feat: add auth password-login, pull, and push commands#422
feat: add auth password-login, pull, and push commands#422moranshe-max wants to merge 7 commits intomainfrom
Conversation
🚀 Package Preview Available!Install this PR's preview build with npm: npm i @base44-preview/cli@0.0.47-pr.422.d37d331Prefer not to change any import paths? Install using npm alias so your code still imports npm i "base44@npm:@base44-preview/cli@0.0.47-pr.422.d37d331"Or add it to your {
"dependencies": {
"base44": "npm:@base44-preview/cli@0.0.47-pr.422.d37d331"
}
}
Preview published to npm registry — try new features instantly! |
moranshe-max
force-pushed
the
feature/add-password-login-command
branch
from
53d8672 to
60fd351
Compare
moranshe-max
changed the title
moranshe-max
force-pushed
the
feature/add-password-login-command
branch
from
837aaa9 to
3cd3e7a
Compare
| /** | ||
| * Returns true if at least one login method is enabled in the given config. | ||
| */ | ||
| export function hasAnyLoginMethod(config: AuthConfig): boolean { |
There was a problem hiding this comment.
I think this should be in config / schema or somewhere else because it's not really API.ts file
|
|
||
| let response: KyResponse; | ||
| try { | ||
| response = await base44Client.get(`api/apps/${id}`); |
There was a problem hiding this comment.
I wonder if this should really big in project/api.ts file since it's the entire project data.. but maybe it's a future refactor
| * Reads the auth config file from the given directory. | ||
| * Returns [config] if the file exists, or [] if the directory or file doesn't exist. | ||
| */ | ||
| export async function readAuthConfig(authDir: string): Promise<AuthConfig[]> { |
There was a problem hiding this comment.
why are we returning an array of AuthConfig instead just the AuthConfig? is it possible to have multiple AuthConfigs? 🤔
| export async function updateAuthConfigFile( | ||
| authDir: string, | ||
| updates: Partial<AuthConfig>, | ||
| ): Promise<AuthConfig> { |
There was a problem hiding this comment.
I wonder if we need a read / write / update functions, maybe just read and write? write will also do updates or updates will happen before calling the config.ts?
| return; | ||
| } | ||
|
|
||
| await pushAuthConfigToApi(configs[0]); |
There was a problem hiding this comment.
I commented it in the config.ts file, can AuthConfig be just singular and not an array? then we don't need to keep putting into an array and out of an array 💪
| .option("--enable", "Enable password authentication") | ||
| .option("--disable", "Disable password authentication") |
There was a problem hiding this comment.
what do you think about using commander's .choices instead of 2 different flags? and then the command will look like base44 auth password-login enable
// something like
.argument('<state>').choices(['enable', 'disable'])
There was a problem hiding this comment.
Great tip! Claude claims it's easier for it to consume the cli that way.
| const authDir = join(configDir, project.authDir); | ||
|
|
||
| const updated = await runTask( | ||
| `${shouldEnable ? "Enabling" : "Disabling"} username & password authentication`, |
There was a problem hiding this comment.
maybe the message should be something like "Updating authenticaiton configuration" or something? so make sure it's only locally
There was a problem hiding this comment.
i just saw the outro message, so maybe it's fine
| return await updateAuthConfigFile(authDir, { | ||
| enableUsernamePassword: shouldEnable, | ||
| }); |
There was a problem hiding this comment.
I also commented baout this inside the updateAuthConfigFile function, i just feel writeAuthConfigFile can do everything?
|
|
||
| export function getAuthPullCommand(): Command { | ||
| return new Base44Command("pull") | ||
| .description("Pull auth config from Base44 to local file") |
There was a problem hiding this comment.
Might worth adding some text about overwriting existing file
kfirstri
left a comment
kfirstri
left a comment
There was a problem hiding this comment.
Good work 💪, Added some comments
moranshe-max
force-pushed
the
feature/add-password-login-command
branch
from
fdced31 to
2916115
Compare
| onResult: options?.onFunctionResult, | ||
| }); | ||
| await agentResource.push(agents); | ||
| if (authConfig) { |
There was a problem hiding this comment.
- You should have a resource.ts file inside resources/auth-config/resource.ts with the "readAll" and "push" command configured, this is basically our interface for resourced, i don't want deploy.ts to be too familiar with resources implementation
- move the if(authConfig) check to be inside the resource push function, like all other resourced do
kfirstri
left a comment
kfirstri
left a comment
There was a problem hiding this comment.
one small change about adding a resource.ts to the auth-config, and then call the push method from deploy.ts.
Add `base44 auth password-login` command for enabling/disabling username & password authentication. Introduces the `auth` command group and the core `auth-config` module with Zod schemas, API client, and camelCase transforms. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove interactive prompts in favor of explicit --enable and --disable flags. Add comprehensive input validation with agent-friendly error hints. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Migrate auth-config from standalone core module to the unified resources pattern. Add `auth pull` and `auth push` CLI commands for syncing auth configuration. Extend project config and deploy to support auth-config as a deployable resource. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace removed runCommand/RunCommandResult imports with Base44Command and import RunCommandResult from @/cli/types.js to match the new command pattern introduced on main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move hasAnyLoginMethod from api.ts to schema.ts (not an API concern) - Use singular AuthConfig | null instead of AuthConfig[] everywhere - Remove Resource<T> adapter (resource.ts) — call readAuthConfig/pushAuthConfig directly - Remove updateAuthConfigFile — inline read-merge-write in password-login command - Switch password-login from --enable/--disable flags to positional argument (enable|disable) - Update task spinner message to "Updating local auth config" - Add overwrite warning to auth pull outro message - Add confirmation prompt and lockout warning to auth push (with --yes flag) - Update tests for new signatures and positional arg syntax Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ace in deploy Move auth-config back to the standard Resource<T> pattern so deploy.ts doesn't need to know about the resource's internal null-vs-array semantics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update password-login, pull, and push commands to receive CLIContext as the first argument, matching the refactored Base44Command pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
moranshe-max
force-pushed
the
feature/add-password-login-command
branch
from
05e3522 to
6d96b8e
Compare
3 participants
Note
Description
This PR introduces a new
base44 authcommand group that allows developers to manage app authentication settings from the CLI. It addsauth password-login,auth pull, andauth pushsubcommands, backed by a newauth-configresource module in the core SDK layer. Auth config is also integrated into thedeploypipeline so it is pushed automatically alongside other resources.Related Issue
None
Type of Change
Changes Made
packages/cli/src/cli/commands/auth/with three subcommands:auth password-login <enable|disable>— toggles username/password authentication in the local auth config file, with a lockout warning if no login methods remain enabledauth pull— fetches the remote auth config from Base44 and writes it to the localauth/config.jsoncfileauth push [-y]— pushes the local auth config to Base44, with an interactive confirmation prompt (skippable with--yes)packages/cli/src/core/resources/auth-config/resource module following theResource<T>pattern:schema.ts— Zod schemas forAuthConfig, API response, and file format (camelCase ↔ snake_case transforms)api.ts—getAuthConfig()andpushAuthConfigToApi()HTTP client functionsconfig.ts— local file read/write helpers with deep-equality check to avoid unnecessary writespull.ts/push.ts— resource-level pull/push operationsresource.ts—Resource<AuthConfig>interface implementation for use inreadProjectConfig/deployAllcore/project/config.tsto readauthConfigas part ofreadProjectConfig()core/project/deploy.ts(hasResourcesToDeploy,deployAll) to include auth config in the deploy pipelineauthDirfield (default"auth") toProjectConfigSchemagetAuthCommand()inprogram.tstests/cli/auth_password_setup.spec.ts) and unit tests (tests/core/auth-password.spec.ts)Testing
npm test)Checklist
docs/(AGENTS.md) if I made architectural changesAdditional Notes
The
auth pushcommand warns users before pushing a config that disables all login methods, preventing accidental lockouts. Thepassword-logincommand similarly warns when disabling the last remaining login method. The deploy flow integrates auth config seamlessly — if anauth/config.jsoncfile exists in the project, it is pushed as part ofbase44 deploy.🤖 Generated by Claude | 2026-03-24 00:00 UTC