codebuff/freebuff/web/src/lib/cli-auth-code-shape.ts at 5aaa700c060c55f985966752efe0edd073d58f82 · CodebuffAI/codebuff · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
const OPAQUE_CLI_AUTH_CODE_TOKEN_RE = /^[A-Za-z0-9_-]{43}$/
const CLI_AUTH_CODE_HASH_RE = /^[a-f0-9]{64}$/i

export function isOpaqueCliAuthCodeToken(authCode: string): boolean {
  return OPAQUE_CLI_AUTH_CODE_TOKEN_RE.test(authCode.trim())
}

export function parseCliAuthCodeShape(authCode: string): {
  fingerprintId: string
  expiresAt: string
  receivedHash: string
} {
  const normalizedAuthCode = authCode.trim()
  const hashSeparatorIndex = normalizedAuthCode.lastIndexOf('.')
  const expiresSeparatorIndex = normalizedAuthCode.lastIndexOf(
    '.',
    hashSeparatorIndex - 1,
  )

  if (hashSeparatorIndex === -1 || expiresSeparatorIndex === -1) {
    const legacyMatch = normalizedAuthCode.match(
      /^(?<fingerprintId>.+)-(?<expiresAt>\d+)-(?<receivedHash>[a-f0-9]{64})$/i,
    )
    if (legacyMatch?.groups) {
      return {
        fingerprintId: legacyMatch.groups.fingerprintId,
        expiresAt: legacyMatch.groups.expiresAt,
        receivedHash: legacyMatch.groups.receivedHash,
      }
    }

    return { fingerprintId: '', expiresAt: '', receivedHash: '' }
  }

  const fingerprintId = normalizedAuthCode.slice(0, expiresSeparatorIndex)
  const expiresAt = normalizedAuthCode.slice(
    expiresSeparatorIndex + 1,
    hashSeparatorIndex,
  )
  const receivedHash = normalizedAuthCode.slice(hashSeparatorIndex + 1)

  return { fingerprintId, expiresAt, receivedHash }
}

export function isCliAuthCodeCandidate(authCode: string): boolean {
  if (isOpaqueCliAuthCodeToken(authCode)) {
    return true
  }

  const { fingerprintId, expiresAt, receivedHash } =
    parseCliAuthCodeShape(authCode)
  return (
    fingerprintId.length > 0 &&
    /^\d+$/.test(expiresAt) &&
    CLI_AUTH_CODE_HASH_RE.test(receivedHash)
  )
}

export function getCliAuthOnboardSearchParams(
  searchParams: URLSearchParams,
  authCode: string,
): URLSearchParams {
  const onboardParams = new URLSearchParams()
  searchParams.forEach((value, key) => {
    if (key !== 'auth_code') {
      onboardParams.append(key, value)
    }
  })
  onboardParams.set('auth_code', authCode)
  return onboardParams
}

export function getCliAuthOnboardPath(
  searchParams: URLSearchParams,
  authCode: string,
): string {
  return `/onboard?${getCliAuthOnboardSearchParams(
    searchParams,
    authCode,
  ).toString()}`
}