npm - @lvce-editor/auth-worker - Versions diffs - 1.11.0 → 1.13.0 - Mend

@lvce-editor/auth-worker 1.11.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/authWorkerMain.js +157 -66
package/package.json +1 -1

package/dist/authWorkerMain.js CHANGED Viewed

@@ -968,7 +968,7 @@ const createMockRpc = ({
 };
 const rpcs = Object.create(null);
-const set$3 = (id, rpc) => {
+const set$2 = (id, rpc) => {
   rpcs[id] = rpc;
 };
 const get = id => {
@@ -1001,7 +1001,7 @@ const create = rpcId => {
       const mockRpc = createMockRpc({
         commandMap
       });
-      set$3(rpcId, mockRpc);
+      set$2(rpcId, mockRpc);
       // @ts-ignore
       mockRpc[Symbol.dispose] = () => {
         remove(rpcId);
@@ -1010,14 +1010,14 @@ const create = rpcId => {
       return mockRpc;
     },
     set(rpc) {
-      set$3(rpcId, rpc);
+      set$2(rpcId, rpc);
     }
   };
 };
 const {
   invoke: invoke$2,
-  set: set$2
+  set: set$1
 } = create(6040);
 const Electron = 2;
@@ -1027,32 +1027,26 @@ const RendererWorker = 1;
 const {
   invoke: invoke$1,
-  set: set$1
+  set
 } = create(OpenerWorker);
 const {
   invoke,
-  invokeAndTransfer,
-  set
-} = create(RendererWorker);
+  invokeAndTransfer} = create(RendererWorker);
 const sendMessagePortToOpenerWorker$1 = async (port, rpcId) => {
   const command = 'HandleMessagePort.handleMessagePort';
   await invokeAndTransfer('SendMessagePortToExtensionHostWorker.sendMessagePortToOpenerWorker', port, command, rpcId);
 };
-const sendMessagePortToSharedProcess = async port => {
-  const command = 'HandleElectronMessagePort.handleElectronMessagePort';
-  await invokeAndTransfer('SendMessagePortToExtensionHostWorker.sendMessagePortToSharedProcess', port, command, 0);
-};
 const sendMessagePortToAuthProcess = async port => {
-  await sendMessagePortToSharedProcess(port);
+  await invokeAndTransfer('SendMessagePortToExtensionHostWorker.sendMessagePortToSharedProcess', port, 'HandleMessagePortForAuthProcess.handleMessagePortForAuthProcess');
 };
 const initializeAuthProcess = async () => {
   const rpc = await create$2({
     commandMap: {},
     send: sendMessagePortToAuthProcess
   });
-  set$2(rpc);
+  set$1(rpc);
 };
 const sendMessagePortToOpenerWorker = async port => {
@@ -1063,7 +1057,7 @@ const initializeOpenerWorker = async () => {
     commandMap: {},
     send: sendMessagePortToOpenerWorker
   });
-  set$1(rpc);
+  set(rpc);
 };
 const handleMessagePort = async (port, rpcId) => {
@@ -1073,7 +1067,7 @@ const handleMessagePort = async (port, rpcId) => {
     messagePort: port
   });
   if (rpcId) {
-    set$3(rpcId, rpc);
+    set$2(rpcId, rpc);
   }
 };
@@ -1267,6 +1261,115 @@ const waitForBackendLogin = async (backendUrl, timeoutMs = 30_000, pollIntervalM
   return getLoggedOutBackendAuthState(lastErrorMessage);
 };
+if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) ;
+const ERR_INVALID_ARG_VALUE = 'ERR_INVALID_ARG_VALUE';
+const ERR_INVALID_ARG_TYPE = 'ERR_INVALID_ARG_TYPE';
+function CodedTypeError(message, code, cause) {
+  const err = new TypeError(message, {
+    cause
+  });
+  Object.assign(err, {
+    code
+  });
+  return err;
+}
+const encoder = new TextEncoder();
+const decoder = new TextDecoder();
+function buf(input) {
+  if (typeof input === 'string') {
+    return encoder.encode(input);
+  }
+  return decoder.decode(input);
+}
+let encodeBase64Url;
+if (Uint8Array.prototype.toBase64) {
+  encodeBase64Url = input => {
+    if (input instanceof ArrayBuffer) {
+      input = new Uint8Array(input);
+    }
+    return input.toBase64({
+      alphabet: 'base64url',
+      omitPadding: true
+    });
+  };
+} else {
+  const CHUNK_SIZE = 0x8000;
+  encodeBase64Url = input => {
+    if (input instanceof ArrayBuffer) {
+      input = new Uint8Array(input);
+    }
+    const arr = [];
+    for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {
+      arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));
+    }
+    return btoa(arr.join('')).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+  };
+}
+let decodeBase64Url;
+if (Uint8Array.fromBase64) {
+  decodeBase64Url = input => {
+    try {
+      return Uint8Array.fromBase64(input, {
+        alphabet: 'base64url'
+      });
+    } catch (cause) {
+      throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);
+    }
+  };
+} else {
+  decodeBase64Url = input => {
+    try {
+      const binary = atob(input.replace(/-/g, '+').replace(/_/g, '/').replace(/\s/g, ''));
+      const bytes = new Uint8Array(binary.length);
+      for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+      }
+      return bytes;
+    } catch (cause) {
+      throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);
+    }
+  };
+}
+function b64u(input) {
+  if (typeof input === 'string') {
+    return decodeBase64Url(input);
+  }
+  return encodeBase64Url(input);
+}
+function assertString(input, it, code, cause) {
+  try {
+    if (typeof input !== 'string') {
+      throw CodedTypeError(`${it} must be a string`, ERR_INVALID_ARG_TYPE, cause);
+    }
+    if (input.length === 0) {
+      throw CodedTypeError(`${it} must not be empty`, ERR_INVALID_ARG_VALUE, cause);
+    }
+  } catch (err) {
+    throw err;
+  }
+}
+function randomBytes() {
+  return b64u(crypto.getRandomValues(new Uint8Array(32)));
+}
+function generateRandomCodeVerifier() {
+  return randomBytes();
+}
+async function calculatePKCECodeChallenge(codeVerifier) {
+  assertString(codeVerifier, 'codeVerifier');
+  return b64u(await crypto.subtle.digest('SHA-256', buf(codeVerifier)));
+}
+// cspell:ignore pkce
+const createPkceValues = async () => {
+  const codeVerifier = generateRandomCodeVerifier();
+  const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
+  return {
+    codeChallenge,
+    codeVerifier
+  };
+};
 const getCurrentHref = async () => {
   try {
     return await invoke('Layout.getHref');
@@ -1527,7 +1630,7 @@ const errorHtml = `<!doctype html>
 const getElectronRedirectUri = async uid => {
   const localOauthServerPort = await invoke$2('OAuthServer.create', String(uid), successHtml, errorHtml);
-  return `http://localhost:${localOauthServerPort}`;
+  return `http://localhost:${localOauthServerPort}/callback`;
 };
 const getEffectiveRedirectUri = async (platform, uid, redirectUri) => {
@@ -1540,13 +1643,31 @@ const getEffectiveRedirectUri = async (platform, uid, redirectUri) => {
   return getCurrentHref();
 };
-const getBackendLoginRequest = async (backendUrl, platform = 0, uid = 0, redirectUri = '') => {
-  const loginUrl = new URL(getBackendAuthUrl(backendUrl, '/login'));
+const oidcClientId = 'lvce-editor-native';
+const oidcScope = 'openid offline_access profile email';
+// cspell:ignore pkce
+const getBackendLoginRequest = async (backendUrl, platform = 0, uid = 0, redirectUri = '', createPkceValuesFn = createPkceValues, createRandomUuid = () => globalThis.crypto.randomUUID()) => {
   const effectiveRedirectUri = await getEffectiveRedirectUri(platform, uid, redirectUri);
+  const {
+    codeChallenge,
+    codeVerifier
+  } = await createPkceValuesFn();
+  const loginUrl = new URL(getBackendAuthUrl(backendUrl, '/oidc/auth'));
+  loginUrl.searchParams.set('client_id', oidcClientId);
+  loginUrl.searchParams.set('code_challenge', codeChallenge);
+  loginUrl.searchParams.set('code_challenge_method', 'S256');
+  loginUrl.searchParams.set('nonce', createRandomUuid());
+  loginUrl.searchParams.set('prompt', 'consent');
+  loginUrl.searchParams.set('response_type', 'code');
+  loginUrl.searchParams.set('scope', oidcScope);
+  loginUrl.searchParams.set('state', createRandomUuid());
   if (effectiveRedirectUri) {
     loginUrl.searchParams.set('redirect_uri', effectiveRedirectUri);
   }
   return {
+    codeVerifier,
     loginUrl: loginUrl.toString(),
     redirectUri: effectiveRedirectUri
   };
@@ -1572,52 +1693,23 @@ const isLoginResponse = value => {
   return true;
 };
-const getBackendNativeExchangeUrl = backendUrl => {
-  return getBackendAuthUrl(backendUrl, '/auth/native/exchange');
-};
-const getExchangeErrorMessage = async response => {
-  try {
-    const payload = await response.json();
-    if (payload && typeof payload === 'object' && typeof payload.error === 'string' && payload.error) {
-      return payload.error;
-    }
-  } catch {
-    // ignore
-  }
-  return 'Backend authentication failed.';
-};
-const exchangeElectronAuthorizationCode = async (backendUrl, code, redirectUri) => {
-  const response = await fetch(getBackendNativeExchangeUrl(backendUrl), {
-    body: JSON.stringify({
-      code,
-      redirectUri
-    }),
-    credentials: 'include',
-    headers: {
-      Accept: 'application/json',
-      'Content-Type': 'application/json'
-    },
-    method: 'POST'
-  });
-  if (!response.ok) {
-    throw new Error(await getExchangeErrorMessage(response));
-  }
-};
 const hasAuthorizationCode = value => {
   return typeof value === 'string' && value.length > 0;
 };
-const waitForElectronBackendLogin = async (backendUrl, uid, redirectUri, timeoutMs = 30_000, pollIntervalMs = 1000) => {
-  const started = Date.now();
-  const deadline = started + timeoutMs;
+const getElectronAuthorizationCode = async uid => {
+  return invoke$2('OAuthServer.getCode', String(uid));
+};
+const waitForElectronBackendLogin = async (uid, codeVerifier, timeoutMs = 30_000, pollIntervalMs = 1000, getAuthorizationCode = getElectronAuthorizationCode) => {
+  const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
-    const authorizationCode = await invoke('OAuthServer.getCode', String(uid));
+    const authorizationCode = await getAuthorizationCode(uid);
     if (hasAuthorizationCode(authorizationCode)) {
-      const elapsed = Date.now() - started;
-      const remainingTime = Math.max(0, timeoutMs - elapsed);
-      await exchangeElectronAuthorizationCode(backendUrl, authorizationCode, redirectUri);
-      return waitForBackendLogin(backendUrl, remainingTime, pollIntervalMs);
+      return {
+        authCode: authorizationCode,
+        authCodeVerifier: codeVerifier,
+        authErrorMessage: '',
+        userState: 'loggedOut'
+      };
     }
     await delay(pollIntervalMs);
   }
@@ -1659,11 +1751,11 @@ const handleClickLogin = async options => {
     }
     const uid = 0;
     const {
-      loginUrl,
-      redirectUri
+      codeVerifier,
+      loginUrl
     } = await getBackendLoginRequest(backendUrl, platform, uid);
     await invoke$1('Open.openUrl', loginUrl, platform, authUseRedirect);
-    const authState = platform === Electron ? await waitForElectronBackendLogin(backendUrl, uid, redirectUri) : await waitForBackendLogin(backendUrl);
+    const authState = platform === Electron ? await waitForElectronBackendLogin(uid, codeVerifier) : await waitForBackendLogin(backendUrl);
     return {
       ...authState
     };
@@ -1701,14 +1793,13 @@ const commandMap = {
   'Auth.setNextRefreshResponse': setNextRefreshResponse,
   'Auth.syncBackendAuth': syncBackendAuth,
   'HandleMessagePort.handleMessagePort': handleMessagePort,
-  initialize: (_, port) => handleMessagePort(port)
+  initialize: (_, port) => handleMessagePort(port, RendererWorker)
 };
 const initializeRendererWorker = async () => {
-  const rpc = await create$1({
+  await create$1({
     commandMap: commandMap
   });
-  set(rpc);
 };
 const listen = async () => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lvce-editor/auth-worker",
-  "version": "1.11.0",
+  "version": "1.13.0",
   "description": "Auth Worker",
   "repository": {
     "type": "git",