partiri-cli 0.1.6

partiri CLI — Deploy and manage services on Partiri Cloud
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210

use std::path::PathBuf;

use inquire::{Confirm, Text};
use owo_colors::OwoColorize;

use crate::error::Result;
use crate::output::print_success;

/// Path to the credentials file where the API key is stored.
/// Returns `~/.config/partiri/key`.
pub fn credentials_path() -> Option<PathBuf> {
    let base = dirs::config_dir().or_else(dirs::home_dir)?;
    Some(base.join("partiri").join("key"))
}

/// Read the stored API key from the credentials file.
pub fn read_key() -> Option<String> {
    let path = credentials_path()?;
    std::fs::read_to_string(&path)
        .ok()
        .map(|s| s.trim().to_string())
        .filter(|s| !s.is_empty())
}

pub fn run() -> Result<()> {
    println!("\n{}\n", "  partiri auth".bold().cyan());

    // ── Bail early if we can't determine where to save ───────────────────────
    let creds = credentials_path()
        .ok_or("Could not determine config directory. Set $HOME or $XDG_CONFIG_HOME.")?;

    // ── Show current status ───────────────────────────────────────────────────
    let current = read_key();
    match current {
        Some(ref existing) => {
            let masked = mask_key(existing);
            println!("  Current key: {}", masked.bold());
            let update = Confirm::new("Replace it with a new key?")
                .with_default(false)
                .prompt()
                .map_err(|_| "Cancelled.")?;
            if !update {
                return Ok(());
            }
        }
        None => {
            println!(
                "  {}",
                "No API key configured. Get one from https://partiri.cloud/settings/api-keys"
                    .dimmed()
            );
        }
    }

    // ── Prompt for key ────────────────────────────────────────────────────────
    let key = Text::new("Paste your API key:")
        .prompt()
        .map_err(|_| "Cancelled.")?;

    let key = key.trim().to_string();
    if key.is_empty() {
        return Err("API key cannot be empty.".into());
    }
    if key.len() < 64 {
        return Err("Api Key does not look right. Check that you pasted the full key.".into());
    }

    // ── Write to credentials file ────────────────────────────────────────────
    save_credentials_file(&creds, &key)
        .map_err(|e| format!("Failed to write credentials to {}: {e}", creds.display()))?;

    // Verify the save by reading back
    let saved = std::fs::read_to_string(&creds)
        .map(|s| s.trim().to_string())
        .unwrap_or_default();
    if saved != key {
        return Err(
            "Key file was written but content does not match. Check file permissions.".into(),
        );
    }
    print_success(&format!("Key saved to {}.", creds.display()));

    Ok(())
}

fn save_credentials_file(path: &PathBuf, key: &str) -> Result<()> {
    if let Some(parent) = path.parent() {
        std::fs::create_dir_all(parent)?;
    }
    #[cfg(unix)]
    {
        use std::io::Write;
        use std::os::unix::fs::OpenOptionsExt;
        let mut file = std::fs::OpenOptions::new()
            .write(true)
            .create(true)
            .truncate(true)
            .mode(0o600)
            .open(path)?;
        file.write_all(key.as_bytes())?;
    }
    #[cfg(not(unix))]
    {
        std::fs::write(path, key)?;
    }
    Ok(())
}

// ─── Helpers ──────────────────────────────────────────────────────────────────

fn mask_key(key: &str) -> String {
    let chars: Vec<char> = key.chars().collect();
    if chars.len() <= 4 {
        return "****".to_string();
    }
    let head: String = chars[..4].iter().collect();
    let tail: String = chars[chars.len() - 4..].iter().collect();
    format!("{head}{tail}")
}

#[cfg(test)]
mod tests {
    use super::*;
    use tempfile::TempDir;

    // ─── mask_key ─────────────────────────────────────────────────────────────

    #[test]
    fn mask_key_empty_returns_stars() {
        assert_eq!(mask_key(""), "****");
    }

    #[test]
    fn mask_key_three_chars_returns_stars() {
        assert_eq!(mask_key("abc"), "****");
    }

    #[test]
    fn mask_key_exactly_four_returns_stars() {
        assert_eq!(mask_key("abcd"), "****");
    }

    #[test]
    fn mask_key_five_chars_shows_overlap() {
        let result = mask_key("abcde");
        assert!(
            result.starts_with("abcd"),
            "should start with first 4 chars"
        );
        assert!(result.ends_with("bcde"), "should end with last 4 chars");
    }

    #[test]
    fn mask_key_long_shows_first_and_last_four() {
        let result = mask_key("abcdefghij");
        assert!(result.starts_with("abcd"), "should start with first 4");
        assert!(result.ends_with("ghij"), "should end with last 4");
        // Middle characters should not appear
        assert!(!result.contains("efgh"));
    }

    #[test]
    fn mask_key_contains_ellipsis_separator() {
        let result = mask_key("abcdefghij");
        // The separator is the Unicode ellipsis U+2026
        assert!(
            result.contains('\u{2026}'),
            "should use ellipsis separator: {}",
            result
        );
    }

    // ─── credentials_path ─────────────────────────────────────────────────────

    #[test]
    fn credentials_path_returns_some() {
        assert!(credentials_path().is_some());
    }

    #[test]
    fn credentials_path_ends_with_partiri_key() {
        let path = credentials_path().unwrap();
        assert!(
            path.ends_with("partiri/key"),
            "expected …/partiri/key, got {:?}",
            path
        );
    }

    // ─── save_credentials_file ────────────────────────────────────────────────

    #[test]
    fn save_credentials_creates_dirs_and_file() {
        let dir = TempDir::new().unwrap();
        let path = dir.path().join("partiri").join("key");
        save_credentials_file(&path, "my-secret-key").unwrap();
        let content = std::fs::read_to_string(&path).unwrap();
        assert_eq!(content, "my-secret-key");
    }

    #[test]
    fn save_credentials_overwrites_existing() {
        let dir = TempDir::new().unwrap();
        let path = dir.path().join("partiri").join("key");
        save_credentials_file(&path, "old-key").unwrap();
        save_credentials_file(&path, "new-key").unwrap();
        let content = std::fs::read_to_string(&path).unwrap();
        assert_eq!(content, "new-key");
    }
}