hanyuu/assets/oauth2.js/verify.js

#include loading.jsx
#include app/info.jsx
#include app/scope.jsx
#include header/header.js
#include header/user.jsx

const HanyuuOAuth2Verify = () => {
    const queryParams = new URLSearchParams(window.location.search);
    const loading = new HanyuuOAuth2Loading('.js-loading');
    const header = new HanyuuOAuth2Header;

    const fAuths = document.querySelector('.js-verify-authorise');
    const eAuthsInfo = document.querySelector('.js-verify-authorise-info');
    const eAuthsScope = document.querySelector('.js-verify-authorise-scope');

    const rApproved = document.querySelector('.js-verify-approved');
    const rDenied = document.querySelector('.js-verify-denied');

    let userCode = '';
    let userHeader;

    const verifyAuthsRequest = async approve => {
        try {
            const response = (await $x.post('/oauth2/verify', { type: 'json' }, {
                _csrfp: HanyuuCSRFP.getToken(),
                code: userCode,
                approve: approve === true ? 'yes' : 'no',
            })).body();

            if(!response)
                throw 'response is empty';

            if(typeof response.error === 'string') {
                // TODO: nicer errors
                if(response.error === 'auth')
                    alert('You are not logged in.');
                else if(response.error === 'csrf')
                    alert('Request verification failed, please refresh and try again.');
                else if(response.error === 'code')
                    alert('This code is not associated with any authorisation request.');
                else if(response.error === 'approval')
                    alert('The authorisation request associated with this code is not pending approval.');
                else if(response.error === 'expired')
                    alert('The authorisation request has expired, please restart the process from the application or device.');
                else if(response.error === 'invalid')
                    alert('Invalid approval state specified.');
                else if(response.error === 'scope') {
                    alert(`Requested scope "${response.scope}" is ${response.reason}.`);
                    loading.visible = false;
                    rDenied.classList.remove('hidden');
                    return;
                } else
                    alert(`An unknown error occurred: ${response.error}`);

                loading.visible = false;
                fAuths.classList.remove('hidden');
                return;
            }

            loading.visible = false;
            if(response.approval === 'approved')
                rApproved.classList.remove('hidden');
            else
                rDenied.classList.remove('hidden');
        } catch(ex) {
            alert('Request to verify endpoint failed. Please try again.');
            loading.visible = false;
            fAuths.classList.remove('hidden');
        }
    };

    fAuths.onsubmit = ev => {
        ev.preventDefault();

        loading.visible = true;
        fAuths.classList.add('hidden');

        if(userHeader)
            userHeader.guiseVisible = false;

        verifyAuthsRequest(ev.submitter.value === 'yes');
    };

    const fCode = document.querySelector('.js-verify-code');
    const eUserCode = fCode.elements.namedItem('code');

    fCode.onsubmit = ev => {
        ev.preventDefault();

        loading.visible = true;
        fCode.classList.add('hidden');

        userCode=  encodeURIComponent(eUserCode.value);
        $x.get(`/oauth2/resolve-verify?csrfp=${encodeURIComponent(HanyuuCSRFP.getToken())}&code=${userCode}`, { type: 'json' })
            .then(result => {
                const response = result.body();

                if(!response) {
                    alert('Request to resolve endpoint failed. Please try again.');
                    loading.visible = false;
                    fCode.classList.remove('hidden');
                    return;
                }

                if(typeof response.error === 'string') {
                    // TODO: nicer errors
                    if(response.error === 'auth')
                        alert('You are not logged in.');
                    else if(response.error === 'csrf')
                        alert('Request verification failed, please refresh and try again.');
                    else if(response.error === 'code')
                        alert('This code is not associated with any authorisation request.');
                    else if(response.error === 'expired')
                        alert('The authorisation request has expired, please restart the process from the application or device.');
                    else if(response.error === 'approval')
                        alert('The authorisation request associated with this code is not pending approval.');
                    else if(response.error === 'scope') {
                        verifyAuthsRequest(false).finally(() => {
                            alert(`Requested scope "${response.scope}" is ${response.reason}.`);
                        });
                        return;
                    } else
                        alert(`An unknown error occurred: ${response.error}`);

                    loading.visible = false;
                    fCode.classList.remove('hidden');
                    return;
                }

                userCode = response.req.code;

                userHeader = new HanyuuOAuth2UserHeader(response.user);
                header.setElement(userHeader);

                if(response.app.trusted && response.user.guise === undefined) {
                    if(userHeader)
                        userHeader.guiseVisible = false;

                    verifyAuthsRequest(true);
                    return;
                }

                eAuthsInfo.replaceWith(new HanyuuOAuth2AppInfo(response.app).element);
                eAuthsScope.replaceWith(new HanyuuOAuth2AppScopeList(response.scope).element);

                loading.visible = false;
                fAuths.classList.remove('hidden');
            }).catch(() => {
                alert('Request to resolve endpoint failed. Please try again.');
                loading.visible = false;
                fCode.classList.remove('hidden');
            });
    };

    const validateCodeInput = () => {
        // [A-Za-z0-8]{3}\-[A-Za-z0-8]{3}\-[A-Za-z0-8]{3}
        // 0 -> O, 1 -> I, 8 -> B

        const eCode = eUserCode.value;

        return eCode.length > 0;
    };

    eUserCode.oninput = () => {
        validateCodeInput();
        console.warn(eUserCode.value);
    };

    if(queryParams.has('code') && eUserCode.value === '')
        eUserCode.value = queryParams.get('code');

    if(validateCodeInput()) {
        fCode.requestSubmit();
    } else {
        loading.visible = false;
        fCode.classList.remove('hidden');
    }
};
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`#include loading.jsx`
			`#include app/info.jsx`
			`#include app/scope.jsx`
			`#include header/header.js`
			`#include header/user.jsx`

Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`const HanyuuOAuth2Verify = () => {`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`const queryParams = new URLSearchParams(window.location.search);`
			`const loading = new HanyuuOAuth2Loading('.js-loading');`
			`const header = new HanyuuOAuth2Header;`

			`const fAuths = document.querySelector('.js-verify-authorise');`
			`const eAuthsInfo = document.querySelector('.js-verify-authorise-info');`
			`const eAuthsScope = document.querySelector('.js-verify-authorise-scope');`

			`const rApproved = document.querySelector('.js-verify-approved');`
			`const rDenied = document.querySelector('.js-verify-denied');`

			`let userCode = '';`
			`let userHeader;`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00
Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`const verifyAuthsRequest = async approve => {`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`try {`
			`const response = (await $x.post('/oauth2/verify', { type: 'json' }, {`
			`_csrfp: HanyuuCSRFP.getToken(),`
			`code: userCode,`
			`approve: approve === true ? 'yes' : 'no',`
			`})).body();`

			`if(!response)`
			`throw 'response is empty';`

			`if(typeof response.error === 'string') {`
			`// TODO: nicer errors`
			`if(response.error === 'auth')`
			`alert('You are not logged in.');`
			`else if(response.error === 'csrf')`
			`alert('Request verification failed, please refresh and try again.');`
			`else if(response.error === 'code')`
			`alert('This code is not associated with any authorisation request.');`
			`else if(response.error === 'approval')`
			`alert('The authorisation request associated with this code is not pending approval.');`
Added scope registration and checking. 2024-09-03 19:59:31 +00:00			`else if(response.error === 'expired')`
			`alert('The authorisation request has expired, please restart the process from the application or device.');`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`else if(response.error === 'invalid')`
			`alert('Invalid approval state specified.');`
Added scope registration and checking. 2024-09-03 19:59:31 +00:00			`else if(response.error === 'scope') {`
			alert(`Requested scope "${response.scope}" is ${response.reason}.`);
			`loading.visible = false;`
			`rDenied.classList.remove('hidden');`
			`return;`
			`} else`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			alert(`An unknown error occurred: ${response.error}`);
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`loading.visible = false;`
			`fAuths.classList.remove('hidden');`
			`return;`
			`}`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00
Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`loading.visible = false;`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`if(response.approval === 'approved')`
			`rApproved.classList.remove('hidden');`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`else`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`rDenied.classList.remove('hidden');`
			`} catch(ex) {`
			`alert('Request to verify endpoint failed. Please try again.');`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`loading.visible = false;`
			`fAuths.classList.remove('hidden');`
			`}`
			`};`

			`fAuths.onsubmit = ev => {`
			`ev.preventDefault();`

			`loading.visible = true;`
			`fAuths.classList.add('hidden');`

			`if(userHeader)`
			`userHeader.guiseVisible = false;`

Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`verifyAuthsRequest(ev.submitter.value === 'yes');`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`};`

			`const fCode = document.querySelector('.js-verify-code');`
			`const eUserCode = fCode.elements.namedItem('code');`

			`fCode.onsubmit = ev => {`
			`ev.preventDefault();`

			`loading.visible = true;`
			`fCode.classList.add('hidden');`

Added scope registration and checking. 2024-09-03 19:59:31 +00:00			`userCode= encodeURIComponent(eUserCode.value);`
			$x.get(`/oauth2/resolve-verify?csrfp=${encodeURIComponent(HanyuuCSRFP.getToken())}&code=${userCode}`, { type: 'json' })
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`.then(result => {`
			`const response = result.body();`

Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`if(!response) {`
			`alert('Request to resolve endpoint failed. Please try again.');`
			`loading.visible = false;`
			`fCode.classList.remove('hidden');`
			`return;`
			`}`

			`if(typeof response.error === 'string') {`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`// TODO: nicer errors`
			`if(response.error === 'auth')`
			`alert('You are not logged in.');`
			`else if(response.error === 'csrf')`
			`alert('Request verification failed, please refresh and try again.');`
			`else if(response.error === 'code')`
Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`alert('This code is not associated with any authorisation request.');`
Added scope registration and checking. 2024-09-03 19:59:31 +00:00			`else if(response.error === 'expired')`
			`alert('The authorisation request has expired, please restart the process from the application or device.');`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`else if(response.error === 'approval')`
Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`alert('The authorisation request associated with this code is not pending approval.');`
Added scope registration and checking. 2024-09-03 19:59:31 +00:00			`else if(response.error === 'scope') {`
			`verifyAuthsRequest(false).finally(() => {`
			alert(`Requested scope "${response.scope}" is ${response.reason}.`);
			`});`
			`return;`
			`} else`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			alert(`An unknown error occurred: ${response.error}`);

			`loading.visible = false;`
			`fCode.classList.remove('hidden');`
			`return;`
			`}`

Removed mentions of "device" from the UI and URLs. While the intention of the extension specification to OAuth2 for device codes is indeed intended for handling authorisation on devices where the user cannot use any input method on the device, it's also very useful for when we want to authorise older devices where there are other difficulties, such as outdated or intentionally omitted root certificates making it only possible to use plain HTTP, or just other sorts of applications where having to make a web UI just for receiving the authorisation code to complete the token request would be a bother, for me such a case would be bots like Satori. It essentially just replaces three-legged authorisation from OAuth 1.0a but without the needlessly complex annoying aspects of OAuth 1.0a. Beyond that I'm also just sick of entering my ridiculously long, randomly generated password letter by letter on the inaccurate touch screen of the Nintendo 3DS. 2024-07-30 13:08:22 +00:00			`userCode = response.req.code;`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00
			`userHeader = new HanyuuOAuth2UserHeader(response.user);`
			`header.setElement(userHeader);`

			`if(response.app.trusted && response.user.guise === undefined) {`
			`if(userHeader)`
			`userHeader.guiseVisible = false;`

Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`verifyAuthsRequest(true);`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`return;`
			`}`

Added scope registration and checking. 2024-09-03 19:59:31 +00:00			`eAuthsInfo.replaceWith(new HanyuuOAuth2AppInfo(response.app).element);`
			`eAuthsScope.replaceWith(new HanyuuOAuth2AppScopeList(response.scope).element);`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00
			`loading.visible = false;`
			`fAuths.classList.remove('hidden');`
Restructured code authorisation flow. 2024-07-30 21:24:20 +00:00			`}).catch(() => {`
			`alert('Request to resolve endpoint failed. Please try again.');`
			`loading.visible = false;`
			`fCode.classList.remove('hidden');`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`});`
			`};`

			`const validateCodeInput = () => {`
			`// [A-Za-z0-8]{3}\-[A-Za-z0-8]{3}\-[A-Za-z0-8]{3}`
			`// 0 -> O, 1 -> I, 8 -> B`

			`const eCode = eUserCode.value;`

Fixed error when loading verify page. 2024-08-25 01:45:01 +00:00			`return eCode.length > 0;`
Implemented partial UI for device authorisation. 2024-07-30 00:16:42 +00:00			`};`

			`eUserCode.oninput = () => {`
			`validateCodeInput();`
			`console.warn(eUserCode.value);`
			`};`

			`if(queryParams.has('code') && eUserCode.value === '')`
			`eUserCode.value = queryParams.get('code');`

			`if(validateCodeInput()) {`
			`fCode.requestSubmit();`
			`} else {`
			`loading.visible = false;`
			`fCode.classList.remove('hidden');`
			`}`
			`};`