85453da49f
regression / regression-shards (style-16-prod style-9-prod style-17-prod iframe-render-compat variables-prod mp4-h265-sdr, shard-4) (push) Has been cancelled
regression / regression-shards (style-4-prod style-11-prod style-2-prod animejs-adapter typegpu-adapter parallel-capture-regression, shard-5) (push) Has been cancelled
regression / regression-shards (style-7-prod style-8-prod style-10-prod css-spinner-render-compat webm-transparency mp4-h264-sdr webm-vp9, shard-3) (push) Has been cancelled
regression / regression-shards (sub-composition-video style-18-prod raf-ball-render-compat font-variant-numeric sub-comp-t0 sub-comp-id-selector, shard-7) (push) Has been cancelled
Windows render verification / Detect changes (push) Has been cancelled
Windows render verification / Preflight (lint + format) (push) Has been cancelled
Windows render verification / Render on windows-latest (push) Has been cancelled
Windows render verification / Tests on windows-latest (push) Has been cancelled
CI / Detect changes (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Fallow audit (push) Has been cancelled
CI / Format (push) Has been cancelled
CI / Typecheck (push) Has been cancelled
CI / Test (push) Has been cancelled
CI / Producer: integration tests (push) Has been cancelled
CI / Producer: unit tests (push) Has been cancelled
CI / File size check (push) Has been cancelled
CI / Test: skills (push) Has been cancelled
CI / Skills: manifest in sync (push) Has been cancelled
CI / CLI: npx shim (macos-latest) (push) Has been cancelled
CI / CLI: npx shim (ubuntu-latest) (push) Has been cancelled
CI / CLI: npx shim (windows-latest) (push) Has been cancelled
CI / SDK: unit + contract + smoke (push) Has been cancelled
CI / Test: runtime contract (push) Has been cancelled
CI / Studio: load smoke (push) Has been cancelled
CI / Smoke: global install (push) Has been cancelled
CI / CLI smoke (required) (push) Has been cancelled
CI / Semantic PR title (push) Has been cancelled
Player perf / Detect changes (push) Has been cancelled
Player perf / Preflight (lint + format) (push) Has been cancelled
Player perf / player-perf (push) Has been cancelled
Player perf / Perf: drift (push) Has been cancelled
Player perf / Perf: fps (push) Has been cancelled
Player perf / Perf: parity (push) Has been cancelled
Player perf / Perf: scrub (push) Has been cancelled
Player perf / Perf: load (push) Has been cancelled
preview-regression / Detect changes (push) Has been cancelled
preview-regression / Preflight (lint + format) (push) Has been cancelled
preview-regression / Preview parity (push) Has been cancelled
preview-regression / preview-regression (push) Has been cancelled
regression / regression (push) Has been cancelled
regression / Detect changes (push) Has been cancelled
regression / Preflight (lint + format) (push) Has been cancelled
regression / regression-shards (hdr-regression style-5-prod style-3-prod mov-prores, shard-1) (push) Has been cancelled
regression / regression-shards (overlay-montage-prod style-12-prod chat missing-host-comp-id png-sequence portrait-edge-bleed, shard-6) (push) Has been cancelled
regression / regression-shards (style-13-prod style-6-prod vignelli-stacking gsap-letters-render-compat audio-mux-parity, shard-8) (push) Has been cancelled
regression / regression-shards (style-15-prod hdr-hlg-regression style-1-prod many-cuts vfr-screen-recording render-symlinked-assets, shard-2) (push) Has been cancelled
CodeQL / Analyze (actions) (push) Has been cancelled
CodeQL / Analyze (javascript-typescript) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Docs / Validate docs (push) Has been cancelled
Sync skills to ClawHub / Publish changed skills (push) Has been cancelled
106 lines
3.4 KiB
TypeScript
106 lines
3.4 KiB
TypeScript
/**
|
|
* `hyperframes auth logout` — remove the credential file. With
|
|
* `--keep-api-key`, only the OAuth block is cleared (no-op for
|
|
* API-key-only stores).
|
|
*
|
|
* Env-only credentials (`HEYGEN_API_KEY`, `HYPERFRAMES_API_KEY`) can't
|
|
* be cleared by this command — we tell the user to unset them.
|
|
*/
|
|
|
|
import { defineCommand } from "citty";
|
|
import {
|
|
clearOAuth,
|
|
configDir,
|
|
credentialPath,
|
|
deleteStore,
|
|
readStore,
|
|
revokeTokens,
|
|
} from "../../auth/index.js";
|
|
import { c } from "../../ui/colors.js";
|
|
|
|
export default defineCommand({
|
|
meta: { name: "logout", description: "Remove the stored HeyGen credential" },
|
|
args: {
|
|
"keep-api-key": {
|
|
type: "boolean",
|
|
description: "Only clear the OAuth session; preserve the API key.",
|
|
default: false,
|
|
},
|
|
yes: {
|
|
type: "boolean",
|
|
description: "Skip the confirmation prompt.",
|
|
default: false,
|
|
},
|
|
},
|
|
async run({ args }) {
|
|
warnIfEnvCredentialActive();
|
|
const keepApiKey = Boolean(args["keep-api-key"]);
|
|
|
|
if (!(await ensureConfirmed(Boolean(args.yes), keepApiKey))) {
|
|
console.log("Aborted.");
|
|
process.exit(1);
|
|
}
|
|
|
|
// Best-effort revoke before we wipe local state. RFC 7009 says
|
|
// success is empty 200 — we ignore failure either way.
|
|
await bestEffortRevoke();
|
|
|
|
if (keepApiKey) {
|
|
await clearOAuth();
|
|
console.log(c.success("✓ OAuth session removed. API key retained."));
|
|
return;
|
|
}
|
|
await deleteStore();
|
|
console.log(c.success(`✓ Signed out. Removed ${credentialPath()}.`));
|
|
},
|
|
});
|
|
|
|
function warnIfEnvCredentialActive(): void {
|
|
if (process.env["HEYGEN_API_KEY"] || process.env["HYPERFRAMES_API_KEY"]) {
|
|
console.log(
|
|
c.warn(
|
|
"An env-var credential is active. Unset HEYGEN_API_KEY / HYPERFRAMES_API_KEY to remove it.",
|
|
),
|
|
);
|
|
}
|
|
}
|
|
|
|
async function ensureConfirmed(yes: boolean, keepApiKey: boolean): Promise<boolean> {
|
|
if (yes) return true;
|
|
const prompt = keepApiKey
|
|
? `This will sign out of any active OAuth session on this machine (~/.heygen lives at ${configDir()}). Continue? [y/N] `
|
|
: `This will sign out of HeyGen on this machine (~/.heygen lives at ${configDir()}). Continue? [y/N] `;
|
|
return confirmInteractive(prompt);
|
|
}
|
|
|
|
// fallow-ignore-next-line complexity
|
|
async function bestEffortRevoke(): Promise<void> {
|
|
try {
|
|
const { credentials, source } = await readStore();
|
|
if (source === "absent" || !credentials.oauth) return;
|
|
const { access_token, refresh_token } = credentials.oauth;
|
|
// Revoke the refresh_token first (per RFC 7009, that typically
|
|
// invalidates all derived access tokens), but also revoke the
|
|
// access_token explicitly to cover servers that don't cascade.
|
|
if (refresh_token) {
|
|
await revokeTokens(refresh_token, { token_type_hint: "refresh_token" });
|
|
}
|
|
if (access_token) {
|
|
await revokeTokens(access_token, { token_type_hint: "access_token" });
|
|
}
|
|
} catch {
|
|
/* Best-effort — never block local wipe on a network/IdP issue. */
|
|
}
|
|
}
|
|
|
|
async function confirmInteractive(prompt: string): Promise<boolean> {
|
|
if (!process.stdin.isTTY) return false;
|
|
const { createInterface } = await import("node:readline");
|
|
const rl = createInterface({ input: process.stdin, output: process.stdout });
|
|
const answer = await new Promise<string>((resolve) => {
|
|
rl.question(prompt, (line) => resolve(line));
|
|
});
|
|
rl.close();
|
|
return /^y(es)?$/i.test(answer.trim());
|
|
}
|