@striae-org/striae 3.0.4

package/app/components/auth/mfa-verification.module.css

@@ -0,0 +1,251 @@
+.container {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background: rgba(0, 0, 0, 0.5);
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  z-index: 1000;
+}
+
+.modal {
+  background: white;
+  border-radius: var(--spaceXS);
+  padding: var(--space2XL);
+  width: 100%;
+  max-width: 400px;
+  box-shadow: 0 var(--spaceM) var(--spaceXL) rgba(0, 0, 0, 0.2);
+}
+
+.title {
+  text-align: center;
+  color: var(--textTitle);
+  margin-bottom: var(--spaceXL);
+  font-size: var(--fontSizeH4);
+}
+
+.hintSelection {
+  margin-bottom: var(--spaceL);
+}
+
+.label {
+  display: block;
+  margin-bottom: var(--spaceS);
+  font-weight: 600;
+  color: var(--textBody);
+}
+
+.select {
+  width: 100%;
+  padding: var(--spaceM);
+  border: 1.5px solid color-mix(in lab, var(--text) 20%, transparent);
+  border-radius: var(--spaceXS);
+  font-size: var(--fontSizeBodyM);
+  background: white;
+  transition: border-color var(--durationS) var(--bezierFastoutSlowin);
+  box-sizing: border-box;
+}
+
+.select:focus {
+  outline: none;
+  border-color: var(--primary);
+  box-shadow: 0 0 0 2px color-mix(in lab, var(--primary) 25%, transparent);
+}
+
+.description {
+  text-align: center;
+  color: var(--textLight);
+  margin-bottom: var(--spaceL);
+  line-height: 1.5;
+}
+
+.errorMessage {
+  background: linear-gradient(135deg, 
+    color-mix(in lab, var(--error) 12%, transparent),
+    color-mix(in lab, var(--error) 8%, transparent)
+  );
+  border: 1px solid color-mix(in lab, var(--error) 30%, transparent);
+  border-left: 4px solid var(--error);
+  color: color-mix(in lab, var(--error) 90%, var(--black));
+  padding: var(--spaceL);
+  border-radius: var(--spaceS);
+  font-size: var(--fontSizeBodyS);
+  margin-bottom: var(--spaceL);
+  text-align: left;
+  line-height: 1.4;
+  position: relative;
+  overflow: hidden;
+  box-shadow: 0 4px 16px color-mix(in lab, var(--text) 10%, transparent);
+  animation: slideInError var(--durationM) var(--bezierFastoutSlowin);
+}
+
+.errorMessage::before {
+  content: '';
+  position: absolute;
+  top: 0;
+  left: 0;
+  right: 0;
+  height: 2px;
+  background: linear-gradient(90deg, var(--error), color-mix(in lab, var(--error) 60%, transparent));
+  animation: shimmer 2s ease-in-out infinite;
+}
+
+.errorMessage:empty {
+  display: none;
+}
+
+.input {
+  width: 100%;
+  padding: var(--spaceM);
+  border: 1.5px solid color-mix(in lab, var(--text) 20%, transparent);
+  border-radius: var(--spaceXS);
+  font-size: var(--fontSizeBodyM);
+  text-align: center;
+  font-family: monospace;
+  letter-spacing: 2px;
+  margin-bottom: var(--spaceL);
+  transition: border-color var(--durationS) var(--bezierFastoutSlowin);
+  box-sizing: border-box;
+}
+
+.input:focus {
+  outline: none;
+  border-color: var(--primary);
+  box-shadow: 0 0 0 2px color-mix(in lab, var(--primary) 25%, transparent);
+}
+
+.button {
+  width: 100%;
+  padding: var(--spaceM) var(--spaceL);
+  border-radius: var(--spaceXS);
+  font-size: var(--fontSizeBodyS);
+  cursor: pointer;
+  background-color: var(--primary);
+  color: var(--white);
+  border: none;
+  transition: all var(--durationS) var(--bezierFastoutSlowin);
+  margin-bottom: var(--spaceM);
+  box-sizing: border-box;
+}
+
+.button:hover:not(:disabled) {
+  background-color: color-mix(in lab, var(--primary) 85%, var(--black));
+}
+
+.button:disabled {
+  background-color: color-mix(in lab, var(--background) 95%, transparent);
+  color: var(--textLight);
+  cursor: not-allowed;
+}
+
+.buttons {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spaceS);
+}
+
+.secondaryButton {
+  padding: var(--spaceS) var(--spaceM);
+  border: 1.5px solid color-mix(in lab, var(--text) 20%, transparent);
+  border-radius: var(--spaceXS);
+  background: transparent;
+  cursor: pointer;
+  font-size: var(--fontSizeBodyS);
+  color: var(--textBody);
+  transition: all var(--durationS) var(--bezierFastoutSlowin);
+  box-sizing: border-box;
+  width: 100%;
+}
+
+.secondaryButton:hover:not(:disabled) {
+  background-color: color-mix(in lab, var(--background) 95%, transparent);
+  border-color: color-mix(in lab, var(--text) 30%, transparent);
+}
+
+.actions {
+  margin-top: var(--spaceL);
+  text-align: center;
+}
+
+.cancelButton {
+  padding: var(--spaceS) var(--spaceL);
+  border: none;
+  background: transparent;
+  cursor: pointer;
+  font-size: var(--fontSizeBodyS);
+  color: var(--textLight);
+  transition: color var(--durationS) var(--bezierFastoutSlowin);
+}
+
+.cancelButton:hover {
+  color: var(--textBody);
+}
+
+.signOutContainer {
+  margin-top: var(--spaceL);
+  padding-top: var(--spaceL);
+  border-top: 1px solid var(--borderLight);
+  text-align: center;
+}
+
+.signOutText {
+  color: var(--textLight);
+  font-size: var(--fontSizeSmall);
+  margin-bottom: var(--spaceM);
+}
+
+.sendCode,
+.verifyCode {
+  text-align: center;
+}
+
+#recaptcha-container {
+  margin-top: var(--spaceM);
+}
+
+/* Animations */
+@keyframes slideInError {
+  from {
+    opacity: 0;
+    transform: translateY(calc(-1 * var(--spaceM))) scaleY(0.8);
+    max-height: 0;
+    padding-top: 0;
+    padding-bottom: 0;
+    margin-top: 0;
+    margin-bottom: 0;
+  }
+  to {
+    opacity: 1;
+    transform: translateY(0) scaleY(1);
+    max-height: 200px;
+    padding-top: var(--spaceL);
+    padding-bottom: var(--spaceL);
+    margin-top: 0;
+    margin-bottom: var(--spaceL);
+  }
+}
+
+@keyframes shimmer {
+  0%, 100% {
+    opacity: 0.6;
+    transform: translateX(-100%);
+  }
+  50% {
+    opacity: 1;
+    transform: translateX(100%);
+  }
+}
+
+/* Reduce motion for accessibility */
+@media (prefers-reduced-motion: reduce) {
+  .errorMessage {
+    animation: none;
+  }
+  
+  .errorMessage::before {
+    animation: none;
+  }
+}

package/app/components/auth/mfa-verification.tsx

@@ -0,0 +1,295 @@
+import { useState, useEffect } from 'react';
+import { 
+  PhoneAuthProvider, 
+  PhoneMultiFactorGenerator, 
+  RecaptchaVerifier,
+  MultiFactorResolver,
+  UserCredential
+} from 'firebase/auth';
+import { auth } from '~/services/firebase';
+import { handleAuthError, getValidationError } from '~/services/firebase-errors';
+import { SignOut } from '~/components/actions/signout';
+import { auditService } from '~/services/audit.service';
+import { generateUniqueId } from '~/utils/id-generator';
+import styles from './mfa-verification.module.css';
+
+interface MFAVerificationProps {
+  resolver: MultiFactorResolver;
+  onSuccess: (result: UserCredential) => void;
+  onError: (error: string) => void;
+  onCancel: () => void;
+}
+
+const isRecaptchaResetError = (authError: { code?: string; message?: string }): boolean => {
+  return (
+    authError.code === 'auth/captcha-check-failed' ||
+    authError.code === 'auth/invalid-app-credential' ||
+    authError.code === 'auth/missing-app-credential' ||
+    (authError.message?.toLowerCase().includes('recaptcha') ?? false)
+  );
+};
+
+export const MFAVerification = ({ resolver, onSuccess, onError, onCancel }: MFAVerificationProps) => {
+  const [selectedHintIndex, setSelectedHintIndex] = useState(0);
+  const [verificationCode, setVerificationCode] = useState('');
+  const [verificationId, setVerificationId] = useState('');
+  const [loading, setLoading] = useState(false);
+  const [codeSent, setCodeSent] = useState(false);
+  const [recaptchaVerifier, setRecaptchaVerifier] = useState<RecaptchaVerifier | null>(null);
+  const [isClient, setIsClient] = useState(false);
+  const [errorMessage, setErrorMessage] = useState('');
+
+  useEffect(() => {
+    setIsClient(true);
+  }, []);
+
+  useEffect(() => {
+    if (!isClient) return;
+    
+    // Initialize reCAPTCHA verifier
+    const verifier = new RecaptchaVerifier(auth, 'recaptcha-container', {
+      size: 'invisible',
+      callback: () => {
+        // reCAPTCHA solved
+      },
+      'expired-callback': () => {
+        const error = getValidationError('MFA_RECAPTCHA_EXPIRED');
+        setErrorMessage(error);
+        onError(error);
+      }
+    });
+    setRecaptchaVerifier(verifier);
+
+    return () => {
+      verifier.clear();
+    };
+  }, [isClient, onError]);
+
+  const sendVerificationCode = async () => {
+    if (!recaptchaVerifier) {
+      const error = getValidationError('MFA_RECAPTCHA_ERROR');
+      setErrorMessage(error);
+      onError(error);
+      return;
+    }
+
+    setLoading(true);
+    setErrorMessage(''); // Clear any previous errors
+    try {
+      const phoneAuthProvider = new PhoneAuthProvider(auth);
+      
+      const phoneInfoOptions = {
+        multiFactorHint: resolver.hints[selectedHintIndex],
+        session: resolver.session
+      };
+
+      const vId = await phoneAuthProvider.verifyPhoneNumber(phoneInfoOptions, recaptchaVerifier);
+      setVerificationId(vId);
+      setCodeSent(true);
+    } catch (error: unknown) {
+      const authError = error as { code?: string; message?: string };
+      let errorMsg = handleAuthError(authError).message;
+
+      if (isRecaptchaResetError(authError)) {
+        errorMsg = getValidationError('MFA_RECAPTCHA_ERROR');
+      }
+      setErrorMessage(errorMsg);
+      onError(errorMsg);
+      if (recaptchaVerifier) {
+        recaptchaVerifier.clear();
+      }
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const verifyCode = async () => {
+    if (!verificationId) {
+      const error = getValidationError('MFA_NO_VERIFICATION_ID');
+      setErrorMessage(error);
+      onError(error);
+      return;
+    }
+    
+    if (!verificationCode.trim()) {
+      const error = getValidationError('MFA_CODE_REQUIRED');
+      setErrorMessage(error);
+      onError(error);
+      return;
+    }
+
+    setLoading(true);
+    setErrorMessage(''); // Clear any previous errors
+    try {
+      const credential = PhoneAuthProvider.credential(verificationId, verificationCode);
+      const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(credential);
+      
+      const result = await resolver.resolveSignIn(multiFactorAssertion);
+      
+      // Log successful MFA authentication audit event
+      try {
+        const sessionId = `session_${result.user.uid}_${Date.now()}_${generateUniqueId(8)}`;
+        await auditService.logMfaAuthentication(
+          result.user,
+          'sms',
+          'success',
+          1, // Assuming first successful attempt since we got here
+          sessionId,
+          navigator.userAgent
+        );
+      } catch (auditError) {
+        console.error('Failed to log MFA authentication success audit:', auditError);
+        // Continue with success flow even if audit logging fails
+      }
+      
+      onSuccess(result);
+    } catch (error: unknown) {
+      const authError = error as { code?: string; message?: string };
+      let errorMsg = '';
+
+      if (authError.code === 'auth/invalid-verification-code') {
+        errorMsg = getValidationError('MFA_INVALID_CODE');
+      } else if (authError.code === 'auth/code-expired') {
+        errorMsg = getValidationError('MFA_CODE_EXPIRED');
+      } else if (isRecaptchaResetError(authError)) {
+        errorMsg = getValidationError('MFA_RECAPTCHA_ERROR');
+      } else {
+        const fallbackMessage = handleAuthError(authError).message;
+        errorMsg = fallbackMessage;
+      }
+      setErrorMessage(errorMsg);
+      onError(errorMsg);
+      
+      // Log security violation for failed MFA attempts
+      try {
+        let severity: 'low' | 'medium' | 'high' | 'critical' = 'medium';
+        let incidentType: 'unauthorized-access' | 'brute-force' = 'unauthorized-access';
+        
+        if (authError.code === 'auth/invalid-verification-code') {
+          severity = 'high'; // Invalid MFA codes are serious security events
+          incidentType = 'brute-force';
+        }
+        
+        await auditService.logSecurityViolation(
+          null, // No user object during MFA verification failure
+          incidentType,
+          severity,
+          `Failed MFA verification: ${authError.code} - ${errorMsg}`,
+          'mfa-verification-endpoint',
+          true // Blocked by system
+        );
+      } catch (auditError) {
+        console.error('Failed to log MFA security violation audit:', auditError);
+        // Continue with error flow even if audit logging fails
+      }
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const selectedHint = resolver.hints[selectedHintIndex];
+  const maskedPhoneNumber = selectedHint?.displayName || 'your phone';
+
+  if (!isClient) {
+    return null;
+  }
+
+  return (
+    <div className={styles.container}>
+      <div className={styles.modal}>
+        <h2 className={styles.title}>Two-Factor Authentication Required</h2>
+        
+        {errorMessage && (
+          <div className={styles.errorMessage}>
+            {errorMessage}
+          </div>
+        )}
+        
+        {resolver.hints.length > 1 && (
+          <div className={styles.hintSelection}>
+            <label htmlFor="hint-select" className={styles.label}>Choose verification method:</label>
+            <select 
+              id="hint-select"
+              title="Select verification method"
+              value={selectedHintIndex} 
+              onChange={(e) => {
+                setSelectedHintIndex(Number(e.target.value));
+                if (errorMessage) setErrorMessage(''); // Clear error when changing method
+              }}
+              className={styles.select}
+            >
+              {resolver.hints.map((hint, index) => (
+                <option key={index} value={index}>
+                  {hint.displayName || `Phone verification ${index + 1}`}
+                </option>
+              ))}
+            </select>
+          </div>
+        )}
+
+        {!codeSent ? (
+          <div className={styles.sendCode}>
+            <p className={styles.description}>
+              We&apos;ll send a verification code to {maskedPhoneNumber}
+            </p>
+            <button 
+              onClick={sendVerificationCode} 
+              disabled={loading}
+              className={styles.button}
+            >
+              {loading ? 'Sending...' : 'Send Verification Code'}
+            </button>
+          </div>
+        ) : (
+          <div className={styles.verifyCode}>
+            <p className={styles.description}>
+              Enter the verification code sent to {maskedPhoneNumber}
+            </p>
+            <input
+              type="text"
+              placeholder="Enter 6-digit code"
+              value={verificationCode}
+              onChange={(e) => {
+                setVerificationCode(e.target.value);
+                if (errorMessage) setErrorMessage(''); // Clear error on input
+              }}
+              className={styles.input}
+              maxLength={6}
+            />
+            <div className={styles.buttons}>
+              <button 
+                onClick={verifyCode} 
+                disabled={loading || verificationCode.length !== 6}
+                className={styles.button}
+              >
+                {loading ? 'Verifying...' : 'Verify Code'}
+              </button>
+              <button 
+                onClick={() => {
+                  setCodeSent(false);
+                  setVerificationCode('');
+                  setVerificationId('');
+                  setErrorMessage(''); // Clear errors when requesting new code
+                }}
+                className={styles.secondaryButton}
+              >
+                Send New Code
+              </button>
+            </div>
+          </div>
+        )}
+
+        <div className={styles.actions}>
+          <button onClick={onCancel} className={styles.cancelButton}>
+            Cancel
+          </button>
+          <div className={styles.signOutContainer}>
+            <p className={styles.signOutText}>Need to sign in with a different account?</p>
+            <SignOut redirectTo="/" />
+          </div>
+        </div>        
+        <div id="recaptcha-container"></div>
+      </div>
+    </div>
+  );
+};

package/app/components/button/button.module.css

@@ -0,0 +1,63 @@
+.button {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 50px;
+  height: 50px;
+  border-radius: var(--radiusM);
+  border: none;
+  background: var(--backgroundLight);
+  cursor: pointer;
+  transition: all var(--durationS) var(--bezierFastoutSlowin);
+  box-shadow: 0 1px 3px color-mix(in lab, var(--backgroundLight) 30%, transparent);
+}
+
+.button:hover {
+  background: color-mix(in lab, var(--backgroundLight) 85%, var(--black));
+  transform: translateY(-1px);
+  box-shadow: 0 2px 6px color-mix(in lab, var(--backgroundLight) 40%, transparent);
+}
+
+.button.active {
+  background: var(--success);
+  box-shadow: 0 1px 3px color-mix(in lab, var(--success) 30%, transparent);
+}
+
+.button.active:hover {
+  background: color-mix(in lab, var(--success) 85%, var(--black));
+  transform: translateY(-1px);
+  box-shadow: 0 2px 6px color-mix(in lab, var(--success) 40%, transparent);
+}
+
+.button.disabled {
+  opacity: 0.5;
+  cursor: not-allowed;
+  pointer-events: none;
+  transform: none;
+  box-shadow: none;
+}
+
+.button.disabled:hover {
+  background: var(--backgroundLight);
+  transform: none;
+  box-shadow: none;
+}
+
+.icon {  
+  color: var(--text);
+  transition: color var(--durationS) var(--bezierFastoutSlowin);
+}
+
+.spinner {
+  width: 20px;
+  height: 20px;
+  border: 2px solid color-mix(in lab, var(--text) 20%, transparent);
+  border-top: 2px solid var(--text);
+  border-radius: 50%;
+  animation: spin 1s linear infinite;
+}
+
+@keyframes spin {
+  0% { transform: rotate(0deg); }
+  100% { transform: rotate(360deg); }
+}

package/app/components/button/button.tsx

@@ -0,0 +1,46 @@
+import { Icon } from '../icon/icon';
+import styles from './button.module.css';
+import { classes } from '~/utils/style';
+
+interface ButtonProps {
+  iconId: string;
+  isActive?: boolean;
+  onClick?: () => void;
+  ariaLabel: string;
+  title?: string;
+  disabled?: boolean;
+  showSpinner?: boolean;
+}
+
+export const Button = ({ 
+  iconId, 
+  isActive = false, 
+  onClick,
+  ariaLabel,
+  title,
+  disabled = false,
+  showSpinner = false
+}: ButtonProps) => {
+  return (
+    <button
+      className={classes(styles.button, isActive && styles.active, disabled && styles.disabled)}
+      onClick={disabled ? undefined : onClick}
+      aria-label={ariaLabel}
+      aria-pressed={isActive}
+      title={title || ariaLabel}
+      disabled={disabled}
+    >
+      {showSpinner ? (
+        <div className={styles.spinner}></div>
+      ) : (
+        <Icon
+          size={30}        
+          icon={iconId} 
+          className={styles.icon}
+        />
+      )}
+    </button>
+  );
+};
+
+Button.displayName = 'Button';