feat(cli): authenticated coupon + bounty submission from the CLI#33
Merged
Conversation
Adds a device-style login (login URL + paste code) and write commands to
the shipped bash CLI, plus the backend support for token auth.
Backend:
- getSessionDid() now also accepts the signed session token via
`Authorization: Bearer <token>` (browser still uses the httpOnly
cookie). This lets the CLI authenticate as the user.
- New /cli-auth page: after CoinPay OAuth it shows the user's token to
copy-paste into the CLI; otherwise it offers "Connect with CoinPay".
noindex.
CLI (apps/web/public/cli/c0upons, v1.0.0 → v1.1.0):
- `login` — prints WEB/cli-auth, reads pasted token, verifies via
/api/auth/me, saves to $XDG_CONFIG_HOME/c0upons/token (chmod 600).
- `logout` — forgets the token.
- `submit` — post a coupon (--title/--store/--code/--percent|--off/
--url/--description/--expiry).
- `bounty` — post a bounty (--title/--store/--reward/--url/--desc);
prints the bounty URL + CoinPay funding link.
- Payloads built with `jq -n` for safe escaping; authed POSTs send the
bearer token; clear 401 handling ("run c0upons login").
Verified: bearer auth (200 with token / 401 without), /cli-auth render,
and real coupon+bounty inserts via bearer (test rows cleaned up).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
vu1nz Security Review0 finding(s) in PR #? No security issues found. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds CLI support for adding coupons and bounties, with a CoinPay-OAuth login (login URL → paste code, like
gh/Claude device login).Auth mechanism
The session is already an HMAC-signed token (
createSession). This PR:getSessionDid()also accepts it viaAuthorization: Bearer <token>(browser still uses the httpOnly cookie)./cli-authpage: after CoinPay OAuth it displays your token to paste into the CLI (noindex); otherwise shows "Connect with CoinPay".CLI (
apps/web/public/cli/c0upons, v1.0.0 → v1.1.0)c0upons login— printsWEB/cli-auth, reads the pasted token, verifies it via/api/auth/me, saves to$XDG_CONFIG_HOME/c0upons/token(chmod 600).c0upons logout— forgets the token.c0upons submit— post a coupon:--title --store --code --percent|--off --url --description --expiry.c0upons bounty— post a bounty:--title --store --reward --url --description; prints the bounty URL + CoinPay funding link.jq -n(safe escaping); 401 → "run c0upons login".Example:
Verification
bash -nclean; webtsc+next buildgreen (/cli-authroute builds)./cli-authrenders; real coupon + bounty inserts via Bearer succeeded (status 201) — test rows deleted afterward.Note: requires this to be deployed before the live CLI's new commands work (the
Beareracceptance is server-side).🤖 Generated with Claude Code