Increase cli version

.github/workflows/release_build.yml

@@ -19,6 +19,7 @@ jobs:
         with:
           fetch-depth: 0
       - run: git fetch --force --tags
+      - run: echo "Ref name ${{github.ref_name}}"
       - uses: actions/setup-go@v3
         with:
           go-version: '>=1.19.3'
@@ -42,6 +43,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
           FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
           AUR_KEY: ${{ secrets.AUR_KEY }}
+          CLI_VERSION: ${{github.ref_name}}
       - uses: actions/setup-python@v4
       - run: pip install --upgrade cloudsmith-cli
       - name: Publish to CloudSmith 

.goreleaser.yaml

@@ -14,6 +14,7 @@ before:
 builds:
   - id: darwin-build
     binary: infisical
+    # ldflags: -X github.com/Infisical/infisical-merge/packages/util/util.CLI_VERSION={{ .Env.CLI_VERSION }}
     env:
       - CGO_ENABLED=1
       - CC=/home/runner/work/osxcross/target/bin/o64-clang

backend/src/controllers/v2/serviceTokenDataController.ts

@@ -8,6 +8,8 @@ import {
 import {
     SALT_ROUNDS
 } from '../../config';
+import { userHasWorkspaceAccess } from '../../ee/helpers/checkMembershipPermissions';
+import { ABILITY_READ } from '../../variables/organization';
 
 /**
  * Return service token data associated with service token on request
@@ -37,6 +39,11 @@ export const createServiceTokenData = async (req: Request, res: Response) => {
             expiresIn
         } = req.body;
 
+        const hasAccess = await userHasWorkspaceAccess(req.user, workspaceId, environment, ABILITY_READ)
+        if (!hasAccess) {
+            throw UnauthorizedRequestError({ message: "You do not have the necessary permission(s) perform this action" })
+        }
+
         const secret = crypto.randomBytes(16).toString('hex');
         const secretHash = await bcrypt.hash(secret, SALT_ROUNDS);
 
@@ -100,4 +107,8 @@ export const deleteServiceTokenData = async (req: Request, res: Response) => {
     return res.status(200).send({
         serviceTokenData
     });
-}
+}
+
+function UnauthorizedRequestError(arg0: { message: string; }) {
+    throw new Error('Function not implemented.');
+}

cli/packages/api/api.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/Infisical/infisical-merge/packages/config"
 	"github.com/go-resty/resty/v2"
+	log "github.com/sirupsen/logrus"
 )
 
 const USER_AGENT = "cli"
@@ -144,3 +145,24 @@ func CallGetAllWorkSpacesUserBelongsTo(httpClient *resty.Client) (GetWorkSpacesR
 
 	return workSpacesResponse, nil
 }
+
+func CallIsAuthenticated(httpClient *resty.Client) bool {
+	var workSpacesResponse GetWorkSpacesResponse
+	response, err := httpClient.
+		R().
+		SetResult(&workSpacesResponse).
+		SetHeader("User-Agent", USER_AGENT).
+		Post(fmt.Sprintf("%v/v1/auth/checkAuth", config.INFISICAL_URL))
+
+	log.Debugln(fmt.Errorf("CallIsAuthenticated: Unsuccessful response:  [response=%v]", response))
+
+	if err != nil {
+		return false
+	}
+
+	if response.IsError() {
+		return false
+	}
+
+	return true
+}

cli/packages/cmd/login.go

@@ -33,13 +33,13 @@ var loginCmd = &cobra.Command{
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
 		currentLoggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
-		if err != nil && strings.Contains(err.Error(), "The specified item could not be found in the keyring") { // if the key can't be found allow them to override
+		if err != nil && (strings.Contains(err.Error(), "The specified item could not be found in the keyring") || strings.Contains(err.Error(), "unable to get key from Keyring")) { // if the key can't be found allow them to override
 			log.Debug(err)
 		} else if err != nil {
 			util.HandleError(err)
 		}
 
-		if currentLoggedInUserDetails.IsUserLoggedIn {
+		if currentLoggedInUserDetails.IsUserLoggedIn && !currentLoggedInUserDetails.LoginExpired { // if you are logged in but not expired
 			shouldOverride, err := shouldOverrideLoginPrompt(currentLoggedInUserDetails.UserCredentials.Email)
 			if err != nil {
 				util.HandleError(err)

cli/packages/util/constants.go

@@ -11,5 +11,8 @@ const (
 	KEYRING_SERVICE_NAME                 = "infisical"
 	PERSONAL_SECRET_TYPE_NAME            = "personal"
 	SHARED_SECRET_TYPE_NAME              = "shared"
-	CLI_VERSION                          = "v0.2.9" //
+)
+
+var (
+	CLI_VERSION = "v0.2.11"
 )

cli/packages/util/credentials.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	"github.com/99designs/keyring"
-	"github.com/Infisical/infisical-merge/packages/config"
+	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/models"
 	"github.com/go-resty/resty/v2"
 )
@@ -87,17 +87,10 @@ func GetCurrentLoggedInUserDetails() (LoggedInUserDetails, error) {
 			SetAuthToken(userCreds.JTWToken).
 			SetHeader("Accept", "application/json")
 
-		response, err := httpClient.
-			R().
-			Post(fmt.Sprintf("%v/v1/auth/checkAuth", config.INFISICAL_URL))
-
-		if err != nil {
-			return LoggedInUserDetails{}, err
-		}
-
-		if response.StatusCode() > 299 {
+		isAuthenticated := api.CallIsAuthenticated(httpClient)
+		if !isAuthenticated {
 			return LoggedInUserDetails{
-				IsUserLoggedIn:  true,
+				IsUserLoggedIn:  true, // was logged in
 				LoginExpired:    true,
 				UserCredentials: userCreds,
 			}, nil