Merge pull request #45 from SocketDev/ENG-1496/cli-login

CLI login/logout

Author: 101arrowz

lib/commands/index.js

@@ -2,3 +2,5 @@ export * from './info/index.js'
 export * from './report/index.js'
 export * from './npm/index.js'
 export * from './npx/index.js'
+export * from './login/index.js'
+export * from './logout/index.js'

lib/commands/login/index.js

@@ -0,0 +1,66 @@
+import isInteractive from 'is-interactive'
+import meow from 'meow'
+import ora from 'ora'
+import prompts from 'prompts'
+
+import { ChalkOrMarkdown } from '../../utils/chalk-markdown.js'
+import { AuthError, InputError } from '../../utils/errors.js'
+import { setupSdk } from '../../utils/sdk.js'
+import { getSetting, updateSetting } from '../../utils/settings.js'
+
+const description = 'Socket API login'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const login = {
+  description,
+  run: async (argv, importMeta, { parentName }) => {
+    const name = parentName + ' login'
+    const cli = meow(`
+      Usage
+        $ ${name}
+
+      Logs into the Socket API by prompting for an API key
+
+      Examples
+        $ ${name}
+    `, {
+      argv,
+      description,
+      importMeta,
+    })
+
+    if (cli.input.length) cli.showHelp()
+
+    if (!isInteractive()) {
+      throw new InputError('cannot prompt for credentials in a non-interactive shell')
+    }
+    const format = new ChalkOrMarkdown(false)
+    const { apiKey } = await prompts({
+      type: 'password',
+      name: 'apiKey',
+      message: `Enter your ${format.hyperlink(
+        'Socket.dev API key',
+        'https://docs.socket.dev/docs/api-keys'
+      )}`,
+    })
+
+    if (!apiKey) {
+      ora('API key not updated').warn()
+      return
+    }
+
+    const spinner = ora('Verifying API key...').start()
+
+    const oldKey = getSetting('apiKey')
+    updateSetting('apiKey', apiKey)
+    try {
+      const sdk = await setupSdk()
+      const quota = await sdk.getQuota()
+      if (!quota.success) throw new AuthError()
+      spinner.succeed(`API key ${oldKey ? 'updated' : 'set'}`)
+    } catch (e) {
+      updateSetting('apiKey', oldKey)
+      spinner.fail('Invalid API key')
+    }
+  }
+}

lib/commands/logout/index.js

@@ -0,0 +1,32 @@
+import meow from 'meow'
+import ora from 'ora'
+
+import { updateSetting } from '../../utils/settings.js'
+
+const description = 'Socket API logout'
+
+/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
+export const logout = {
+  description,
+  run: async (argv, importMeta, { parentName }) => {
+    const name = parentName + ' logout'
+    const cli = meow(`
+      Usage
+        $ ${name}
+
+      Logs out of the Socket API and clears all Socket credentials from disk
+
+      Examples
+        $ ${name}
+    `, {
+      argv,
+      description,
+      importMeta,
+    })
+
+    if (cli.input.length) cli.showHelp()
+
+    updateSetting('apiKey', null)
+    ora('Successfully logged out').succeed()
+  }
+}

lib/shadow/npm-injection.cjs

@@ -12,6 +12,7 @@ const oraPromise = import('ora')
 const isInteractivePromise = import('is-interactive')
 const chalkPromise = import('chalk')
 const chalkMarkdownPromise = import('../utils/chalk-markdown.js')
+const settingsPromise = import('../utils/settings.js')
 const ipc_version = require('../../package.json').version
 
 try {
@@ -32,7 +33,9 @@ try {
  * @typedef {import('stream').Writable} Writable
  */
 
-const pubToken = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api'
+const pubTokenPromise = settingsPromise.then(({ getSetting }) =>
+  getSetting('apiKey') || 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api'
+);
 
 // shadow `npm` and `npx` to mitigate subshells
 require('./link.cjs')(fs.realpathSync(path.join(__dirname, 'bin')), 'npm')
@@ -64,6 +67,7 @@ const pkgidParts = (pkgid) => {
 async function * batchScan (
   pkgids
 ) {
+  const pubToken = await pubTokenPromise
   const query = {
     packages: pkgids.map(pkgid => {
       const { name, version } = pkgidParts(pkgid)

lib/utils/sdk.js

@@ -7,28 +7,27 @@ import isInteractive from 'is-interactive'
 import prompts from 'prompts'
 
 import { AuthError } from './errors.js'
+import { getSetting } from './settings.js'
 
 /**
- * The API key should be stored globally for the duration of the CLI execution
+ * This API key should be stored globally for the duration of the CLI execution
  *
  * @type {string | undefined}
  */
-let apiKey
+let sessionAPIKey
 
 /** @returns {Promise<import('@socketsecurity/sdk').SocketSdk>} */
 export async function setupSdk () {
-  if (!apiKey) {
-    apiKey = process.env['SOCKET_SECURITY_API_KEY']
-  }
+  let apiKey = getSetting('apiKey') || process.env['SOCKET_SECURITY_API_KEY'] || sessionAPIKey
 
   if (!apiKey && isInteractive()) {
     const input = await prompts({
       type: 'password',
       name: 'apiKey',
-      message: 'Enter your Socket.dev API key',
+      message: 'Enter your Socket.dev API key (not saved)',
     })
 
-    apiKey = input.apiKey
+    apiKey = sessionAPIKey = input.apiKey
   }
 
   if (!apiKey) {

lib/utils/settings.js

@@ -0,0 +1,57 @@
+import * as fs from 'fs'
+import * as os from 'os'
+import * as path from 'path'
+
+import ora from 'ora'
+
+let dataHome = process.platform === 'win32'
+  ? process.env['LOCALAPPDATA']
+  : process.env['XDG_DATA_HOME']
+
+if (!dataHome) {
+  if (process.platform === 'win32') throw new Error('missing %LOCALAPPDATA%')
+  const home = os.homedir()
+  dataHome = path.join(home, ...(process.platform === 'darwin'
+    ? ['Library', 'Application Support']
+    : ['.local', 'share']
+  ))
+}
+
+const settingsPath = path.join(dataHome, 'socket', 'settings')
+
+/** @type {{apiKey?: string | null}} */
+let settings = {}
+
+if (fs.existsSync(settingsPath)) {
+  const raw = fs.readFileSync(settingsPath, 'utf-8')
+  try {
+    settings = JSON.parse(Buffer.from(raw, 'base64').toString())
+  } catch (e) {
+    ora(`Failed to parse settings at ${settingsPath}`).warn()
+  }
+} else {
+  fs.mkdirSync(path.dirname(settingsPath), { recursive: true })
+}
+
+/**
+ * @template {keyof typeof settings} Key
+ * @param {Key} key
+ * @returns {typeof settings[Key]}
+ */
+export function getSetting (key) {
+  return settings[key]
+}
+
+/**
+ * @template {keyof typeof settings} Key
+ * @param {Key} key
+ * @param {typeof settings[Key]} value
+ * @returns {void}
+ */
+export function updateSetting (key, value) {
+  settings[key] = value
+  fs.writeFileSync(
+    settingsPath,
+    Buffer.from(JSON.stringify(settings)).toString('base64')
+  )
+}

package.json

@@ -43,7 +43,7 @@
     "test": "run-s check test:*"
   },
   "devDependencies": {
-    "@socketsecurity/eslint-config": "^2.0.0",
+    "@socketsecurity/eslint-config": "^3.0.1",
     "@tsconfig/node14": "^1.0.3",
     "@types/chai": "^4.3.3",
     "@types/chai-as-promised": "^7.1.5",