Class: Logi::Commands::App
- Inherits:
-
Thor
- Object
- Thor
- Logi::Commands::App
- Defined in:
- lib/logi/commands/app.rb
Instance Method Summary collapse
- #add_redirect(id, uri) ⇒ Object
- #create ⇒ Object
- #delete(id) ⇒ Object
- #list ⇒ Object
- #remove_redirect(id, uri) ⇒ Object
- #rotate_secret(id) ⇒ Object
- #show(id) ⇒ Object
- #verify(id) ⇒ Object
Instance Method Details
#add_redirect(id, uri) ⇒ Object
101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/logi/commands/app.rb', line 101 def add_redirect(id, uri) client = authed_client current = client.get("/api/v1/applications/#{id}")["redirect_uris"] || [] if current.include?(uri) puts pastel.dim("Already registered: #{uri}") return end client.patch("/api/v1/applications/#{id}", body: { application: { redirect_uris: current + [ uri ] } }) puts pastel.green("✓ Added: #{uri}") rescue HttpClient::Error => e abort pastel.red("Couldn't add redirect: #{e.status} #{e.body}") end |
#create ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/logi/commands/app.rb', line 57 def create data = authed_client.post("/api/v1/applications", body: { application: { name: [:name], redirect_uris: [ [:redirect_uri] ], # Flatten whitespace inside each --scope arg so BOTH `--scope openid profile email` # and `--scope "openid profile email"` (Thor passes the quoted form as one element) # resolve to separate scope names. Avoids a single bogus "openid profile email" scope. allowed_scopes: Array([:scope]).flat_map { |s| s.to_s.split(/\s+/) }.reject(&:empty?), webhook_url: [:webhook_url], backchannel_logout_uri: [:backchannel_logout_uri], health_url: [:health_url], # Only send health_check_enabled when explicitly opted out, so the # server default (enabled) applies otherwise. health_check_enabled: ([:health_check] == false ? false : nil), client_type: [:client_type] }.compact }) Output.success(data, ) do print_create_result(data) end rescue HttpClient::Error => e handle_create_error(e) end |
#delete(id) ⇒ Object
93 94 95 96 97 98 |
# File 'lib/logi/commands/app.rb', line 93 def delete(id) authed_client.delete("/api/v1/applications/#{id}") puts pastel.green("✓ Deleted") rescue HttpClient::Error => e abort pastel.red("Couldn't delete app: #{e.status} #{e.body}") end |
#list ⇒ Object
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/logi/commands/app.rb', line 10 def list data = authed_client.get("/api/v1/applications") apps = data["applications"] Output.success({ count: apps.size, applications: apps }, ) do if apps.empty? puts pastel.dim("You don't have any apps yet.") else table = TTY::Table.new( header: [ "name", "client_id", "status", "redirect_uris" ], rows: apps.map { |a| [ a["name"], a["client_id"], a["status"], a["redirect_uris"].first ] } ) puts table.render(:unicode, padding: [ 0, 1 ]) end end rescue HttpClient::Error => e Output.failure(code: "list_failed", message: e.body.to_s, status: e.status, options: ) do abort pastel.red("Couldn't list apps: #{e.status} #{e.body}") end end |
#remove_redirect(id, uri) ⇒ Object
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'lib/logi/commands/app.rb', line 201 def remove_redirect(id, uri) client = authed_client current = client.get("/api/v1/applications/#{id}")["redirect_uris"] || [] unless current.include?(uri) puts pastel.dim("Not registered: #{uri}") return end if current.size <= 1 abort pastel.red("At least one redirect_uri is required. Add another URI first.") end client.patch("/api/v1/applications/#{id}", body: { application: { redirect_uris: current - [ uri ] } }) puts pastel.green("✓ Removed: #{uri}") rescue HttpClient::Error => e abort pastel.red("Couldn't remove redirect: #{e.status} #{e.body}") end |
#rotate_secret(id) ⇒ Object
83 84 85 86 87 88 89 90 |
# File 'lib/logi/commands/app.rb', line 83 def rotate_secret(id) data = authed_client.post("/api/v1/applications/#{id}/rotate_secret") puts pastel.green("✓ Secret rotated") puts " client_secret: #{pastel.yellow(data['client_secret'])}" puts pastel.dim(" ⚠ The old secret has been revoked immediately.") rescue HttpClient::Error => e abort pastel.red("Couldn't rotate secret: #{e.status} #{e.body}") end |
#show(id) ⇒ Object
32 33 34 35 36 37 38 39 40 41 |
# File 'lib/logi/commands/app.rb', line 32 def show(id) data = authed_client.get("/api/v1/applications/#{id}") Output.success(data, ) do puts JSON.pretty_generate(data) end rescue HttpClient::Error => e Output.failure(code: "show_failed", message: e.body.to_s, status: e.status, options: ) do abort pastel.red("Couldn't fetch app: #{e.status} #{e.body}") end end |
#verify(id) ⇒ Object
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/logi/commands/app.rb', line 119 def verify(id) client = authed_client app = client.get("/api/v1/applications/#{id}") target_uri = [:redirect_uri] if [:json] result = build_verify_result(app, target_uri, client) puts JSON.pretty_generate(result) exit(result[:checks].all? { |c| c[:ok] } ? 0 : 1) end puts pastel.bold("logi verify ") + pastel.dim(id) puts "" # Check 1: app status if app["status"] == "approved" ok "App status: approved" else warn "App status: #{app['status']} (production traffic needs status=approved)" end # Check 2: tier tier = app["tier"] case tier when "production" ok "Tier: production" when nil warn "Tier: unknown (server didn't report a tier)." else warn "Tier: #{tier} — only localhost / staging redirects are allowed. To use a production URL, request a tier upgrade." end # Health-check status (only shown when the server reports it). unless app["health_check_enabled"].nil? if app["health_check_enabled"] status = app["rp_health_status"] || "unknown" ok "Health checks: enabled (status: #{status})" else warn "Health checks: disabled" end end # Check 3: redirect_uri registration registered = app["redirect_uris"] || [] puts pastel.dim(" Registered redirect_uris:") registered.each { |u| puts pastel.dim(" - #{u}") } if target_uri if registered.include?(target_uri) ok "redirect_uri is registered: #{target_uri}" else err "redirect_uri is NOT registered: #{target_uri}" puts pastel.dim(" → logi apps add-redirect #{id} '#{target_uri}'") end # If the app is sandbox-tier but the target URL is on a prod domain, warn. if tier == "sandbox" && target_uri =~ %r{https?://(?!localhost|127\.0\.0\.1)([^/]+)} host = ::Regexp.last_match(1) unless host.match?(/\.staging\.|\.test\.|\.localhost$/) err "Sandbox tier but a prod domain (#{host}) — this will be blocked." puts pastel.dim(" → Request a tier upgrade, or use a staging domain.") end end end # Check 4: env vars cheatsheet puts "" puts pastel.bold("Recommended environment variables for the RP:") api_url = Config.load.api_url puts " LOGI_API_URL=#{api_url}" puts " LOGI_CLIENT_ID=#{app['client_id']}" puts " LOGI_CLIENT_SECRET=" + pastel.dim("(shown once at create — or rotate-secret to re-issue)") puts " LOGI_RP_HEALTH_SECRET=" + pastel.dim("(shown once at create)") puts "" puts pastel.dim("Docs: https://docs.1pass.dev/guide/troubleshooting") rescue HttpClient::Error => e Output.failure(code: "verify_failed", message: e.body.to_s, status: e.status, options: ) do abort pastel.red("Couldn't verify app: #{e.status} #{e.body}") end end |