Require username and password for CLI

[lizziegooding]

Context

Previously, HecateJS only prompted the user for authentication in cli mode if the endpoint was not public according to the permissions json retrieved from Hecate's /auth endpoint. As of https://github.com/mapbox/Hecate/blob/master/CHANGELOG.md#v0730, Hecate now requires authentication for every endpoint. This was causing all cli requests to fail because they couldn't retrieve the permissions json before they even began to make a request for the desired endpoint. This PR requires cli users to submit a username and password in the prompts, or set environmental variables with these values and use the --scripts flag.

Summary of changes

• prompt for auth in cli.js rather than conditionally in endpoint requests
• remove retrieving the permissions json; as we've already asked the user for authentication, we don't need to conditionally ask them again
• pass hecate errors to callbacks where we weren't before and better format hecate responses

Next steps

• add tests for cli and --script mode

cc @mattciferri @ingalls @samely @miccolis

[ingalls]

Per voice, let's do the following

• Check the auth endpoint with each call, if the auth schema returns, only request username/pass if required by the schema
• If the auth endpoint returns a 401, assume auth is required and request username/pass

[ingalls]

oof we should get #16 back into shape and merge it in. Not a blocker, just could see this causing issue as we return a slightly different error code depending on if it is the middleware (text response) vs an API level block (JSON response)

[ingalls]

Oh, I see the different response doesn't matter as I hadn't seen how you generated this code below. Worries abated, through we should probably pass through error code at some point anyway

[ingalls]

It's possible for the user not to have access to the auth endpoint, but to still have access to the endpoint that they are trying to request. Let's just pass through to run() here.

[ingalls]

🌮

[ingalls]

🌮