@mindfulauth/core 2.0.0-beta.7 → 2.0.0-beta.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/astro/SecurityScript.astro +13 -54
  2. package/package.json +1 -1
package/dist/astro/SecurityScript.astro CHANGED
@@ -6,56 +6,17 @@
6
6
  // Security Settings Script - Astro Optimized
7
7
  // Combines: Change Password + 2FA Management + Add Authentication Method
8
8
 
9
- // ============================================================================
10
- // QRCODE DYNAMIC LOADING (bundled via qrcode npm package)
11
- // ============================================================================
12
-
13
- // Capture CDN origin at load time for loading co-hosted libraries
14
- const __cdnOrigin = (() => {
15
- try {
16
- if (document.currentScript && document.currentScript.src) {
17
- return new URL(document.currentScript.src).origin;
18
- }
19
- } catch (_) {}
20
- return '';
21
- })();
22
-
23
- /**
24
- * Dynamically loads the bundled QRCode library from the same CDN origin.
25
- * Uses the qrcode npm package (bundled as IIFE via esbuild).
26
- * Exposes QRCode.toCanvas(), QRCode.toDataURL(), QRCode.toString()
27
- * @returns {Promise<void>}
28
- */
29
- async function loadQRCodeLibrary() {
30
- return new Promise((resolve, reject) => {
31
- if (typeof QRCode !== 'undefined' && QRCode.toCanvas) {
32
- resolve();
33
- return;
34
- }
35
-
36
- const script = document.createElement('script');
37
- script.src = `${__cdnOrigin}/lib/qrcode.js`;
38
- script.onload = () => resolve();
39
- script.onerror = () => reject(new Error('Failed to load QR code library'));
40
- document.head.appendChild(script);
41
- });
42
- }
43
-
44
9
  // ============================================================================
45
10
  // RECORDID EXTRACTION HELPER
46
11
  // ============================================================================
47
12
 
48
13
  /**
49
- * Extracts recordid from window variable (injected server-side by backend)
50
- * Backend MUST inject this variable for all implementations
51
- * Architecture
52
- * - All protected routes require /{memberid}/page URL structure
53
- * - Backend extracts memberid from URL path and validates against session
54
- * - Frontend receives memberid via window.MEMBERID injection
55
- * @returns {string|null} The recordid if found, null otherwise
14
+ * Extracts the recordId from the URL path (/{memberid}/...).
15
+ * The memberid is the first path segment, already validated server-side by middleware.
16
+ * @returns {string|undefined} The recordId if found, undefined otherwise
56
17
  */
57
18
  function getRecordId() {
58
- return window.MEMBERID || null;
19
+ return window.location.pathname.split('/').filter(Boolean)[0] || undefined;
59
20
  }
60
21
 
61
22
  // ============================================================================
@@ -214,22 +175,20 @@ function init2FA() {
214
175
  setupDiv.removeAttribute('hidden');
215
176
  setupDiv.classList && setupDiv.classList.remove('hidden');
216
177
  setupDiv.style.display = 'flex';
217
- qrCodeContainer.innerHTML = '';
178
+ qrCodeContainer.replaceChildren();
218
179
 
219
- messageEl.textContent = 'Loading QR code generator...';
180
+ messageEl.textContent = 'Generating QR code...';
220
181
  try {
221
- // Load QRCode library dynamically
222
- await loadQRCodeLibrary();
223
-
224
- messageEl.textContent = 'Generating secret key...';
225
182
  const response = await window.apiFetch('/auth/setup-2fa', { body: JSON.stringify({ recordid }) });
226
183
  const result = await response.json();
227
184
  if (result.success) {
228
- qrCodeContainer.innerHTML = '';
185
+ qrCodeContainer.replaceChildren();
229
186
 
230
- const canvas = document.createElement('canvas');
231
- await QRCode.toCanvas(canvas, result.otpauthUri, { width: 256, margin: 2 });
232
- qrCodeContainer.appendChild(canvas);
187
+ const img = document.createElement('img');
188
+ img.src = result.qrCodeDataUrl;
189
+ img.width = 256;
190
+ img.alt = 'QR code for authenticator app';
191
+ qrCodeContainer.appendChild(img);
233
192
 
234
193
  messageEl.textContent = 'Scan the QR code with your authenticator app and enter the code below.';
235
194
  } else {
@@ -269,7 +228,7 @@ function init2FA() {
269
228
  messageEl.textContent = result.message;
270
229
 
271
230
  if (result.recoveryCodes && result.recoveryCodes.length > 0) {
272
- recoveryList.innerHTML = '';
231
+ recoveryList.replaceChildren();
273
232
  result.recoveryCodes.forEach(code => {
274
233
  const li = document.createElement('li');
275
234
  li.textContent = code;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mindfulauth/core",
3
- "version": "2.0.0-beta.7",
3
+ "version": "2.0.0-beta.9",
4
4
  "description": "Mindful Auth core authentication library for Astro 6",
5
5
  "type": "module",
6
6
  "main": "./dist/core/index.js",