feat: gram auth changes (#838)

ryan-timothy-albert · web-flow · commit 3552ff0405a3 · 2025-11-12T11:25:30.000-08:00
- modifies gram auth so it respects current project context on the
initial auth and sets that as defaultProjectSlug
- modifies the cli callback in the dashboard so it sets current project
in query params on response
- implements a very simple/stupid `gram auth switch --project ryan-proj`
command to switch project slug
- implements a very simple/stupid `gram auth clear` to clear auth
existing auth config
diff --git a/.changeset/curvy-camels-allow.md b/.changeset/curvy-camels-allow.md
@@ -0,0 +1,6 @@
+---
+"dashboard": patch
+"cli": patch
+---
+
+modifies gram auth so it respects current project context on the initial auth and sets that as defaultProjectSlug
diff --git a/cli/README.md b/cli/README.md
@@ -4,6 +4,7 @@
 
 1. Setup environment
    - `export GRAM_API_URL=https://localhost:8080`
+   - `export GRAM_DASHBOARD_URL=https://localhost:5173`
    - `export GRAM_ORG=organization-123`
    - `export GRAM_PROJECT=default`
    - `export GRAM_API_KEY=<API-KEY>`
diff --git a/cli/internal/app/auth.go b/cli/internal/app/auth.go
@@ -25,14 +25,82 @@ func newAuthCommand() *cli.Command {
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:    "api-url",
-				Usage:   "URL of the Gram web application",
+				Usage:   "URL of the Gram API server",
 				EnvVars: []string{"GRAM_API_URL"},
 			},
+			&cli.StringFlag{
+				Name:    "dashboard-url",
+				Usage:   "URL of the Gram dashboard for authentication",
+				EnvVars: []string{"GRAM_DASHBOARD_URL"},
+			},
+		},
+		Subcommands: []*cli.Command{
+			newAuthSwitchCommand(),
+			newAuthClearCommand(),
 		},
 		Action: doAuth,
 	}
 }
 
+func newAuthSwitchCommand() *cli.Command {
+	return &cli.Command{
+		Name:  "switch",
+		Usage: "Switch the default project for the current profile",
+		Description: `
+Switch the default project for the current profile.
+
+The project slug must be one of the projects available in your current profile.
+Use 'gram status' to see your current project.`,
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:     "project",
+				Usage:    "The project slug to switch to",
+				Required: true,
+			},
+		},
+		Action: func(c *cli.Context) error {
+			projectSlug := c.String("project")
+
+			profilePath, err := profile.DefaultProfilePath()
+			if err != nil {
+				return fmt.Errorf("failed to get profile path: %w", err)
+			}
+
+			if err := profile.UpdateProjectSlug(profilePath, projectSlug); err != nil {
+				return fmt.Errorf("failed to switch project: %w", err)
+			}
+
+			fmt.Printf("Successfully switched to project: %s\n", projectSlug)
+			return nil
+		},
+	}
+}
+
+func newAuthClearCommand() *cli.Command {
+	return &cli.Command{
+		Name:  "clear",
+		Usage: "Clear all authentication profiles",
+		Description: `
+Clear all authentication profiles from the profile configuration file.
+
+This will remove all stored API keys and profile information.
+You will need to run 'gram auth' again to authenticate.`,
+		Action: func(c *cli.Context) error {
+			profilePath, err := profile.DefaultProfilePath()
+			if err != nil {
+				return fmt.Errorf("failed to get profile path: %w", err)
+			}
+
+			if err := profile.Clear(profilePath); err != nil {
+				return fmt.Errorf("failed to clear profiles: %w", err)
+			}
+
+			fmt.Println("Successfully cleared all profiles")
+			return nil
+		},
+	}
+}
+
 func profileNameFromURL(apiURL string) string {
 	parsed, err := url.Parse(apiURL)
 	if err != nil || parsed.Host == "" {
@@ -70,10 +138,10 @@ func mintKey(
 	ctx context.Context,
 	logger *slog.Logger,
 	apiURL string,
-) (string, error) {
+) (*auth.CallbackResult, error) {
 	listener, err := auth.NewListener()
 	if err != nil {
-		return "", fmt.Errorf("failed to create callback listener: %w", err)
+		return nil, fmt.Errorf("failed to create callback listener: %w", err)
 	}
 
 	defer func() {
@@ -89,15 +157,15 @@ func mintKey(
 
 	dispatcher := auth.NewDispatcher(logger)
 	if err := dispatcher.Dispatch(ctx, apiURL, callbackURL); err != nil {
-		return "", fmt.Errorf("failed to dispatch auth request: %w", err)
+		return nil, fmt.Errorf("failed to dispatch auth request: %w", err)
 	}
 
-	apiKey, err := listener.Wait(ctx)
+	result, err := listener.Wait(ctx)
 	if err != nil {
-		return "", fmt.Errorf("authentication failed: %w", err)
+		return nil, fmt.Errorf("authentication failed: %w", err)
 	}
 
-	return apiKey, nil
+	return result, nil
 }
 
 func saveProfile(
@@ -108,6 +176,7 @@ func saveProfile(
 	result *keys.ValidateKeyResult,
 	profilePath string,
 	profileName string,
+	projectSlug string,
 ) error {
 	err := profile.UpdateOrCreate(
 		apiKey,
@@ -116,6 +185,7 @@ func saveProfile(
 		result.Projects,
 		profilePath,
 		profileName,
+		projectSlug,
 	)
 	if err != nil {
 		return fmt.Errorf("failed to save profile: %w", err)
@@ -148,28 +218,29 @@ func refreshProfile(
 		return fmt.Errorf("failed to refresh profile: %w", err)
 	}
 
-	return saveProfile(ctx, logger, prof.Secret, apiURL, result, profilePath, profileName)
+	return saveProfile(ctx, logger, prof.Secret, apiURL, result, profilePath, profileName, prof.DefaultProjectSlug)
 }
 
 func authenticateNewProfile(
 	ctx context.Context,
 	logger *slog.Logger,
 	profileName string,
 	apiURL string,
+	dashboardURL string,
 	keysClient *api.KeysClient,
 	profilePath string,
 ) error {
-	apiKey, err := mintKey(ctx, logger, apiURL)
+	callbackResult, err := mintKey(ctx, logger, dashboardURL)
 	if err != nil {
 		return err
 	}
 
-	result, err := keysClient.Verify(ctx, secret.Secret(apiKey))
+	result, err := keysClient.Verify(ctx, secret.Secret(callbackResult.APIKey))
 	if err != nil {
 		return fmt.Errorf("failed to authenticate profile: %w", err)
 	}
 
-	return saveProfile(ctx, logger, apiKey, apiURL, result, profilePath, profileName)
+	return saveProfile(ctx, logger, callbackResult.APIKey, apiURL, result, profilePath, profileName, callbackResult.Project)
 }
 
 func doAuth(c *cli.Context) error {
@@ -182,6 +253,12 @@ func doAuth(c *cli.Context) error {
 		return fmt.Errorf("invalid API URL: %w", err)
 	}
 
+	// Get dashboard URL for browser authentication
+	dashboardURL := apiURL.String()
+	if c.IsSet("dashboard-url") {
+		dashboardURL = c.String("dashboard-url")
+	}
+
 	profileName := c.String("profile")
 	if profileName == "" {
 		profileName = determineProfileName(prof, apiURL.String())
@@ -213,6 +290,7 @@ func doAuth(c *cli.Context) error {
 		logger,
 		profileName,
 		apiURL.String(),
+		dashboardURL,
 		keysClient,
 		profilePath,
 	)
diff --git a/cli/internal/auth/listener.go b/cli/internal/auth/listener.go
@@ -14,11 +14,17 @@ const (
 	callbackTimeout = 5 * time.Minute
 )
 
+// CallbackResult contains the data returned from the auth callback.
+type CallbackResult struct {
+	APIKey  string
+	Project string
+}
+
 // Listener manages an HTTP server that waits for OAuth callback.
 type Listener struct {
 	server   *http.Server
 	listener net.Listener
-	apiKey   chan string
+	result   chan CallbackResult
 	errChan  chan error
 }
 
@@ -32,7 +38,7 @@ func NewListener() (*Listener, error) {
 	l := &Listener{
 		server:   nil,
 		listener: ln,
-		apiKey:   make(chan string, 1),
+		result:   make(chan CallbackResult, 1),
 		errChan:  make(chan error, 1),
 	}
 
@@ -67,17 +73,17 @@ func (l *Listener) Start() {
 }
 
 // Wait blocks until an API key is received or timeout occurs.
-func (l *Listener) Wait(ctx context.Context) (string, error) {
+func (l *Listener) Wait(ctx context.Context) (*CallbackResult, error) {
 	timeoutCtx, cancel := context.WithTimeout(ctx, callbackTimeout)
 	defer cancel()
 
 	select {
-	case key := <-l.apiKey:
-		return key, nil
+	case result := <-l.result:
+		return &result, nil
 	case err := <-l.errChan:
-		return "", err
+		return nil, err
 	case <-timeoutCtx.Done():
-		return "", fmt.Errorf("timeout waiting for authentication callback")
+		return nil, fmt.Errorf("timeout waiting for authentication callback")
 	}
 }
 
@@ -203,7 +209,12 @@ func (l *Listener) handleCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	l.apiKey <- apiKey
+	project := r.URL.Query().Get("project")
+
+	l.result <- CallbackResult{
+		APIKey:  apiKey,
+		Project: project,
+	}
 	w.Header().Set("Content-Type", "text/html")
 	w.WriteHeader(http.StatusOK)
 	_, _ = fmt.Fprint(w, authSuccessHTML)
diff --git a/cli/internal/profile/writer.go b/cli/internal/profile/writer.go
@@ -52,15 +52,32 @@ func preserveDefaultProjectSlug(existingProfile *Profile) string {
 	return ""
 }
 
+func validateProjectSlug(projectSlug string, projects []*keys.ValidateKeyProject) bool {
+	if projectSlug == "" {
+		return true
+	}
+	for _, proj := range projects {
+		if proj != nil && proj.Slug == projectSlug {
+			return true
+		}
+	}
+	return false
+}
+
 func buildProfile(
 	name string,
 	apiKey string,
 	apiURL string,
 	defaultProjectSlug string,
 	org *keys.ValidateKeyOrganization,
 	projects []*keys.ValidateKeyProject,
+	providedProjectSlug string,
 ) *Profile {
-	if defaultProjectSlug == "" && len(projects) > 0 {
+	// Use provided project slug if it's valid
+	if providedProjectSlug != "" && validateProjectSlug(providedProjectSlug, projects) {
+		defaultProjectSlug = providedProjectSlug
+	} else if defaultProjectSlug == "" && len(projects) > 0 {
+		// Fall back to first project if no default and no valid provided
 		defaultProjectSlug = projects[0].Slug
 	}
 
@@ -83,6 +100,7 @@ func UpdateOrCreate(
 	projects []*keys.ValidateKeyProject,
 	path string,
 	profileName string,
+	projectSlug string,
 ) error {
 	config, err := loadOrCreateConfig(path)
 	if err != nil {
@@ -96,6 +114,7 @@ func UpdateOrCreate(
 		preserveDefaultProjectSlug(config.Profiles[profileName]),
 		org,
 		projects,
+		projectSlug,
 	)
 
 	config.Current = profileName
@@ -120,3 +139,38 @@ func loadConfig(path string) (*Config, error) {
 
 	return &config, nil
 }
+
+// UpdateProjectSlug updates the default project slug for the current profile.
+func UpdateProjectSlug(path string, projectSlug string) error {
+	config, err := loadConfig(path)
+	if err != nil {
+		return fmt.Errorf("failed to load profile: %w", err)
+	}
+
+	if config == nil {
+		return fmt.Errorf("no profile configuration found")
+	}
+
+	if config.Current == "" {
+		return fmt.Errorf("no current profile set")
+	}
+
+	profile, ok := config.Profiles[config.Current]
+	if !ok {
+		return fmt.Errorf("current profile '%s' not found", config.Current)
+	}
+
+	// Validate that the project slug exists in the profile's projects
+	if !validateProjectSlug(projectSlug, profile.Projects) {
+		return fmt.Errorf("project '%s' not found in available projects", projectSlug)
+	}
+
+	profile.DefaultProjectSlug = projectSlug
+	return Save(config, path)
+}
+
+// Clear removes all profiles from the configuration file.
+func Clear(path string) error {
+	config := EmptyConfig()
+	return Save(config, path)
+}
diff --git a/client/dashboard/src/pages/cli/CliCallback.tsx b/client/dashboard/src/pages/cli/CliCallback.tsx
