@limrun/ui 0.9.0-rc.1 → 0.9.0-rc.11

package/src/core/device-install/apple/provisioning.ts

@@ -18,13 +18,39 @@ export type AppleDeveloperPortalTeam = {
   subType?: string;
 };
 
+export type AppleDeveloperPortalDevice = {
+  deviceId?: string;
+  name?: string;
+  deviceNumber?: string;
+  deviceClass?: string;
+  model?: string;
+  status?: string;
+};
+
+export type AppleDeveloperPortalAppID = {
+  appId?: string;
+  appIdId?: string;
+  identifier?: string;
+  bundleId?: string;
+  name?: string;
+  prefix?: string;
+  platform?: string;
+};
+
 export type AppleDeveloperPortalResponse = {
+  resultCode?: number;
+  resultString?: string;
+  userString?: string;
   teams?: AppleDeveloperPortalTeam[];
   provider?: AppleDeveloperPortalTeam;
   availableProviders?: AppleDeveloperPortalTeam[];
-  appIds?: Array<Record<string, unknown>>;
-  devices?: Array<Record<string, unknown>>;
+  appIds?: AppleDeveloperPortalAppID[];
+  devices?: AppleDeveloperPortalDevice[];
   certRequests?: Array<Record<string, unknown>>;
+  certRequest?: Record<string, unknown>;
+  appId?: Record<string, unknown>;
+  device?: Record<string, unknown>;
+  provisioningProfile?: Record<string, unknown>;
   provisioningProfiles?: Array<Record<string, unknown>>;
 };
 
@@ -60,37 +86,49 @@ export function listTeamsRequest(): AppleProvisioningRequest {
 }
 
 export function findBundleIDRequest({ bundleID, teamID = '' }: Pick<AppleProvisioningContext, 'bundleID' | 'teamID'>) {
-  return pagedRequest('/account/ios/identifiers/listAppIds.action', teamID, { search: bundleID });
+  void bundleID;
+  return pagedRequest('/account/ios/identifiers/listAppIds.action', teamID, { sort: 'name=asc' });
 }
 
 export function findDeviceRequest({ deviceUDID, teamID = '' }: Pick<AppleProvisioningContext, 'deviceUDID' | 'teamID'>) {
-  return pagedRequest('/account/ios/device/listDevices.action', teamID, { search: normalizeUDID(deviceUDID) });
+  void deviceUDID;
+  return pagedRequest('/account/ios/device/listDevices.action', teamID, {
+    sort: 'name=asc',
+    includeRemovedDevices: false,
+  });
 }
 
 export function findDevelopmentCertificatesRequest(teamID = '') {
-  return pagedRequest('/account/ios/certificate/listCertRequests.action', teamID);
+  return pagedRequest('/account/ios/certificate/listCertRequests.action', teamID, {
+    sort: 'name=asc',
+    types: '83Q87W3TGH,5QPB9NHCEI',
+  });
 }
 
 export function findDevelopmentProfilesRequest({
   bundleID,
   teamID = '',
 }: Pick<AppleProvisioningContext, 'bundleID' | 'teamID'>) {
-  return pagedRequest('/account/ios/profile/listProvisioningProfiles.action', teamID, { search: bundleID });
+  return pagedRequest('/account/ios/profile/listProvisioningProfiles.action', teamID, {
+    search: bundleID,
+    sort: 'name=asc',
+  });
 }
 
 export function registerDeviceRequest({
   deviceUDID,
   teamID = '',
   name = 'Limrun iPhone',
-}: AppleProvisioningContext & { name?: string }) {
+}: Pick<AppleProvisioningContext, 'deviceUDID' | 'teamID'> & { name?: string }) {
   return {
     method: 'POST',
-    path: '/account/ios/device/addDevice.action',
+    path: '/account/ios/device/addDevices.action',
     payload: {
       teamId: teamID,
-      name,
-      deviceNumber: normalizeUDID(deviceUDID),
-      deviceClass: 'iphone',
+      deviceNames: name,
+      deviceNumbers: normalizeUDID(deviceUDID),
+      deviceClasses: 'iphone',
+      register: 'single',
     },
   } satisfies AppleProvisioningRequest;
 }
@@ -121,9 +159,10 @@ export function submitDevelopmentCSRRequest({
 }) {
   return {
     method: 'POST',
-    path: '/account/ios/certificate/submitDevelopmentCSR.action',
+    path: '/account/ios/certificate/submitCertificateRequest.action',
     payload: {
       teamId: teamID,
+      type: '83Q87W3TGH',
       csrContent: csrPEM,
     },
   } satisfies AppleProvisioningRequest;
@@ -131,11 +170,12 @@ export function submitDevelopmentCSRRequest({
 
 export function downloadCertificateRequest(certificateID: string, teamID = '') {
   return {
-    method: 'POST',
+    method: 'GET',
     path: '/account/ios/certificate/downloadCertificateContent.action',
     payload: {
       teamId: teamID,
       certificateId: certificateID,
+      type: '83Q87W3TGH',
     },
   } satisfies AppleProvisioningRequest;
 }
@@ -158,11 +198,11 @@ export function createDevelopmentProfileRequest({
     path: '/account/ios/profile/createProvisioningProfile.action',
     payload: {
       teamId: teamID,
-      appIdId: appIDID,
+      provisioningProfileName: name ?? `Limrun ${bundleID}`,
       certificateIds: [certificateID],
+      appIdId: appIDID,
       deviceIds: deviceIDs,
-      distributionMethod: 'development',
-      name: name ?? `Limrun ${bundleID}`,
+      distributionType: 'limited',
       subPlatform: 'ios',
     },
   } satisfies AppleProvisioningRequest;
@@ -170,8 +210,8 @@ export function createDevelopmentProfileRequest({
 
 export function downloadProfileRequest(profileID: string, teamID = '') {
   return {
-    method: 'POST',
-    path: '/account/ios/profile/downloadProfileContent.action',
+    method: 'GET',
+    path: '/account/ios/profile/downloadProfileContent',
     payload: {
       teamId: teamID,
       provisioningProfileId: profileID,
@@ -242,14 +282,17 @@ export function teamIDCandidates(body: unknown): string[] {
 }
 
 function pagedRequest(path: string, teamID: string, payload: Record<string, unknown> = {}) {
+  const basePayload: Record<string, unknown> = {
+    pageNumber: 1,
+    pageSize: 200,
+    ...payload,
+  };
+  if (teamID) {
+    basePayload.teamId = teamID;
+  }
   return {
     method: 'POST',
     path,
-    payload: {
-      pageNumber: 1,
-      pageSize: 200,
-      teamId: teamID,
-      ...payload,
-    },
+    payload: basePayload,
   } satisfies AppleProvisioningRequest;
 }

package/src/core/device-install/apple/relay.ts

@@ -6,14 +6,7 @@ export type AppleRelayResponse<T = unknown> = {
   headers?: Record<string, string>;
   body?: T;
   rawBody?: string;
-  bodyBase64?: string;
-};
-
-export type AppleRelayRequest = {
-  method?: 'GET' | 'POST' | 'PUT' | 'DELETE';
-  url: string;
-  headers?: Record<string, string>;
-  body?: BodyInit;
+  rawBodyBase64?: string;
 };
 
 export type AppleProvisioningRequest = {
@@ -33,11 +26,7 @@ export async function createAppleRelaySession(limbuildApiUrl: string, token?: st
   return (await response.json()) as { appleSessionId: string };
 }
 
-export async function deleteAppleRelaySession(
-  limbuildApiUrl: string,
-  appleSessionId: string,
-  token?: string,
-) {
+export async function deleteAppleRelaySession(limbuildApiUrl: string, appleSessionId: string, token?: string) {
   const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/session/delete', token), {
     method: 'POST',
     headers: jsonHeaders(token),
@@ -48,38 +37,17 @@ export async function deleteAppleRelaySession(
   }
 }
 
-export async function relayAppleRequest<T = unknown>(
-  limbuildApiUrl: string,
-  appleSessionId: string,
-  request: AppleRelayRequest,
-  token?: string,
-) {
-  const response = await fetch(appleRelayURL(limbuildApiUrl, appleSessionId, request.url, token), {
-    method: request.method ?? 'GET',
-    headers: {
-      ...(request.headers ?? {}),
-      ...authHeaders(token),
-    },
-    body: request.body,
-  });
-  return responseToAppleRelayResponse<T>(response);
-}
-
 export async function proxySrpInit(
   limbuildApiUrl: string,
   appleSessionId: string,
   payload: AppleSRPInitRequest,
   token?: string,
 ) {
-  return relayAppleRequest<AppleSRPInitResponse>(
+  return postAppleProxy<AppleSRPInitResponse>(
     limbuildApiUrl,
+    '/apple/auth/srp/init',
     appleSessionId,
-    {
-      method: 'POST',
-      url: 'https://idmsa.apple.com/appleauth/auth/signin/init',
-      headers: jsonContentHeaders(),
-      body: JSON.stringify(payload),
-    },
+    payload,
     token,
   );
 }
@@ -93,213 +61,161 @@ export async function proxySrpComplete(
   },
   token?: string,
 ) {
-  const hashcash = await fetchAppleHashcash(limbuildApiUrl, appleSessionId, token);
-  return relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'POST',
-      url: 'https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=false',
-      headers: {
-        ...jsonContentHeaders(),
-        ...(hashcash ? { 'X-Apple-HC': hashcash } : {}),
-      },
-      body: JSON.stringify(payload),
-    },
-    token,
-  );
+  return postAppleProxy(limbuildApiUrl, '/apple/auth/srp/complete', appleSessionId, payload, token);
 }
 
-export async function proxyTwoFactorCode(
+export async function triggerTrustedDeviceTwoFactor(
   limbuildApiUrl: string,
   appleSessionId: string,
-  code: string,
   token?: string,
 ) {
-  return relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'POST',
-      url: 'https://idmsa.apple.com/appleauth/auth/verify/trusteddevice/securitycode',
-      headers: jsonContentHeaders(),
-      body: JSON.stringify({ securityCode: { code } }),
-    },
-    token,
-  );
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa/trigger', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple 2FA trigger failed: HTTP ${response.status} ${await response.text()}`);
+  }
+  return (await response.json()) as AppleRelayResponse;
 }
 
-export async function finalizeAppleRelaySession(
+export async function triggerPhoneTwoFactor(
   limbuildApiUrl: string,
   appleSessionId: string,
+  phoneNumberId: number,
+  mode = 'sms',
   token?: string,
 ) {
-  return relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'GET',
-      url: 'https://appstoreconnect.apple.com/olympus/v1/session',
-      headers: { Accept: 'application/json' },
-    },
-    token,
-  );
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa/phone/trigger', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, phoneNumberId, mode }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple phone 2FA trigger failed: HTTP ${response.status} ${await response.text()}`);
+  }
+  return (await response.json()) as AppleRelayResponse;
 }
 
-export async function proxyProvisioningRequest<T = unknown>(
+export async function proxyTwoFactorCode(
   limbuildApiUrl: string,
   appleSessionId: string,
-  request: AppleProvisioningRequest,
+  code: string,
   token?: string,
 ) {
-  return relayAppleRequest<T>(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: request.method ?? 'GET',
-      url: `https://developer.apple.com/services-account/QH65B2${request.path}`,
-      headers: {
-        Accept: 'application/json',
-        ...(request.payload ? { 'Content-Type': 'application/x-www-form-urlencoded' } : {}),
-      },
-      body: request.payload ? formEncode(request.payload) : undefined,
-    },
-    token,
-  );
-}
-
-function limbuildURL(limbuildApiUrl: string, path: string, token?: string) {
-  const url = new URL(path, limbuildApiUrl);
-  if (token) {
-    url.searchParams.set('token', token);
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, code }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple 2FA proxy failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return url;
-}
-
-function appleRelayURL(limbuildApiUrl: string, appleSessionId: string, appleURL: string, token?: string) {
-  const url = limbuildURL(limbuildApiUrl, '/apple/relay', token);
-  url.searchParams.set('appleSessionId', appleSessionId);
-  url.searchParams.set('url', appleURL);
-  return url;
+  return (await response.json()) as AppleRelayResponse;
 }
 
-function jsonHeaders(token?: string): Record<string, string> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  };
-  if (token) {
-    headers.Authorization = `Bearer ${token}`;
+export async function proxyPhoneTwoFactorCode(
+  limbuildApiUrl: string,
+  appleSessionId: string,
+  phoneNumberId: number,
+  code: string,
+  mode = 'sms',
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa/phone', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, phoneNumberId, mode, code }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple phone 2FA proxy failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return headers;
-}
-
-function authHeaders(token?: string): Record<string, string> {
-  return token ? { Authorization: `Bearer ${token}` } : {};
+  return (await response.json()) as AppleRelayResponse;
 }
 
-function jsonContentHeaders(): Record<string, string> {
-  return {
-    Accept: 'application/json, text/javascript, */*; q=0.01',
-    'Content-Type': 'application/json',
-    'X-Requested-With': 'XMLHttpRequest',
-  };
+export async function fetchAppleAccountSession(
+  limbuildApiUrl: string,
+  appleSessionId: string,
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/finalize', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple session finalization failed: HTTP ${response.status} ${await response.text()}`);
+  }
+  return (await response.json()) as AppleRelayResponse;
 }
 
-async function responseToAppleRelayResponse<T>(response: Response): Promise<AppleRelayResponse<T>> {
-  const rawBody = await response.text();
-  let body: T | undefined;
-  try {
-    body = rawBody ? (JSON.parse(rawBody) as T) : undefined;
-  } catch {
-    body = undefined;
+export async function proxyProvisioningRequest<T = unknown>(
+  limbuildApiUrl: string,
+  appleSessionId: string,
+  request: AppleProvisioningRequest,
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/provisioning', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, ...request }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple provisioning proxy failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return {
-    status: response.status,
-    statusText: `${response.status} ${response.statusText}`.trim(),
-    headers: Object.fromEntries(response.headers.entries()),
-    body,
-    rawBody,
-    bodyBase64: bytesToBase64(new TextEncoder().encode(rawBody)),
-  };
+  return normalizeAppleProxyResponse<T>((await response.json()) as AppleRelayResponse<T>);
 }
 
-async function fetchAppleHashcash(limbuildApiUrl: string, appleSessionId: string, token?: string) {
-  const config = await relayAppleRequest<{ authServiceKey?: string }>(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'GET',
-      url: 'https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com',
-      headers: { Accept: 'application/json' },
-    },
-    token,
-  );
-  const widgetKey = config.body?.authServiceKey;
-  const response = await relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'GET',
-      url: `https://idmsa.apple.com/appleauth/auth/signin${widgetKey ? `?widgetKey=${encodeURIComponent(widgetKey)}` : ''}`,
-      headers: { Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' },
-    },
-    token,
-  );
-  const bits = response.headers?.['x-apple-hc-bits'];
-  const challenge = response.headers?.['x-apple-hc-challenge'];
-  if (!bits || !challenge) {
-    return undefined;
+async function postAppleProxy<T>(
+  limbuildApiUrl: string,
+  path: string,
+  appleSessionId: string,
+  payload: unknown,
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, path, token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, payload }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple proxy ${path} failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return makeAppleHashcash(parseInt(bits, 10), challenge);
+  return normalizeAppleProxyResponse<T>((await response.json()) as AppleRelayResponse<T>);
 }
 
-async function makeAppleHashcash(bits: number, challenge: string) {
-  if (!Number.isFinite(bits) || bits <= 0) {
-    return undefined;
+function normalizeAppleProxyResponse<T>(response: AppleRelayResponse<T>) {
+  if (response.body !== undefined || !response.rawBody) {
+    return response;
   }
-  const date = new Date().toISOString().replace(/[-:T.Z]/g, '').slice(0, 14);
-  for (let counter = 0; ; counter += 1) {
-    const value = `1:${bits}:${date}:${challenge}::${counter}`;
-    const digest = new Uint8Array(await crypto.subtle.digest('SHA-1', new TextEncoder().encode(value)));
-    if (hasLeadingZeroBits(digest, bits)) {
-      return value;
-    }
+  try {
+    return {
+      ...response,
+      body: JSON.parse(response.rawBody) as T,
+    };
+  } catch {
+    return response;
   }
 }
 
-function hasLeadingZeroBits(bytes: Uint8Array, bits: number) {
-  for (const byte of bytes) {
-    if (bits <= 0) return true;
-    if (bits >= 8) {
-      if (byte !== 0) return false;
-      bits -= 8;
-      continue;
-    }
-    return byte >> (8 - bits) === 0;
+function limbuildURL(limbuildApiUrl: string, path: string, token?: string) {
+  const base = limbuildApiUrl.replace(/\/$/, '');
+  const suffix = path.startsWith('/') ? path : `/${path}`;
+  const url = new URL(`${base}${suffix}`);
+  if (token) {
+    url.searchParams.set('token', token);
   }
-  return bits <= 0;
+  return url;
 }
 
-function formEncode(payload: unknown) {
-  const params = new URLSearchParams();
-  if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
-    return params;
-  }
-  for (const [key, value] of Object.entries(payload)) {
-    if (value === undefined || value === null) continue;
-    if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') {
-      params.set(key, String(value));
-    } else {
-      params.set(key, JSON.stringify(value));
-    }
-  }
-  return params;
+function jsonHeaders(token?: string): Record<string, string> {
+  return {
+    'Content-Type': 'application/json',
+    ...authHeaders(token),
+  };
 }
 
-function bytesToBase64(bytes: Uint8Array) {
-  let binary = '';
-  for (const byte of bytes) {
-    binary += String.fromCharCode(byte);
-  }
-  return btoa(binary);
+function authHeaders(token?: string): Record<string, string> {
+  return token ? { Authorization: `Bearer ${token}` } : {};
 }

package/src/core/device-install/storage/browser-storage.ts

@@ -73,6 +73,18 @@ export async function getLatestSigningAssets() {
   )[0];
 }
 
+export async function getLatestSigningAssetsWithCertificate(teamID?: string) {
+  const all = await getAllSigningAssets();
+  return all
+    .filter((asset) => {
+      if (!asset.certificateID || !asset.certificateP12Base64 || !asset.certificatePassword) {
+        return false;
+      }
+      return !teamID || !asset.teamID || asset.teamID === teamID;
+    })
+    .sort((left, right) => new Date(right.updatedAt).getTime() - new Date(left.updatedAt).getTime())[0];
+}
+
 export async function putSigningAssets(input: PutSigningAssetsInput) {
   const normalizedBundleID = normalizeBundleID(input.bundleID);
   if (!normalizedBundleID) {
@@ -118,7 +130,20 @@ export function profileMatchesBundleID(profile: ProvisioningProfileInfo, bundleI
 }
 
 export async function parseProvisioningProfile(file: File) {
-  const text = new TextDecoder('latin1').decode(await file.arrayBuffer());
+  return parseProvisioningProfileBytes(new Uint8Array(await file.arrayBuffer()));
+}
+
+export function parseProvisioningProfileBase64(base64: string) {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let index = 0; index < binary.length; index += 1) {
+    bytes[index] = binary.charCodeAt(index);
+  }
+  return parseProvisioningProfileBytes(bytes);
+}
+
+export function parseProvisioningProfileBytes(bytes: Uint8Array) {
+  const text = new TextDecoder('latin1').decode(bytes);
   const start = text.indexOf('<?xml');
   const end = text.indexOf('</plist>');
   if (start < 0 || end < start) {

package/src/core/device-install/types.ts

@@ -1,10 +1,10 @@
 export type DeviceInstallLog = (message: string, detail?: string) => void;
 
-export type DeviceInstallStep = 'build' | 'usb' | 'pair' | 'install';
+export type DeviceInstallStep = 'signing' | 'connect' | 'build' | 'install';
 
 export type DeviceInstallStepStatus = 'idle' | 'active' | 'complete' | 'error';
 
-export type DeviceInstallBusyAction = 'build' | 'usb' | 'pair' | 'install';
+export type DeviceInstallBusyAction = 'signing' | 'usb' | 'pair' | 'build' | 'install';
 
 export type DeviceInstallBuildStatus =
   | 'idle'