refactor(cli): streamline type generation and enhance authentication flow

- Removed the `checkOnly` option from `generateTypesAction` to simplify the type generation process.
- Improved error handling in `waitForAccessToken` with more descriptive messages and a consistent timeout mechanism.
- Introduced a new `registerClient` function to encapsulate client registration logic with the OAuth server.
- Added a `DEFAULT_AUTH_TIMEOUT` constant for configurable authentication timeout.
- Cleaned up unused code related to type checking in files to enhance maintainability.

Author: pavkam

.vscode/settings.json

@@ -42,6 +42,7 @@
   "cSpell.words": [
     "booleanish",
     "bucketco",
-    "openfeature"
+    "openfeature",
+    "PKCE"
   ]
 }

packages/cli/commands/features.ts

@@ -13,7 +13,6 @@ import {
   MissingEnvIdError,
 } from "../utils/errors.js";
 import {
-  checkTypesInFile,
   genFeatureKey,
   genTypes,
   indentLines,
@@ -24,7 +23,6 @@ import {
   appIdOption,
   featureKeyOption,
   featureNameArgument,
-  typesCheckOnlyOption,
   typesFormatOption,
   typesOutOption,
 } from "../utils/options.js";
@@ -134,13 +132,7 @@ export const listFeaturesAction = async () => {
   }
 };
 
-type GenerateTypesOptions = {
-  checkOnly?: boolean;
-};
-
-export const generateTypesAction = async ({
-  checkOnly,
-}: GenerateTypesOptions = {}) => {
+export const generateTypesAction = async () => {
   const { baseUrl, appId } = configStore.getConfig();
   const typesOutput = configStore.getConfig("typesOutput");
 
@@ -182,36 +174,17 @@ export const generateTypesAction = async ({
   }
 
   try {
-    spinner = ora(
-      `${checkOnly ? "Checking" : "Generating"} feature types...`,
-    ).start();
+    spinner = ora(`Generating feature types...`).start();
     const projectPath = configStore.getProjectPath();
 
     // Generate types for each output configuration
     for (const output of typesOutput) {
       const types = genTypes(features, output.format);
 
-      if (checkOnly) {
-        const { fullPath, isUpToDate } = await checkTypesInFile(
-          types,
-          output.path,
-          projectPath,
-        );
-
-        if (!isUpToDate) {
-          spinner.fail(`Types are not up to date in ${chalk.cyan(fullPath)}.`);
-          handleError(`Type check failed.`, "Features Types");
-        } else {
-          spinner.succeed(
-            `All ${output.format} types are up to date in ${chalk.cyan(relative(projectPath, fullPath))}.`,
-          );
-        }
-      } else {
-        const outPath = await writeTypesToFile(types, output.path, projectPath);
-        spinner.succeed(
-          `Generated ${output.format} types in ${chalk.cyan(relative(projectPath, outPath))}.`,
-        );
-      }
+      const outPath = await writeTypesToFile(types, output.path, projectPath);
+      spinner.succeed(
+        `Generated ${output.format} types in ${chalk.cyan(relative(projectPath, outPath))}.`,
+      );
     }
   } catch (error) {
     spinner?.fail("Type generation failed.");
@@ -245,7 +218,6 @@ export function registerFeatureCommands(cli: Command) {
     .addOption(appIdOption)
     .addOption(typesOutOption)
     .addOption(typesFormatOption)
-    .addOption(typesCheckOnlyOption)
     .action(generateTypesAction);
 
   // Update the config with the cli override values

packages/cli/utils/auth.ts

@@ -9,6 +9,7 @@ import { configStore } from "../stores/config.js";
 import {
   CLIENT_VERSION_HEADER_NAME,
   CLIENT_VERSION_HEADER_VALUE,
+  DEFAULT_AUTH_TIMEOUT,
 } from "./constants.js";
 import { ResponseError } from "./errors.js";
 import { ParamType } from "./types.js";
@@ -49,18 +50,77 @@ async function getOAuthServerUrls(apiUrl: string) {
   throw new Error("Failed to fetch OAuth server metadata");
 }
 
-export async function waitForAccessToken(baseUrl: string, apiUrl: string) {
-  const { authorizationEndpoint, tokenEndpoint, registrationEndpoint } =
-    await getOAuthServerUrls(apiUrl);
+async function registerClient(
+  registrationEndpoint: string,
+  redirectUri: string,
+) {
+  const registrationResponse = await fetch(registrationEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify({
+      client_name: "Bucket CLI",
+      token_endpoint_auth_method: "none",
+      grant_types: ["authorization_code"],
+      redirect_uris: [redirectUri],
+    }),
+    signal: AbortSignal.timeout(5000),
+  });
 
-  let resolve: (args: waitForAccessToken) => void;
-  let reject: (arg0: Error) => void;
+  if (!registrationResponse.ok) {
+    throw new Error(`Could not register client with OAuth server`);
+  }
 
-  const promise = new Promise<waitForAccessToken>((res, rej) => {
-    resolve = res;
-    reject = rej;
+  const registrationData = (await registrationResponse.json()) as {
+    client_id: string;
+  };
+
+  return registrationData.client_id;
+}
+
+async function exchangeCodeForToken(
+  tokenEndpoint: string,
+  clientId: string,
+  code: string,
+  codeVerifier: string,
+  redirectUri: string,
+) {
+  const response = await fetch(tokenEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: clientId,
+      code,
+      code_verifier: codeVerifier,
+      redirect_uri: redirectUri,
+    }),
+    signal: AbortSignal.timeout(5000),
   });
 
+  if (!response.ok) {
+    let errorDescription: string | undefined;
+
+    try {
+      const jsonResponse = await response.json();
+      errorDescription = jsonResponse.error_description || jsonResponse.error;
+    } catch {
+      // ignore
+    }
+
+    return { error: errorDescription ?? "unknown error" };
+  }
+
+  return {
+    accessToken: (await response.json()).access_token,
+    expiresAt: new Date(Date.now() + (await response.json()).expires_in * 1000),
+  };
+}
+
+function createChallenge() {
   // PKCE code verifier and challenge
   const codeVerifier = crypto.randomBytes(32).toString("base64url");
   const codeChallenge = crypto
@@ -71,13 +131,34 @@ export async function waitForAccessToken(baseUrl: string, apiUrl: string) {
     .replace(/\+/g, "-")
     .replace(/\//g, "_");
 
+  const state = crypto.randomUUID();
+
+  return { codeVerifier, codeChallenge, state };
+}
+
+export async function waitForAccessToken(baseUrl: string, apiUrl: string) {
+  const { authorizationEndpoint, tokenEndpoint, registrationEndpoint } =
+    await getOAuthServerUrls(apiUrl);
+
+  let resolve: (args: waitForAccessToken) => void;
+  let reject: (arg0: Error) => void;
+
+  const promise = new Promise<waitForAccessToken>((res, rej) => {
+    resolve = res;
+    reject = rej;
+  });
+
+  const { codeVerifier, codeChallenge, state } = createChallenge();
+
   const timeout = setTimeout(() => {
-    cleanupAndReject(new Error("Authentication timed out after 60 seconds"));
-  }, 60000);
+    cleanupAndReject(
+      `authentication timed out after ${DEFAULT_AUTH_TIMEOUT / 1000} seconds`,
+    );
+  }, DEFAULT_AUTH_TIMEOUT);
 
-  function cleanupAndReject(error: Error) {
+  function cleanupAndReject(message: string) {
     cleanup();
-    reject(error);
+    reject(new Error(`Could not authenticate: ${message}`));
   }
 
   function cleanup() {
@@ -95,37 +176,16 @@ export async function waitForAccessToken(baseUrl: string, apiUrl: string) {
     throw new Error("Could not start server");
   }
 
-  const redirectUri = `http://localhost:${address.port}/callback`;
-
-  const registrationResponse = await fetch(registrationEndpoint, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({
-      client_name: "Bucket CLI",
-      token_endpoint_auth_method: "none",
-      grant_types: ["authorization_code"],
-      redirect_uris: [redirectUri],
-    }),
-    signal: AbortSignal.timeout(5000),
-  });
-
-  if (!registrationResponse.ok) {
-    throw new Error(`Could not register client with OAuth server`);
-  }
-
-  const registrationData = (await registrationResponse.json()) as {
-    client_id: string;
-  };
+  const callbackPath = "/oauth_callback";
+  const redirectUri = `http://localhost:${address.port}${callbackPath}`;
 
-  const clientId = registrationData.client_id;
+  const clientId = await registerClient(registrationEndpoint, redirectUri);
 
   const params = {
     response_type: "code",
     client_id: clientId,
     redirect_uri: redirectUri,
-    state: crypto.randomUUID(),
+    state,
     code_challenge: codeChallenge,
     code_challenge_method: "S256",
   };
@@ -134,20 +194,18 @@ export async function waitForAccessToken(baseUrl: string, apiUrl: string) {
 
   server.on("request", async (req, res) => {
     if (!clientId || !redirectUri) {
-      res.writeHead(500).end("Could not authenticate: something went wrong");
+      res.writeHead(500).end("Something went wrong");
 
-      cleanupAndReject(
-        new Error("Could not authenticate: something went wrong"),
-      );
+      cleanupAndReject("something went wrong");
       return;
     }
 
     const url = new URL(req.url ?? "/", "http://127.0.0.1");
 
-    if (url.pathname !== "/callback") {
+    if (url.pathname !== callbackPath) {
       res.writeHead(404).end("Invalid path");
 
-      cleanupAndReject(new Error("Could not authenticate: invalid path"));
+      cleanupAndReject("invalid path");
       return;
     }
 
@@ -156,64 +214,48 @@ export async function waitForAccessToken(baseUrl: string, apiUrl: string) {
       res.writeHead(400).end("Could not authenticate");
 
       const errorDescription = url.searchParams.get("error_description");
-      cleanupAndReject(
-        new Error(`Could not authenticate: ${errorDescription || error} `),
-      );
+      cleanupAndReject(`${errorDescription || error} `);
       return;
     }
 
     const code = url.searchParams.get("code");
     if (!code) {
       res.writeHead(400).end("Could not authenticate");
 
-      cleanupAndReject(new Error("Could not authenticate: no code provided"));
+      cleanupAndReject("no code provided");
       return;
     }
 
-    const response = await fetch(tokenEndpoint, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: new URLSearchParams({
-        grant_type: "authorization_code",
-        client_id: clientId,
-        code,
-        code_verifier: codeVerifier,
-        redirect_uri: redirectUri,
-      }),
-      signal: AbortSignal.timeout(5000),
-    });
+    const response = await exchangeCodeForToken(
+      tokenEndpoint,
+      clientId,
+      code,
+      codeVerifier,
+      redirectUri,
+    );
 
-    if (!response.ok) {
+    if ("error" in response) {
       res
         .writeHead(302, {
           location: errorUrl(
             baseUrl,
-            "Could not authenticate: Unable to fetch access token",
+            "Could not authenticate: unable to fetch access token",
           ),
         })
         .end("Could not authenticate");
 
-      const json = await response.json();
-      cleanupAndReject(
-        new Error(`Could not authenticate: ${JSON.stringify(json)}`),
-      );
+      cleanupAndReject(JSON.stringify(response.error));
       return;
     }
+
     res
       .writeHead(302, {
         location: successUrl(baseUrl),
       })
       .end("Authentication successful");
 
-    const jsonResponse = await response.json();
-
     cleanup();
-    resolve({
-      accessToken: jsonResponse.access_token,
-      expiresAt: new Date(Date.now() + jsonResponse.expires_in * 1000),
-    });
+    resolve(response);
   });
 
   console.log(

packages/cli/utils/constants.ts

@@ -14,6 +14,8 @@ export const DEFAULT_BASE_URL = "https://app.bucket.co";
 export const DEFAULT_API_URL = `${DEFAULT_BASE_URL}/api`;
 export const DEFAULT_TYPES_OUTPUT = join("gen", "features.d.ts");
 
+export const DEFAULT_AUTH_TIMEOUT = 60000; // 60 seconds
+
 export const MODULE_ROOT = fileURLToPath(import.meta.url).substring(
   0,
   fileURLToPath(import.meta.url).lastIndexOf("cli") + 3,