@limrun/ui 0.9.0-rc.1 → 0.9.0-rc.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@limrun/ui",
-  "version": "0.9.0-rc.1",
+  "version": "0.9.0-rc.2",
   "publishConfig": {
     "access": "public"
   },

package/src/components/device-install/device-install-dialog.tsx

@@ -171,23 +171,49 @@ export function DeviceInstallDialog({
                         </div>
                       )}
                       {deviceInstall.appleTeams.length > 0 && (
+                        <>
+                          <label className="lr-device-install__field">
+                            <span>Apple Developer team</span>
+                            <select
+                              value={deviceInstall.selectedAppleTeamID ?? ''}
+                              onChange={(event) =>
+                                deviceInstall.setSelectedAppleTeamID(event.currentTarget.value || undefined)
+                              }
+                            >
+                              {deviceInstall.appleTeams.map((team, index) => {
+                                const teamID =
+                                  team.teamId ??
+                                  (team.providerId === undefined ? undefined : String(team.providerId)) ??
+                                  team.publicProviderId ??
+                                  '';
+                                return (
+                                  <option key={`${teamID}-${index}`} value={teamID}>
+                                    {team.name ?? 'Apple Developer Team'} {teamID ? `(${teamID})` : ''}
+                                  </option>
+                                );
+                              })}
+                            </select>
+                          </label>
+                          {deviceInstall.applePortalSummary && (
+                            <p className="lr-device-install__hint">
+                              Found {deviceInstall.applePortalSummary.certificateCount} certificates and{' '}
+                              {deviceInstall.applePortalSummary.profileCount} provisioning profiles.
+                            </p>
+                          )}
+                        </>
+                      )}
+                      {deviceInstall.appleAppIDs.length > 0 && (
                         <label className="lr-device-install__field">
-                          <span>Apple Developer team</span>
+                          <span>Bundle ID</span>
                           <select
-                            value={deviceInstall.selectedAppleTeamID ?? ''}
-                            onChange={(event) =>
-                              deviceInstall.setSelectedAppleTeamID(event.currentTarget.value || undefined)
-                            }
+                            value={deviceInstall.appleBundleID}
+                            onChange={(event) => deviceInstall.setAppleBundleID(event.currentTarget.value)}
                           >
-                            {deviceInstall.appleTeams.map((team, index) => {
-                              const teamID =
-                                team.teamId ??
-                                (team.providerId === undefined ? undefined : String(team.providerId)) ??
-                                team.publicProviderId ??
-                                '';
+                            {deviceInstall.appleAppIDs.map((appID, index) => {
+                              const bundleID = appID.identifier ?? appID.bundleId ?? '';
                               return (
-                                <option key={`${teamID}-${index}`} value={teamID}>
-                                  {team.name ?? 'Apple Developer Team'} {teamID ? `(${teamID})` : ''}
+                                <option key={`${bundleID}-${index}`} value={bundleID}>
+                                  {appID.name ?? bundleID} {bundleID ? `(${bundleID})` : ''}
                                 </option>
                               );
                             })}
@@ -269,6 +295,49 @@ export function DeviceInstallDialog({
                           }`.trim()}
                         </div>
                       )}
+                      {deviceInstall.appleDevices.length > 0 && (
+                        <label className="lr-device-install__field">
+                          <span>Apple Developer devices</span>
+                          <select
+                            multiple
+                            value={deviceInstall.selectedAppleDeviceIDs}
+                            onChange={(event) =>
+                              deviceInstall.setSelectedAppleDeviceIDs(
+                                Array.from(event.currentTarget.selectedOptions).map((option) => option.value),
+                              )
+                            }
+                          >
+                            {deviceInstall.appleDevices.map((appleDevice) => (
+                              <option key={appleDevice.deviceId ?? appleDevice.deviceNumber} value={appleDevice.deviceId ?? ''}>
+                                {appleDevice.name ?? appleDevice.model ?? 'Apple device'} {appleDevice.deviceNumber ?? ''}
+                              </option>
+                            ))}
+                          </select>
+                        </label>
+                      )}
+                      {deviceInstall.device && !deviceInstall.connectedAppleDeviceRegistered && (
+                        <button
+                          type="button"
+                          className="lr-device-install__secondary"
+                          disabled={disabled || !!deviceInstall.busyAction}
+                          onClick={() => void deviceInstall.registerConnectedAppleDevice()}
+                        >
+                          Register connected iPhone
+                        </button>
+                      )}
+                      <button
+                        type="button"
+                        className="lr-device-install__secondary"
+                        disabled={disabled || !deviceInstall.canPrepareAppleSigningAssets}
+                        onClick={() => void deviceInstall.prepareAppleSigningAssets()}
+                      >
+                        {deviceInstall.appleSigningStatus === 'preparing-assets'
+                          ? 'Preparing signing assets...'
+                          : 'Generate certificate and profile'}
+                      </button>
+                      {deviceInstall.hasSigningAssets && (
+                        <p>Signing assets are stored in this browser for the selected bundle and device.</p>
+                      )}
                     </div>
                   )}
 

package/src/core/device-install/apple/client.ts

@@ -2,10 +2,13 @@ import { AppleGsaSrpClient } from './gsa-srp';
 import {
   createAppleRelaySession,
   deleteAppleRelaySession,
-  finalizeAppleRelaySession,
+  fetchAppleAccountSession,
+  proxyPhoneTwoFactorCode,
   proxySrpComplete,
   proxySrpInit,
   proxyTwoFactorCode,
+  triggerPhoneTwoFactor,
+  triggerTrustedDeviceTwoFactor,
   type AppleRelayResponse,
 } from './relay';
 
@@ -19,12 +22,17 @@ export type AppleIDLoginInput = {
 export type AppleIDLoginResult = {
   appleSessionId: string;
   completeResponse: AppleRelayResponse;
+  twoFactorChallengeResponse?: AppleRelayResponse;
   requiresTwoFactor: boolean;
   finishTwoFactor: (code: string) => Promise<AppleRelayResponse>;
   finalize: () => Promise<AppleRelayResponse>;
   close: () => Promise<void>;
 };
 
+type TwoFactorMethod =
+  | { type: 'trustedDevice' }
+  | { type: 'phone'; phoneNumberId: number; mode: string };
+
 export async function startBrowserOwnedAppleIDLogin({
   limbuildApiUrl,
   accountName,
@@ -35,6 +43,9 @@ export async function startBrowserOwnedAppleIDLogin({
   try {
     const srp = new AppleGsaSrpClient(accountName);
     const initResponse = await proxySrpInit(limbuildApiUrl, appleSessionId, await srp.init(), token);
+    if (initResponse.status < 200 || initResponse.status >= 300) {
+      throw new Error(`Apple SRP init failed: HTTP ${initResponse.status} ${initResponse.rawBody ?? ''}`.trim());
+    }
     if (!initResponse.body) {
       throw new Error('Apple SRP init response did not include a body.');
     }
@@ -49,12 +60,64 @@ export async function startBrowserOwnedAppleIDLogin({
       },
       token,
     );
+    const requiresTwoFactor = completeResponse.status === 409;
+    let twoFactorChallengeResponse: AppleRelayResponse | undefined;
+    let twoFactorMethod: TwoFactorMethod = { type: 'trustedDevice' };
+    if (requiresTwoFactor) {
+      twoFactorChallengeResponse = await triggerTrustedDeviceTwoFactor(limbuildApiUrl, appleSessionId, token);
+      const phone = trustedPhoneNumberFromChallenge(twoFactorChallengeResponse.body);
+      if (phone) {
+        twoFactorMethod = {
+          type: 'phone',
+          phoneNumberId: phone.id,
+          mode: phone.pushMode ?? 'sms',
+        };
+      }
+      if (twoFactorChallengeResponse.status === 412) {
+        if (!phone) {
+          throw new Error('Apple requested phone verification but did not include a trusted phone number.');
+        }
+        twoFactorChallengeResponse = await triggerPhoneTwoFactor(
+          limbuildApiUrl,
+          appleSessionId,
+          phone.id,
+          phone.pushMode ?? 'sms',
+          token,
+        );
+      }
+      if (twoFactorChallengeResponse.status < 200 || twoFactorChallengeResponse.status >= 300) {
+        throw new Error(
+          `Apple two-factor challenge failed: HTTP ${twoFactorChallengeResponse.status} ${
+            twoFactorChallengeResponse.rawBody ?? ''
+          }`.trim(),
+        );
+      }
+    } else if (completeResponse.status < 200 || completeResponse.status >= 300) {
+      throw new Error(`Apple SRP complete failed: HTTP ${completeResponse.status} ${completeResponse.rawBody ?? ''}`.trim());
+    }
     return {
       appleSessionId,
       completeResponse,
-      requiresTwoFactor: completeResponse.status === 409,
-      finishTwoFactor: (code) => proxyTwoFactorCode(limbuildApiUrl, appleSessionId, code, token),
-      finalize: () => finalizeAppleRelaySession(limbuildApiUrl, appleSessionId, token),
+      twoFactorChallengeResponse,
+      requiresTwoFactor,
+      finishTwoFactor: async (code) => {
+        const response =
+          twoFactorMethod.type === 'phone'
+            ? await proxyPhoneTwoFactorCode(
+                limbuildApiUrl,
+                appleSessionId,
+                twoFactorMethod.phoneNumberId,
+                code,
+                twoFactorMethod.mode,
+                token,
+              )
+            : await proxyTwoFactorCode(limbuildApiUrl, appleSessionId, code, token);
+        if (response.status < 200 || response.status >= 300) {
+          throw new Error(`Apple two-factor code failed: HTTP ${response.status} ${response.rawBody ?? ''}`.trim());
+        }
+        return response;
+      },
+      finalize: async () => fetchAppleAccountSession(limbuildApiUrl, appleSessionId, token),
       close: () => deleteAppleRelaySession(limbuildApiUrl, appleSessionId, token),
     };
   } catch (error) {
@@ -62,3 +125,28 @@ export async function startBrowserOwnedAppleIDLogin({
     throw error;
   }
 }
+
+function trustedPhoneNumberFromChallenge(body: unknown) {
+  if (!isRecord(body)) return undefined;
+  const verification = isRecord(body.phoneNumberVerification) ? body.phoneNumberVerification : undefined;
+  const trustedPhoneNumber =
+    recordValue(verification?.trustedPhoneNumber) ??
+    recordValue(body.trustedPhoneNumber) ??
+    recordValue(body.phoneNumber);
+  if (!trustedPhoneNumber) return undefined;
+  const id = trustedPhoneNumber.id;
+  if (typeof id !== 'number') return undefined;
+  const pushMode =
+    typeof trustedPhoneNumber.pushMode === 'string' ? trustedPhoneNumber.pushMode
+    : typeof body.mode === 'string' ? body.mode
+    : undefined;
+  return { id, pushMode };
+}
+
+function recordValue(value: unknown) {
+  return isRecord(value) ? value : undefined;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}

package/src/core/device-install/apple/provisioning.ts

@@ -18,13 +18,39 @@ export type AppleDeveloperPortalTeam = {
   subType?: string;
 };
 
+export type AppleDeveloperPortalDevice = {
+  deviceId?: string;
+  name?: string;
+  deviceNumber?: string;
+  deviceClass?: string;
+  model?: string;
+  status?: string;
+};
+
+export type AppleDeveloperPortalAppID = {
+  appId?: string;
+  appIdId?: string;
+  identifier?: string;
+  bundleId?: string;
+  name?: string;
+  prefix?: string;
+  platform?: string;
+};
+
 export type AppleDeveloperPortalResponse = {
+  resultCode?: number;
+  resultString?: string;
+  userString?: string;
   teams?: AppleDeveloperPortalTeam[];
   provider?: AppleDeveloperPortalTeam;
   availableProviders?: AppleDeveloperPortalTeam[];
-  appIds?: Array<Record<string, unknown>>;
-  devices?: Array<Record<string, unknown>>;
+  appIds?: AppleDeveloperPortalAppID[];
+  devices?: AppleDeveloperPortalDevice[];
   certRequests?: Array<Record<string, unknown>>;
+  certRequest?: Record<string, unknown>;
+  appId?: Record<string, unknown>;
+  device?: Record<string, unknown>;
+  provisioningProfile?: Record<string, unknown>;
   provisioningProfiles?: Array<Record<string, unknown>>;
 };
 
@@ -60,37 +86,49 @@ export function listTeamsRequest(): AppleProvisioningRequest {
 }
 
 export function findBundleIDRequest({ bundleID, teamID = '' }: Pick<AppleProvisioningContext, 'bundleID' | 'teamID'>) {
-  return pagedRequest('/account/ios/identifiers/listAppIds.action', teamID, { search: bundleID });
+  void bundleID;
+  return pagedRequest('/account/ios/identifiers/listAppIds.action', teamID, { sort: 'name=asc' });
 }
 
 export function findDeviceRequest({ deviceUDID, teamID = '' }: Pick<AppleProvisioningContext, 'deviceUDID' | 'teamID'>) {
-  return pagedRequest('/account/ios/device/listDevices.action', teamID, { search: normalizeUDID(deviceUDID) });
+  void deviceUDID;
+  return pagedRequest('/account/ios/device/listDevices.action', teamID, {
+    sort: 'name=asc',
+    includeRemovedDevices: false,
+  });
 }
 
 export function findDevelopmentCertificatesRequest(teamID = '') {
-  return pagedRequest('/account/ios/certificate/listCertRequests.action', teamID);
+  return pagedRequest('/account/ios/certificate/listCertRequests.action', teamID, {
+    sort: 'name=asc',
+    types: '83Q87W3TGH,5QPB9NHCEI',
+  });
 }
 
 export function findDevelopmentProfilesRequest({
   bundleID,
   teamID = '',
 }: Pick<AppleProvisioningContext, 'bundleID' | 'teamID'>) {
-  return pagedRequest('/account/ios/profile/listProvisioningProfiles.action', teamID, { search: bundleID });
+  return pagedRequest('/account/ios/profile/listProvisioningProfiles.action', teamID, {
+    search: bundleID,
+    sort: 'name=asc',
+  });
 }
 
 export function registerDeviceRequest({
   deviceUDID,
   teamID = '',
   name = 'Limrun iPhone',
-}: AppleProvisioningContext & { name?: string }) {
+}: Pick<AppleProvisioningContext, 'deviceUDID' | 'teamID'> & { name?: string }) {
   return {
     method: 'POST',
-    path: '/account/ios/device/addDevice.action',
+    path: '/account/ios/device/addDevices.action',
     payload: {
       teamId: teamID,
-      name,
-      deviceNumber: normalizeUDID(deviceUDID),
-      deviceClass: 'iphone',
+      deviceNames: name,
+      deviceNumbers: normalizeUDID(deviceUDID),
+      deviceClasses: 'iphone',
+      register: 'single',
     },
   } satisfies AppleProvisioningRequest;
 }
@@ -121,9 +159,10 @@ export function submitDevelopmentCSRRequest({
 }) {
   return {
     method: 'POST',
-    path: '/account/ios/certificate/submitDevelopmentCSR.action',
+    path: '/account/ios/certificate/submitCertificateRequest.action',
     payload: {
       teamId: teamID,
+      type: '83Q87W3TGH',
       csrContent: csrPEM,
     },
   } satisfies AppleProvisioningRequest;
@@ -131,11 +170,12 @@ export function submitDevelopmentCSRRequest({
 
 export function downloadCertificateRequest(certificateID: string, teamID = '') {
   return {
-    method: 'POST',
+    method: 'GET',
     path: '/account/ios/certificate/downloadCertificateContent.action',
     payload: {
       teamId: teamID,
       certificateId: certificateID,
+      type: '83Q87W3TGH',
     },
   } satisfies AppleProvisioningRequest;
 }
@@ -158,11 +198,11 @@ export function createDevelopmentProfileRequest({
     path: '/account/ios/profile/createProvisioningProfile.action',
     payload: {
       teamId: teamID,
-      appIdId: appIDID,
+      provisioningProfileName: name ?? `Limrun ${bundleID}`,
       certificateIds: [certificateID],
+      appIdId: appIDID,
       deviceIds: deviceIDs,
-      distributionMethod: 'development',
-      name: name ?? `Limrun ${bundleID}`,
+      distributionType: 'limited',
       subPlatform: 'ios',
     },
   } satisfies AppleProvisioningRequest;
@@ -170,8 +210,8 @@ export function createDevelopmentProfileRequest({
 
 export function downloadProfileRequest(profileID: string, teamID = '') {
   return {
-    method: 'POST',
-    path: '/account/ios/profile/downloadProfileContent.action',
+    method: 'GET',
+    path: '/account/ios/profile/downloadProfileContent',
     payload: {
       teamId: teamID,
       provisioningProfileId: profileID,
@@ -242,14 +282,17 @@ export function teamIDCandidates(body: unknown): string[] {
 }
 
 function pagedRequest(path: string, teamID: string, payload: Record<string, unknown> = {}) {
+  const basePayload: Record<string, unknown> = {
+    pageNumber: 1,
+    pageSize: 200,
+    ...payload,
+  };
+  if (teamID) {
+    basePayload.teamId = teamID;
+  }
   return {
     method: 'POST',
     path,
-    payload: {
-      pageNumber: 1,
-      pageSize: 200,
-      teamId: teamID,
-      ...payload,
-    },
+    payload: basePayload,
   } satisfies AppleProvisioningRequest;
 }