fix(cli): handle authentication failures

danielroe · danielroe · commit 34163f0ee192 · 2026-01-23T21:23:27.000Z
diff --git a/cli/src/cli.ts b/cli/src/cli.ts
@@ -3,7 +3,8 @@ import { defineCommand, runMain } from 'citty'
 import { listen } from 'listhen'
 import { toNodeListener } from 'h3'
 import { createConnectorApp, generateToken, CONNECTOR_VERSION } from './server'
-import { initLogger, showToken, logInfo } from './logger'
+import { getNpmUser } from './npm-client'
+import { initLogger, showToken, logInfo, showAuthRequired } from './logger'
 
 const DEFAULT_PORT = 31415
 
@@ -22,9 +23,21 @@ const main = defineCommand({
   },
   async run({ args }) {
     const port = Number.parseInt(args.port as string, 10) || DEFAULT_PORT
-    const token = generateToken()
 
     initLogger()
+
+    // Check npm authentication before starting
+    logInfo('Checking npm authentication...')
+    const npmUser = await getNpmUser()
+
+    if (!npmUser) {
+      showAuthRequired()
+      process.exit(1)
+    }
+
+    logInfo(`Authenticated as: ${npmUser}`)
+
+    const token = generateToken()
     showToken(token, port)
 
     const app = createConnectorApp(token)
diff --git a/cli/src/logger.ts b/cli/src/logger.ts
@@ -75,6 +75,24 @@ export function showOutro(message: string): void {
   p.outro(message)
 }
 
+/**
+ * Show authentication required error in a box
+ */
+export function showAuthRequired(): void {
+  p.note(
+    [
+      pc.red('Not logged in to npm'),
+      '',
+      'Please run the following command to log in:',
+      '',
+      `  ${pc.cyan('npm login')}`,
+      '',
+      'Then restart the connector.',
+    ].join('\n'),
+    'Authentication required',
+  )
+}
+
 /**
  * Create a spinner for async operations
  */
diff --git a/cli/src/npm-client.ts b/cli/src/npm-client.ts
@@ -10,6 +10,8 @@ export interface NpmExecResult {
   exitCode: number
   /** True if the operation failed due to missing/invalid OTP */
   requiresOtp?: boolean
+  /** True if the operation failed due to authentication failure (not logged in or token expired) */
+  authFailure?: boolean
 }
 
 function detectOtpRequired(stderr: string): boolean {
@@ -18,12 +20,29 @@ function detectOtpRequired(stderr: string): boolean {
     'one-time password',
     'This operation requires a one-time password',
     '--otp=<code>',
-    'OTP',
   ]
   const lowerStderr = stderr.toLowerCase()
   return otpPatterns.some(pattern => lowerStderr.includes(pattern.toLowerCase()))
 }
 
+function detectAuthFailure(stderr: string): boolean {
+  const authPatterns = [
+    'ENEEDAUTH',
+    'You must be logged in',
+    'authentication error',
+    'Unable to authenticate',
+    'code E401',
+    'code E403',
+    '401 Unauthorized',
+    '403 Forbidden',
+    'not logged in',
+    'npm login',
+    'npm adduser',
+  ]
+  const lowerStderr = stderr.toLowerCase()
+  return authPatterns.some(pattern => lowerStderr.includes(pattern.toLowerCase()))
+}
+
 function filterNpmWarnings(stderr: string): string {
   return stderr
     .split('\n')
@@ -70,11 +89,15 @@ export async function execNpm(
     const err = error as { stdout?: string, stderr?: string, code?: number }
     const stderr = err.stderr?.trim() ?? String(error)
     const requiresOtp = detectOtpRequired(stderr)
+    const authFailure = detectAuthFailure(stderr)
 
     if (!options.silent) {
       if (requiresOtp) {
         logError('OTP required')
       }
+      else if (authFailure) {
+        logError('Authentication required - please run "npm login" and restart the connector')
+      }
       else {
         logError(filterNpmWarnings(stderr).split('\n')[0] || 'Command failed')
       }
@@ -84,9 +107,12 @@ export async function execNpm(
       stdout: err.stdout?.trim() ?? '',
       stderr: requiresOtp
         ? 'This operation requires a one-time password (OTP).'
-        : filterNpmWarnings(stderr),
+        : authFailure
+          ? 'Authentication failed. Please run "npm login" and restart the connector.'
+          : filterNpmWarnings(stderr),
       exitCode: err.code ?? 1,
       requiresOtp,
+      authFailure,
     }
   }
 }
diff --git a/cli/src/server.ts b/cli/src/server.ts
@@ -353,11 +353,15 @@ export function createConnectorApp(expectedToken: string) {
         await Promise.all(runningOps)
       }
 
+      // Check if any operation had an auth failure
+      const authFailure = results.some(r => r.result.authFailure)
+
       return {
         success: true,
         data: {
           results,
           otpRequired,
+          authFailure,
         },
       } as ApiResponse
     }),
diff --git a/cli/src/types.ts b/cli/src/types.ts
@@ -36,6 +36,8 @@ export interface OperationResult {
   exitCode: number
   /** True if the operation failed due to missing/invalid OTP */
   requiresOtp?: boolean
+  /** True if the operation failed due to authentication failure (not logged in or token expired) */
+  authFailure?: boolean
 }
 
 export interface PendingOperation {

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,8 @@ export interface OperationResult {`
`36`	`36`	`exitCode: number`
`37`	`37`	`/** True if the operation failed due to missing/invalid OTP */`
`38`	`38`	`requiresOtp?: boolean`
	`39`	`+ /** True if the operation failed due to authentication failure (not logged in or token expired) */`
	`40`	`+ authFailure?: boolean`
`39`	`41`	`}`
`40`	`42`
`41`	`43`	`export interface PendingOperation {`