131 lines
3.8 KiB
TypeScript
131 lines
3.8 KiB
TypeScript
/**
|
|
* Masked password prompt — reads from stdin without echoing characters.
|
|
*
|
|
* Uses raw mode on stdin so we can intercept each keypress and suppress echo.
|
|
* Handles:
|
|
* - printable characters appended to the buffer
|
|
* - backspace (0x7f / 0x08) removes last character
|
|
* - Enter (0x0d / 0x0a) completes the read
|
|
* - Ctrl+C (0x03) throws an error to abort
|
|
*
|
|
* Falls back to a plain readline prompt when stdin is not a TTY (e.g. tests /
|
|
* piped input) so that callers can still provide a value programmatically.
|
|
*/
|
|
|
|
import { createInterface } from 'node:readline';
|
|
|
|
/**
|
|
* Display `label` and read a single masked password from stdin.
|
|
*
|
|
* @param label - The prompt text, e.g. "Admin password: "
|
|
* @returns The password string entered by the user.
|
|
*/
|
|
export async function promptMasked(label: string): Promise<string> {
|
|
// Non-TTY: fall back to plain readline (value will echo, but that's the
|
|
// caller's concern — headless callers should supply env vars instead).
|
|
if (!process.stdin.isTTY) {
|
|
return promptPlain(label);
|
|
}
|
|
|
|
process.stdout.write(label);
|
|
|
|
return new Promise<string>((resolve, reject) => {
|
|
const chunks: string[] = [];
|
|
|
|
const onData = (chunk: Buffer): void => {
|
|
for (let i = 0; i < chunk.length; i++) {
|
|
const byte = chunk[i] as number;
|
|
|
|
if (byte === 0x03) {
|
|
// Ctrl+C — restore normal mode and abort
|
|
cleanUp();
|
|
process.stdout.write('\n');
|
|
reject(new Error('Aborted by user (Ctrl+C)'));
|
|
return;
|
|
}
|
|
|
|
if (byte === 0x0d || byte === 0x0a) {
|
|
// Enter — done
|
|
cleanUp();
|
|
process.stdout.write('\n');
|
|
resolve(chunks.join(''));
|
|
return;
|
|
}
|
|
|
|
if (byte === 0x7f || byte === 0x08) {
|
|
// Backspace / DEL
|
|
if (chunks.length > 0) {
|
|
chunks.pop();
|
|
// Erase the last '*' on screen
|
|
process.stdout.write('\b \b');
|
|
}
|
|
continue;
|
|
}
|
|
|
|
// Printable character
|
|
if (byte >= 0x20 && byte <= 0x7e) {
|
|
chunks.push(String.fromCharCode(byte));
|
|
process.stdout.write('*');
|
|
}
|
|
}
|
|
};
|
|
|
|
function cleanUp(): void {
|
|
process.stdin.setRawMode(false);
|
|
process.stdin.pause();
|
|
process.stdin.removeListener('data', onData);
|
|
}
|
|
|
|
process.stdin.setRawMode(true);
|
|
process.stdin.resume();
|
|
process.stdin.on('data', onData);
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Prompt for a password twice, re-prompting until both entries match.
|
|
* Applies the provided `validate` function once the two entries agree.
|
|
*
|
|
* @param label - Prompt text for the first entry.
|
|
* @param confirmLabel - Prompt text for the confirmation entry.
|
|
* @param validate - Optional validator; return an error string on failure.
|
|
* @returns The confirmed password.
|
|
*/
|
|
export async function promptMaskedConfirmed(
|
|
label: string,
|
|
confirmLabel: string,
|
|
validate?: (value: string) => string | undefined,
|
|
): Promise<string> {
|
|
for (;;) {
|
|
const first = await promptMasked(label);
|
|
const second = await promptMasked(confirmLabel);
|
|
|
|
if (first !== second) {
|
|
console.log('Passwords do not match — please try again.\n');
|
|
continue;
|
|
}
|
|
|
|
if (validate) {
|
|
const error = validate(first);
|
|
if (error) {
|
|
console.log(`${error} — please try again.\n`);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
return first;
|
|
}
|
|
}
|
|
|
|
// ── Internal helpers ──────────────────────────────────────────────────────────
|
|
|
|
function promptPlain(label: string): Promise<string> {
|
|
return new Promise((resolve) => {
|
|
const rl = createInterface({ input: process.stdin, output: process.stdout, terminal: false });
|
|
rl.question(label, (answer) => {
|
|
rl.close();
|
|
resolve(answer);
|
|
});
|
|
});
|
|
}
|