/*
This file is part of GNU Taler
(C) 2021-2024 Taler Systems S.A.
GNU Taler is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
GNU Taler; see the file COPYING. If not, see
*/
import {
AccessToken,
Codec,
buildCodecForObject,
buildCodecForUnion,
codecForBoolean,
codecForConstString,
codecForString,
codecOptional,
} from "@gnu-taler/taler-util";
import {
buildStorageKey,
useLocalStorage,
useMerchantApiContext,
} from "@gnu-taler/web-util/browser";
import { mutate } from "swr";
/**
* Has the information to reach and
* authenticate at the bank's backend.
*/
export type SessionState = LoggedIn | LoggedOut | Expired;
interface LoggedIn {
status: "loggedIn";
backendUrl: string;
isAdmin: boolean;
instance: string;
token: AccessToken | undefined;
impersonate: Impersonate | undefined;
}
interface Impersonate {
originalInstance: string;
originalToken: AccessToken | undefined;
originalBackendUrl: string;
}
interface Expired {
status: "expired";
backendUrl: string;
isAdmin: boolean;
instance: string;
token?: undefined;
impersonate: Impersonate | undefined;
}
interface LoggedOut {
status: "loggedOut";
backendUrl: string;
instance: string;
isAdmin: boolean;
token?: undefined;
}
export const codecForSessionStateLoggedIn = (): Codec =>
buildCodecForObject()
.property("status", codecForConstString("loggedIn"))
.property("backendUrl", codecForString())
.property("instance", codecForString())
.property("impersonate", codecOptional(codecForImpresonate()))
.property("token", codecOptional(codecForString() as Codec))
.property("isAdmin", codecForBoolean())
.build("SessionState.LoggedIn");
export const codecForSessionStateExpired = (): Codec =>
buildCodecForObject()
.property("status", codecForConstString("expired"))
.property("backendUrl", codecForString())
.property("instance", codecForString())
.property("impersonate", codecOptional(codecForImpresonate()))
.property("isAdmin", codecForBoolean())
.build("SessionState.Expired");
export const codecForSessionStateLoggedOut = (): Codec =>
buildCodecForObject()
.property("status", codecForConstString("loggedOut"))
.property("backendUrl", codecForString())
.property("instance", codecForString())
.property("isAdmin", codecForBoolean())
.build("SessionState.LoggedOut");
export const codecForImpresonate = (): Codec =>
buildCodecForObject()
.property("originalInstance", codecForString())
.property(
"originalToken",
codecOptional(codecForString() as Codec),
)
.property("originalBackendUrl", codecForString())
.build("SessionState.Impersonate");
export const codecForSessionState = (): Codec =>
buildCodecForUnion()
.discriminateOn("status")
.alternative("loggedIn", codecForSessionStateLoggedIn())
.alternative("loggedOut", codecForSessionStateLoggedOut())
.alternative("expired", codecForSessionStateExpired())
.build("SessionState");
function inferInstanceName(url: URL) {
const match = INSTANCE_ID_LOOKUP.exec(url.href);
return !match || !match[1] ? DEFAULT_ADMIN_USERNAME : match[1];
}
export const defaultState = (url: URL): SessionState => {
const instance = inferInstanceName(url);
return {
status: "loggedIn",
instance,
backendUrl: url.href,
isAdmin: instance === DEFAULT_ADMIN_USERNAME,
token: undefined,
impersonate: undefined,
};
};
export interface SessionStateHandler {
state: SessionState;
/**
* from every state to logout state
*/
logOut(): void;
/**
* from impersonate to loggedIn
*/
deImpersonate(): void;
/**
* from non-loggedOut state to expired
*/
expired(): void;
/**
* from any to loggedIn
* @param info
*/
logIn(info: { token?: AccessToken }): void;
/**
* from loggedIn to impersonate
* @param info
*/
impersonate(info: { instance: string; token?: AccessToken }): void;
}
const SESSION_STATE_KEY = buildStorageKey(
"merchant-session",
codecForSessionState(),
);
export const DEFAULT_ADMIN_USERNAME = "default";
export const INSTANCE_ID_LOOKUP = /\/instances\/([^/]*)\/?$/;
/**
* Return getters and setters for
* login credentials and backend's
* base URL.
*/
export function useSessionContext(): SessionStateHandler {
const { url } = useMerchantApiContext();
const { value: state, update } = useLocalStorage(
SESSION_STATE_KEY,
defaultState(url),
);
return {
state,
logOut() {
const instance = inferInstanceName(url);
const nextState: SessionState = {
status: "loggedOut",
backendUrl: url.href,
instance,
isAdmin: instance === DEFAULT_ADMIN_USERNAME,
};
update(nextState);
},
deImpersonate() {
if (state.status === "loggedOut" || state.status === "expired") {
// can't impersonate if not loggedin
return;
}
if (state.impersonate === undefined) {
return;
}
const nextState: SessionState = {
status: "loggedIn",
backendUrl: state.impersonate.originalBackendUrl,
isAdmin: state.impersonate.originalInstance === DEFAULT_ADMIN_USERNAME,
instance: state.impersonate.originalInstance,
token: state.impersonate.originalToken,
impersonate: undefined,
};
update(nextState);
},
impersonate(info) {
if (state.status === "loggedOut" || state.status === "expired") {
// can't impersonate if not loggedin
return;
}
const nextState: SessionState = {
status: "loggedIn",
backendUrl: new URL(`instances/${info.instance}`, state.backendUrl)
.href,
isAdmin: info.instance === DEFAULT_ADMIN_USERNAME,
instance: info.instance,
// FIXME: bank and merchant should have consistent behavior
token: info.token?.substring("secret-token:".length) as AccessToken,
impersonate: {
originalBackendUrl: state.backendUrl,
originalToken: state.token,
originalInstance: state.instance,
},
};
update(nextState);
},
expired() {
if (state.status === "loggedOut") return;
const nextState: SessionState = {
...state,
status: "expired",
token: undefined,
};
update(nextState);
},
logIn(info) {
// admin is defined by the username
const nextState: SessionState = {
impersonate: undefined,
...state,
status: "loggedIn",
// FIXME: bank and merchant should have consistent behavior
token: info.token?.substring("secret-token:".length) as AccessToken,
// token: info.token,
};
update(nextState);
cleanAllCache();
},
};
}
function cleanAllCache(): void {
mutate(() => true, undefined, { revalidate: false });
}