bigbuffet-rw/app/soapbox/reducers/auth.js

352 lines
10 KiB
JavaScript
Raw Normal View History

2022-01-10 14:01:24 -08:00
import { Map as ImmutableMap, List as ImmutableList, fromJS } from 'immutable';
import { trim } from 'lodash';
2022-01-10 14:01:24 -08:00
import { MASTODON_PRELOAD_IMPORT } from 'soapbox/actions/preload';
import { FE_SUBDIRECTORY } from 'soapbox/build_config';
import KVStore from 'soapbox/storage/kv_store';
import { validId, isURL } from 'soapbox/utils/auth';
2020-04-05 16:39:22 -07:00
import {
AUTH_APP_CREATED,
AUTH_LOGGED_IN,
AUTH_APP_AUTHORIZED,
2020-04-11 12:41:13 -07:00
AUTH_LOGGED_OUT,
SWITCH_ACCOUNT,
2021-03-23 22:05:06 -07:00
VERIFY_CREDENTIALS_SUCCESS,
2021-03-24 12:15:36 -07:00
VERIFY_CREDENTIALS_FAIL,
2020-04-05 16:39:22 -07:00
} from '../actions/auth';
import { ME_FETCH_SKIP } from '../actions/me';
2020-04-05 14:54:51 -07:00
2021-03-23 19:52:08 -07:00
const defaultState = ImmutableMap({
app: ImmutableMap(),
users: ImmutableMap(),
2021-03-23 22:05:06 -07:00
tokens: ImmutableMap(),
2021-03-23 19:52:08 -07:00
me: null,
2020-04-05 14:54:51 -07:00
});
const buildKey = parts => parts.join(':');
// For subdirectory support
2021-09-05 11:21:39 -07:00
const NAMESPACE = trim(FE_SUBDIRECTORY, '/') ? `soapbox@${FE_SUBDIRECTORY}` : 'soapbox';
const STORAGE_KEY = buildKey([NAMESPACE, 'auth']);
const SESSION_KEY = buildKey([NAMESPACE, 'auth', 'me']);
const getSessionUser = () => {
const id = sessionStorage.getItem(SESSION_KEY);
2021-07-09 13:54:32 -07:00
return validId(id) ? id : undefined;
};
const sessionUser = getSessionUser();
const localState = fromJS(JSON.parse(localStorage.getItem(STORAGE_KEY)));
2021-03-23 22:05:06 -07:00
2021-07-09 13:54:32 -07:00
// Checks if the user has an ID and access token
const validUser = user => {
try {
return validId(user.get('id')) && validId(user.get('access_token'));
} catch(e) {
return false;
}
};
// Finds the first valid user in the state
const firstValidUser = state => state.get('users', ImmutableMap()).find(validUser);
// For legacy purposes. IDs get upgraded to URLs further down.
const getUrlOrId = user => {
try {
const { id, url } = user.toJS();
return url || id;
} catch {
return null;
}
};
2021-03-24 12:15:36 -07:00
// If `me` doesn't match an existing user, attempt to shift it.
const maybeShiftMe = state => {
const me = state.get('me');
const user = state.getIn(['users', me]);
2021-03-24 12:15:36 -07:00
if (!validUser(user)) {
2021-07-09 13:54:32 -07:00
const nextUser = firstValidUser(state);
return state.set('me', getUrlOrId(nextUser));
2021-03-24 12:15:36 -07:00
} else {
return state;
}
};
2021-07-09 13:54:32 -07:00
// Set the user from the session or localStorage, whichever is valid first
const setSessionUser = state => state.update('me', null, me => {
const user = ImmutableList([
state.getIn(['users', sessionUser]),
state.getIn(['users', me]),
]).find(validUser);
return getUrlOrId(user);
2021-07-09 13:54:32 -07:00
});
2021-03-25 13:15:37 -07:00
// Upgrade the initial state
const migrateLegacy = state => {
if (localState) return state;
return state.withMutations(state => {
const app = fromJS(JSON.parse(localStorage.getItem('soapbox:auth:app')));
const user = fromJS(JSON.parse(localStorage.getItem('soapbox:auth:user')));
2021-03-25 15:12:31 -07:00
if (!user) return;
state.set('me', '_legacy'); // Placeholder account ID
state.set('app', app);
state.set('tokens', ImmutableMap({
[user.get('access_token')]: user.set('account', '_legacy'),
}));
state.set('users', ImmutableMap({
'_legacy': ImmutableMap({
id: '_legacy',
access_token: user.get('access_token'),
}),
}));
});
};
const isUpgradingUrlId = state => {
const me = state.get('me');
const user = state.getIn(['users', me]);
return validId(me) && user && !isURL(me);
};
2021-07-09 14:24:18 -07:00
// Checks the state and makes it valid
const sanitizeState = state => {
// Skip sanitation during ID to URL upgrade
if (isUpgradingUrlId(state)) return state;
2021-07-09 14:24:18 -07:00
return state.withMutations(state => {
// Remove invalid users, ensure ID match
state.update('users', ImmutableMap(), users => (
users.filter((user, url) => (
validUser(user) && user.get('url') === url
2021-07-09 14:24:18 -07:00
))
));
// Remove mismatched tokens
state.update('tokens', ImmutableMap(), tokens => (
tokens.filter((token, id) => (
validId(id) && token.get('access_token') === id
))
));
});
};
const persistAuth = state => localStorage.setItem(STORAGE_KEY, JSON.stringify(state.toJS()));
const persistSession = state => {
const me = state.get('me');
if (me && typeof me === 'string') {
sessionStorage.setItem(SESSION_KEY, me);
}
};
2021-03-29 18:03:27 -07:00
const persistState = state => {
persistAuth(state);
persistSession(state);
2021-03-29 18:03:27 -07:00
};
2021-03-29 17:42:14 -07:00
const initialize = state => {
return state.withMutations(state => {
maybeShiftMe(state);
setSessionUser(state);
migrateLegacy(state);
2021-07-09 14:24:18 -07:00
sanitizeState(state);
2021-03-29 18:03:27 -07:00
persistState(state);
2021-03-29 17:42:14 -07:00
});
};
2021-03-29 18:03:27 -07:00
const initialState = initialize(defaultState.merge(localState));
2021-03-29 17:42:14 -07:00
const importToken = (state, token) => {
return state.setIn(['tokens', token.access_token], fromJS(token));
};
// Upgrade the `_legacy` placeholder ID with a real account
const upgradeLegacyId = (state, account) => {
if (localState) return state;
return state.withMutations(state => {
state.update('me', null, me => me === '_legacy' ? account.url : me);
state.deleteIn(['users', '_legacy']);
});
// TODO: Delete `soapbox:auth:app` and `soapbox:auth:user` localStorage?
// By this point it's probably safe, but we'll leave it just in case.
};
// Users are now stored by their ActivityPub ID instead of their
// primary key to support auth against multiple hosts.
const upgradeNonUrlId = (state, account) => {
const me = state.get('me');
if (isURL(me)) return state;
return state.withMutations(state => {
state.update('me', null, me => me === account.id ? account.url : me);
state.deleteIn(['users', account.id]);
});
};
// Returns a predicate function for filtering a mismatched user/token
const userMismatch = (token, account) => {
return (user, url) => {
const sameToken = user.get('access_token') === token;
const differentUrl = url !== account.url || user.get('url') !== account.url;
const differentId = user.get('id') !== account.id;
return sameToken && (differentUrl || differentId);
};
};
2021-03-29 17:42:14 -07:00
const importCredentials = (state, token, account) => {
return state.withMutations(state => {
state.setIn(['users', account.url], ImmutableMap({
2021-03-29 17:42:14 -07:00
id: account.id,
access_token: token,
url: account.url,
2021-03-29 17:42:14 -07:00
}));
state.setIn(['tokens', token, 'account'], account.id);
state.setIn(['tokens', token, 'me'], account.url);
state.update('users', ImmutableMap(), users => users.filterNot(userMismatch(token, account)));
state.update('me', null, me => me || account.url);
2021-03-29 17:42:14 -07:00
upgradeLegacyId(state, account);
upgradeNonUrlId(state, account);
2021-03-29 17:42:14 -07:00
});
};
2021-03-29 17:42:14 -07:00
const deleteToken = (state, token) => {
return state.withMutations(state => {
2021-03-29 17:42:14 -07:00
state.update('tokens', ImmutableMap(), tokens => tokens.delete(token));
state.update('users', ImmutableMap(), users => users.filterNot(user => user.get('access_token') === token));
maybeShiftMe(state);
});
};
const deleteUser = (state, account) => {
const accountUrl = account.get('url');
2021-03-29 17:42:14 -07:00
return state.withMutations(state => {
state.update('users', ImmutableMap(), users => users.delete(accountUrl));
state.update('tokens', ImmutableMap(), tokens => tokens.filterNot(token => token.get('me') === accountUrl));
maybeShiftMe(state);
});
};
const importMastodonPreload = (state, data) => {
return state.withMutations(state => {
const accountId = data.getIn(['meta', 'me']);
const accountUrl = data.getIn(['accounts', accountId, 'url']);
const accessToken = data.getIn(['meta', 'access_token']);
if (validId(accessToken) && validId(accountId) && isURL(accountUrl)) {
state.setIn(['tokens', accessToken], fromJS({
access_token: accessToken,
account: accountId,
me: accountUrl,
scope: 'read write follow push',
token_type: 'Bearer',
}));
state.setIn(['users', accountUrl], fromJS({
id: accountId,
access_token: accessToken,
url: accountUrl,
}));
}
maybeShiftMe(state);
});
};
2022-03-21 11:09:01 -07:00
const persistAuthAccount = account => {
if (account && account.url) {
KVStore.setItem(`authAccount:${account.url}`, account).catch(console.error);
}
};
const deleteForbiddenToken = (state, error, token) => {
if ([401, 403].includes(error.response?.status)) {
return deleteToken(state, token);
} else {
return state;
}
};
2021-03-23 19:52:08 -07:00
const reducer = (state, action) => {
2020-04-05 14:54:51 -07:00
switch(action.type) {
case AUTH_APP_CREATED:
2021-03-23 19:52:08 -07:00
return state.set('app', fromJS(action.app));
2020-04-05 16:39:22 -07:00
case AUTH_APP_AUTHORIZED:
2021-08-21 17:37:28 -07:00
return state.update('app', ImmutableMap(), app => app.merge(fromJS(action.token)));
2020-04-05 14:54:51 -07:00
case AUTH_LOGGED_IN:
2021-03-23 22:05:06 -07:00
return importToken(state, action.token);
2020-04-11 12:41:13 -07:00
case AUTH_LOGGED_OUT:
return deleteUser(state, action.account);
2021-03-23 22:05:06 -07:00
case VERIFY_CREDENTIALS_SUCCESS:
persistAuthAccount(action.account);
2021-03-23 22:05:06 -07:00
return importCredentials(state, action.token, action.account);
2021-03-24 12:15:36 -07:00
case VERIFY_CREDENTIALS_FAIL:
return deleteForbiddenToken(state, action.error, action.token);
case SWITCH_ACCOUNT:
return state.set('me', action.account.get('url'));
case ME_FETCH_SKIP:
return state.set('me', null);
case MASTODON_PRELOAD_IMPORT:
return importMastodonPreload(state, fromJS(action.data));
2020-04-05 14:54:51 -07:00
default:
return state;
}
};
2021-03-23 19:52:08 -07:00
const reload = () => location.replace('/');
2021-03-24 14:49:24 -07:00
2021-03-25 21:03:58 -07:00
// `me` is a user ID string
const validMe = state => {
const me = state.get('me');
return typeof me === 'string' && me !== '_legacy';
};
// `me` has changed from one valid ID to another
const userSwitched = (oldState, state) => {
const me = state.get('me');
const oldMe = oldState.get('me');
const stillValid = validMe(oldState) && validMe(state);
const didChange = oldMe !== me;
const userUpgradedUrl = state.getIn(['users', me, 'id']) === oldMe;
return stillValid && didChange && !userUpgradedUrl;
};
const maybeReload = (oldState, state, action) => {
const loggedOutStandalone = action.type === AUTH_LOGGED_OUT && action.standalone;
const switched = userSwitched(oldState, state);
if (switched || loggedOutStandalone) {
reload(state);
2021-03-24 14:49:24 -07:00
}
};
2021-03-24 12:15:36 -07:00
export default function auth(oldState = initialState, action) {
const state = reducer(oldState, action);
2021-03-24 14:49:24 -07:00
if (!state.equals(oldState)) {
// Persist the state in localStorage
persistAuth(state);
// When middle-clicking a profile, we want to save the
// user in localStorage, but not update the reducer
if (action.background === true) {
return oldState;
}
2021-03-23 19:52:08 -07:00
// Persist the session
persistSession(state);
// Reload the page under some conditions
maybeReload(oldState, state, action);
}
2021-03-23 19:52:08 -07:00
return state;
2021-08-03 12:22:51 -07:00
}