Auth cli for easy management of authenticated actions (generate hypersync api tokens as initial use case) #742
Conversation
WalkthroughAdds CLI authentication and HyperSync token provisioning with OS keyring storage, new Login/Logout/Hypersync commands, and best-effort token provisioning during startup. Introduces configurable Ethereum address casing (checksum or lowercase) across schema, configs, templates, and runtime, including HyperSync client/source toggles and Rescript address parsing. Updates tests and docs accordingly. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor U as User
participant CLI as envio CLI
participant B as Browser
participant AUTH as Auth Service
participant HS as HyperSync API
participant KR as TokenManager (Keyring)
rect rgba(200,230,255,0.25)
U->>CLI: envio login
CLI->>B: Open login URL
U->>AUTH: Authenticate
CLI->>AUTH: Poll session
AUTH-->>CLI: JWT
CLI->>KR: Store JWT
CLI-->>U: Print JWT
end
rect rgba(220,255,220,0.25)
U->>CLI: envio hypersync connect
CLI->>KR: Get JWT (or trigger login)
CLI->>HS: Provision user/token (JWT)
HS-->>CLI: HyperSync API token
CLI->>KR: Store HyperSync token
CLI-->>U: Print token / write to .env (if exists)
end
rect rgba(255,240,200,0.25)
note over CLI: Startup
CLI->>CLI: Detect HyperSync usage
alt uses HyperSync
CLI->>HS: Best-effort provision token
HS-->>CLI: Token or error
CLI-->>CLI: Warn on error, continue
end
end
sequenceDiagram
autonumber
participant CFG as config.yaml (address_format)
participant CLI as Codegen (Rust)
participant GEN as Generated Config (Rescript)
participant SRC as HyperSyncSource
participant HC as HyperSyncClient
participant ADR as Address.Evm
CFG-->>CLI: address_format = checksum/lowercase
CLI-->>GEN: lowercaseAddresses = (format == lowercase)
GEN-->>SRC: make(..., lowercaseAddresses)
SRC-->>HC: enableChecksumAddresses = !lowercaseAddresses
alt lowercaseAddresses
GEN-->>ADR: fromStringLowercaseOrThrow / fromAddressLowercaseOrThrow
else checksum
GEN-->>ADR: fromStringOrThrow / fromAddressOrThrow
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| pub const SERVICE_NAME: &str = "envio-cli"; | ||
| pub const JWT_ACCOUNT: &str = "oauth_token"; | ||
| pub const HYPERSYNC_ACCOUNT: &str = "hypersync_api_token"; |
There was a problem hiding this comment.
These are used by 'keyring' to locate the correct secrets.
| )) | ||
| } | ||
|
|
||
| async fn execute_command_with_env( |
There was a problem hiding this comment.
This allows us to run the command with the api token set in the environment.
| let args = vec!["run", "start"]; | ||
| let exit = execute_command(cmd, args, &config.parsed_project_paths.generated).await?; | ||
|
|
||
| // Determine whether to inject ENVIO_API_TOKEN from vault |
There was a problem hiding this comment.
This determines whether it needs to inject the API token from the vault. If the user has the API token defined in their .env file, then it uses that as an override.
JasoonS
force-pushed
the
auth-cli2
branch
2 times, most recently
from
4c8ab91 to
f1d739c
Compare
| } | ||
|
|
||
| fn try_get_type_def(&self, name: &String) -> anyhow::Result<TypeDef> { | ||
| fn try_get_type_def(&self, name: &String) -> anyhow::Result<TypeDef<'_>> { |
There was a problem hiding this comment.
I was getting warnings about this... Didn't dig deep, something about the function signature was ambiguous without it...
| println!( | ||
| "HyperSync is enabled but no ENVIO_API_TOKEN was found. Attempting to log in to provision or retrieve a HyperSync API token..." | ||
| ); | ||
| if let Err(e) = crate::commands::hypersync::provision_and_get_token().await { |
There was a problem hiding this comment.
This will log the user in if they are not logged in in the dev flow.
If they have an env variable with their token set it will not prompt them to log in and use that instead.
| Js.Console.error("HyperSync is configured as a datasource but ENVIO_API_TOKEN is not set.") | ||
| Js.Console.error( | ||
| "Please run 'envio login` to log in, or alternatively add your ENVIO_API_TOKEN to your project .env file.", | ||
| ) |
There was a problem hiding this comment.
If the user does not set an Envio API token (either via cli login, or .env file, or an environment variable) the code will stop and get stuck here.
…ogin for `envio start` - and cleanup comments
|
Temporarily you can test it with |
|
I've spent way too long trying to get this to work without actually publishing the new ui code 💩 I think unfortunately we'll have to do that. Otherwise I have to add in some hacky code temporarily. The easiest way to test this is to run the UI locally on this branch: https://github.com/enviodev/ui/pull/639 and set `export ENVIO_API_URL="http://localhost:3000" |
JasoonS
force-pushed
the
lower-case-address
branch
from
2b200cd to
de879da
Compare
1 participant
Summary by CodeRabbit
New Features
Documentation
Tests
Chores