'child_process';
+import { __ } from '@wordpress/i18n';
+import { LoggerError } from 'cli/logger';
+
+/**
+ * Opens the default browser with the specified URL
+ */
+export async function openBrowser( url: string ): Promise< void > {
+	const platform = process.platform;
+	let cmd: string;
+	let args: string[];
+
+	switch ( platform ) {
+		case 'darwin':
+			cmd = 'open';
+			args = [ url ];
+			break;
+		case 'win32':
+			cmd = 'PowerShell';
+			args = [
+				'-NoProfile',
+				'-NonInteractive',
+				'-ExecutionPolicy',
+				'Bypass',
+				'-Command',
+				'Start',
+				`"${ url }"`,
+			];
+			break;
+		case 'linux':
+			cmd = 'xdg-open';
+			args = [ url ];
+			break;
+	}
+
+	return new Promise( ( resolve, reject ) => {
+		const child = spawn( cmd, args );
+
+		child.on( 'error', ( error ) => {
+			reject(
+				new LoggerError( __( 'Failed to open browser. Please open the URL manually.' ), error )
+			);
+		} );
+
+		child.on( 'exit', ( code ) => {
+			if ( code === 0 ) {
+				resolve();
+			} else {
+				reject( new LoggerError( __( 'Failed to open browser. Please open the URL manually.' ) ) );
+			}
+		} );
+	} );
+}

common/lib/oauth.ts

@@ -4,11 +4,14 @@ import { SupportedLocale } from 'common/lib/locale';
 const SCOPES = 'global';
 const REDIRECT_URI = `${ PROTOCOL_PREFIX }://auth`;
 
-export function getAuthenticationUrl( locale: SupportedLocale ): string {
+export function getAuthenticationUrl(
+	locale: SupportedLocale,
+	redirectUri = REDIRECT_URI
+): string {
 	const url = new URL( 'https://public-api.wordpress.com/oauth2/authorize' );
 	url.searchParams.set( 'response_type', 'token' );
 	url.searchParams.set( 'client_id', CLIENT_ID );
-	url.searchParams.set( 'redirect_uri', REDIRECT_URI );
+	url.searchParams.set( 'redirect_uri', redirectUri );
 	url.searchParams.set( 'scope', SCOPES );
 	url.searchParams.set( 'locale', locale );
 

common/logger-actions.ts

@@ -1,6 +1,11 @@
 // Store the actions in a separate file to avoid Webpack issues when importing them in the Studio
 // source code
 
+export enum AuthCommandLoggerAction {
+	LOGIN = 'login',
+	LOGOUT = 'logout',
+}
+
 export enum PreviewCommandLoggerAction {
 	VALIDATE = 'validate',
 	ARCHIVE = 'archive',