feat(shorebird_cli): use Google OAuth 2.0 (#223)

packages/shorebird_cli/lib/src/auth/auth.dart

@@ -1,54 +1,111 @@
 import 'dart:convert';
 import 'dart:io';
 
+import 'package:googleapis_auth/auth_io.dart';
+import 'package:http/http.dart' as http;
 import 'package:path/path.dart' as p;
-import 'package:shorebird_cli/src/auth/session.dart';
 import 'package:shorebird_cli/src/config/config.dart';
 
+export 'package:googleapis_auth/googleapis_auth.dart' show AccessCredentials;
+
+final _clientId = ClientId(
+  /// Shorebird CLI's OAuth 2.0 identifier.
+  '523302233293-eia5antm0tgvek240t46orctktiabrek.apps.googleusercontent.com',
+
+  /// Shorebird CLI's OAuth 2.0 secret.
+  ///
+  /// This isn't actually meant to be kept secret.
+  /// There is no way to properly secure a secret for installed/console applications.
+  /// Fortunately the OAuth2 flow used in this case assumes that the app cannot
+  /// keep secrets so this particular secret DOES NOT need to be kept secret.
+  /// You should however make sure not to re-use the same secret
+  /// anywhere secrecy is required.
+  ///
+  /// For more info see: https://developers.google.com/identity/protocols/oauth2/native-app
+  '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',
+);
+final _scopes = ['openid', 'https://www.googleapis.com/auth/userinfo.email'];
+
+typedef ObtainAccessCredentials = Future<AccessCredentials> Function(
+  ClientId clientId,
+  List<String> scopes,
+  http.Client client,
+  void Function(String) userPrompt,
+);
+
 class Auth {
-  Auth() {
-    _loadSession();
+  Auth({
+    http.Client? httpClient,
+    ObtainAccessCredentials? obtainAccessCredentials,
+  })  : _httpClient = httpClient ?? http.Client(),
+        _obtainAccessCredentials =
+            obtainAccessCredentials ?? obtainAccessCredentialsViaUserConsent {
+    _loadCredentials();
   }
 
-  static const _sessionFileName = 'shorebird-session.json';
-  final sessionFilePath = p.join(shorebirdConfigDir, _sessionFileName);
+  static const _credentialsFileName = 'credentials.json';
+
+  final http.Client _httpClient;
+  final ObtainAccessCredentials _obtainAccessCredentials;
+  final credentialsFilePath = p.join(shorebirdConfigDir, _credentialsFileName);
 
-  void login({required String apiKey}) {
-    _session = Session(apiKey: apiKey);
-    _flushSession(_session!);
+  http.Client get client {
+    if (credentials == null) return _httpClient;
+    return autoRefreshingClient(_clientId, credentials!, _httpClient);
   }
 
-  void logout() => _clearSession();
+  Future<void> login(void Function(String) prompt) async {
+    if (credentials != null) return;
 
-  Session? _session;
+    final client = http.Client();
+    try {
+      _credentials = await _obtainAccessCredentials(
+        _clientId,
+        _scopes,
+        client,
+        prompt,
+      );
+      _flushCredentials(_credentials!);
+    } finally {
+      client.close();
+    }
+  }
+
+  void logout() => _clearCredentials();
+
+  AccessCredentials? _credentials;
 
-  Session? get currentSession => _session;
+  AccessCredentials? get credentials => _credentials;
 
-  void _loadSession() {
-    final sessionFile = File(sessionFilePath);
+  void _loadCredentials() {
+    final credentialsFile = File(credentialsFilePath);
 
-    if (sessionFile.existsSync()) {
+    if (credentialsFile.existsSync()) {
       try {
-        final contents = sessionFile.readAsStringSync();
-        _session = Session.fromJson(
+        final contents = credentialsFile.readAsStringSync();
+        _credentials = AccessCredentials.fromJson(
           json.decode(contents) as Map<String, dynamic>,
         );
       } catch (_) {}
     }
   }
 
-  void _flushSession(Session session) {
-    File(sessionFilePath)
+  void _flushCredentials(AccessCredentials credentials) {
+    File(credentialsFilePath)
       ..createSync(recursive: true)
-      ..writeAsStringSync(json.encode(session.toJson()));
+      ..writeAsStringSync(json.encode(credentials.toJson()));
   }
 
-  void _clearSession() {
-    _session = null;
+  void _clearCredentials() {
+    _credentials = null;
 
-    final sessionFile = File(sessionFilePath);
-    if (sessionFile.existsSync()) {
-      sessionFile.deleteSync(recursive: true);
+    final credentialsFile = File(credentialsFilePath);
+    if (credentialsFile.existsSync()) {
+      credentialsFile.deleteSync(recursive: true);
     }
   }
+
+  void close() {
+    _httpClient.close();
+  }
 }

packages/shorebird_cli/lib/src/command.dart

@@ -2,6 +2,7 @@ import 'dart:io';
 
 import 'package:args/args.dart';
 import 'package:args/command_runner.dart';
+import 'package:http/http.dart' as http;
 import 'package:mason_logger/mason_logger.dart';
 import 'package:meta/meta.dart';
 import 'package:shorebird_cli/src/auth/auth.dart';
@@ -12,7 +13,7 @@ import 'package:shorebird_code_push_client/shorebird_code_push_client.dart';
 typedef HashFunction = String Function(List<int> bytes);
 
 typedef CodePushClientBuilder = CodePushClient Function({
-  required String apiKey,
+  required http.Client httpClient,
   Uri? hostedUri,
 });
 

packages/shorebird_cli/lib/src/commands/apps/create_apps_command.dart

@@ -35,8 +35,7 @@ Defaults to the name in "pubspec.yaml".''',
 
   @override
   Future<int>? run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in.');
       return ExitCode.noUser.code;
     }

packages/shorebird_cli/lib/src/commands/apps/delete_apps_command.dart

@@ -32,8 +32,7 @@ Defaults to the app_id in "shorebird.yaml".''',
 
   @override
   Future<int>? run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in.');
       return ExitCode.noUser.code;
     }
@@ -56,7 +55,7 @@ Defaults to the app_id in "shorebird.yaml".''',
     }
 
     final client = buildCodePushClient(
-      apiKey: session.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
 

packages/shorebird_cli/lib/src/commands/apps/list_apps_command.dart

@@ -30,14 +30,13 @@ class ListAppsCommand extends ShorebirdCommand with ShorebirdConfigMixin {
 
   @override
   Future<int>? run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in.');
       return ExitCode.noUser.code;
     }
 
     final client = buildCodePushClient(
-      apiKey: session.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
 

packages/shorebird_cli/lib/src/commands/build_command.dart

@@ -35,7 +35,7 @@ class BuildCommand extends ShorebirdCommand
 
   @override
   Future<int> run() async {
-    if (auth.currentSession == null) {
+    if (auth.credentials == null) {
       logger
         ..err('You must be logged in to build.')
         ..err("Run 'shorebird login' to log in and try again.");

packages/shorebird_cli/lib/src/commands/channels/create_channels_command.dart

@@ -37,14 +37,13 @@ class CreateChannelsCommand extends ShorebirdCommand with ShorebirdConfigMixin {
 
   @override
   Future<int>? run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in to view channels.');
       return ExitCode.noUser.code;
     }
 
     final client = buildCodePushClient(
-      apiKey: session.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
 

packages/shorebird_cli/lib/src/commands/channels/list_channels_command.dart

@@ -36,14 +36,13 @@ class ListChannelsCommand extends ShorebirdCommand with ShorebirdConfigMixin {
 
   @override
   Future<int>? run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in to view channels.');
       return ExitCode.noUser.code;
     }
 
     final client = buildCodePushClient(
-      apiKey: session.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
 

packages/shorebird_cli/lib/src/commands/init_command.dart

@@ -24,8 +24,7 @@ class InitCommand extends ShorebirdCommand
 
   @override
   Future<int> run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in.');
       return ExitCode.noUser.code;
     }
@@ -56,7 +55,7 @@ Please make sure you are running "shorebird init" from the root of your Flutter
 
     if (shorebirdYaml != null) {
       final codePushClient = buildCodePushClient(
-        apiKey: session.apiKey,
+        httpClient: auth.client,
         hostedUri: hostedUri,
       );
 

packages/shorebird_cli/lib/src/commands/login_command.dart

@@ -18,32 +18,37 @@ class LoginCommand extends ShorebirdCommand {
 
   @override
   Future<int> run() async {
-    final session = auth.currentSession;
-    if (session != null) {
+    final credentials = auth.credentials;
+    if (credentials != null) {
       logger
         ..info('You are already logged in.')
         ..info("Run 'shorebird logout' to log out and try again.");
       return ExitCode.success.code;
     }
 
-    final apiKey = logger.prompt(
-      '${lightGreen.wrap('?')} Please enter your API Key:',
-    );
-    final loginProgress = logger.progress('Logging into shorebird.dev');
     try {
-      auth.login(apiKey: apiKey);
-      loginProgress.complete();
+      await auth.login(prompt);
       logger.info('''
 
 🎉 ${lightGreen.wrap('Welcome to Shorebird! You are now logged in.')}
 
-🔑 Credentials are stored in ${lightCyan.wrap(auth.sessionFilePath)}.
+🔑 Credentials are stored in ${lightCyan.wrap(auth.credentialsFilePath)}.
 🚪 To logout use: "${lightCyan.wrap('shorebird logout')}".''');
       return ExitCode.success.code;
     } catch (error) {
-      loginProgress.fail();
       logger.err(error.toString());
       return ExitCode.software.code;
     }
   }
+
+  void prompt(String url) {
+    logger.info('''
+The Shorebird CLI needs your authorization to manage apps, releases, and patches on your behalf.
+
+In a browser, visit this URL to log in:
+
+${styleBold.wrap(styleUnderlined.wrap(lightCyan.wrap(url)))}
+
+Waiting for your authorization...''');
+  }
 }

packages/shorebird_cli/lib/src/commands/logout_command.dart

@@ -18,8 +18,7 @@ class LogoutCommand extends ShorebirdCommand {
 
   @override
   Future<int> run() async {
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.info('You are already logged out.');
       return ExitCode.success.code;
     }

packages/shorebird_cli/lib/src/commands/patch_command.dart

@@ -93,8 +93,7 @@ class PatchCommand extends ShorebirdCommand
       return ExitCode.config.code;
     }
 
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in to publish.');
       return ExitCode.noUser.code;
     }
@@ -147,7 +146,7 @@ class PatchCommand extends ShorebirdCommand
     final pubspecYaml = getPubspecYaml()!;
     final shorebirdYaml = getShorebirdYaml()!;
     final codePushClient = buildCodePushClient(
-      apiKey: session.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
     final version = pubspecYaml.version!;

packages/shorebird_cli/lib/src/commands/release_command.dart

@@ -71,8 +71,7 @@ make smaller updates to your app.
       return ExitCode.config.code;
     }
 
-    final session = auth.currentSession;
-    if (session == null) {
+    if (auth.credentials == null) {
       logger.err('You must be logged in to release.');
       return ExitCode.noUser.code;
     }
@@ -117,7 +116,7 @@ make smaller updates to your app.
     final pubspecYaml = getPubspecYaml()!;
     final shorebirdYaml = getShorebirdYaml()!;
     final codePushClient = buildCodePushClient(
-      apiKey: session.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
     final version = pubspecYaml.version!;

packages/shorebird_cli/lib/src/commands/run_command.dart

@@ -34,7 +34,7 @@ class RunCommand extends ShorebirdCommand
 
   @override
   Future<int> run() async {
-    if (auth.currentSession == null) {
+    if (auth.credentials == null) {
       logger
         ..err('You must be logged in to run.')
         ..err("Run 'shorebird login' to log in and try again.");

packages/shorebird_cli/lib/src/shorebird_create_app_mixin.dart

@@ -20,7 +20,7 @@ mixin ShorebirdCreateAppMixin on ShorebirdConfigMixin {
     }
 
     final client = buildCodePushClient(
-      apiKey: auth.currentSession!.apiKey,
+      httpClient: auth.client,
       hostedUri: hostedUri,
     );
 

packages/shorebird_cli/lib/src/shorebird_engine_mixin.dart

@@ -32,7 +32,7 @@ mixin ShorebirdEngineMixin on ShorebirdConfigMixin {
       final engineArchivePath = p.join(tempDir.path, 'engine.zip');
       try {
         final codePushClient = buildCodePushClient(
-          apiKey: auth.currentSession!.apiKey,
+          httpClient: auth.client,
           hostedUri: hostedUri,
         );
         await _downloadShorebirdEngine(codePushClient, engineArchivePath);