soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
eb0c31c90b8912423ae977b6fce04d970ade50af
fotospiel-app/resources/js/admin/dev-tools.ts
Codex Agent eb0c31c90b zu fabricjs gewechselt, noch nicht funktionsfähig
2025-10-31 20:19:09 +01:00

191 lines
5.9 KiB
TypeScript
Raw Blame History

if (import.meta.env.DEV || import.meta.env.VITE_ENABLE_TENANT_SWITCHER === 'true') {
type StoredTokens = {
accessToken: string;
refreshToken: string;
expiresAt: number;
scope?: string;
clientId?: string;
};
const CLIENTS: Record<string, string> = {
lumen: import.meta.env.VITE_OAUTH_CLIENT_ID || 'tenant-admin-app',
storycraft: 'demo-tenant-admin-storycraft',
viewfinder: 'demo-tenant-admin-viewfinder',
pixel: 'demo-tenant-admin-pixel',
};
const scopes = (import.meta.env.VITE_OAUTH_SCOPES as string | undefined) ?? 'tenant:read tenant:write';
const baseUrl = window.location.origin;
const redirectUri = `${baseUrl}/event-admin/auth/callback`;
async function loginAs(label: string): Promise<void> {
const clientId = CLIENTS[label];
if (!clientId) {
console.warn('[DevAuth] Unknown tenant key', label);
return;
}
try {
const tokens = await fetchTokens(clientId);
localStorage.setItem('tenant_oauth_tokens.v1', JSON.stringify(tokens));
window.location.assign('/event-admin/dashboard');
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
console.error('[DevAuth] Failed to login', message);
throw error instanceof Error ? error : new Error(message);
}
}
async function fetchTokens(clientId: string): Promise<StoredTokens> {
const verifier = randomString(32);
const challenge = await sha256(verifier);
const state = randomString(12);
const authorizeParams = new URLSearchParams({
response_type: 'code',
client_id: clientId,
redirect_uri: redirectUri,
scope: scopes,
state,
code_challenge: challenge,
code_challenge_method: 'S256',
});
const callbackUrl = await requestAuthorization(`/api/v1/oauth/authorize?${authorizeParams}`, redirectUri);
verifyState(callbackUrl.searchParams.get('state'), state);
const code = callbackUrl.searchParams.get('code');
if (!code) {
throw new Error('Authorize response missing code');
}
const tokenResponse = await fetch('/api/v1/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
client_id: clientId,
redirect_uri: redirectUri,
code_verifier: verifier,
}),
});
if (!tokenResponse.ok) {
throw new Error(`Token exchange failed with ${tokenResponse.status}`);
}
const body = await tokenResponse.json();
const expiresIn = typeof body.expires_in === 'number' ? body.expires_in : 3600;
return {
accessToken: body.access_token,
refreshToken: body.refresh_token,
expiresAt: Date.now() + Math.max(expiresIn - 30, 0) * 1000,
scope: body.scope,
clientId,
};
}
function randomString(bytes: number): string {
const buffer = new Uint8Array(bytes);
crypto.getRandomValues(buffer);
return base64Url(buffer);
}
async function sha256(input: string): Promise<string> {
const encoder = new TextEncoder();
const data = encoder.encode(input);
const digest = await crypto.subtle.digest('SHA-256', data);
return base64Url(new Uint8Array(digest));
}
function base64Url(data: Uint8Array): string {
const binary = Array.from(data, (byte) => String.fromCharCode(byte)).join('');
return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
}
const api = { loginAs, clients: CLIENTS };
console.info('[DevAuth] Demo tenant helpers ready', Object.keys(CLIENTS));
// @ts-expect-error Dev helper for debugging only.
window.fotospielDemoAuth = api;
// @ts-expect-error Dev helper for debugging only.
globalThis.fotospielDemoAuth = api;
}
async function requestAuthorization(url: string, fallbackRedirect?: string): Promise<URL> {
const requestUrl = new URL(url, window.location.origin);
let response: Response;
try {
response = await fetch(requestUrl.toString(), {
method: 'GET',
credentials: 'include',
headers: {
Accept: 'application/json, text/plain, */*',
'X-Requested-With': 'XMLHttpRequest',
},
redirect: 'manual',
});
} catch (error) {
throw new Error('Authorize request failed');
}
const status = response.status;
const isSuccess = (status >= 200 && status < 400) || status === 0;
if (!isSuccess) {
throw new Error(`Authorize failed with ${status}`);
}
const contentType = response.headers.get('Content-Type') ?? '';
if (contentType.includes('application/json')) {
try {
const payload = (await response.json()) as {
code?: string;
state?: string | null;
redirect_url?: string | null;
};
const target = payload.redirect_url ?? fallbackRedirect;
if (!target) {
throw new Error('Authorize response missing redirect target');
}
const finalUrl = new URL(target, window.location.origin);
if (payload.code && !finalUrl.searchParams.has('code')) {
finalUrl.searchParams.set('code', payload.code);
}
if (payload.state && !finalUrl.searchParams.has('state')) {
finalUrl.searchParams.set('state', payload.state);
}
return finalUrl;
} catch (error) {
throw error instanceof Error ? error : new Error(String(error));
}
}
const locationHeader = response.headers.get('Location');
if (locationHeader) {
return new URL(locationHeader, window.location.origin);
}
if (response.url && response.url !== requestUrl.toString()) {
return new URL(response.url, window.location.origin);
}
if (fallbackRedirect) {
return new URL(fallbackRedirect, window.location.origin);
}
throw new Error('Authorize response missing redirect target');
}
function verifyState(returnedState: string | null, expectedState: string): void {
if (returnedState && returnedState !== expectedState) {
throw new Error('Authorize state mismatch');
}
}
Reference in New Issue View Git Blame Copy Permalink