feat: add provider auto-detection

Point `nix-auth login <hostname>` and it should figure out what
provider it is.

Author: zimbatm

README.md

@@ -8,7 +8,7 @@ to get those tokens in the right place.
 
 ## Features
 
-- OAuth device flow authentication (no manual token creation needed)
+- OAuth device flow authentication when possible (no manual token creation needed)
 - Support for multiple providers (GitHub, GitHub Enterprise, GitLab, Gitea, and Forgejo)
 - Token storage in `~/.config/nix/nix.conf`
 - Token validation and status checking
@@ -61,34 +61,25 @@ go build .
 
 ### Login
 
-Authenticate with GitHub (default provider):
-
-```bash
-nix-auth login
-```
-
-Authenticate with GitLab:
+Authenticate with a provider:
 
 ```bash
+# Using provider aliases
+nix-auth login                        # defaults to github
+nix-auth login github
 nix-auth login gitlab
-```
-
-Authenticate with GitHub Enterprise or GitLab self-hosted:
-
-```bash
-# GitHub Enterprise
-nix-auth login github --host github.company.com --client-id <your-client-id>
-
-# GitLab self-hosted
-nix-auth login gitlab --host gitlab.company.com --client-id <your-application-id>
-
-# Gitea (uses Personal Access Token flow)
 nix-auth login gitea
-nix-auth login gitea --host gitea.company.com
+nix-auth login codeberg
+
+# Using hosts with auto-detection
+nix-auth login github.com
+nix-auth login gitlab.company.com     # auto-detects provider type
+nix-auth login gitea.company.com      # auto-detects provider type
 
-# Forgejo (uses Personal Access Token flow)
-nix-auth login codeberg               # for codeberg.org
-nix-auth login forgejo --host git.company.com  # for self-hosted Forgejo (--host required)
+# Explicit provider specification
+nix-auth login git.company.com --provider forgejo
+nix-auth login github.company.com --provider github --client-id <your-client-id>
+nix-auth login gitlab.company.com --provider gitlab --client-id <your-application-id>
 ```
 
 The tool will:

cmd/login.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"time"
 
 	"github.com/numtide/nix-auth/internal/config"
 	"github.com/numtide/nix-auth/internal/provider"
@@ -13,53 +14,123 @@ import (
 )
 
 var loginCmd = &cobra.Command{
-	Use:   "login [provider]",
+	Use:   "login [provider-or-host]",
 	Short: "Authenticate with a provider and save the access token",
-	Long: `Authenticate with a provider (GitHub, GitLab, Gitea, Forgejo, etc.) using OAuth device flow
-and save the access token to your nix.conf for use with Nix flakes.`,
-	Example: `  nix-auth login                      # defaults to GitHub
+	Long: `Authenticate with a provider using OAuth device flow (or Personal Access Token for Gitea/Forgejo)
+and save the access token to your nix.conf for use with Nix flakes.
+
+You can specify either:
+- A provider alias (github, gitlab, gitea, codeberg) - uses default host for that provider
+- A host (e.g., github.com, git.company.com) - auto-detects provider type by querying API
+
+Notes:
+- The --provider flag only works when specifying a host, not with provider aliases
+- For Forgejo, you must specify a host as it has no default: nix-auth login <host> --provider forgejo
+- Using both a provider alias and --provider flag will result in an error`,
+	Example: `  # Using provider aliases
+  nix-auth login                           # defaults to github
   nix-auth login github
   nix-auth login gitlab
   nix-auth login gitea
-  nix-auth login codeberg              # for codeberg.org
-  nix-auth login forgejo --host git.company.com  # --host required for forgejo
-  nix-auth login github --host github.company.com --client-id abc123
-  nix-auth login gitea --host gitea.company.com`,
-	Args: cobra.MaximumNArgs(1),
-	RunE: runLogin,
+  nix-auth login codeberg
+  
+  # Using hosts with auto-detection
+  nix-auth login github.com
+  nix-auth login gitlab.company.com        # auto-detects provider type
+  nix-auth login git.company.com           # auto-detects provider type
+  
+  # Explicit provider specification
+  nix-auth login git.company.com --provider forgejo
+  nix-auth login github.company.com --client-id abc123`,
+	Args:         cobra.MaximumNArgs(1),
+	RunE:         runLogin,
 }
 
 var (
-	loginHost     string
+	loginProvider string
 	loginClientID string
+	loginForce    bool
+	loginTimeout  int
+	loginDryRun   bool
 )
 
 func init() {
-	loginCmd.Flags().StringVar(&loginHost, "host", "", "Custom host (e.g., github.company.com)")
-	loginCmd.Flags().StringVar(&loginClientID, "client-id", "", "OAuth client ID (required for self-hosted instances)")
+	loginCmd.Flags().StringVar(&loginProvider, "provider", "auto", "Provider type when using a host (auto, github, gitlab, gitea, forgejo, codeberg)")
+	loginCmd.Flags().StringVar(&loginClientID, "client-id", "", "OAuth client ID (required for GitHub Enterprise, optional for others)")
+	loginCmd.Flags().BoolVar(&loginForce, "force", false, "Skip confirmation prompt when replacing existing tokens")
+	loginCmd.Flags().IntVar(&loginTimeout, "timeout", 30, "Timeout in seconds for network operations")
+	loginCmd.Flags().BoolVar(&loginDryRun, "dry-run", false, "Preview what would happen without authenticating")
 }
 
 func runLogin(cmd *cobra.Command, args []string) error {
-	providerName := "github" // default
+	var host string
+	var providerName string
+	var prov provider.Provider
+
+	// Parse the input
+	input := "github" // default
 	if len(args) > 0 {
-		providerName = strings.ToLower(args[0])
+		input = strings.ToLower(args[0])
 	}
 
-	// Get provider
-	prov, ok := provider.Get(providerName)
-	if !ok {
-		available := strings.Join(provider.List(), ", ")
-		return fmt.Errorf("unknown provider '%s'. Available providers: %s", providerName, available)
+	// First, determine if we're dealing with a host or provider alias
+	isProviderAlias := false
+	if _, ok := provider.Get(input); ok {
+		isProviderAlias = true
+		// Check for conflicts
+		if loginProvider != "auto" && loginProvider != input {
+			return fmt.Errorf("cannot use --provider %s with provider alias '%s'\n"+
+				"Use: nix-auth login %s", loginProvider, input, input)
+		}
 	}
 
-	// Determine host
-	host := prov.Host()
-	if loginHost != "" {
-		host = loginHost
-	}
+	if isProviderAlias {
+		// Handle provider alias
+		prov, _ = provider.Get(input)
+		providerName = input
+		host = prov.Host()
 
-	// Always set the host (even if it's the default)
-	prov.SetHost(host)
+		// For providers without a default host, require explicit host
+		if host == "" {
+			return fmt.Errorf("provider '%s' requires a host\n"+
+				"Use: nix-auth login <host> --provider %s", input, input)
+		}
+	} else {
+		// It's a host
+		host = input
+
+		// Determine the provider
+		if loginProvider == "auto" {
+			// Auto-detect provider type
+			fmt.Printf("Detecting provider type for %s by querying API...\n", host)
+			ctx, cancel := context.WithTimeout(context.Background(), time.Duration(loginTimeout)*time.Second)
+			defer cancel()
+
+			detectedProvider, err := provider.DetectProviderFromHost(ctx, host)
+			if err != nil {
+				return fmt.Errorf("failed to detect provider for %s: %w\n"+
+					"Try: nix-auth login %s --provider <github|gitlab|gitea|forgejo>",
+					host, err, host)
+			}
+
+			providerName = detectedProvider
+			fmt.Printf("Detected: %s\n\n", providerName)
+		} else {
+			// Use explicitly specified provider
+			providerName = loginProvider
+		}
+
+		// Get the provider instance
+		var ok bool
+		prov, ok = provider.Get(providerName)
+		if !ok {
+			available := strings.Join(provider.List(), ", ")
+			return fmt.Errorf("unknown provider '%s'. Available providers: %s", providerName, available)
+		}
+
+		// Set the host on the provider
+		prov.SetHost(host)
+	}
 
 	// Set client ID: use flag, fallback to environment variable
 	clientID := loginClientID
@@ -78,14 +149,28 @@ func runLogin(cmd *cobra.Command, args []string) error {
 
 	fmt.Printf("Authenticating with %s (%s)...\n", prov.Name(), host)
 
+	// If dry-run, show what would happen and exit
+	if loginDryRun {
+		fmt.Println("\nDry-run mode: Preview of what would happen:")
+		fmt.Printf("- Provider: %s\n", prov.Name())
+		fmt.Printf("- Host: %s\n", host)
+		fmt.Printf("- OAuth scopes: %s\n", strings.Join(prov.GetScopes(), ", "))
+		if clientID != "" {
+			fmt.Printf("- Client ID: %s\n", clientID)
+		}
+		fmt.Printf("- Config file: %s\n", configPath)
+		fmt.Println("\nNo authentication performed. Run without --dry-run to authenticate.")
+		return nil
+	}
+
 	// Check if token already exists
 	cfg, err := config.New(configPath)
 	if err != nil {
 		return fmt.Errorf("failed to initialize config: %w", err)
 	}
 
 	existingToken, _ := cfg.GetToken(host)
-	if existingToken != "" {
+	if existingToken != "" && !loginForce {
 		fmt.Printf("A token for %s already exists. Do you want to replace it? [y/N] ", host)
 		var response string
 		fmt.Scanln(&response)
@@ -96,10 +181,21 @@ func runLogin(cmd *cobra.Command, args []string) error {
 	}
 
 	// Perform authentication
-	ctx := context.Background()
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(loginTimeout)*time.Second)
+	defer cancel()
 	token, err := prov.Authenticate(ctx)
 	if err != nil {
-		return fmt.Errorf("authentication failed: %w", err)
+		errMsg := fmt.Sprintf("authentication failed: %v", err)
+		if strings.Contains(err.Error(), "context deadline exceeded") {
+			errMsg += fmt.Sprintf("\n\nThe operation timed out after %d seconds. Try:\n"+
+				"- Increasing the timeout: --timeout 60\n"+
+				"- Checking your internet connection\n"+
+				"- Verifying the host is accessible: curl https://%s", loginTimeout, host)
+		} else if strings.Contains(err.Error(), "client ID") {
+			errMsg += "\n\nFor self-hosted instances, you need to create an OAuth application.\n" +
+				"See the instructions above or use --dry-run to preview the configuration."
+		}
+		return fmt.Errorf(errMsg)
 	}
 
 	// Validate token

internal/provider/detection.go

@@ -0,0 +1,27 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// DetectProviderFromHost attempts to identify the provider type by querying various API endpoints
+func DetectProviderFromHost(ctx context.Context, host string) (string, error) {
+	// Create a client with timeout
+	client := &http.Client{
+		Timeout: 10 * time.Second,
+	}
+
+	// Try each registered provider
+	for name, provider := range Registry {
+		// Create a new instance to avoid mutating the registered provider
+		p := provider
+		if p.DetectHost(ctx, client, host) {
+			return name, nil
+		}
+	}
+
+	return "", fmt.Errorf("unable to detect provider type for host: %s", host)
+}

internal/provider/forgejo.go

@@ -26,6 +26,41 @@ func (f *ForgejoProvider) SetHost(host string) {
 func (f *ForgejoProvider) SetClientID(clientID string) {
 }
 
+// DetectHost checks if the given host is a Forgejo instance
+func (f *ForgejoProvider) DetectHost(ctx context.Context, client *http.Client, host string) bool {
+	// Known Forgejo/Codeberg host
+	if strings.ToLower(host) == "codeberg.org" {
+		return true
+	}
+
+	// For other hosts, check if it's a Forgejo instance using the version endpoint
+	baseURL := fmt.Sprintf("https://%s", host)
+	req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/api/v1/version", baseURL), nil)
+	if err != nil {
+		return false
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return false
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusOK {
+		var data struct {
+			Version string `json:"version"`
+		}
+		if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
+			return false
+		}
+		// Forgejo includes "forgejo" in the version string
+		if strings.Contains(strings.ToLower(data.Version), "forgejo") {
+			return true
+		}
+	}
+	return false
+}
+
 func (f *ForgejoProvider) getBaseURL() string {
 	if f.host != "" {
 		return fmt.Sprintf("https://%s", f.host)

internal/provider/gitea.go

@@ -25,6 +25,42 @@ func (g *GiteaProvider) SetHost(host string) {
 func (g *GiteaProvider) SetClientID(clientID string) {
 }
 
+// DetectHost checks if the given host is a Gitea instance
+func (g *GiteaProvider) DetectHost(ctx context.Context, client *http.Client, host string) bool {
+	// Known Gitea hosts
+	lowerHost := strings.ToLower(host)
+	if lowerHost == "gitea.com" || lowerHost == "gitea.io" {
+		return true
+	}
+
+	// For other hosts, check if it's a Gitea instance using the version endpoint
+	baseURL := fmt.Sprintf("https://%s", host)
+	req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/api/v1/version", baseURL), nil)
+	if err != nil {
+		return false
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return false
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == http.StatusOK {
+		var data struct {
+			Version string `json:"version"`
+		}
+		if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
+			return false
+		}
+		// Check if it's NOT Forgejo (Forgejo includes "forgejo" in version string)
+		if data.Version != "" && !strings.Contains(strings.ToLower(data.Version), "forgejo") {
+			return true
+		}
+	}
+	return false
+}
+
 func (g *GiteaProvider) getBaseURL() string {
 	if g.host != "" {
 		return fmt.Sprintf("https://%s", g.host)