prvng_core/shlib/mfa-enroll-tty.sh

#!/usr/bin/env bash
# Bash wrapper for TypeDialog MFA enrollment
# Handles TTY input and generates Nickel config for Nushell consumption

set -euo pipefail

# Configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../../.." && pwd)"
FORM_PATH="${PROJECT_ROOT}/provisioning/.typedialog/core/forms/mfa-enroll.toml"
OUTPUT_CONFIG="${PROJECT_ROOT}/provisioning/.typedialog/core/generated/mfa-enroll-result.ncl"
OUTPUT_JSON="${PROJECT_ROOT}/provisioning/.typedialog/core/generated/mfa-enroll-result.json"
BACKEND="${TYPEDIALOG_BACKEND:-tui}"

# Ensure generated directory exists
mkdir -p "$(dirname "${OUTPUT_CONFIG}")"

# Function to check if typedialog is available
check_typedialog() {
    if ! command -v typedialog &> /dev/null; then
        echo "ERROR: TypeDialog is not installed" >&2
        echo "Please install TypeDialog first: https://github.com/tweag/typedialog" >&2
        return 1
    fi
    return 0
}

# Main execution
main() {
    echo "🔐 Multi-Factor Authentication Setup"
    echo "===================================="
    echo ""

    # Check TypeDialog availability
    if ! check_typedialog; then
        exit 1
    fi

    echo "Running TypeDialog MFA enrollment form (backend: ${BACKEND})..."
    echo ""

    # Run TypeDialog form
    if typedialog form "${FORM_PATH}" \
        --output "${OUTPUT_CONFIG}" \
        --backend "${BACKEND}"; then

        echo ""
        echo "✅ MFA configuration saved to: ${OUTPUT_CONFIG}"

        # Export to JSON for easy consumption
        if command -v nickel &> /dev/null; then
            if nickel export --format json "${OUTPUT_CONFIG}" > "${OUTPUT_JSON}"; then
                echo "✅ JSON export saved to: ${OUTPUT_JSON}"
                echo ""
                echo "You can now read this in Nushell:"
                echo "  let mfa_config = (open ${OUTPUT_JSON} | from json)"

                # Clean up sensitive data after a delay
                (sleep 300 && rm -f "${OUTPUT_CONFIG}" "${OUTPUT_JSON}" 2>/dev/null) &
                echo ""
                echo "⚠️  Note: MFA data will be automatically deleted after 5 minutes"
            else
                echo "⚠️  Warning: Failed to export to JSON" >&2
            fi
        fi

        exit 0
    else
        echo "❌ MFA enrollment cancelled or failed" >&2
        exit 1
    fi
}

# Run main
main "$@"