const { Communication: IndieAuthCommunication } = require('@squeep/indieauth-helper');
const { MysteryBox } = require('@squeep/mystery-box');
+const { randomUUID } = require('crypto');
const common = require('./common');
const Enum = require('./enum');
const Template = require('./template');
* @param {Number=} options.authenticator.inactiveSessionLifespanSeconds
* @param {Boolean} options.authenticator.secureAuthOnly
* @param {Object} options.dingus
- * @param {Object} options.dingus.proxyPrefix
- * @param {Object} options.dingus.selfBaseUrl
+ * @param {String} options.dingus.proxyPrefix
+ * @param {String} options.dingus.selfBaseUrl
*/
constructor(logger, authenticator, options) {
this.logger = logger;
this.authenticator = authenticator;
this.options = options;
this.indieAuthCommunication = new IndieAuthCommunication(logger, options);
- this.mysteryBox = new MysteryBox(logger, options);
+ this.mysteryBox = new MysteryBox(options);
+ this.mysteryBox.on('statistics', common.mysteryBoxLogger(logger, _fileScope(this.constructor.name)));
this.cookieLifespan = options.authenticator.inactiveSessionLifespanSeconds || 60 * 60 * 24 * 32;
}
}
// Otherwise, carry on with IndieAuth handshake.
- let me, session, authorizationEndpoint;
+ let me, meAutoScheme, session, authorizationEndpoint;
try {
me = new URL(ctx.parsedBody['me']);
+ meAutoScheme = !!ctx.parsedBody['me_auto_scheme'];
+
} catch (e) {
this.logger.debug(_scope, 'failed to parse supplied profile url', { ctx });
ctx.errors.push(`Unable to understand '${ctx.parsedBody['me']}' as a profile URL.`);
if (this.options.authenticator.authnEnabled.includes('indieAuth')
&& me) {
- const profile = await this.indieAuthCommunication.fetchProfile(me);
- if (!profile || !profile.metadata) {
+ let profile;
+ profile = await this.indieAuthCommunication.fetchProfile(me);
+ if ((!profile?.metadata)
+ && meAutoScheme) {
+ this.logger.debug(_scope, 'trying http fallback', { ctx });
+ me.protocol = 'http';
+ profile = await this.indieAuthCommunication.fetchProfile(me);
+ }
+ if (!profile?.metadata) {
this.logger.debug(_scope, 'failed to find any profile information at url', { ctx });
ctx.errors.push(`No profile information was found at '${me}'.`);
} else {
if (authorizationEndpoint) {
const pkce = await IndieAuthCommunication.generatePKCE();
+ const state = randomUUID();
session = {
authorizationEndpoint: authorizationEndpoint.href,
- state: ctx.requestId,
+ state,
codeVerifier: pkce.codeVerifier,
me,
redirect,