feat(gateway): enhance login command to exit successfully after auth

Author: Lasim

services/gateway/src/commands/login.ts

@@ -61,6 +61,9 @@ export function registerLoginCommand(program: Command) {
           console.log(chalk.yellow(`   ⚠️  For MCP changes, visit: ${options.url}`));
         }
 
+        // Exit successfully
+        process.exit(0);
+
       } catch (error) {
         if (spinner) {
           spinner.fail('Authentication failed');

services/gateway/src/commands/whoami.ts

@@ -37,7 +37,8 @@ export function registerWhoamiCommand(program: Command) {
         const accounts = api.getUserAccounts();
 
         // Display user information
-        console.log(chalk.blue(`👋 You are logged in with an OAuth Token, associated with ${userInfo.email}\n`));
+        const userEmail = userInfo.email || api.getUserEmail();
+        console.log(chalk.blue(`👋 You are logged in with an OAuth Token, associated with ${userEmail}\n`));
 
         // Display account info in table format if accounts exist
         if (accounts.length > 0) {

services/gateway/src/core/auth/callback-server.ts

@@ -115,6 +115,7 @@ export class CallbackServer {
 <!DOCTYPE html>
 <html>
 <head>
+    <meta charset="UTF-8">
     <title>DeployStack Gateway - Authentication Successful</title>
     <style>
         body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 40px; background: #f5f5f5; }
@@ -143,7 +144,7 @@ export class CallbackServer {
 </html>`;
 
     res.writeHead(200, {
-      'Content-Type': 'text/html',
+      'Content-Type': 'text/html; charset=utf-8',
       'Content-Length': Buffer.byteLength(html)
     });
     res.end(html);
@@ -157,6 +158,7 @@ export class CallbackServer {
 <!DOCTYPE html>
 <html>
 <head>
+    <meta charset="UTF-8">
     <title>DeployStack Gateway - Authentication Error</title>
     <style>
         body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 40px; background: #f5f5f5; }
@@ -183,7 +185,7 @@ export class CallbackServer {
 </html>`;
 
     res.writeHead(400, {
-      'Content-Type': 'text/html',
+      'Content-Type': 'text/html; charset=utf-8',
       'Content-Length': Buffer.byteLength(html)
     });
     res.end(html);
@@ -195,7 +197,7 @@ export class CallbackServer {
   private send404(res: ServerResponse): void {
     const html = '<h1>404 Not Found</h1><p>This is the DeployStack Gateway OAuth callback server.</p>';
     res.writeHead(404, {
-      'Content-Type': 'text/html',
+      'Content-Type': 'text/html; charset=utf-8',
       'Content-Length': Buffer.byteLength(html)
     });
     res.end(html);

services/gateway/src/core/auth/storage.ts

@@ -9,31 +9,47 @@ export class CredentialStorage {
   private readonly serviceName = 'deploystack-gateway';
   private readonly fallbackDir = join(homedir(), '.deploystack');
   private readonly fallbackFile = join(this.fallbackDir, 'credentials.enc');
+  private readonly accountsFile = join(this.fallbackDir, 'accounts.json');
   private readonly encryptionKey = 'deploystack-gateway-key';
 
   /**
    * Store credentials securely using OS keychain with encrypted file fallback
    * @param credentials Credentials to store
    */
   async storeCredentials(credentials: StoredCredentials): Promise<void> {
+    let keychainError: Error | null = null;
+    
     try {
       // Try OS keychain first
       await keyring.setPassword(
         this.serviceName,
         credentials.userEmail,
         JSON.stringify(credentials)
       );
+      
+      // Also maintain a list of accounts for retrieval
+      await this.addToAccountsList(credentials.userEmail);
+      
+      console.log('✓ Credentials stored in OS keychain');
+      return; // Success, no need for fallback
     } catch (error) {
-      // Fallback to encrypted file storage
-      try {
-        await this.storeEncrypted(credentials);
-      } catch (fallbackError) {
-        throw new AuthenticationError(
-          AuthError.STORAGE_ERROR,
-          'Failed to store credentials securely',
-          fallbackError as Error
-        );
-      }
+      keychainError = error as Error;
+      console.log('⚠ Keychain storage failed, trying encrypted file fallback...');
+    }
+
+    // Fallback to encrypted file storage
+    try {
+      await this.storeEncrypted(credentials);
+      console.log('✓ Credentials stored in encrypted file');
+    } catch (fallbackError) {
+      console.error('❌ Both keychain and file storage failed:');
+      console.error('Keychain error:', keychainError?.message);
+      console.error('File error:', (fallbackError as Error)?.message);
+      throw new AuthenticationError(
+        AuthError.STORAGE_ERROR,
+        'Failed to store credentials securely',
+        fallbackError as Error
+      );
     }
   }
 
@@ -42,21 +58,52 @@ export class CredentialStorage {
    * @returns Stored credentials or null if not found
    */
   async getCredentials(): Promise<StoredCredentials | null> {
+    console.log('🔍 Attempting to retrieve stored credentials...');
+    
+    // First try encrypted file (more reliable for single-user scenario)
     try {
-      // Try to get all stored credentials and find the most recent one
-      const accounts = await this.getStoredAccounts();
-      if (accounts.length === 0) {
-        return await this.retrieveEncrypted();
+      console.log('📁 Checking encrypted file:', this.fallbackFile);
+      const encryptedCredentials = await this.retrieveEncrypted();
+      if (encryptedCredentials) {
+        console.log('✓ Found credentials in encrypted file');
+        return encryptedCredentials;
+      } else {
+        console.log('⚠ No credentials found in encrypted file');
       }
+    } catch (error) {
+      console.log('❌ Error reading encrypted file:', (error as Error)?.message);
+    }
 
-      // Get the most recently stored credentials
-      const mostRecent = accounts[0];
-      const stored = await keyring.getPassword(this.serviceName, mostRecent);
-      return stored ? JSON.parse(stored) : await this.retrieveEncrypted();
+    // Fallback to keychain
+    try {
+      console.log('🔑 Checking OS keychain...');
+      const accounts = await this.getStoredAccounts();
+      console.log('📋 Found accounts:', accounts);
+      
+      if (accounts.length > 0) {
+        // Try each account until we find valid credentials
+        for (const account of accounts) {
+          try {
+            const stored = await keyring.getPassword(this.serviceName, account);
+            if (stored) {
+              const credentials = JSON.parse(stored);
+              console.log('✓ Found credentials in OS keychain for:', account);
+              return credentials;
+            }
+          } catch (error) {
+            console.log('⚠ Failed to retrieve credentials for account:', account);
+            continue;
+          }
+        }
+      } else {
+        console.log('⚠ No accounts found in keychain');
+      }
     } catch (error) {
-      // Fallback to encrypted file
-      return await this.retrieveEncrypted();
+      console.log('❌ Error accessing keychain:', (error as Error)?.message);
     }
+
+    console.log('❌ No credentials found in any storage method');
+    return null;
   }
 
   /**
@@ -67,6 +114,7 @@ export class CredentialStorage {
     try {
       if (userEmail) {
         await keyring.deletePassword(this.serviceName, userEmail);
+        await this.removeFromAccountsList(userEmail);
       } else {
         // Clear all stored accounts
         const accounts = await this.getStoredAccounts();
@@ -77,6 +125,7 @@ export class CredentialStorage {
             // Continue clearing other accounts even if one fails
           }
         }
+        await this.clearAccountsList();
       }
     } catch (error) {
       // Continue to clear encrypted file even if keychain fails
@@ -114,11 +163,68 @@ export class CredentialStorage {
    */
   private async getStoredAccounts(): Promise<string[]> {
     try {
-      // This is a simplified approach - in a real implementation,
-      // you might want to maintain a separate list of accounts
-      return [];
+      if (existsSync(this.accountsFile)) {
+        const data = readFileSync(this.accountsFile, 'utf8');
+        const accounts = JSON.parse(data);
+        return Array.isArray(accounts) ? accounts : [];
+      }
+    } catch (error) {
+      // If we can't read the accounts file, return empty array
+    }
+    return [];
+  }
+
+  /**
+   * Add account to the accounts list
+   * @param email User email to add
+   */
+  private async addToAccountsList(email: string): Promise<void> {
+    try {
+      // Ensure directory exists
+      const { mkdirSync } = await import('fs');
+      try {
+        mkdirSync(this.fallbackDir, { recursive: true });
+      } catch (error) {
+        // Directory might already exist
+      }
+
+      const accounts = await this.getStoredAccounts();
+      if (!accounts.includes(email)) {
+        accounts.unshift(email); // Add to beginning (most recent first)
+        writeFileSync(this.accountsFile, JSON.stringify(accounts, null, 2));
+      }
+    } catch (error) {
+      // Non-critical error, don't throw
+      console.log('⚠ Failed to update accounts list:', (error as Error)?.message);
+    }
+  }
+
+  /**
+   * Remove account from the accounts list
+   * @param email User email to remove
+   */
+  private async removeFromAccountsList(email: string): Promise<void> {
+    try {
+      const accounts = await this.getStoredAccounts();
+      const filtered = accounts.filter(account => account !== email);
+      if (filtered.length !== accounts.length) {
+        writeFileSync(this.accountsFile, JSON.stringify(filtered, null, 2));
+      }
+    } catch (error) {
+      // Non-critical error, don't throw
+    }
+  }
+
+  /**
+   * Clear the accounts list
+   */
+  private async clearAccountsList(): Promise<void> {
+    try {
+      if (existsSync(this.accountsFile)) {
+        unlinkSync(this.accountsFile);
+      }
     } catch (error) {
-      return [];
+      // Non-critical error, don't throw
     }
   }