feat(auth): introduces auth commands (#1002)

Summary

I moved `login` and `logout` commands to the `auth` namespace while
keeping top-level shortcuts. New command to print token introduced.

### Files created:
- **`src/commands/auth/login.ts`** - The main login command (renamed to
`AuthLoginCommand`)
- **`src/commands/auth/logout.ts`** - The main logout command (renamed
to `AuthLogoutCommand`)
- **`src/commands/auth/token.ts`** - The token command 

### Files modified:
- **`src/commands/login.ts`** - Now a simple shortcut that extends
`AuthLoginCommand`
- **`src/commands/logout.ts`** - Now a simple shortcut that extends
`AuthLogoutCommand`
- **`src/commands/auth/_index.ts`** - Added login and logout subcommands
- **`src/commands/_register.ts`** - Added `AuthIndexCommand` import

### Usage:
```bash
# Auth namespace commands
apify auth login     # Login via auth namespace
apify auth logout    # Logout via auth namespace
apify auth token     # Print current token

# Top-level shortcuts (still work)
apify login          # Shortcut for auth login
apify logout         # Shortcut for auth logout

```
closes #898

Author: l2ysho

docs/reference.md

@@ -85,7 +85,21 @@ Use these commands to manage your Apify account authentication, access tokens, a
 
 <!-- prettier-ignore-start -->
 <!-- auth-commands-start -->
-##### `apify login`
+##### `apify auth`
+
+```sh
+DESCRIPTION
+  Manages authentication for Apify CLI.
+
+SUBCOMMANDS
+  auth login   Authenticates your Apify account and saves credentials
+               to '~/.apify/auth.json'.
+  auth logout  Removes authentication by deleting your API token and
+               account information from '~/.apify/auth.json'.
+  auth token   Prints the current API token for the Apify CLI.
+```
+
+##### `apify auth login` / `apify login`
 
 ```sh
 DESCRIPTION
@@ -96,15 +110,15 @@ DESCRIPTION
   Run 'apify logout' to remove authentication.
 
 USAGE
-  $ apify login [-m console|manual] [-t <value>]
+  $ apify auth login [-m console|manual] [-t <value>]
 
 FLAGS
   -m, --method=<option>  Method of logging in to Apify
                          <options: console|manual>
   -t, --token=<value>    Apify API token
 ```
 
-##### `apify logout`
+##### `apify auth logout` / `apify logout`
 
 ```sh
 DESCRIPTION
@@ -113,7 +127,17 @@ DESCRIPTION
   Run 'apify login' to authenticate again.
 
 USAGE
-  $ apify logout
+  $ apify auth logout
+```
+
+##### `apify auth token`
+
+```sh
+DESCRIPTION
+  Prints the current API token for the Apify CLI.
+
+USAGE
+  $ apify auth token
 ```
 
 ##### `apify info`
@@ -249,16 +273,19 @@ DESCRIPTION
   WARNING: Overwrites existing 'storage' directory.
 
 USAGE
-  $ apify init [actorName] [-y]
+  $ apify init [actorName] [--dockerfile <value>] [-y]
 
 ARGUMENTS
   actorName  Name of the Actor. If not provided, you will be prompted
              for it.
 
 FLAGS
-  -y, --yes  Automatic yes to prompts; assume "yes" as answer to all
-             prompts. Note that in some cases, the command may still ask for
-             confirmation.
+      --dockerfile=<value>  Path to a Dockerfile to use for
+                            the Actor (e.g., "./Dockerfile" or
+                            "./docker/Dockerfile").
+  -y, --yes                 Automatic yes to prompts;
+                            assume "yes" as answer to all prompts. Note that in some
+                            cases, the command may still ask for confirmation.
 ```
 
 ##### `apify run`

scripts/generate-cli-docs.ts

@@ -8,8 +8,10 @@ process.env.APIFY_CLI_MAX_LINE_WIDTH = '80';
 const categories: Record<string, CommandsInCategory[]> = {
 	'auth': [
 		//
-		{ command: Commands.login },
-		{ command: Commands.logout },
+		{ command: Commands.auth },
+		{ command: Commands.authLogin, aliases: [Commands.login] },
+		{ command: Commands.authLogout, aliases: [Commands.logout] },
+		{ command: Commands.authToken },
 		{ command: Commands.info },
 		{ command: Commands.secrets },
 		{ command: Commands.secretsAdd },

src/commands/_register.ts

@@ -8,6 +8,7 @@ import { ActorGetValueCommand } from './actor/get-value.js';
 import { ActorPushDataCommand } from './actor/push-data.js';
 import { ActorSetValueCommand } from './actor/set-value.js';
 import { ActorsIndexCommand } from './actors/_index.js';
+import { AuthIndexCommand } from './auth/_index.js';
 import { BuildsIndexCommand } from './builds/_index.js';
 import { TopLevelCallCommand } from './call.js';
 import { InstallCommand } from './cli-management/install.js';
@@ -36,6 +37,7 @@ export const apifyCommands = [
 	// namespaces
 	ActorIndexCommand,
 	ActorsIndexCommand,
+	AuthIndexCommand,
 	BuildsIndexCommand,
 	DatasetsIndexCommand,
 	KeyValueStoresIndexCommand,

src/commands/auth/_index.ts

@@ -0,0 +1,16 @@
+import { ApifyCommand } from '../../lib/command-framework/apify-command.js';
+import { AuthLoginCommand } from './login.js';
+import { AuthLogoutCommand } from './logout.js';
+import { AuthTokenCommand } from './token.js';
+
+export class AuthIndexCommand extends ApifyCommand<typeof AuthIndexCommand> {
+	static override name = 'auth' as const;
+
+	static override description = 'Manages authentication for Apify CLI.';
+
+	static override subcommands = [AuthLoginCommand, AuthLogoutCommand, AuthTokenCommand];
+
+	async run() {
+		this.printHelp();
+	}
+}

src/commands/auth/login.ts

@@ -0,0 +1,207 @@
+import type { Server } from 'node:http';
+import type { AddressInfo } from 'node:net';
+
+import chalk from 'chalk';
+import computerName from 'computer-name';
+import cors from 'cors';
+import express from 'express';
+import open from 'open';
+
+import { cryptoRandomObjectId } from '@apify/utilities';
+
+import { ApifyCommand } from '../../lib/command-framework/apify-command.js';
+import { Flags } from '../../lib/command-framework/flags.js';
+import { AUTH_FILE_PATH } from '../../lib/consts.js';
+import { updateUserId } from '../../lib/hooks/telemetry/useTelemetryState.js';
+import { useMaskedInput } from '../../lib/hooks/user-confirmations/useMaskedInput.js';
+import { useSelectFromList } from '../../lib/hooks/user-confirmations/useSelectFromList.js';
+import { error, info, success } from '../../lib/outputs.js';
+import { getLocalUserInfo, getLoggedClient, tildify } from '../../lib/utils.js';
+
+const CONSOLE_BASE_URL = 'https://console.apify.com/settings/integrations';
+// const CONSOLE_BASE_URL = 'http://localhost:3000/settings/integrations';
+const CONSOLE_URL_ORIGIN = new URL(CONSOLE_BASE_URL).origin;
+
+const API_BASE_URL = CONSOLE_BASE_URL.includes('localhost') ? 'http://localhost:3333' : undefined;
+
+// Not really checked right now, but it might come useful if we ever need to do some breaking changes
+const API_VERSION = 'v1';
+
+const tryToLogin = async (token: string) => {
+	const isUserLogged = await getLoggedClient(token, API_BASE_URL);
+	const userInfo = await getLocalUserInfo();
+
+	if (isUserLogged) {
+		await updateUserId(userInfo.id!);
+
+		success({
+			message: `You are logged in to Apify as ${userInfo.username || userInfo.id}. ${chalk.gray(`Your token is stored at ${AUTH_FILE_PATH()}.`)}`,
+		});
+	} else {
+		error({
+			message: 'Login to Apify failed, the provided API token is not valid.',
+		});
+	}
+	return isUserLogged;
+};
+
+export class AuthLoginCommand extends ApifyCommand<typeof AuthLoginCommand> {
+	static override name = 'login' as const;
+
+	static override description =
+		`Authenticates your Apify account and saves credentials to '${tildify(AUTH_FILE_PATH())}'.\n` +
+		`All other commands use these stored credentials.\n\n` +
+		`Run 'apify logout' to remove authentication.`;
+
+	static override flags = {
+		token: Flags.string({
+			char: 't',
+			description: 'Apify API token',
+			required: false,
+		}),
+		method: Flags.string({
+			char: 'm',
+			description: 'Method of logging in to Apify',
+			choices: ['console', 'manual'],
+			required: false,
+		}),
+	};
+
+	async run() {
+		const { token, method } = this.flags;
+
+		if (token) {
+			await tryToLogin(token);
+			return;
+		}
+
+		let selectedMethod = method;
+
+		if (!method) {
+			const answer = await useSelectFromList({
+				message: 'Choose how you want to log in to Apify',
+				choices: [
+					{
+						value: 'console',
+						name: 'Through Apify Console in your default browser',
+						short: 'Through Apify Console',
+					},
+					{
+						value: 'manual',
+						name: 'Enter API token manually',
+						short: 'Manually',
+					},
+				] as const,
+				loop: true,
+			});
+
+			selectedMethod = answer;
+		}
+
+		if (selectedMethod === 'console') {
+			let server: Server;
+			const app = express();
+
+			// To send requests from browser to localhost, CORS has to be configured properly
+			app.use(
+				cors({
+					origin: CONSOLE_URL_ORIGIN,
+					allowedHeaders: ['Content-Type', 'Authorization'],
+				}),
+			);
+
+			// Turn off keepalive, otherwise closing the server when command is finished is lagging
+			app.use((_, res, next) => {
+				res.set('Connection', 'close');
+				next();
+			});
+
+			app.use(express.json());
+
+			// Basic authorization via a random token, which is passed to the Apify Console,
+			// and that sends it back via the `token` query param, or `Authorization` header
+			const authToken = cryptoRandomObjectId();
+			app.use((req, res, next) => {
+				let { token: serverToken } = req.query;
+				if (!serverToken) {
+					const authorizationHeader = req.get('Authorization');
+					if (authorizationHeader) {
+						const [schema, tokenFromHeader, ...extra] = authorizationHeader.trim().split(/\s+/);
+						if (schema.toLowerCase() === 'bearer' && tokenFromHeader && extra.length === 0) {
+							serverToken = tokenFromHeader;
+						}
+					}
+				}
+
+				if (serverToken !== authToken) {
+					res.status(401);
+					res.send('Authorization failed');
+				} else {
+					next();
+				}
+			});
+
+			const apiRouter = express.Router();
+			app.use(`/api/${API_VERSION}`, apiRouter);
+
+			apiRouter.post('/login-token', async (req, res) => {
+				try {
+					if (req.body.apiToken) {
+						await tryToLogin(req.body.apiToken);
+					} else {
+						throw new Error('Request did not contain API token');
+					}
+					res.end();
+				} catch (err) {
+					const errorMessage = `Login to Apify failed with error: ${(err as Error).message}`;
+					error({ message: errorMessage });
+					res.status(500);
+					res.send(errorMessage);
+				}
+				server.close();
+			});
+
+			apiRouter.post('/exit', (req, res) => {
+				if (req.body.isWindowClosed) {
+					error({
+						message: 'Login to Apify failed, the console window was closed.',
+					});
+				} else if (req.body.actionCanceled) {
+					error({
+						message: 'Login to Apify failed, the action was canceled in the Apify Console.',
+					});
+				} else {
+					error({ message: 'Login to Apify failed.' });
+				}
+
+				res.end();
+				server.close();
+			});
+
+			// Listening on port 0 will assign a random available port
+			server = app.listen(0);
+			const { port } = server.address() as AddressInfo;
+
+			const consoleUrl = new URL(CONSOLE_BASE_URL);
+			consoleUrl.searchParams.set('localCliCommand', 'login');
+			consoleUrl.searchParams.set('localCliPort', `${port}`);
+			consoleUrl.searchParams.set('localCliToken', authToken);
+			consoleUrl.searchParams.set('localCliApiVersion', API_VERSION);
+			try {
+				consoleUrl.searchParams.set('localCliComputerName', encodeURIComponent(computerName()));
+			} catch {
+				// Ignore errors from fetching computer name as it's not critical
+			}
+
+			info({ message: `Opening Apify Console at "${consoleUrl.href}"...` });
+			await open(consoleUrl.href);
+		} else {
+			console.log(
+				'Enter your Apify API token. You can find it at https://console.apify.com/settings/integrations',
+			);
+
+			const tokenAnswer = await useMaskedInput({ message: 'token:' });
+			await tryToLogin(tokenAnswer);
+		}
+	}
+}

src/commands/auth/logout.ts

@@ -0,0 +1,22 @@
+import { ApifyCommand } from '../../lib/command-framework/apify-command.js';
+import { AUTH_FILE_PATH } from '../../lib/consts.js';
+import { rimrafPromised } from '../../lib/files.js';
+import { updateUserId } from '../../lib/hooks/telemetry/useTelemetryState.js';
+import { success } from '../../lib/outputs.js';
+import { tildify } from '../../lib/utils.js';
+
+export class AuthLogoutCommand extends ApifyCommand<typeof AuthLogoutCommand> {
+	static override name = 'logout' as const;
+
+	static override description =
+		`Removes authentication by deleting your API token and account information from '${tildify(AUTH_FILE_PATH())}'.\n` +
+		`Run 'apify login' to authenticate again.`;
+
+	async run() {
+		await rimrafPromised(AUTH_FILE_PATH());
+
+		await updateUserId(null);
+
+		success({ message: 'You are logged out from your Apify account.' });
+	}
+}

src/commands/auth/token.ts

@@ -0,0 +1,18 @@
+import { ApifyCommand } from '../../lib/command-framework/apify-command.js';
+import { simpleLog } from '../../lib/outputs.js';
+import { getLocalUserInfo, getLoggedClientOrThrow } from '../../lib/utils.js';
+
+export class AuthTokenCommand extends ApifyCommand<typeof AuthTokenCommand> {
+	static override name = 'token' as const;
+
+	static override description = 'Prints the current API token for the Apify CLI.';
+
+	async run() {
+		await getLoggedClientOrThrow();
+		const userInfo = await getLocalUserInfo();
+
+		if (userInfo.token) {
+			simpleLog({ message: userInfo.token, stdout: true });
+		}
+	}
+}