unbrowse 2.12.2 → 2.12.7

package/runtime-src/auth/index.ts

@@ -6,13 +6,10 @@ import { log } from "../logger.js";
 import path from "node:path";
 import os from "node:os";
 import fs from "node:fs";
-import { getDefaultLoginConfig } from "../runtime/supervisor.js";
 
 const LOGIN_TIMEOUT_MS = 300_000;
 const POLL_INTERVAL_MS = 2_000;
 const MIN_WAIT_MS = 15_000;
-const LOGIN_PATHS = /\/(login|signin|sign-in|sso|auth|oauth|uas\/login|checkpoint)/i;
-const CLOUDFLARE_TEXT = /just a moment|attention required|verify you are human|cloudflare/i;
 
 /**
  * Returns the persistent profile directory for a given domain.
@@ -29,68 +26,6 @@ export interface LoginResult {
   error?: string;
 }
 
-export interface BrowserAuthSourceMeta {
-  family?: string;
-  userDataDir?: string;
-  cookieDbPath?: string;
-}
-
-export interface StoredAuthBundle {
-  cookies: AuthCookie[];
-  headers: Record<string, string>;
-  source_keys: string[];
-  source_meta?: BrowserAuthSourceMeta | null;
-}
-
-export type InteractiveLoginAssessment =
-  | { status: "pending"; reason: string }
-  | { status: "authenticated"; reason: string }
-  | { status: "blocked"; reason: string };
-
-export function assessInteractiveLoginState(input: {
-  currentUrl: string;
-  targetDomain: string;
-  initialCookieCount: number;
-  currentCookieCount: number;
-  hasCloudflareChallenge?: boolean;
-  pageText?: string;
-}): InteractiveLoginAssessment {
-  let parsed: URL;
-  try {
-    parsed = new URL(input.currentUrl);
-  } catch {
-    return { status: "pending", reason: "invalid_url" };
-  }
-
-  const currentDomain = parsed.hostname.toLowerCase();
-  const targetNorm = input.targetDomain.toLowerCase();
-  const isOnTarget = currentDomain === targetNorm || currentDomain.endsWith(`.${targetNorm}`);
-  if (!isOnTarget) return { status: "pending", reason: "off_target_domain" };
-
-  if (input.hasCloudflareChallenge) return { status: "blocked", reason: "cloudflare_challenge" };
-  if (input.pageText && CLOUDFLARE_TEXT.test(input.pageText)) return { status: "blocked", reason: "cloudflare_text" };
-  if (LOGIN_PATHS.test(parsed.pathname)) return { status: "pending", reason: "still_on_login_path" };
-
-  if (input.currentCookieCount > input.initialCookieCount) {
-    return { status: "authenticated", reason: "new_cookies_on_target" };
-  }
-  if (input.currentCookieCount > 0) {
-    return { status: "authenticated", reason: "cookies_present_on_target" };
-  }
-
-  return { status: "pending", reason: "no_session_cookies" };
-}
-
-export function storedAuthNeedsBrowserRefresh(bundle: StoredAuthBundle | null | undefined): boolean {
-  if (!bundle) return true;
-  if (bundle.cookies.length === 0 && Object.keys(bundle.headers).length === 0) return true;
-  const sourceMeta = bundle.source_meta;
-  if (!sourceMeta) return true;
-  if (sourceMeta.family === "chromium" && !sourceMeta.userDataDir && !sourceMeta.cookieDbPath) {
-    return true;
-  }
-  return false;
-}
 /**
  * Open a visible browser for the user to complete login.
  * Uses Kuri to manage the browser tab, polls for login completion via cookies.
@@ -105,20 +40,11 @@ export async function interactiveLogin(
   const targetDomain = domain ?? new URL(url).hostname;
   const profileDir = getProfilePath(targetDomain);
 
-  const isHeadless = process.env.HEADLESS === "true" || process.env.HEADLESS === "1";
-  const loginConfig = getDefaultLoginConfig(isHeadless);
-  log("auth", `interactiveLogin — url: ${url}, domain: ${targetDomain}, interactive: ${loginConfig.interactive}, timeout: ${loginConfig.timeout_ms}ms`);
-
-  // Login requires a visible browser — disable headless for this flow
-  const prevHeadless = process.env.HEADLESS;
-  process.env.HEADLESS = "false";
+  log("auth", `interactiveLogin — url: ${url}, domain: ${targetDomain}`);
 
   try {
     fs.mkdirSync(profileDir, { recursive: true });
 
-    // Stop any existing headless Kuri so it restarts with HEADLESS=false
-    try { await kuri.stop(); } catch { /* may not be running */ }
-
     // Start Kuri and get a tab
     await kuri.start();
     const tabId = await kuri.getDefaultTab();
@@ -136,15 +62,16 @@ export async function interactiveLogin(
 
     // Wait for user to complete login — detect via cookie changes + URL change
     let loggedIn = false;
-    let blockedReason: string | null = null;
     let lastLoggedUrl = "";
-    const effectiveTimeout = loginConfig.interactive ? LOGIN_TIMEOUT_MS : loginConfig.timeout_ms;
-    while (Date.now() - startTime < effectiveTimeout) {
+    while (Date.now() - startTime < LOGIN_TIMEOUT_MS) {
       await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
       const elapsed = Date.now() - startTime;
 
       try {
         const currentUrl = await kuri.getCurrentUrl(tabId);
+        const currentDomain = new URL(currentUrl).hostname.toLowerCase();
+        const targetNorm = targetDomain.toLowerCase();
+
         if (currentUrl !== lastLoggedUrl) {
           log("auth", `navigated to: ${currentUrl}`);
           lastLoggedUrl = currentUrl;
@@ -152,45 +79,31 @@ export async function interactiveLogin(
 
         if (elapsed < MIN_WAIT_MS) continue;
 
-        const currentCookies = await kuri.getCookies(tabId);
-        const currentCookieCount = currentCookies.filter((c) => isDomainMatch(c.domain, targetDomain)).length;
-        const hasCloudflareChallenge = await kuri.hasCloudflareChallenge(tabId).catch(() => false);
-        const pageText = hasCloudflareChallenge ? await kuri.getText(tabId).catch(() => "") : "";
-        const assessment = assessInteractiveLoginState({
-          currentUrl,
-          targetDomain,
-          initialCookieCount,
-          currentCookieCount,
-          hasCloudflareChallenge,
-          pageText,
-        });
-
-        if (assessment.status === "authenticated") {
-          loggedIn = true;
-          log("auth", `login complete — ${currentUrl} (cookies: ${initialCookieCount} → ${currentCookieCount}; ${assessment.reason})`);
-          break;
-        }
-
-        if (assessment.status === "blocked") {
-          blockedReason = assessment.reason;
-          log("auth", `login blocked — ${currentUrl} (${assessment.reason})`);
+        const isOnTarget = currentDomain === targetNorm || currentDomain.endsWith("." + targetNorm);
+        if (isOnTarget) {
+          const isStillLogin = /\/(login|signin|sign-in|sso|auth|oauth|uas\/login|checkpoint)/.test(new URL(currentUrl).pathname);
+
+          const currentCookies = await kuri.getCookies(tabId);
+          const currentCookieCount = currentCookies.filter((c) => isDomainMatch(c.domain, targetDomain)).length;
+          const gotNewCookies = currentCookieCount > initialCookieCount;
+
+          if (!isStillLogin && gotNewCookies) {
+            loggedIn = true;
+            log("auth", `login complete — ${currentUrl} (cookies: ${initialCookieCount} → ${currentCookieCount})`);
+            break;
+          }
+
+          if (!isStillLogin && currentCookieCount > 0) {
+            loggedIn = true;
+            log("auth", `already logged in — ${currentUrl} (${currentCookieCount} cookies present)`);
+            break;
+          }
         }
       } catch { /* page navigating */ }
     }
 
     if (!loggedIn) {
-      log("auth", `login wait ended after ${Math.round((Date.now() - startTime) / 1000)}s — fallback: ${loginConfig.fallback_strategy}`);
-      if (loginConfig.fallback_strategy === "fail") {
-        const error = blockedReason
-          ? `Login blocked (${blockedReason})`
-          : "Login timed out (fallback: fail)";
-        return { success: false, domain: targetDomain, cookies_stored: 0, error };
-      }
-      if (loginConfig.fallback_strategy === "skip") {
-        log("auth", `skipping cookie capture per fallback_strategy`);
-        return { success: false, domain: targetDomain, cookies_stored: 0, error: "Login skipped (headless)" };
-      }
-      // fallback_strategy === "prompt" — continue to capture cookies anyway
+      log("auth", `login wait ended after ${Math.round((Date.now() - startTime) / 1000)}s — capturing cookies anyway`);
     }
 
     // Extract and store cookies
@@ -210,17 +123,9 @@ export async function interactiveLogin(
     await storeCredential(vaultKey, JSON.stringify({ cookies: storableCookies }));
     log("auth", `stored ${storableCookies.length} cookies under ${vaultKey}`);
 
-    // Also save as Kuri auth profile so browse commands (go/snap/click) have auth
-    try {
-      await kuri.authProfileSave(tabId, targetDomain.replace(/^www\./, ""));
-      log("auth", `saved Kuri auth profile for ${targetDomain}`);
-    } catch { /* non-fatal — Kuri auth profile save is best-effort */ }
-
     return { success: true, domain: targetDomain, cookies_stored: storableCookies.length };
   } finally {
-    // Restore headless setting so subsequent captures run headless
-    if (prevHeadless !== undefined) process.env.HEADLESS = prevHeadless;
-    else delete process.env.HEADLESS;
+    // Cleanup handled by Kuri's tab management
   }
 }
 
@@ -293,17 +198,6 @@ function filterExpired(cookies: AuthCookie[]): AuthCookie[] {
 export async function getStoredAuth(
   domain: string
 ): Promise<AuthCookie[] | null> {
-  const bundle = await getStoredAuthBundle(domain);
-  return bundle?.cookies?.length ? bundle.cookies : null;
-}
-
-/**
- * Retrieve the stored auth bundle for a domain from the vault.
- * Preserves headers/source metadata while filtering expired cookies.
- */
-export async function getStoredAuthBundle(
-  domain: string
-): Promise<StoredAuthBundle | null> {
   const regDomain = getRegistrableDomain(domain);
   const keysToTry = [`auth:${regDomain}`];
   if (domain !== regDomain) keysToTry.push(`auth:${domain}`);
@@ -312,10 +206,12 @@ export async function getStoredAuthBundle(
     const stored = await getCredential(key);
     if (!stored) continue;
     try {
-      const parsed = JSON.parse(stored) as Partial<StoredAuthBundle> & { cookies?: AuthCookie[] };
-      const cookies = parsed.cookies ?? [];
+      const parsed = JSON.parse(stored) as { cookies?: AuthCookie[] };
+      const cookies = parsed.cookies;
+      if (!cookies || cookies.length === 0) continue;
+
       const valid = filterExpired(cookies);
-      if (cookies.length > 0 && valid.length === 0 && Object.keys(parsed.headers ?? {}).length === 0) {
+      if (valid.length === 0) {
         log("auth", `all ${cookies.length} cookies for ${domain} (key: ${key}) are expired — deleting`);
         await deleteCredential(key);
         continue;
@@ -323,17 +219,11 @@ export async function getStoredAuthBundle(
       if (valid.length < cookies.length) {
         log("auth", `filtered ${cookies.length - valid.length} expired cookies for ${domain}`);
       }
-      return {
-        cookies: valid,
-        headers: parsed.headers ?? {},
-        source_keys: parsed.source_keys ?? [],
-        source_meta: parsed.source_meta ?? null,
-      };
+      return valid;
     } catch {
       continue;
     }
   }
-
   return null;
 }