feat: implement tm list remote (#1185)

2025-09-09 02:28:38 +02:00
parent 15900d9fd5
commit c61c73f827
32 changed files with 2757 additions and 1957 deletions
--- a/packages/tm-core/src/auth/auth-manager.ts
+++ b/packages/tm-core/src/auth/auth-manager.ts
@@ -6,11 +6,18 @@ import {
 	AuthCredentials,
 	OAuthFlowOptions,
 	AuthenticationError,
-	AuthConfig
+	AuthConfig,
+	UserContext
 } from './types.js';
 import { CredentialStore } from './credential-store.js';
 import { OAuthService } from './oauth-service.js';
 import { SupabaseAuthClient } from '../clients/supabase-client.js';
+import {
+	OrganizationService,
+	type Organization,
+	type Brief,
+	type RemoteTask
+} from '../services/organization.service.js';
 import { getLogger } from '../logger/index.js';

 /**
@@ -21,11 +28,28 @@ export class AuthManager {
 	private credentialStore: CredentialStore;
 	private oauthService: OAuthService;
 	private supabaseClient: SupabaseAuthClient;
+	private organizationService?: OrganizationService;

 	private constructor(config?: Partial<AuthConfig>) {
 		this.credentialStore = new CredentialStore(config);
 		this.supabaseClient = new SupabaseAuthClient();
 		this.oauthService = new OAuthService(this.credentialStore, config);
+
+		// Initialize Supabase client with session restoration
+		this.initializeSupabaseSession();
+	}
+
+	/**
+	 * Initialize Supabase session from stored credentials
+	 */
+	private async initializeSupabaseSession(): Promise<void> {
+		try {
+			await this.supabaseClient.initialize();
+		} catch (error) {
+			// Log but don't throw - session might not exist yet
+			const logger = getLogger('AuthManager');
+			logger.debug('No existing session to restore');
+		}
 	}

 	/**
@@ -75,39 +99,48 @@ export class AuthManager {
 	}

 	/**
-	 * Refresh authentication token
+	 * Refresh authentication token using Supabase session
 	 */
 	async refreshToken(): Promise<AuthCredentials> {
-		const authData = this.credentialStore.getCredentials({
-			allowExpired: true
-		});
-
-		if (!authData || !authData.refreshToken) {
-			throw new AuthenticationError(
-				'No refresh token available',
-				'NO_REFRESH_TOKEN'
-			);
-		}
-
 		try {
-			// Use Supabase client to refresh the token
-			const response = await this.supabaseClient.refreshSession(
-				authData.refreshToken
-			);
+			// Use Supabase's built-in session refresh
+			const session = await this.supabaseClient.refreshSession();

-			// Update authentication data
+			if (!session) {
+				throw new AuthenticationError(
+					'Failed to refresh session',
+					'REFRESH_FAILED'
+				);
+			}
+
+			// Get existing credentials to preserve context
+			const existingCredentials = this.credentialStore.getCredentials({
+				allowExpired: true
+			});
+
+			// Update authentication data from session
 			const newAuthData: AuthCredentials = {
-				...authData,
-				token: response.token,
-				refreshToken: response.refreshToken,
-				expiresAt: response.expiresAt,
-				savedAt: new Date().toISOString()
+				token: session.access_token,
+				refreshToken: session.refresh_token,
+				userId: session.user.id,
+				email: session.user.email,
+				expiresAt: session.expires_at
+					? new Date(session.expires_at * 1000).toISOString()
+					: undefined,
+				savedAt: new Date().toISOString(),
+				selectedContext: existingCredentials?.selectedContext
 			};

 			this.credentialStore.saveCredentials(newAuthData);
 			return newAuthData;
 		} catch (error) {
-			throw error;
+			if (error instanceof AuthenticationError) {
+				throw error;
+			}
+			throw new AuthenticationError(
+				`Token refresh failed: ${(error as Error).message}`,
+				'REFRESH_FAILED'
+			);
 		}
 	}

@@ -133,4 +166,114 @@ export class AuthManager {
 	isAuthenticated(): boolean {
 		return this.credentialStore.hasValidCredentials();
 	}
+
+	/**
+	 * Get the current user context (org/brief selection)
+	 */
+	getContext(): UserContext | null {
+		const credentials = this.getCredentials();
+		return credentials?.selectedContext || null;
+	}
+
+	/**
+	 * Update the user context (org/brief selection)
+	 */
+	async updateContext(context: Partial<UserContext>): Promise<void> {
+		const credentials = this.getCredentials();
+		if (!credentials) {
+			throw new AuthenticationError('Not authenticated', 'NOT_AUTHENTICATED');
+		}
+
+		// Merge with existing context
+		const existingContext = credentials.selectedContext || {};
+		const newContext: UserContext = {
+			...existingContext,
+			...context,
+			updatedAt: new Date().toISOString()
+		};
+
+		// Save updated credentials with new context
+		const updatedCredentials: AuthCredentials = {
+			...credentials,
+			selectedContext: newContext
+		};
+
+		this.credentialStore.saveCredentials(updatedCredentials);
+	}
+
+	/**
+	 * Clear the user context
+	 */
+	async clearContext(): Promise<void> {
+		const credentials = this.getCredentials();
+		if (!credentials) {
+			throw new AuthenticationError('Not authenticated', 'NOT_AUTHENTICATED');
+		}
+
+		// Remove context from credentials
+		const { selectedContext, ...credentialsWithoutContext } = credentials;
+		this.credentialStore.saveCredentials(credentialsWithoutContext);
+	}
+
+	/**
+	 * Get the organization service instance
+	 * Uses the Supabase client with the current session or token
+	 */
+	private async getOrganizationService(): Promise<OrganizationService> {
+		if (!this.organizationService) {
+			// First check if we have credentials with a token
+			const credentials = this.getCredentials();
+			if (!credentials || !credentials.token) {
+				throw new AuthenticationError('Not authenticated', 'NOT_AUTHENTICATED');
+			}
+
+			// Initialize session if needed (this will load from our storage adapter)
+			await this.supabaseClient.initialize();
+
+			// Use the SupabaseAuthClient which now has the session
+			const supabaseClient = this.supabaseClient.getClient();
+			this.organizationService = new OrganizationService(supabaseClient as any);
+		}
+		return this.organizationService;
+	}
+
+	/**
+	 * Get all organizations for the authenticated user
+	 */
+	async getOrganizations(): Promise<Organization[]> {
+		const service = await this.getOrganizationService();
+		return service.getOrganizations();
+	}
+
+	/**
+	 * Get all briefs for a specific organization
+	 */
+	async getBriefs(orgId: string): Promise<Brief[]> {
+		const service = await this.getOrganizationService();
+		return service.getBriefs(orgId);
+	}
+
+	/**
+	 * Get a specific organization by ID
+	 */
+	async getOrganization(orgId: string): Promise<Organization | null> {
+		const service = await this.getOrganizationService();
+		return service.getOrganization(orgId);
+	}
+
+	/**
+	 * Get a specific brief by ID
+	 */
+	async getBrief(briefId: string): Promise<Brief | null> {
+		const service = await this.getOrganizationService();
+		return service.getBrief(briefId);
+	}
+
+	/**
+	 * Get all tasks for a specific brief
+	 */
+	async getTasks(briefId: string): Promise<RemoteTask[]> {
+		const service = await this.getOrganizationService();
+		return service.getTasks(briefId);
+	}
 }
--- a/packages/tm-core/src/auth/index.ts
+++ b/packages/tm-core/src/auth/index.ts
@@ -5,12 +5,19 @@
 export { AuthManager } from './auth-manager.js';
 export { CredentialStore } from './credential-store.js';
 export { OAuthService } from './oauth-service.js';
+export { SupabaseSessionStorage } from './supabase-session-storage';
+export type {
+	Organization,
+	Brief,
+	RemoteTask
+} from '../services/organization.service.js';

 export type {
 	AuthCredentials,
 	OAuthFlowOptions,
 	AuthConfig,
-	CliData
+	CliData,
+	UserContext
 } from './types.js';

 export { AuthenticationError } from './types.js';
--- a/packages/tm-core/src/auth/oauth-service.ts
+++ b/packages/tm-core/src/auth/oauth-service.ts
@@ -181,8 +181,8 @@ export class OAuthService {
 					timestamp: Date.now()
 				};

-				// Build authorization URL for web app sign-in page
-				const authUrl = new URL(`${this.baseUrl}/auth/sign-in`);
+				// Build authorization URL for CLI-specific sign-in page
+				const authUrl = new URL(`${this.baseUrl}/auth/cli/sign-in`);

 				// Encode CLI data as base64
 				const cliParam = Buffer.from(JSON.stringify(cliData)).toString(
@@ -272,7 +272,49 @@ export class OAuthService {
 			return;
 		}

-		// Handle direct token response from server
+		// Handle authorization code for PKCE flow
+		const code = url.searchParams.get('code');
+		if (code && type === 'pkce_callback') {
+			try {
+				this.logger.info('Received authorization code for PKCE flow');
+
+				// Exchange code for session using PKCE
+				const session = await this.supabaseClient.exchangeCodeForSession(code);
+
+				// Save authentication data
+				const authData: AuthCredentials = {
+					token: session.access_token,
+					refreshToken: session.refresh_token,
+					userId: session.user.id,
+					email: session.user.email,
+					expiresAt: session.expires_at
+						? new Date(session.expires_at * 1000).toISOString()
+						: undefined,
+					tokenType: 'standard',
+					savedAt: new Date().toISOString()
+				};
+
+				this.credentialStore.saveCredentials(authData);
+
+				if (server.listening) {
+					server.close();
+				}
+				// Clear timeout since authentication succeeded
+				if (timeoutId) {
+					clearTimeout(timeoutId);
+				}
+				resolve(authData);
+				return;
+			} catch (error) {
+				if (server.listening) {
+					server.close();
+				}
+				reject(error);
+				return;
+			}
+		}
+
+		// Handle direct token response from server (legacy flow)
 		if (
 			accessToken &&
 			(type === 'oauth_success' || type === 'session_transfer')
@@ -280,8 +322,23 @@ export class OAuthService {
 			try {
 				this.logger.info(`Received tokens via ${type}`);

-				// Get user info using the access token if possible
-				const user = await this.supabaseClient.getUser(accessToken);
+				// Create a session with the tokens and set it in Supabase client
+				const session = {
+					access_token: accessToken,
+					refresh_token: refreshToken || '',
+					expires_at: expiresIn
+						? Math.floor(Date.now() / 1000) + parseInt(expiresIn)
+						: undefined,
+					expires_in: expiresIn ? parseInt(expiresIn) : undefined,
+					token_type: 'bearer',
+					user: null as any // Will be populated by setSession
+				};
+
+				// Set the session in Supabase client
+				await this.supabaseClient.setSession(session as any);
+
+				// Get user info from the session
+				const user = await this.supabaseClient.getUser();

 				// Calculate expiration time
 				const expiresAt = expiresIn
--- a/packages/tm-core/src/auth/supabase-session-storage.ts
+++ b/packages/tm-core/src/auth/supabase-session-storage.ts
@@ -0,0 +1,155 @@
+/**
+ * Custom storage adapter for Supabase Auth sessions in CLI environment
+ * Implements the SupportedStorage interface required by Supabase Auth
+ *
+ * This adapter bridges Supabase's session management with our existing
+ * auth.json credential storage, maintaining backward compatibility
+ */
+
+import { SupportedStorage } from '@supabase/supabase-js';
+import { CredentialStore } from './credential-store';
+import { AuthCredentials } from './types';
+import { getLogger } from '../logger';
+
+const STORAGE_KEY = 'sb-taskmaster-auth-token';
+
+export class SupabaseSessionStorage implements SupportedStorage {
+	private store: CredentialStore;
+	private logger = getLogger('SupabaseSessionStorage');
+
+	constructor(store: CredentialStore) {
+		this.store = store;
+	}
+
+	/**
+	 * Build a Supabase session object from our credentials
+	 */
+	private buildSessionFromCredentials(credentials: AuthCredentials): any {
+		// Create a session object that Supabase expects
+		const session = {
+			access_token: credentials.token,
+			refresh_token: credentials.refreshToken || '',
+			expires_at: credentials.expiresAt
+				? Math.floor(new Date(credentials.expiresAt).getTime() / 1000)
+				: Math.floor(Date.now() / 1000) + 3600, // Default to 1 hour
+			token_type: 'bearer',
+			user: {
+				id: credentials.userId,
+				email: credentials.email || '',
+				aud: 'authenticated',
+				role: 'authenticated',
+				email_confirmed_at: new Date().toISOString(),
+				app_metadata: {},
+				user_metadata: {},
+				created_at: new Date().toISOString(),
+				updated_at: new Date().toISOString()
+			}
+		};
+		return session;
+	}
+
+	/**
+	 * Parse a Supabase session back to our credentials
+	 */
+	private parseSessionToCredentials(
+		sessionData: any
+	): Partial<AuthCredentials> {
+		try {
+			const session = JSON.parse(sessionData);
+			return {
+				token: session.access_token,
+				refreshToken: session.refresh_token,
+				userId: session.user?.id || 'unknown',
+				email: session.user?.email,
+				expiresAt: session.expires_at
+					? new Date(session.expires_at * 1000).toISOString()
+					: undefined
+			};
+		} catch (error) {
+			this.logger.error('Error parsing session:', error);
+			return {};
+		}
+	}
+
+	/**
+	 * Get item from storage - Supabase will request the session with a specific key
+	 */
+	getItem(key: string): string | null {
+		// Supabase uses a specific key pattern for sessions
+		if (key === STORAGE_KEY || key.includes('auth-token')) {
+			try {
+				const credentials = this.store.getCredentials({ allowExpired: true });
+				if (credentials && credentials.token) {
+					// Build and return a session object from our stored credentials
+					const session = this.buildSessionFromCredentials(credentials);
+					return JSON.stringify(session);
+				}
+			} catch (error) {
+				this.logger.error('Error getting session:', error);
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * Set item in storage - Supabase will store the session with a specific key
+	 */
+	setItem(key: string, value: string): void {
+		// Only handle Supabase session keys
+		if (key === STORAGE_KEY || key.includes('auth-token')) {
+			try {
+				// Parse the session and update our credentials
+				const sessionUpdates = this.parseSessionToCredentials(value);
+				const existingCredentials = this.store.getCredentials({
+					allowExpired: true
+				});
+
+				if (sessionUpdates.token) {
+					const updatedCredentials: AuthCredentials = {
+						...existingCredentials,
+						...sessionUpdates,
+						savedAt: new Date().toISOString(),
+						selectedContext: existingCredentials?.selectedContext
+					} as AuthCredentials;
+
+					this.store.saveCredentials(updatedCredentials);
+				}
+			} catch (error) {
+				this.logger.error('Error setting session:', error);
+			}
+		}
+	}
+
+	/**
+	 * Remove item from storage - Called when signing out
+	 */
+	removeItem(key: string): void {
+		if (key === STORAGE_KEY || key.includes('auth-token')) {
+			// Don't actually remove credentials, just clear the tokens
+			// This preserves other data like selectedContext
+			try {
+				const credentials = this.store.getCredentials({ allowExpired: true });
+				if (credentials) {
+					// Keep context but clear auth tokens
+					const clearedCredentials: AuthCredentials = {
+						...credentials,
+						token: '',
+						refreshToken: undefined,
+						expiresAt: undefined
+					} as AuthCredentials;
+					this.store.saveCredentials(clearedCredentials);
+				}
+			} catch (error) {
+				this.logger.error('Error removing session:', error);
+			}
+		}
+	}
+
+	/**
+	 * Clear all session data
+	 */
+	clear(): void {
+		// Clear auth tokens but preserve context
+		this.removeItem(STORAGE_KEY);
+	}
+}
--- a/packages/tm-core/src/auth/types.ts
+++ b/packages/tm-core/src/auth/types.ts
@@ -10,6 +10,15 @@ export interface AuthCredentials {
 	expiresAt?: string | number;
 	tokenType?: 'standard';
 	savedAt: string;
+	selectedContext?: UserContext;
+}
+
+export interface UserContext {
+	orgId?: string;
+	orgName?: string;
+	briefId?: string;
+	briefName?: string;
+	updatedAt: string;
 }

 export interface OAuthFlowOptions {
@@ -67,7 +76,11 @@ export type AuthErrorCode =
 	| 'STORAGE_ERROR'
 	| 'NOT_SUPPORTED'
 	| 'REFRESH_FAILED'
-	| 'INVALID_RESPONSE';
+	| 'INVALID_RESPONSE'
+	| 'PKCE_INIT_FAILED'
+	| 'PKCE_FAILED'
+	| 'CODE_EXCHANGE_FAILED'
+	| 'SESSION_SET_FAILED';

 /**
 * Authentication error class