CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-04 21:04:37 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
261d8923d4
stack/apps
History
Mantra 261d8923d4
stack-cli: support self-hosted URLs and tighten CLI auth polling (#1419) 
## Summary
- **Self-hosted CLI**: read `STACK_API_URL` / `STACK_DASHBOARD_URL` from
env in `stack-cli` so the published CLI can talk to self-hosted Stack
Auth installs without a custom build. The existing
`STACK_CLI_PUBLISHABLE_CLIENT_KEY` override is kept as-is.
- **Docker example**: surface the three CLI-relevant vars in
`docker/server/.env.example` so self-host operators see them.
- **Tighter polling-code TTL**: default `2h -> 2min`, max `24h -> 15min`
for the CLI auth polling code. The code is only valid while a user is
actively waiting in `stack login`, so a tight window limits the blast
radius of a leaked code.
- **Raw-SQL poll handler**: convert
`apps/backend/src/app/api/latest/auth/cli/poll/route.tsx` from
`prisma.cliAuthAttempt.*` to raw SQL targeted at the tenancy
source-of-truth schema, matching the pattern already used by the
initiate handler in
`apps/backend/src/app/api/latest/auth/cli/route.tsx`.

## Test plan
- [ ] `pnpm typecheck`
- [ ] `pnpm lint`
- [ ] `pnpm test run` (focus on CLI-auth tests if any)
- [ ] Manual: `stack login` against a local backend
  - polling code now expires after ~2 minutes by default
- `waiting` / `success` / `used` / `expired` branches still return
correct status codes and bodies
- [ ] Manual: published `stack-cli` against a self-hosted backend with
`STACK_API_URL` / `STACK_DASHBOARD_URL` set, end-to-end login


Made with [Cursor](https://cursor.com)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Improvements**
* More robust CLI authentication polling with atomic database updates to
prevent races; returns explicit statuses (waiting/expired/used/success)
and provides the refresh token on success.

* **Changes**
* Default CLI auth token TTL reduced to 2 minutes and capped at 15
minutes.
* Anonymous refresh token is considered present only when not null; null
expiry is treated as not-expired.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-08 11:00:03 -07:00
..
backend stack-cli: support self-hosted URLs and tighten CLI auth polling (#1419) 2026-05-08 11:00:03 -07:00
dashboard [codex] Add TanStack Start SDK integration (#1399) 2026-05-08 10:59:16 -07:00
dev-launchpad [codex] Add TanStack Start SDK integration (#1399) 2026-05-08 10:59:16 -07:00
e2e Add fix command registration and update agent UI label handling (#1387) 2026-05-07 18:33:43 -07:00
hosted-components chore: update package versions 2026-05-06 11:43:03 -07:00
internal-tool chore: update package versions 2026-05-06 11:43:03 -07:00
mcp Move MCP server into a standalone apps/mcp app (#1405) 2026-05-07 15:22:44 -07:00
mock-oauth-server Update GitHub URL 2026-05-06 15:17:01 -07:00
oauth-mock-server In-source unit tests (#429) 2025-02-14 11:47:52 -08:00