lmc/login.js

/*
 * This file is part of Linode Manager Classic.
 *
 * Linode Manager Classic is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Linode Manager Classic is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Linode Manager Classic.  If not, see <https://www.gnu.org/licenses/>.
 */

import { settings, elements, parseParams } from "/global.js";
import { clientID } from "/clientID.js";

(function()
{
	// Element names specific to this page
	elements.login = "login";

	// Data recieved from API calls
	var data = {};

	// Generate a v4 UUID
	var generateUUID = function()
	{
		var accept = "0123456789abcdef";
		var uuid = "";

		for (var i = 0; i < 32; i++)
			uuid += accept.charAt(Math.floor(Math.random() * accept.length));

		uuid = uuid.slice(0, 8) + "-" + uuid.slice(8, 12) + "-" + uuid.slice(12, 16) + "-" + uuid.slice(16, 20) + "-" + uuid.slice(20);
		return uuid;
	};

	// Login to Linode via OAuth
	var login = function(event)
	{
		if (event && event.currentTarget.disabled)
			return;

		localStorage.state = generateUUID();

		var params = new URLSearchParams();
		params.set("client_id", clientID);
		params.set("scope", "*");
		params.set("response_type", "token");
		params.set("state", localStorage.state);

		location.href = settings.oauthURL + "/authorize" + "?" + params.toString();
	};

	// Initial setup
	var setup = function()
	{
		// Parse URL parameters
		data.params = parseParams();

		// If we're being given an access token, store it and redirect
		if (data.params.access_token && data.params.expires_in && data.params.token_type && data.params.state) {
			if (localStorage.state && localStorage.state == data.params.state) {
				localStorage.removeItem("state");
				var type = data.params.token_type.charAt(0).toUpperCase() + data.params.token_type.slice(1);
				localStorage.apiKey = type + " " + data.params.access_token;
				localStorage.apiExpire = Date.now() + (data.params.expires_in * 1000);
				if (localStorage.redirectTo)
					location.href = localStorage.redirectTo;
				else
					location.href = "/linodes/";
				return;
			}

			// If the returned state doesn't match our local one, scrap everything and start over
			alert("Something's fishy here. Let's try again.");
		}

		// If we already have an unexpired token, redirect
		if (localStorage.apiKey && localStorage.apiExpire) {
			var now = new Date();
			var expires = new Date(parseInt(localStorage.apiExpire));
			if (expires > now) {
				location.href = "/linodes/";
				return;
			}
		}

		// Otherwise, clear everything
		localStorage.clear();

		// Store our desired redirect
		if (data.params.redirectTo)
			localStorage.redirectTo = decodeURIComponent(data.params.redirectTo);

		// Don't wait for click if we were redirected from another page
		if (data.params.skip && data.params.skip == "1")
			login(null);

		// Register login button handler
		var loginButton = document.getElementById(elements.login);
		loginButton.addEventListener("click", login);
		loginButton.disabled = false;
	};

	// Attach onload handler
	window.addEventListener("load", setup);
})();