cli login/logout

Author: 101arrowz

lib/commands/index.js

@@ -2,3 +2,5 @@ export * from './info/index.js'
 export * from './report/index.js'
 export * from './npm/index.js'
 export * from './npx/index.js'
+export * from './login/index.js'
+export * from './logout/index.js'

lib/commands/login/index.js

@@ -0,0 +1,61 @@
+import isInteractive from 'is-interactive'
+import meow from 'meow'
+import ora from 'ora'
+import prompts from 'prompts'
+
+import { AuthError, InputError } from '../../utils/errors.js'
+import { setupSdk } from '../../utils/sdk.js'
+import { getSetting, updateSetting } from '../../utils/settings.js'
+
+const description = 'Socket API login'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const login = {
+  description,
+  run: async (argv, importMeta, { parentName }) => {
+    const name = parentName + ' login'
+    const cli = meow(`
+      Usage
+        $ ${name}
+
+      Logs into the Socket API by prompting for an API key
+
+      Examples
+        $ ${name}
+    `, {
+      argv,
+      description,
+      importMeta,
+    })
+
+    if (cli.input.length) cli.showHelp()
+
+    if (!isInteractive()) {
+      throw new InputError('cannot prompt for credentials in a non-interactive shell')
+    }
+    const { apiKey } = await prompts({
+      type: 'password',
+      name: 'apiKey',
+      message: 'Enter your Socket.dev API key',
+    })
+
+    if (!apiKey) {
+      ora('API key not updated').warn()
+      return
+    }
+
+    const spinner = ora('Verifying API key...').start()
+
+    const oldKey = getSetting('apiKey')
+    updateSetting('apiKey', apiKey)
+    try {
+      const sdk = await setupSdk()
+      const quota = await sdk.getQuota()
+      if (!quota.success) throw new AuthError()
+      spinner.succeed(`API key ${oldKey ? 'updated' : 'set'}`)
+    } catch (e) {
+      updateSetting('apiKey', oldKey)
+      spinner.fail('Invalid API key')
+    }
+  }
+}

lib/commands/logout/index.js

@@ -0,0 +1,32 @@
+import meow from 'meow'
+import ora from 'ora'
+
+import { updateSetting } from '../../utils/settings.js'
+
+const description = 'Socket API logout'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const logout = {
+  description,
+  run: async (argv, importMeta, { parentName }) => {
+    const name = parentName + ' logout'
+    const cli = meow(`
+      Usage
+        $ ${name}
+
+      Logs out of the Socket API and clears all Socket credentials from disk
+
+      Examples
+        $ ${name}
+    `, {
+      argv,
+      description,
+      importMeta,
+    })
+
+    if (cli.input.length) cli.showHelp()
+
+    updateSetting('apiKey', null)
+    ora('Successfully logged out').succeed()
+  }
+}

lib/utils/sdk.js

@@ -7,19 +7,18 @@ import isInteractive from 'is-interactive'
 import prompts from 'prompts'
 
 import { AuthError } from './errors.js'
+import { getSetting } from './settings.js'
 
 /**
- * The API key should be stored globally for the duration of the CLI execution
+ * This API key should be stored globally for the duration of the CLI execution
  *
  * @type {string | undefined}
  */
-let apiKey
+let sessionAPIKey
 
 /** @returns {Promise<import('@socketsecurity/sdk').SocketSdk>} */
 export async function setupSdk () {
-  if (!apiKey) {
-    apiKey = process.env['SOCKET_SECURITY_API_KEY']
-  }
+  let apiKey = getSetting('apiKey') || process.env['SOCKET_SECURITY_API_KEY'] || sessionAPIKey
 
   if (!apiKey && isInteractive()) {
     const input = await prompts({
@@ -28,7 +27,7 @@ export async function setupSdk () {
       message: 'Enter your Socket.dev API key',
     })
 
-    apiKey = input.apiKey
+    apiKey = sessionAPIKey = input.apiKey
   }
 
   if (!apiKey) {

lib/utils/settings.js

@@ -0,0 +1,56 @@
+import * as fs from 'fs'
+import * as os from 'os'
+import * as path from 'path'
+
+// @ts-ignore no types for ascii85
+import ascii85 from 'ascii85'
+
+let dataHome = process.platform === 'win32'
+  ? process.env['LOCALAPPDATA']
+  : process.env['XDG_DATA_HOME']
+
+if (!dataHome) {
+  if (process.platform === 'win32') throw new Error('missing %LOCALAPPDATA%')
+  const home = os.homedir()
+  dataHome = path.join(home, ...(process.platform === 'darwin'
+    ? ['Library', 'Application Support']
+    : ['.local', 'share']
+  ))
+}
+
+const settingsPath = path.join(dataHome, 'socket', 'settings')
+
+/** @type {any} */
+let settings = {}
+
+if (fs.existsSync(settingsPath)) {
+  const raw = fs.readFileSync(settingsPath)
+  try {
+    settings = JSON.parse(ascii85.decode(raw).toString())
+  } catch (e) {
+    // failed decode - don't load
+  }
+} else {
+  fs.mkdirSync(path.dirname(settingsPath), { recursive: true })
+}
+
+/**
+ * @param {string} key
+ * @returns {any}
+ */
+export function getSetting (key) {
+  return settings[key]
+}
+
+/**
+ * @param {string} key
+ * @param {any} value
+ * @returns {void}
+ */
+export function updateSetting (key, value) {
+  settings[key] = value
+  fs.writeFileSync(
+    settingsPath,
+    ascii85.encode(JSON.stringify(settings))
+  )
+}

package.json

@@ -43,7 +43,7 @@
     "test": "run-s check test:*"
   },
   "devDependencies": {
-    "@socketsecurity/eslint-config": "^2.0.0",
+    "@socketsecurity/eslint-config": "^3.0.1",
     "@tsconfig/node14": "^1.0.3",
     "@types/chai": "^4.3.3",
     "@types/chai-as-promised": "^7.1.5",
@@ -85,6 +85,7 @@
     "@apideck/better-ajv-errors": "^0.3.6",
     "@socketsecurity/config": "^2.0.0",
     "@socketsecurity/sdk": "^0.5.4",
+    "ascii85": "^1.0.2",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",