@limrun/ui 0.9.0-rc.1 → 0.9.0-rc.4

package/src/core/device-install/apple/relay.ts

@@ -6,14 +6,7 @@ export type AppleRelayResponse<T = unknown> = {
   headers?: Record<string, string>;
   body?: T;
   rawBody?: string;
-  bodyBase64?: string;
-};
-
-export type AppleRelayRequest = {
-  method?: 'GET' | 'POST' | 'PUT' | 'DELETE';
-  url: string;
-  headers?: Record<string, string>;
-  body?: BodyInit;
+  rawBodyBase64?: string;
 };
 
 export type AppleProvisioningRequest = {
@@ -33,11 +26,7 @@ export async function createAppleRelaySession(limbuildApiUrl: string, token?: st
   return (await response.json()) as { appleSessionId: string };
 }
 
-export async function deleteAppleRelaySession(
-  limbuildApiUrl: string,
-  appleSessionId: string,
-  token?: string,
-) {
+export async function deleteAppleRelaySession(limbuildApiUrl: string, appleSessionId: string, token?: string) {
   const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/session/delete', token), {
     method: 'POST',
     headers: jsonHeaders(token),
@@ -48,38 +37,17 @@ export async function deleteAppleRelaySession(
   }
 }
 
-export async function relayAppleRequest<T = unknown>(
-  limbuildApiUrl: string,
-  appleSessionId: string,
-  request: AppleRelayRequest,
-  token?: string,
-) {
-  const response = await fetch(appleRelayURL(limbuildApiUrl, appleSessionId, request.url, token), {
-    method: request.method ?? 'GET',
-    headers: {
-      ...(request.headers ?? {}),
-      ...authHeaders(token),
-    },
-    body: request.body,
-  });
-  return responseToAppleRelayResponse<T>(response);
-}
-
 export async function proxySrpInit(
   limbuildApiUrl: string,
   appleSessionId: string,
   payload: AppleSRPInitRequest,
   token?: string,
 ) {
-  return relayAppleRequest<AppleSRPInitResponse>(
+  return postAppleProxy<AppleSRPInitResponse>(
     limbuildApiUrl,
+    '/apple/auth/srp/init',
     appleSessionId,
-    {
-      method: 'POST',
-      url: 'https://idmsa.apple.com/appleauth/auth/signin/init',
-      headers: jsonContentHeaders(),
-      body: JSON.stringify(payload),
-    },
+    payload,
     token,
   );
 }
@@ -93,213 +61,161 @@ export async function proxySrpComplete(
   },
   token?: string,
 ) {
-  const hashcash = await fetchAppleHashcash(limbuildApiUrl, appleSessionId, token);
-  return relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'POST',
-      url: 'https://idmsa.apple.com/appleauth/auth/signin/complete?isRememberMeEnabled=false',
-      headers: {
-        ...jsonContentHeaders(),
-        ...(hashcash ? { 'X-Apple-HC': hashcash } : {}),
-      },
-      body: JSON.stringify(payload),
-    },
-    token,
-  );
+  return postAppleProxy(limbuildApiUrl, '/apple/auth/srp/complete', appleSessionId, payload, token);
 }
 
-export async function proxyTwoFactorCode(
+export async function triggerTrustedDeviceTwoFactor(
   limbuildApiUrl: string,
   appleSessionId: string,
-  code: string,
   token?: string,
 ) {
-  return relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'POST',
-      url: 'https://idmsa.apple.com/appleauth/auth/verify/trusteddevice/securitycode',
-      headers: jsonContentHeaders(),
-      body: JSON.stringify({ securityCode: { code } }),
-    },
-    token,
-  );
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa/trigger', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple 2FA trigger failed: HTTP ${response.status} ${await response.text()}`);
+  }
+  return (await response.json()) as AppleRelayResponse;
 }
 
-export async function finalizeAppleRelaySession(
+export async function triggerPhoneTwoFactor(
   limbuildApiUrl: string,
   appleSessionId: string,
+  phoneNumberId: number,
+  mode = 'sms',
   token?: string,
 ) {
-  return relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'GET',
-      url: 'https://appstoreconnect.apple.com/olympus/v1/session',
-      headers: { Accept: 'application/json' },
-    },
-    token,
-  );
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa/phone/trigger', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, phoneNumberId, mode }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple phone 2FA trigger failed: HTTP ${response.status} ${await response.text()}`);
+  }
+  return (await response.json()) as AppleRelayResponse;
 }
 
-export async function proxyProvisioningRequest<T = unknown>(
+export async function proxyTwoFactorCode(
   limbuildApiUrl: string,
   appleSessionId: string,
-  request: AppleProvisioningRequest,
+  code: string,
   token?: string,
 ) {
-  return relayAppleRequest<T>(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: request.method ?? 'GET',
-      url: `https://developer.apple.com/services-account/QH65B2${request.path}`,
-      headers: {
-        Accept: 'application/json',
-        ...(request.payload ? { 'Content-Type': 'application/x-www-form-urlencoded' } : {}),
-      },
-      body: request.payload ? formEncode(request.payload) : undefined,
-    },
-    token,
-  );
-}
-
-function limbuildURL(limbuildApiUrl: string, path: string, token?: string) {
-  const url = new URL(path, limbuildApiUrl);
-  if (token) {
-    url.searchParams.set('token', token);
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, code }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple 2FA proxy failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return url;
-}
-
-function appleRelayURL(limbuildApiUrl: string, appleSessionId: string, appleURL: string, token?: string) {
-  const url = limbuildURL(limbuildApiUrl, '/apple/relay', token);
-  url.searchParams.set('appleSessionId', appleSessionId);
-  url.searchParams.set('url', appleURL);
-  return url;
+  return (await response.json()) as AppleRelayResponse;
 }
 
-function jsonHeaders(token?: string): Record<string, string> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  };
-  if (token) {
-    headers.Authorization = `Bearer ${token}`;
+export async function proxyPhoneTwoFactorCode(
+  limbuildApiUrl: string,
+  appleSessionId: string,
+  phoneNumberId: number,
+  code: string,
+  mode = 'sms',
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/2fa/phone', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, phoneNumberId, mode, code }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple phone 2FA proxy failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return headers;
-}
-
-function authHeaders(token?: string): Record<string, string> {
-  return token ? { Authorization: `Bearer ${token}` } : {};
+  return (await response.json()) as AppleRelayResponse;
 }
 
-function jsonContentHeaders(): Record<string, string> {
-  return {
-    Accept: 'application/json, text/javascript, */*; q=0.01',
-    'Content-Type': 'application/json',
-    'X-Requested-With': 'XMLHttpRequest',
-  };
+export async function fetchAppleAccountSession(
+  limbuildApiUrl: string,
+  appleSessionId: string,
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/auth/finalize', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple session finalization failed: HTTP ${response.status} ${await response.text()}`);
+  }
+  return (await response.json()) as AppleRelayResponse;
 }
 
-async function responseToAppleRelayResponse<T>(response: Response): Promise<AppleRelayResponse<T>> {
-  const rawBody = await response.text();
-  let body: T | undefined;
-  try {
-    body = rawBody ? (JSON.parse(rawBody) as T) : undefined;
-  } catch {
-    body = undefined;
+export async function proxyProvisioningRequest<T = unknown>(
+  limbuildApiUrl: string,
+  appleSessionId: string,
+  request: AppleProvisioningRequest,
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, '/apple/provisioning', token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, ...request }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple provisioning proxy failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return {
-    status: response.status,
-    statusText: `${response.status} ${response.statusText}`.trim(),
-    headers: Object.fromEntries(response.headers.entries()),
-    body,
-    rawBody,
-    bodyBase64: bytesToBase64(new TextEncoder().encode(rawBody)),
-  };
+  return normalizeAppleProxyResponse<T>((await response.json()) as AppleRelayResponse<T>);
 }
 
-async function fetchAppleHashcash(limbuildApiUrl: string, appleSessionId: string, token?: string) {
-  const config = await relayAppleRequest<{ authServiceKey?: string }>(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'GET',
-      url: 'https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com',
-      headers: { Accept: 'application/json' },
-    },
-    token,
-  );
-  const widgetKey = config.body?.authServiceKey;
-  const response = await relayAppleRequest(
-    limbuildApiUrl,
-    appleSessionId,
-    {
-      method: 'GET',
-      url: `https://idmsa.apple.com/appleauth/auth/signin${widgetKey ? `?widgetKey=${encodeURIComponent(widgetKey)}` : ''}`,
-      headers: { Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' },
-    },
-    token,
-  );
-  const bits = response.headers?.['x-apple-hc-bits'];
-  const challenge = response.headers?.['x-apple-hc-challenge'];
-  if (!bits || !challenge) {
-    return undefined;
+async function postAppleProxy<T>(
+  limbuildApiUrl: string,
+  path: string,
+  appleSessionId: string,
+  payload: unknown,
+  token?: string,
+) {
+  const response = await fetch(limbuildURL(limbuildApiUrl, path, token), {
+    method: 'POST',
+    headers: jsonHeaders(token),
+    body: JSON.stringify({ appleSessionId, payload }),
+  });
+  if (!response.ok) {
+    throw new Error(`Apple proxy ${path} failed: HTTP ${response.status} ${await response.text()}`);
   }
-  return makeAppleHashcash(parseInt(bits, 10), challenge);
+  return normalizeAppleProxyResponse<T>((await response.json()) as AppleRelayResponse<T>);
 }
 
-async function makeAppleHashcash(bits: number, challenge: string) {
-  if (!Number.isFinite(bits) || bits <= 0) {
-    return undefined;
+function normalizeAppleProxyResponse<T>(response: AppleRelayResponse<T>) {
+  if (response.body !== undefined || !response.rawBody) {
+    return response;
   }
-  const date = new Date().toISOString().replace(/[-:T.Z]/g, '').slice(0, 14);
-  for (let counter = 0; ; counter += 1) {
-    const value = `1:${bits}:${date}:${challenge}::${counter}`;
-    const digest = new Uint8Array(await crypto.subtle.digest('SHA-1', new TextEncoder().encode(value)));
-    if (hasLeadingZeroBits(digest, bits)) {
-      return value;
-    }
+  try {
+    return {
+      ...response,
+      body: JSON.parse(response.rawBody) as T,
+    };
+  } catch {
+    return response;
   }
 }
 
-function hasLeadingZeroBits(bytes: Uint8Array, bits: number) {
-  for (const byte of bytes) {
-    if (bits <= 0) return true;
-    if (bits >= 8) {
-      if (byte !== 0) return false;
-      bits -= 8;
-      continue;
-    }
-    return byte >> (8 - bits) === 0;
+function limbuildURL(limbuildApiUrl: string, path: string, token?: string) {
+  const base = limbuildApiUrl.replace(/\/$/, '');
+  const suffix = path.startsWith('/') ? path : `/${path}`;
+  const url = new URL(`${base}${suffix}`);
+  if (token) {
+    url.searchParams.set('token', token);
   }
-  return bits <= 0;
+  return url;
 }
 
-function formEncode(payload: unknown) {
-  const params = new URLSearchParams();
-  if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
-    return params;
-  }
-  for (const [key, value] of Object.entries(payload)) {
-    if (value === undefined || value === null) continue;
-    if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') {
-      params.set(key, String(value));
-    } else {
-      params.set(key, JSON.stringify(value));
-    }
-  }
-  return params;
+function jsonHeaders(token?: string): Record<string, string> {
+  return {
+    'Content-Type': 'application/json',
+    ...authHeaders(token),
+  };
 }
 
-function bytesToBase64(bytes: Uint8Array) {
-  let binary = '';
-  for (const byte of bytes) {
-    binary += String.fromCharCode(byte);
-  }
-  return btoa(binary);
+function authHeaders(token?: string): Record<string, string> {
+  return token ? { Authorization: `Bearer ${token}` } : {};
 }

package/src/core/device-install/storage/browser-storage.ts

@@ -73,6 +73,18 @@ export async function getLatestSigningAssets() {
   )[0];
 }
 
+export async function getLatestSigningAssetsWithCertificate(teamID?: string) {
+  const all = await getAllSigningAssets();
+  return all
+    .filter((asset) => {
+      if (!asset.certificateID || !asset.certificateP12Base64 || !asset.certificatePassword) {
+        return false;
+      }
+      return !teamID || !asset.teamID || asset.teamID === teamID;
+    })
+    .sort((left, right) => new Date(right.updatedAt).getTime() - new Date(left.updatedAt).getTime())[0];
+}
+
 export async function putSigningAssets(input: PutSigningAssetsInput) {
   const normalizedBundleID = normalizeBundleID(input.bundleID);
   if (!normalizedBundleID) {
@@ -118,7 +130,20 @@ export function profileMatchesBundleID(profile: ProvisioningProfileInfo, bundleI
 }
 
 export async function parseProvisioningProfile(file: File) {
-  const text = new TextDecoder('latin1').decode(await file.arrayBuffer());
+  return parseProvisioningProfileBytes(new Uint8Array(await file.arrayBuffer()));
+}
+
+export function parseProvisioningProfileBase64(base64: string) {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let index = 0; index < binary.length; index += 1) {
+    bytes[index] = binary.charCodeAt(index);
+  }
+  return parseProvisioningProfileBytes(bytes);
+}
+
+export function parseProvisioningProfileBytes(bytes: Uint8Array) {
+  const text = new TextDecoder('latin1').decode(bytes);
   const start = text.indexOf('<?xml');
   const end = text.indexOf('</plist>');
   if (start < 0 || end < start) {

package/src/core/device-install/types.ts

@@ -1,10 +1,10 @@
 export type DeviceInstallLog = (message: string, detail?: string) => void;
 
-export type DeviceInstallStep = 'build' | 'usb' | 'pair' | 'install';
+export type DeviceInstallStep = 'signing' | 'connect' | 'build' | 'install';
 
 export type DeviceInstallStepStatus = 'idle' | 'active' | 'complete' | 'error';
 
-export type DeviceInstallBusyAction = 'build' | 'usb' | 'pair' | 'install';
+export type DeviceInstallBusyAction = 'signing' | 'usb' | 'pair' | 'build' | 'install';
 
 export type DeviceInstallBuildStatus =
   | 'idle'