198 lines
		
	
	
		
			5.3 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
			
		
		
	
	
			198 lines
		
	
	
		
			5.3 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
| import * as WebAuthnJSON from '@github/webauthn-json';
 | |
| import axios, { AxiosError } from 'axios';
 | |
| 
 | |
| import ready from '../mastodon/ready';
 | |
| 
 | |
| import 'regenerator-runtime/runtime';
 | |
| 
 | |
| type PublicKeyCredentialCreationOptionsJSON =
 | |
|   WebAuthnJSON.CredentialCreationOptionsJSON['publicKey'];
 | |
| 
 | |
| function exceptionHasAxiosError(
 | |
|   error: unknown,
 | |
| ): error is AxiosError<{ error: unknown }> {
 | |
|   return (
 | |
|     error instanceof AxiosError &&
 | |
|     typeof error.response?.data === 'object' &&
 | |
|     'error' in error.response.data
 | |
|   );
 | |
| }
 | |
| 
 | |
| function logAxiosResponseError(error: unknown) {
 | |
|   if (exceptionHasAxiosError(error)) console.error(error);
 | |
| }
 | |
| 
 | |
| function getCSRFToken() {
 | |
|   return document
 | |
|     .querySelector<HTMLMetaElement>('meta[name="csrf-token"]')
 | |
|     ?.getAttribute('content');
 | |
| }
 | |
| 
 | |
| function hideFlashMessages() {
 | |
|   document.querySelectorAll('.flash-message').forEach((flashMessage) => {
 | |
|     flashMessage.classList.add('hidden');
 | |
|   });
 | |
| }
 | |
| 
 | |
| async function callback(
 | |
|   url: string,
 | |
|   body:
 | |
|     | {
 | |
|         credential: WebAuthnJSON.PublicKeyCredentialWithAttestationJSON;
 | |
|         nickname: string;
 | |
|       }
 | |
|     | {
 | |
|         user: { credential: WebAuthnJSON.PublicKeyCredentialWithAssertionJSON };
 | |
|       },
 | |
| ) {
 | |
|   try {
 | |
|     const response = await axios.post<{ redirect_path: string }>(
 | |
|       url,
 | |
|       JSON.stringify(body),
 | |
|       {
 | |
|         headers: {
 | |
|           'Content-Type': 'application/json',
 | |
|           Accept: 'application/json',
 | |
|           'X-CSRF-Token': getCSRFToken(),
 | |
|         },
 | |
|       },
 | |
|     );
 | |
| 
 | |
|     window.location.replace(response.data.redirect_path);
 | |
|   } catch (error) {
 | |
|     if (error instanceof AxiosError && error.response?.status === 422) {
 | |
|       const errorMessage = document.getElementById(
 | |
|         'security-key-error-message',
 | |
|       );
 | |
|       errorMessage?.classList.remove('hidden');
 | |
| 
 | |
|       logAxiosResponseError(error);
 | |
|     } else {
 | |
|       console.error(error);
 | |
|     }
 | |
|   }
 | |
| }
 | |
| 
 | |
| async function handleWebauthnCredentialRegistration(nickname: string) {
 | |
|   try {
 | |
|     const response = await axios.get<PublicKeyCredentialCreationOptionsJSON>(
 | |
|       '/settings/security_keys/options',
 | |
|     );
 | |
| 
 | |
|     const credentialOptions = response.data;
 | |
| 
 | |
|     try {
 | |
|       const credential = await WebAuthnJSON.create({
 | |
|         publicKey: credentialOptions,
 | |
|       });
 | |
| 
 | |
|       const params = {
 | |
|         credential: credential,
 | |
|         nickname: nickname,
 | |
|       };
 | |
| 
 | |
|       await callback('/settings/security_keys', params);
 | |
|     } catch (error) {
 | |
|       const errorMessage = document.getElementById(
 | |
|         'security-key-error-message',
 | |
|       );
 | |
|       errorMessage?.classList.remove('hidden');
 | |
|       console.error(error);
 | |
|     }
 | |
|   } catch (error) {
 | |
|     logAxiosResponseError(error);
 | |
|   }
 | |
| }
 | |
| 
 | |
| async function handleWebauthnCredentialAuthentication() {
 | |
|   try {
 | |
|     const response = await axios.get<PublicKeyCredentialCreationOptionsJSON>(
 | |
|       'sessions/security_key_options',
 | |
|     );
 | |
| 
 | |
|     const credentialOptions = response.data;
 | |
| 
 | |
|     try {
 | |
|       const credential = await WebAuthnJSON.get({
 | |
|         publicKey: credentialOptions,
 | |
|       });
 | |
| 
 | |
|       const params = { user: { credential: credential } };
 | |
|       void callback('sign_in', params);
 | |
|     } catch (error) {
 | |
|       const errorMessage = document.getElementById(
 | |
|         'security-key-error-message',
 | |
|       );
 | |
|       errorMessage?.classList.remove('hidden');
 | |
|       console.error(error);
 | |
|     }
 | |
|   } catch (error) {
 | |
|     logAxiosResponseError(error);
 | |
|   }
 | |
| }
 | |
| 
 | |
| ready(() => {
 | |
|   if (!WebAuthnJSON.supported()) {
 | |
|     const unsupported_browser_message = document.getElementById(
 | |
|       'unsupported-browser-message',
 | |
|     );
 | |
|     if (unsupported_browser_message) {
 | |
|       unsupported_browser_message.classList.remove('hidden');
 | |
|       const button = document.querySelector<HTMLButtonElement>(
 | |
|         'button.btn.js-webauthn',
 | |
|       );
 | |
|       if (button) button.disabled = true;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   const webAuthnCredentialRegistrationForm =
 | |
|     document.querySelector<HTMLFormElement>('form#new_webauthn_credential');
 | |
|   if (webAuthnCredentialRegistrationForm) {
 | |
|     webAuthnCredentialRegistrationForm.addEventListener('submit', (event) => {
 | |
|       event.preventDefault();
 | |
| 
 | |
|       if (!(event.target instanceof HTMLFormElement)) return;
 | |
| 
 | |
|       const nickname = event.target.querySelector<HTMLInputElement>(
 | |
|         'input[name="new_webauthn_credential[nickname]"]',
 | |
|       );
 | |
| 
 | |
|       if (nickname?.value) {
 | |
|         void handleWebauthnCredentialRegistration(nickname.value);
 | |
|       } else {
 | |
|         nickname?.focus();
 | |
|       }
 | |
|     });
 | |
|   }
 | |
| 
 | |
|   const webAuthnCredentialAuthenticationForm =
 | |
|     document.getElementById('webauthn-form');
 | |
|   if (webAuthnCredentialAuthenticationForm) {
 | |
|     webAuthnCredentialAuthenticationForm.addEventListener('submit', (event) => {
 | |
|       event.preventDefault();
 | |
|       void handleWebauthnCredentialAuthentication();
 | |
|     });
 | |
| 
 | |
|     const otpAuthenticationForm = document.getElementById(
 | |
|       'otp-authentication-form',
 | |
|     );
 | |
| 
 | |
|     const linkToOtp = document.getElementById('link-to-otp');
 | |
| 
 | |
|     linkToOtp?.addEventListener('click', () => {
 | |
|       webAuthnCredentialAuthenticationForm.classList.add('hidden');
 | |
|       otpAuthenticationForm?.classList.remove('hidden');
 | |
|       hideFlashMessages();
 | |
|     });
 | |
| 
 | |
|     const linkToWebAuthn = document.getElementById('link-to-webauthn');
 | |
|     linkToWebAuthn?.addEventListener('click', () => {
 | |
|       otpAuthenticationForm?.classList.add('hidden');
 | |
|       webAuthnCredentialAuthenticationForm.classList.remove('hidden');
 | |
|       hideFlashMessages();
 | |
|     });
 | |
|   }
 | |
| }).catch((e: unknown) => {
 | |
|   throw e;
 | |
| });
 |