npm - @darkauth/client - Versions diffs - 1.4.3 → 1.5.4 - Mend

@darkauth/client 1.4.3 → 1.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +70 -49
package/package.json +6 -1

package/dist/index.js CHANGED Viewed

@@ -11,6 +11,8 @@ function viteEnvGet(key) {
         return undefined;
     }
 }
+let callbackInFlight = null;
+let callbackInFlightCode = null;
 let cfg = {
     issuer: (typeof window !== "undefined" && window.__APP_CONFIG__?.issuer) ||
         viteEnvGet("VITE_DARKAUTH_ISSUER") ||
@@ -139,65 +141,81 @@ export async function handleCallback() {
     const code = params.get("code");
     if (!code)
         return null;
-    const tokenUrl = new URL("/token", cfg.issuer);
-    const verifier = sessionStorage.getItem("pkce_verifier") || "";
-    const response = await fetch(tokenUrl.toString(), {
-        method: "POST",
-        headers: { "content-type": "application/x-www-form-urlencoded" },
-        body: new URLSearchParams({
-            grant_type: "authorization_code",
-            code,
-            client_id: cfg.clientId,
-            redirect_uri: cfg.redirectUri,
-            code_verifier: verifier,
-        }),
-    });
-    if (!response.ok) {
-        throw new Error("Token exchange failed");
+    if (callbackInFlight && callbackInFlightCode === code) {
+        return callbackInFlight;
     }
-    const tokenResponse = await response.json();
-    const fragmentParams = parseFragmentParams(location.hash || "");
-    const drkJwe = fragmentParams.drk_jwe;
-    const zkDrkHash = typeof tokenResponse.zk_drk_hash === "string" ? tokenResponse.zk_drk_hash : null;
-    const idToken = tokenResponse.id_token;
-    const refreshToken = tokenResponse.refresh_token;
-    const hasZkArtifacts = !!drkJwe || !!zkDrkHash;
-    if (!hasZkArtifacts) {
+    const exchangePromise = (async () => {
+        const tokenUrl = new URL("/token", cfg.issuer);
+        const verifier = sessionStorage.getItem("pkce_verifier") || "";
+        const response = await fetch(tokenUrl.toString(), {
+            method: "POST",
+            headers: { "content-type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+                grant_type: "authorization_code",
+                code,
+                client_id: cfg.clientId,
+                redirect_uri: cfg.redirectUri,
+                code_verifier: verifier,
+            }),
+        });
+        if (!response.ok) {
+            throw new Error("Token exchange failed");
+        }
+        const tokenResponse = await response.json();
+        const fragmentParams = parseFragmentParams(location.hash || "");
+        const drkJwe = fragmentParams.drk_jwe;
+        const zkDrkHash = typeof tokenResponse.zk_drk_hash === "string" ? tokenResponse.zk_drk_hash : null;
+        const idToken = tokenResponse.id_token;
+        const refreshToken = tokenResponse.refresh_token;
+        const hasZkArtifacts = !!drkJwe || !!zkDrkHash;
+        if (!hasZkArtifacts) {
+            sessionStorage.removeItem("zk_eph_priv_jwk");
+            try {
+                history.replaceState(null, "", location.origin + location.pathname);
+            }
+            catch { }
+            setStoredIdToken(idToken);
+            localStorage.removeItem("drk_protected");
+            if (refreshToken)
+                localStorage.setItem("refresh_token", refreshToken);
+            return { idToken, drk: EMPTY_DRK, refreshToken };
+        }
+        if (!drkJwe || typeof drkJwe !== "string")
+            throw new Error("Missing DRK JWE from URL fragment");
+        if (zkDrkHash) {
+            const hash = bytesToBase64Url(await sha256(new TextEncoder().encode(drkJwe)));
+            if (zkDrkHash !== hash)
+                throw new Error("DRK hash mismatch");
+        }
+        const privateJwkString = sessionStorage.getItem("zk_eph_priv_jwk");
+        if (!privateJwkString)
+            throw new Error("Missing ZK private key for callback");
         sessionStorage.removeItem("zk_eph_priv_jwk");
+        const privateKey = await crypto.subtle.importKey("jwk", JSON.parse(privateJwkString), { name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits", "deriveKey"]);
+        const { plaintext } = await compactDecrypt(drkJwe, privateKey);
+        const drk = new Uint8Array(plaintext);
         try {
             history.replaceState(null, "", location.origin + location.pathname);
         }
         catch { }
         setStoredIdToken(idToken);
-        localStorage.removeItem("drk_protected");
+        const obfuscatedDrk = obfuscateKey(drk);
+        localStorage.setItem("drk_protected", bytesToBase64Url(obfuscatedDrk));
         if (refreshToken)
             localStorage.setItem("refresh_token", refreshToken);
-        return { idToken, drk: EMPTY_DRK, refreshToken };
-    }
-    if (!drkJwe || typeof drkJwe !== "string")
-        throw new Error("Missing DRK JWE from URL fragment");
-    if (zkDrkHash) {
-        const hash = bytesToBase64Url(await sha256(new TextEncoder().encode(drkJwe)));
-        if (zkDrkHash !== hash)
-            throw new Error("DRK hash mismatch");
-    }
-    const privateJwkString = sessionStorage.getItem("zk_eph_priv_jwk");
-    if (!privateJwkString)
-        throw new Error("Missing ZK private key for callback");
-    sessionStorage.removeItem("zk_eph_priv_jwk");
-    const privateKey = await crypto.subtle.importKey("jwk", JSON.parse(privateJwkString), { name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits", "deriveKey"]);
-    const { plaintext } = await compactDecrypt(drkJwe, privateKey);
-    const drk = new Uint8Array(plaintext);
+        return { idToken, drk, refreshToken };
+    })();
+    callbackInFlight = exchangePromise;
+    callbackInFlightCode = code;
     try {
-        history.replaceState(null, "", location.origin + location.pathname);
+        return await exchangePromise;
+    }
+    finally {
+        if (callbackInFlight === exchangePromise) {
+            callbackInFlight = null;
+            callbackInFlightCode = null;
+        }
     }
-    catch { }
-    setStoredIdToken(idToken);
-    const obfuscatedDrk = obfuscateKey(drk);
-    localStorage.setItem("drk_protected", bytesToBase64Url(obfuscatedDrk));
-    if (refreshToken)
-        localStorage.setItem("refresh_token", refreshToken);
-    return { idToken, drk, refreshToken };
 }
 export function getStoredSession() {
     const idToken = getStoredIdToken();
@@ -234,7 +252,10 @@ export async function refreshSession() {
     });
     if (!response.ok) {
         if (response.status === 401) {
-            localStorage.removeItem("refresh_token");
+            const latestRefreshToken = localStorage.getItem("refresh_token");
+            if (latestRefreshToken === refreshToken) {
+                localStorage.removeItem("refresh_token");
+            }
         }
         return null;
     }

package/package.json CHANGED Viewed

@@ -1,7 +1,12 @@
 {
   "name": "@darkauth/client",
-  "version": "1.4.3",
+  "version": "1.5.4",
   "license": "MIT",
+  "repository": {
+    "directory": "packages/darkauth-client",
+    "type": "git",
+    "url": "https://github.com/puzed/darkauth"
+  },
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",