@vizamodo/modo-dispatcher 1.1.77

package/dist/auth/oauth/auth-session-store.js

@@ -0,0 +1,46 @@
+export class AuthSessionStore {
+    static SESSION_TTL_MS = 1000 * 60 * 10;
+    sessions = new Map();
+    create(sessionId) {
+        const now = Date.now();
+        const session = {
+            sessionId,
+            status: "pending",
+            createdAt: now,
+            updatedAt: now,
+        };
+        this.sessions.set(sessionId, session);
+        setTimeout(() => {
+            this.sessions.delete(sessionId);
+        }, AuthSessionStore.SESSION_TTL_MS);
+        return session;
+    }
+    get(sessionId) {
+        return this.sessions.get(sessionId);
+    }
+    applyResult(payload) {
+        const session = this.sessions.get(payload.sessionId);
+        if (!session)
+            return undefined;
+        if (session.status !== "pending")
+            return session;
+        session.status = payload.status;
+        if (payload.login !== undefined)
+            session.login = payload.login;
+        if (payload.email !== undefined)
+            session.email = payload.email;
+        if (payload.avatarUrl !== undefined)
+            session.avatarUrl = payload.avatarUrl;
+        if (payload.teams !== undefined)
+            session.teams = payload.teams;
+        if (payload.error !== undefined) {
+            // (debug logging removed)
+            session.error = payload.error;
+        }
+        session.updatedAt = Date.now();
+        return session;
+    }
+    delete(sessionId) {
+        this.sessions.delete(sessionId);
+    }
+}

package/dist/auth/oauth/callback-server.d.ts

@@ -0,0 +1,21 @@
+import { AuthSessionResultPayload } from "./auth-session-store.js";
+export interface OAuthCallbackResult {
+    code: string;
+    state?: string;
+    sessionId: string;
+    port: number;
+    notifyAuthResult: (payload: Omit<AuthSessionResultPayload, "sessionId">) => Promise<void>;
+    close: () => Promise<void>;
+}
+export interface OAuthCallbackServer {
+    port: number;
+    waitForCallback(): Promise<OAuthCallbackResult>;
+    close(): Promise<void>;
+}
+export declare function createOAuthCallbackServer(preferredPort: number, callbackPath?: string): Promise<OAuthCallbackServer>;
+/**
+ * Backward-compatible helper: start the callback server and wait for the
+ * OAuth callback in one call.  Prefer {@link createOAuthCallbackServer}
+ * when you need to know the bound port before opening the browser.
+ */
+export declare function waitForOAuthCallback(preferredPort: number, callbackPath?: string): Promise<OAuthCallbackResult>;

package/dist/auth/oauth/callback-server.js

@@ -0,0 +1,319 @@
+import { randomBytes } from "node:crypto";
+import fs from "node:fs";
+import http from "node:http";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { URL } from "node:url";
+import { AuthSessionStore, } from "./auth-session-store.js";
+import { SseHub } from "./sse.js";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const pendingTemplate = fs.readFileSync(path.join(__dirname, "templates", "pending.html"), "utf8");
+const successTemplate = fs.readFileSync(path.join(__dirname, "templates", "success.html"), "utf8");
+const failedTemplate = fs.readFileSync(path.join(__dirname, "templates", "failed.html"), "utf8");
+function escapeHtml(value) {
+    // Build HTML entities via char codes to avoid template parsing issues
+    const AMP = String.fromCharCode(38) + "amp;";
+    const LT = String.fromCharCode(38) + "lt;";
+    const GT = String.fromCharCode(38) + "gt;";
+    const QUOT = String.fromCharCode(38) + "quot;";
+    return value
+        .replace(/&/g, AMP)
+        .replace(/</g, LT)
+        .replace(/>/g, GT)
+        .replace(/"/g, QUOT)
+        .replace(/'/g, "&#39;");
+}
+async function parseJsonBody(req) {
+    const chunks = [];
+    for await (const chunk of req) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    }
+    const raw = Buffer.concat(chunks).toString("utf8");
+    return raw ? JSON.parse(raw) : {};
+}
+function isStructuredAuthError(value) {
+    if (!value || typeof value !== "object")
+        return false;
+    const candidate = value;
+    return typeof candidate.code === "string" && typeof candidate.message === "string";
+}
+function isAuthSessionResultPayload(value) {
+    if (!value || typeof value !== "object")
+        return false;
+    const candidate = value;
+    if (typeof candidate.sessionId !== "string" || candidate.sessionId.length === 0) {
+        return false;
+    }
+    if (candidate.status !== "success" && candidate.status !== "failed") {
+        return false;
+    }
+    if (candidate.status === "failed" && !isStructuredAuthError(candidate.error)) {
+        return false;
+    }
+    return true;
+}
+function renderSuccess(session) {
+    const login = escapeHtml(session?.login ?? "unknown");
+    const email = escapeHtml(typeof session?.email === "string" && session.email.length > 0
+        ? session.email
+        : "🔒 Protected by GitHub");
+    const avatarUrl = escapeHtml(session?.avatarUrl ?? "");
+    const teams = escapeHtml(session?.teams?.join(", ") ?? "n/a");
+    return successTemplate
+        .replaceAll("__USERNAME__", login)
+        .replaceAll("__EMAIL__", email)
+        .replaceAll("__AVATAR_URL__", avatarUrl)
+        .replaceAll("__TEAMS__", teams);
+}
+function renderFailed(session) {
+    const error = session?.error;
+    // (debug logging removed)
+    const errorCode = safeDisplayText(error?.code);
+    const errorMessage = safeDisplayText(error?.message);
+    const githubLogin = safeDisplayText(error?.githubLogin);
+    const githubUserId = safeDisplayText(typeof error?.githubUserId === "number" ? String(error.githubUserId) : undefined);
+    const suggestion = safeDisplayText(error?.suggestion);
+    return failedTemplate
+        .replaceAll("__ERROR_CODE__", escapeHtml(errorCode))
+        .replaceAll("__ERROR_MESSAGE__", escapeHtml(errorMessage))
+        .replaceAll("__GITHUB_LOGIN__", escapeHtml(githubLogin))
+        .replaceAll("__GITHUB_USER_ID__", escapeHtml(githubUserId))
+        .replaceAll("__SUGGESTION__", escapeHtml(suggestion));
+}
+function safeDisplayText(value) {
+    if (typeof value !== "string") {
+        return "-";
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : "-";
+}
+export function createOAuthCallbackServer(preferredPort, callbackPath = "/callback") {
+    return new Promise((resolveServer, rejectServer) => {
+        const store = new AuthSessionStore();
+        const sse = new SseHub();
+        let callbackResolved = false;
+        let actualPort = preferredPort;
+        const sockets = new Set();
+        let callbackResolve;
+        let callbackReject;
+        const waitForCallback = () => new Promise((res, rej) => {
+            callbackResolve = res;
+            callbackReject = rej;
+        });
+        const closeServer = async (options) => {
+            const delayMs = options?.delayMs ?? 0;
+            if (delayMs > 0) {
+                await new Promise((resolveDelay) => {
+                    setTimeout(resolveDelay, delayMs);
+                });
+            }
+            sse.closeAll();
+            await new Promise((closeResolve) => {
+                server.close(() => {
+                    for (const socket of sockets) {
+                        socket.destroy();
+                    }
+                    sockets.clear();
+                    closeResolve();
+                });
+            });
+        };
+        const server = http.createServer(async (req, res) => {
+            try {
+                if (!req.url) {
+                    res.statusCode = 400;
+                    res.end("missing url");
+                    return;
+                }
+                const url = new URL(req.url, `http://127.0.0.1:${actualPort}`);
+                if (req.method === "GET" && url.pathname === callbackPath) {
+                    const code = url.searchParams.get("code");
+                    const state = url.searchParams.get("state") ?? undefined;
+                    if (!code) {
+                        res.statusCode = 400;
+                        res.end("missing code");
+                        return;
+                    }
+                    const sessionId = randomBytes(12).toString("hex");
+                    store.create(sessionId);
+                    res.statusCode = 200;
+                    res.setHeader("Content-Type", "text/html; charset=utf-8");
+                    res.end(pendingTemplate.replaceAll("__SESSION_ID__", sessionId));
+                    if (!callbackResolved) {
+                        callbackResolved = true;
+                        callbackResolve({
+                            code,
+                            ...(state ? { state } : {}),
+                            sessionId,
+                            port: actualPort,
+                            notifyAuthResult: async (payload) => {
+                                const body = {
+                                    sessionId,
+                                    ...payload,
+                                };
+                                await fetch(`http://127.0.0.1:${actualPort}/auth-result`, {
+                                    method: "POST",
+                                    headers: { "Content-Type": "application/json" },
+                                    body: JSON.stringify(body),
+                                });
+                            },
+                            close: () => closeServer({ delayMs: 5000 }),
+                        });
+                    }
+                    return;
+                }
+                if (req.method === "GET" && url.pathname === "/events") {
+                    const sessionId = url.searchParams.get("sessionId");
+                    if (!sessionId) {
+                        res.statusCode = 400;
+                        res.end("missing sessionId");
+                        return;
+                    }
+                    const session = store.get(sessionId);
+                    if (!session) {
+                        res.statusCode = 404;
+                        res.end("session not found");
+                        return;
+                    }
+                    sse.addClient(sessionId, res);
+                    if (session.status === "success") {
+                        sse.emit(sessionId, "success", {
+                            success: true,
+                            login: session.login,
+                            email: session.email,
+                            avatarUrl: session.avatarUrl,
+                            teams: session.teams,
+                        });
+                    }
+                    if (session.status === "failed") {
+                        sse.emit(sessionId, "failed", {
+                            success: false,
+                            error: session.error,
+                        });
+                    }
+                    return;
+                }
+                if (req.method === "POST" && url.pathname === "/auth-result") {
+                    const body = await parseJsonBody(req);
+                    if (!isAuthSessionResultPayload(body)) {
+                        console.error("[auth] malformed /auth-result payload", {
+                            received: body,
+                        });
+                        res.statusCode = 400;
+                        res.end("invalid payload");
+                        return;
+                    }
+                    const session = store.applyResult(body);
+                    if (!session) {
+                        res.statusCode = 404;
+                        res.end("session not found");
+                        return;
+                    }
+                    if (session.status === "success") {
+                        sse.emit(session.sessionId, "success", {
+                            success: true,
+                            login: session.login,
+                            email: session.email,
+                            avatarUrl: session.avatarUrl,
+                            teams: session.teams,
+                        });
+                        res.setHeader("Content-Type", "application/json; charset=utf-8");
+                        res.end(JSON.stringify({
+                            success: true,
+                            login: session.login ?? "",
+                            email: session.email ?? "",
+                            avatarUrl: session.avatarUrl ?? "",
+                            teams: session.teams ?? [],
+                        }));
+                        return;
+                    }
+                    sse.emit(session.sessionId, "failed", {
+                        success: false,
+                        error: session.error,
+                    });
+                    res.setHeader("Content-Type", "application/json; charset=utf-8");
+                    res.end(JSON.stringify({
+                        success: false,
+                        error: session.error,
+                    }));
+                    return;
+                }
+                if (req.method === "GET" && url.pathname === "/success") {
+                    const sessionId = url.searchParams.get("sessionId") ?? "";
+                    const session = store.get(sessionId);
+                    if (!session) {
+                        res.statusCode = 404;
+                        res.end("session not found");
+                        return;
+                    }
+                    res.statusCode = 200;
+                    res.setHeader("Content-Type", "text/html; charset=utf-8");
+                    res.end(renderSuccess(session));
+                    store.delete(sessionId);
+                    setTimeout(() => {
+                        void closeServer();
+                    }, 100);
+                    return;
+                }
+                if (req.method === "GET" && url.pathname === "/failed") {
+                    const sessionId = url.searchParams.get("sessionId") ?? "";
+                    const session = store.get(sessionId);
+                    if (!session) {
+                        res.statusCode = 404;
+                        res.end("session not found");
+                        return;
+                    }
+                    res.statusCode = 200;
+                    res.setHeader("Content-Type", "text/html; charset=utf-8");
+                    res.end(renderFailed(session));
+                    store.delete(sessionId);
+                    setTimeout(() => {
+                        void closeServer();
+                    }, 100);
+                    return;
+                }
+                res.statusCode = 404;
+                res.end("not found");
+            }
+            catch (error) {
+                res.statusCode = 500;
+                res.end("internal error");
+            }
+        });
+        server.on("connection", (socket) => {
+            sockets.add(socket);
+            socket.on("close", () => sockets.delete(socket));
+        });
+        server.on("error", (err) => {
+            if (actualPort !== 0 && "code" in err && err.code === "EADDRINUSE") {
+                console.warn(`[auth] port ${actualPort} in use, retrying with random port...`);
+                actualPort = 0;
+                server.listen(0, "127.0.0.1");
+                return;
+            }
+            rejectServer(err);
+        });
+        server.on("listening", () => {
+            const address = server.address();
+            if (address && typeof address === "object") {
+                actualPort = address.port;
+            }
+            resolveServer({
+                port: actualPort,
+                waitForCallback,
+                close: () => closeServer(),
+            });
+        });
+        server.listen(actualPort, "127.0.0.1");
+    });
+}
+/**
+ * Backward-compatible helper: start the callback server and wait for the
+ * OAuth callback in one call.  Prefer {@link createOAuthCallbackServer}
+ * when you need to know the bound port before opening the browser.
+ */
+export async function waitForOAuthCallback(preferredPort, callbackPath = "/callback") {
+    const srv = await createOAuthCallbackServer(preferredPort, callbackPath);
+    return srv.waitForCallback();
+}

package/dist/auth/oauth/github.d.ts

@@ -0,0 +1,14 @@
+import { TokenPair } from "../session/types.js";
+import { GatewayBootstrapMap } from "../../core/bootstrap.js";
+export interface ExchangeGithubCodeOptions {
+    exchangeEndpoint: string;
+    code: string;
+    state?: string;
+    codeVerifier?: string;
+    redirectUri?: string;
+}
+export interface ExchangeResult {
+    tokenPair: TokenPair;
+    bootstrap?: GatewayBootstrapMap | undefined;
+}
+export declare function exchangeGithubCodeForTokens(options: ExchangeGithubCodeOptions): Promise<ExchangeResult>;

package/dist/auth/oauth/github.js

@@ -0,0 +1,100 @@
+import { AuthError } from "./auth-error.js";
+export async function exchangeGithubCodeForTokens(options) {
+    let res;
+    try {
+        res = await fetch(options.exchangeEndpoint, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                code: options.code,
+                state: options.state,
+                code_verifier: options.codeVerifier,
+                redirect_uri: options.redirectUri,
+            }),
+        });
+    }
+    catch {
+        throw new AuthError({
+            code: "authentication_failed",
+            message: "Authentication could not be completed.",
+            suggestion: "Retry login again.",
+        });
+    }
+    let json;
+    try {
+        json = await res.json();
+    }
+    catch {
+        throw new AuthError({
+            code: "authentication_failed",
+            message: "Authentication could not be completed.",
+            suggestion: "Retry login again.",
+        });
+    }
+    // (debug logging removed)
+    if (!isExchangeResponse(json)) {
+        throw new AuthError({
+            code: "authentication_failed",
+            message: "Authentication could not be completed.",
+            suggestion: "Retry login again.",
+        });
+    }
+    if (json.success === false) {
+        throw new AuthError(json.error);
+    }
+    const accessToken = typeof json.access_token === "string"
+        ? json.access_token
+        : typeof json.accessToken === "string"
+            ? json.accessToken
+            : undefined;
+    const refreshToken = typeof json.refresh_token === "string"
+        ? json.refresh_token
+        : typeof json.refreshToken === "string"
+            ? json.refreshToken
+            : undefined;
+    if (!accessToken || !refreshToken) {
+        throw new AuthError({
+            code: "authentication_failed",
+            message: "Authentication could not be completed.",
+            suggestion: "Retry login again.",
+        });
+    }
+    const accessTokenExpiresAt = toMillis(json.accessTokenExpiresAt);
+    const refreshTokenExpiresAt = toMillis(json.refreshTokenExpiresAt);
+    const tokenPair = {
+        accessToken,
+        refreshToken,
+        tokenType: "Bearer",
+        ...(accessTokenExpiresAt ? { accessTokenExpiresAt } : {}),
+        ...(refreshTokenExpiresAt ? { refreshTokenExpiresAt } : {}),
+    };
+    return {
+        tokenPair,
+        bootstrap: json.bootstrap,
+    };
+}
+function isExchangeResponse(value) {
+    if (!value || typeof value !== "object")
+        return false;
+    const candidate = value;
+    if (candidate["success"] === false) {
+        if (!candidate["error"] || typeof candidate["error"] !== "object")
+            return false;
+        const error = candidate["error"];
+        return typeof error["code"] === "string" && typeof error["message"] === "string";
+    }
+    if (candidate["success"] === true) {
+        return true;
+    }
+    return false;
+}
+function toMillis(value) {
+    if (typeof value === "number") {
+        return value > 1e12 ? value : value * 1000;
+    }
+    if (typeof value === "string") {
+        const ts = Date.parse(value);
+        return Number.isNaN(ts) ? undefined : ts;
+    }
+    return undefined;
+}

package/dist/auth/oauth/sse.d.ts

@@ -0,0 +1,11 @@
+import http from "node:http";
+export type SseEventName = "success" | "failed";
+export declare class SseHub {
+    private readonly clients;
+    private heartbeatTimer;
+    addClient(sessionId: string, res: http.ServerResponse): void;
+    emit(sessionId: string, event: SseEventName, payload: unknown): void;
+    closeAll(): void;
+    private ensureHeartbeat;
+    private stopHeartbeatIfIdle;
+}

package/dist/auth/oauth/sse.js

@@ -0,0 +1,67 @@
+export class SseHub {
+    clients = new Map();
+    heartbeatTimer = null;
+    addClient(sessionId, res) {
+        res.statusCode = 200;
+        res.setHeader("Content-Type", "text/event-stream");
+        res.setHeader("Cache-Control", "no-cache, no-transform");
+        res.setHeader("Connection", "keep-alive");
+        res.setHeader("X-Accel-Buffering", "no");
+        res.flushHeaders();
+        res.write(": connected\n\n");
+        let set = this.clients.get(sessionId);
+        if (!set) {
+            set = new Set();
+            this.clients.set(sessionId, set);
+        }
+        set.add(res);
+        this.ensureHeartbeat();
+        res.on("close", () => {
+            const current = this.clients.get(sessionId);
+            if (!current)
+                return;
+            current.delete(res);
+            if (current.size === 0) {
+                this.clients.delete(sessionId);
+            }
+        });
+    }
+    emit(sessionId, event, payload) {
+        const set = this.clients.get(sessionId);
+        if (!set || set.size === 0)
+            return;
+        const data = `event: ${event}\ndata: ${JSON.stringify(payload)}\n\n`;
+        for (const res of set) {
+            res.write(data);
+            res.end();
+        }
+        this.clients.delete(sessionId);
+        this.stopHeartbeatIfIdle();
+    }
+    closeAll() {
+        for (const set of this.clients.values()) {
+            for (const res of set) {
+                res.end();
+            }
+        }
+        this.clients.clear();
+        this.stopHeartbeatIfIdle();
+    }
+    ensureHeartbeat() {
+        if (this.heartbeatTimer)
+            return;
+        this.heartbeatTimer = setInterval(() => {
+            for (const set of this.clients.values()) {
+                for (const res of set) {
+                    res.write(": ping\n\n");
+                }
+            }
+        }, 15_000);
+    }
+    stopHeartbeatIfIdle() {
+        if (this.clients.size !== 0 || !this.heartbeatTimer)
+            return;
+        clearInterval(this.heartbeatTimer);
+        this.heartbeatTimer = null;
+    }
+}