ZEA-4557: CLI: Use API token pattern instead of OAuth in CLI (#118)

#### Description (required)

- **feat(constant): Add ZeaburDashURL constant**
- **refactor(auth): Rewrite as API key client**
- **refactor(auth): Switch to new API key client**
- **refactor: Remove all OAuth related code**

Demo:
https://discord.com/channels/1060209568820494336/1079051435595026482/1337347559605145621

#### Related issues & labels (optional)

- Closes ZEA-4557
- Suggested label: enhancement

Author: yuaanlin

cmd/main.go

@@ -2,6 +2,7 @@
 package main
 
 import (
+	"fmt"
 	"os"
 	"time"
 
@@ -54,7 +55,12 @@ func initFactory() *cmdutil.Factory {
 
 	factory.Printer = printer.New()
 
-	factory.AuthClient = auth.NewZeaburWebAppOAuthClient()
+	cbs, err := auth.NewCallbackServer()
+	if err != nil {
+		panic(fmt.Sprintf("failed to create callback server (internal error): %v", err))
+	}
+
+	factory.AuthClient = auth.NewImplicitFlowClient(cbs)
 
 	factory.Prompter = prompt.New()
 

internal/cmd/auth/login/login.go

@@ -10,7 +10,6 @@ import (
 	"github.com/hasura/go-graphql-client"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"golang.org/x/oauth2"
 
 	"github.com/zeabur/cli/internal/cmdutil"
 	"github.com/zeabur/cli/pkg/api"
@@ -70,8 +69,7 @@ func RunLogin(f *cmdutil.Factory, opts *Options) error {
 				return fmt.Errorf("failed to get user info: %w", err)
 			}
 		} else {
-			f.Log.Debugw("Already logged in", "token string", f.Config.GetTokenString(),
-				"token detail", f.Config.GetToken(), "user", user)
+			f.Log.Debugw("Already logged in", "token", f.Config.GetTokenString(), "user", user)
 			f.Log.Infof("Already logged in as %s, "+
 				"if you want to use a different account, please logout first", user.Name)
 			return nil
@@ -80,29 +78,27 @@ func RunLogin(f *cmdutil.Factory, opts *Options) error {
 
 	var (
 		tokenString string
-		token       *oauth2.Token
 		err         error
 	)
 
 	if f.Interactive {
 		f.Log.Info("A browser window will be opened for you to login, please confirm")
 		// get token from web
-		token, err = f.AuthClient.Login()
+		token, err := f.AuthClient.GenerateToken(context.Background())
 		if err != nil {
 			return fmt.Errorf("failed to login: %w", err)
 		}
-		tokenString = token.AccessToken
-		f.Config.SetToken(token)
+		tokenString = token
+
+		f.Config.SetTokenString(tokenString)
 	} else {
 		// get token from flag, env or config
 		if tokenString = f.Config.GetTokenString(); tokenString == "" {
 			return fmt.Errorf("please set ZEABUR_TOKEN environment variable or use --token flag to set token")
 		}
 	}
 
-	f.Config.SetTokenString(tokenString)
-
-	f.Log.Debugw("Token", "token", tokenString, "token detail", token)
+	f.Log.Debugw("Token", "token", tokenString)
 
 	// because we just logged in, we need to create a new client
 	f.ApiClient = opts.NewClient(tokenString)

internal/cmd/auth/logout/logout.go

@@ -37,11 +37,6 @@ func runLogout(f *cmdutil.Factory, opts *logoutOptions) error {
 	f.Config.SetUser("")
 	f.Config.SetUsername("")
 
-	// reset token detail if exists
-	if f.Config.GetToken() != nil {
-		f.Config.SetToken(nil)
-	}
-
 	// reset context
 	f.Config.GetContext().ClearAll()
 

internal/cmd/deploy/deploy.go

@@ -8,6 +8,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/zeabur/cli/internal/cmdutil"
 	"github.com/zeabur/cli/internal/util"
+	"github.com/zeabur/cli/pkg/constant"
 	"github.com/zeabur/cli/pkg/model"
 	"github.com/zeabur/cli/pkg/selector"
 	"github.com/zeabur/cli/pkg/zcontext"
@@ -91,7 +92,7 @@ func runDeploy(f *cmdutil.Factory, opts *Options) error {
 
 	if domainName == "" {
 		fmt.Println("Service deployed successfully, you can access it via:")
-		fmt.Println("https://zeabur.com/projects/" + service.Project.ID + "/services/" + service.ID + "?envID=" + environment.ID)
+		fmt.Println(constant.ZeaburDashURL + "/projects/" + service.Project.ID + "/services/" + service.ID + "?envID=" + environment.ID)
 		return nil
 	}
 

internal/cmd/root/root.go

@@ -2,12 +2,11 @@
 package root
 
 import (
+	"context"
 	"fmt"
-	"time"
 
 	"github.com/MakeNowJust/heredoc"
 	"github.com/spf13/cobra"
-	"golang.org/x/oauth2"
 
 	authCmd "github.com/zeabur/cli/internal/cmd/auth"
 	completionCmd "github.com/zeabur/cli/internal/cmd/completion"
@@ -56,16 +55,13 @@ func NewCmdRoot(f *cmdutil.Factory, version, commit, date string) (*cobra.Comman
 
 					var (
 						tokenString string
-						token       *oauth2.Token
 						err         error
 					)
 
-					token, err = f.AuthClient.Login()
+					tokenString, err = f.AuthClient.GenerateToken(context.Background())
 					if err != nil {
 						return fmt.Errorf("failed to login: %w", err)
 					}
-					tokenString = token.AccessToken
-					f.Config.SetToken(token)
 					f.Config.SetTokenString(tokenString)
 				}
 				// set up the client
@@ -82,31 +78,6 @@ func NewCmdRoot(f *cmdutil.Factory, version, commit, date string) (*cobra.Comman
 				return fmt.Errorf("failed to save config: %w", err)
 			}
 
-			// refresh the token if the token is from OAuth2 & it's expired
-			// skip help, version and auth commands
-			if cmd.Name() != "help" && cmd.Name() != "version" && cmd.Parent().Name() != "auth" {
-				if f.AutoRefreshToken && f.LoggedIn() && f.Config.GetToken() != nil {
-					if f.Config.GetToken().Expiry.Before(time.Now()) {
-						f.Log.Info("Token is from OAuth2 and it's expired, refreshing it")
-
-						token := f.Config.GetToken()
-						token.Expiry = time.Now()
-						newToken, err := f.AuthClient.RefreshToken(token)
-						if err != nil {
-							return fmt.Errorf("failed to refresh token, it is recommended to logout and login again: %w", err)
-						}
-						f.Config.SetToken(newToken)
-						f.Config.SetTokenString(newToken.AccessToken)
-						f.Log.Debug("New token: ", newToken)
-						if err := f.Config.Write(); err != nil {
-							return fmt.Errorf("failed to save config: %w", err)
-						}
-
-						f.Log.Info("Token refreshed successfully")
-					}
-				}
-			}
-
 			if f.AutoCheckUpdate && !f.Debug && version != "dev" {
 				currentVersion := TrimPrefixV(version)
 
@@ -140,8 +111,6 @@ func NewCmdRoot(f *cmdutil.Factory, version, commit, date string) (*cobra.Comman
 	// Persistent flags
 	cmd.PersistentFlags().BoolVar(&f.Debug, "debug", false, "Enable debug logging")
 	cmd.PersistentFlags().BoolVarP(&f.Interactive, config.KeyInteractive, "i", true, "use interactive mode")
-	cmd.PersistentFlags().BoolVar(&f.AutoRefreshToken, config.KeyAutoRefreshToken, true,
-		"automatically refresh token when it's expired, only works when the token is from browser(OAuth2)")
 	cmd.PersistentFlags().BoolVar(&f.AutoCheckUpdate, config.KeyAutoCheckUpdate, true, "automatically check update")
 
 	// Child commands

internal/cmd/service/deploy/deploy.go

@@ -9,6 +9,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/zeabur/cli/internal/cmdutil"
 	"github.com/zeabur/cli/internal/util"
+	"github.com/zeabur/cli/pkg/constant"
 )
 
 type Options struct {
@@ -150,7 +151,7 @@ func runDeployInteractive(f *cmdutil.Factory, opts *Options) error {
 		s.Stop()
 
 		fmt.Printf("%s Service %s created 🚀\n", cmdutil.SuccessIcon, service.Name)
-		fmt.Printf("https://zeabur.com/projects/%s/services/%s", opts.projectID, service.ID)
+		fmt.Printf("%s/projects/%s/services/%s", constant.ZeaburDashURL, opts.projectID, service.ID)
 
 		return nil
 

internal/cmd/template/create/create.go

@@ -13,6 +13,7 @@ import (
 	"gopkg.in/yaml.v3"
 
 	"github.com/zeabur/cli/internal/cmdutil"
+	"github.com/zeabur/cli/pkg/constant"
 	"github.com/zeabur/cli/pkg/util"
 )
 
@@ -102,6 +103,6 @@ func runCreate(f *cmdutil.Factory, opts Options) error {
 		return err
 	}
 
-	f.Log.Infof("Template %q (https://zeabur.com/templates/%s) created", t.Name, t.Code)
+	f.Log.Infof("Template %q (%s/templates/%s) created", t.Name, constant.ZeaburDashURL, t.Code)
 	return nil
 }

internal/cmd/template/deploy/deploy.go

@@ -14,6 +14,7 @@ import (
 	"github.com/hasura/go-graphql-client"
 	"github.com/spf13/cobra"
 	"github.com/zeabur/cli/internal/cmdutil"
+	"github.com/zeabur/cli/pkg/constant"
 	"github.com/zeabur/cli/pkg/model"
 	"github.com/zeabur/cli/pkg/util"
 	"gopkg.in/yaml.v3"
@@ -187,7 +188,7 @@ func runDeploy(f *cmdutil.Factory, opts *Options) error {
 		return err
 	}
 
-	f.Log.Infof("Template successfully deployed into project %q (https://zeabur.com/projects/%s).", res.Name, res.ID)
+	f.Log.Infof("Template successfully deployed into project %q (%s/projects/%s).", res.Name, constant.ZeaburDashURL, res.ID)
 
 	if d, ok := vars["PUBLIC_DOMAIN"]; ok && project.Region.ID != "sha1" {
 		s = spinner.New(cmdutil.SpinnerCharSet, cmdutil.SpinnerInterval,
@@ -201,7 +202,7 @@ func runDeploy(f *cmdutil.Factory, opts *Options) error {
 		for {
 			if time.Since(start) > 2*time.Minute {
 				s.Stop()
-				return fmt.Errorf("failed to wait service ready, check logs in https://zeabur.com/projects/%s", res.ID)
+				return fmt.Errorf("failed to wait service ready, check logs in %s/projects/%s", constant.ZeaburDashURL, res.ID)
 			}
 
 			time.Sleep(2 * time.Second)

pkg/auth/callback.go

@@ -0,0 +1,81 @@
+package auth
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"net"
+	"net/http"
+)
+
+//go:embed login_success_page.html
+var loginSuccessHTML []byte
+
+type CallbackServer struct {
+	listener net.Listener
+	tokenCh  chan TokenResponse
+}
+
+type TokenResponse struct {
+	Token string
+	State string
+}
+
+func NewCallbackServer() (*CallbackServer, error) {
+	listener, err := net.Listen("tcp4", "127.0.0.1:0")
+	if err != nil {
+		return nil, err
+	}
+
+	tokenCh := make(chan TokenResponse, 1)
+
+	return &CallbackServer{
+		listener: listener,
+		tokenCh:  tokenCh,
+	}, nil
+}
+
+func (s *CallbackServer) Serve() error {
+	mux := http.NewServeMux()
+	mux.HandleFunc("POST /callback", func(w http.ResponseWriter, r *http.Request) {
+		s.tokenCh <- TokenResponse{
+			Token: r.FormValue("api_key"),
+			State: r.FormValue("state"),
+		}
+
+		w.Header().Add("Content-Type", "text/html")
+
+		w.WriteHeader(200)
+		_, _ = w.Write(loginSuccessHTML)
+	})
+
+	return http.Serve(s.listener, mux)
+}
+
+func (s *CallbackServer) Close() error {
+	err := s.listener.Close()
+	close(s.tokenCh)
+
+	return err
+}
+
+func (s *CallbackServer) Port() int {
+	return s.listener.Addr().(*net.TCPAddr).Port
+}
+
+func (s *CallbackServer) GetCallbackURL() string {
+	return fmt.Sprintf("http://localhost:%d/callback", s.Port())
+}
+
+func (s *CallbackServer) WaitForToken(ctx context.Context) (TokenResponse, error) {
+	select {
+	case <-ctx.Done():
+		return TokenResponse{}, ctx.Err()
+	case token, ok := <-s.tokenCh:
+		if !ok {
+			return TokenResponse{}, fmt.Errorf("token channel closed")
+		}
+
+		return token, nil
+	}
+}