const { Communication: IndieAuthCommunication } = require('@squeep/indieauth-helper');
const { MysteryBox } = require('@squeep/mystery-box');
+const { randomUUID } = require('crypto');
const common = require('./common');
const Enum = require('./enum');
const Template = require('./template');
this.authenticator = authenticator;
this.options = options;
this.indieAuthCommunication = new IndieAuthCommunication(logger, options);
- this.mysteryBox = new MysteryBox(logger, options);
+ this.mysteryBox = new MysteryBox(options);
+ this.mysteryBox.on('statistics', common.mysteryBoxLogger(logger, _fileScope(this.constructor.name)));
this.cookieLifespan = options.authenticator.inactiveSessionLifespanSeconds || 60 * 60 * 24 * 32;
}
}
// Otherwise, carry on with IndieAuth handshake.
- let me, session, authorizationEndpoint;
+ let me, meAutoScheme, session, authorizationEndpoint;
try {
me = new URL(ctx.parsedBody['me']);
+ meAutoScheme = !!ctx.parsedBody['me_auto_scheme'];
+
} catch (e) {
this.logger.debug(_scope, 'failed to parse supplied profile url', { ctx });
ctx.errors.push(`Unable to understand '${ctx.parsedBody['me']}' as a profile URL.`);
if (this.options.authenticator.authnEnabled.includes('indieAuth')
&& me) {
- const profile = await this.indieAuthCommunication.fetchProfile(me);
+ let profile;
+ profile = await this.indieAuthCommunication.fetchProfile(me);
+ if ((!profile || !profile.metadata)
+ && meAutoScheme) {
+ this.logger.debug(_scope, 'trying http fallback', { ctx });
+ me.protocol = 'http';
+ profile = await this.indieAuthCommunication.fetchProfile(me);
+ }
if (!profile || !profile.metadata) {
this.logger.debug(_scope, 'failed to find any profile information at url', { ctx });
ctx.errors.push(`No profile information was found at '${me}'.`);
if (authorizationEndpoint) {
const pkce = await IndieAuthCommunication.generatePKCE();
+ const state = randomUUID();
session = {
authorizationEndpoint: authorizationEndpoint.href,
- state: ctx.requestId,
+ state,
codeVerifier: pkce.codeVerifier,
me,
redirect,