UNPKG

@ideem/zsm-react-native

Version:

ZSM makes 2FA easy and invisible for everyone, all the time, using advanced cryptography like MPC to establish cryptographic proof of the origin of any transaction or login attempt, while eliminating opportunities for social engineering. ZSM has no relian

useideem.com

useideem/vHSM

1 lines 18.5 kB
1
"use strict";var _interopRequireDefault=require("@babel/runtime/helpers/interopRequireDefault");exports.__esModule=true;exports["default"]=void 0;var _regenerator=_interopRequireDefault(require("@babel/runtime/regenerator"));var _asyncToGenerator2=_interopRequireDefault(require("@babel/runtime/helpers/asyncToGenerator"));var _createClass2=_interopRequireDefault(require("@babel/runtime/helpers/createClass"));var _classPrivateFieldLooseBase2=_interopRequireDefault(require("@babel/runtime/helpers/classPrivateFieldLooseBase"));var _classPrivateFieldLooseKey2=_interopRequireDefault(require("@babel/runtime/helpers/classPrivateFieldLooseKey"));var _zsmLogger=_interopRequireDefault(require("./zsm-logger"));var _host=(0,_classPrivateFieldLooseKey2["default"])("host");var _apiKey=(0,_classPrivateFieldLooseKey2["default"])("apiKey");var _applicationId=(0,_classPrivateFieldLooseKey2["default"])("applicationId");var _customerDefinedIdentifier=(0,_classPrivateFieldLooseKey2["default"])("customerDefinedIdentifier");var _publicKey=(0,_classPrivateFieldLooseKey2["default"])("publicKey");var _credentialID=(0,_classPrivateFieldLooseKey2["default"])("credentialID");var _makePostRequest=(0,_classPrivateFieldLooseKey2["default"])("makePostRequest");var RelyingPartyBase=function(){function RelyingPartyBase(host,apiKey,applicationID){var _this=this;Object.defineProperty(this,_host,{writable:true,value:void 0});Object.defineProperty(this,_apiKey,{writable:true,value:void 0});Object.defineProperty(this,_applicationId,{writable:true,value:void 0});Object.defineProperty(this,_customerDefinedIdentifier,{writable:true,value:void 0});Object.defineProperty(this,_publicKey,{writable:true,value:void 0});Object.defineProperty(this,_credentialID,{writable:true,value:void 0});Object.defineProperty(this,_makePostRequest,{writable:true,value:function value(url,body,headers,method,traceId){var _headers;if(body===void 0){body={};}if(headers===void 0){headers={};}if(method===void 0){method='POST';}if(traceId===void 0){traceId=null;}url=(_this.host.endsWith('/')?_this.host.slice(0,-1):_this.host)+"/"+(url.startsWith('/')?url.slice(1):url);body=typeof body==='object'?body:{};body=Object.assign({customer_defined_identifier:_this.customerDefinedIdentifier,application_id:_this.applicationId},body);var fetchObj={method:method,headers:Object.assign(_this.xhrHeaders,!((_headers=headers)!=null&&_headers.Authorization)?{'Authorization':"Bearer "+(0,_classPrivateFieldLooseBase2["default"])(_this,_apiKey)[_apiKey]}:{},headers),body:JSON.stringify(body)};var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].trace(method+" to url: "+url,actualTraceId);_zsmLogger["default"].trace("Request headers: "+JSON.stringify(fetchObj.headers),actualTraceId);_zsmLogger["default"].trace("Request body: "+fetchObj.body,actualTraceId);return fetch(url,fetchObj).then(function(response){_zsmLogger["default"].trace("Response status: "+response.status,actualTraceId);_zsmLogger["default"].trace("Response headers: "+JSON.stringify(Object.fromEntries(response.headers.entries())),actualTraceId);_zsmLogger["default"].trace("Response ok: "+response.ok,actualTraceId);if(response.ok){return response.text().then(function(text){_zsmLogger["default"].trace("SUCCESS RESPONSE BODY: "+text,actualTraceId);try{if(!text||text.trim()===''){_zsmLogger["default"].error('Empty response received',actualTraceId);throw new Error('Server returned empty response');}var parsed=JSON.parse(text);_zsmLogger["default"].trace("PARSED JSON SUCCESS: "+JSON.stringify(parsed),actualTraceId);if(parsed.trace_id){_zsmLogger["default"].trace("Server echoed trace_id: "+parsed.trace_id,actualTraceId);}return parsed;}catch(e){_zsmLogger["default"].error("JSON PARSE ERROR: "+e.message,actualTraceId);throw new Error("JSON Parse error: Unexpected end of input - Response: \""+text+"\" - Error: "+e.message);}});}else{return response.text().then(function(text){_zsmLogger["default"].trace("ERROR RESPONSE BODY: "+text,actualTraceId);var errData;try{if(!text||text.trim()===''){errData={message:'Server returned empty error response'};}else{errData=JSON.parse(text);}}catch(e){_zsmLogger["default"].error("ERROR JSON PARSE FAILED: "+e.message,actualTraceId);errData={message:"Invalid JSON in error response: \""+text+"\""};}throw new Error("Request failed: "+response.statusText+", "+JSON.stringify(errData));});}})["catch"](function(error){_zsmLogger["default"].error("Fetch error: "+error.message,actualTraceId);throw error;});}});this.clearEnrollmentCredentials=function(){return(0,_classPrivateFieldLooseBase2["default"])(_this,_publicKey)[_publicKey]=(0,_classPrivateFieldLooseBase2["default"])(_this,_credentialID)[_credentialID]=null;};this.clearLoginCredentials=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee(){return _regenerator["default"].wrap(function(_context){while(1)switch(_context.prev=_context.next){case 0:return _context.abrupt("return",null);case 1:case"end":return _context.stop();}},_callee);}));this.resetAll=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee2(){return _regenerator["default"].wrap(function(_context2){while(1)switch(_context2.prev=_context2.next){case 0:return _context2.abrupt("return",(_this.clearLoginCredentials(),_this.clearEnrollmentCredentials()));case 1:case"end":return _context2.stop();}},_callee2);}));this.healthCheck=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee3(){var healthUrl,traceId,response,healthData,responseText,result,errorResult,_t,_t2;return _regenerator["default"].wrap(function(_context3){while(1)switch(_context3.prev=_context3.next){case 0:_context3.prev=0;healthUrl=(_this.host.endsWith('/')?_this.host.slice(0,-1):_this.host)+"/api/health";traceId=_zsmLogger["default"].generateTraceId();_zsmLogger["default"].trace("Checking health at: "+healthUrl,traceId);_context3.next=1;return fetch(healthUrl,{method:'GET',headers:{'Content-Type':'application/json'}});case 1:response=_context3.sent;_context3.prev=2;_context3.next=3;return response.text();case 3:responseText=_context3.sent;if(!responseText||responseText.trim()===''){healthData={error:'Empty response from health endpoint'};}else{healthData=JSON.parse(responseText);}_context3.next=5;break;case 4:_context3.prev=4;_t=_context3["catch"](2);_zsmLogger["default"].error("Failed to parse health response: "+_t.message);healthData={error:"Failed to parse response: "+_t.message};case 5:result={host:_this.host,apiKey:(0,_classPrivateFieldLooseBase2["default"])(_this,_apiKey)[_apiKey]?'***configured***':'NOT_SET',applicationId:(0,_classPrivateFieldLooseBase2["default"])(_this,_applicationId)[_applicationId]||'NOT_SET',healthEndpoint:healthUrl,healthStatus:response.ok?'OK':'FAILED',healthResponse:healthData,httpStatus:response.status,timestamp:new Date().toISOString()};_zsmLogger["default"].info("Health check result: "+result.healthStatus,traceId);_zsmLogger["default"].trace("Full health check result: "+JSON.stringify(result),traceId);return _context3.abrupt("return",result);case 6:_context3.prev=6;_t2=_context3["catch"](0);errorResult={host:_this.host,healthStatus:'ERROR',error:_t2.message,timestamp:new Date().toISOString()};_zsmLogger["default"].error("Health check failed: "+_t2.message);return _context3.abrupt("return",errorResult);case 7:case"end":return _context3.stop();}},_callee3,null,[[0,6],[2,4]]);}));this.registrationStart=function(traceId){if(traceId===void 0){traceId=null;}_this.status='REGISTRATION_START';var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].debug('Starting WebAuthn registration',actualTraceId);return(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/webauthn/registration/start",{},{},'POST',actualTraceId).then(function(data){return(0,_classPrivateFieldLooseBase2["default"])(_this,_publicKey)[_publicKey]=data.ccr.publicKey;}).then(function(result){return _this.status='REGISTRATION_STARTED',result;})["catch"](function(error){return _this.status='REGISTRATION_FAILED',Promise.reject(error instanceof Error?error:new Error(error));});};this.registrationFinish=function(credential,traceId){if(traceId===void 0){traceId=null;}_this.status='REGISTRATION_FINISH';var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].debug('Finishing WebAuthn registration',actualTraceId);return(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/webauthn/registration/finish",{credential:credential},{},'POST',actualTraceId).then(function(response){return(0,_classPrivateFieldLooseBase2["default"])(_this,_credentialID)[_credentialID]=credential.rawId,response;}).then(function(credential){return _this.status='REGISTRATION_FINISHED',credential;})["catch"](function(error){return _this.status='REGISTRATION_FAILED',_this.clearEnrollmentCredentials(),Promise.reject(error instanceof Error?error:new Error(error));});};this.authenticationStart=function(credential_id,traceId){if(credential_id===void 0){credential_id=_this.credentialID;}if(traceId===void 0){traceId=null;}_this.status='AUTHENTICATION_STARTING';var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].debug('Starting WebAuthn authentication',actualTraceId);return _this.credentialID!=null?(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/webauthn/authentication/start",{credential_id:credential_id},{},'POST',actualTraceId).then(function(result){return _this.status='AUTHENTICATION_STARTED',result;}):(_this.status='AUTHENTICATION_FAILED',Promise.reject(new Error("No user ID or credential ID provided")));};this.authenticationFinish=function(credential,traceId){if(traceId===void 0){traceId=null;}_this.status='AUTHENTICATION_FINISHING';var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].debug('Finishing WebAuthn authentication',actualTraceId);return(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/webauthn/authentication/finish",{credential:credential},{},'POST',actualTraceId).then(function(result){return _this.status='AUTHENTICATION_FINISHED',result;})["catch"](function(error){return _this.status='AUTHENTICATION_FAILED',Promise.reject(error instanceof Error?error:new Error(error));});};this.checkServerSideIdentity=function(createNewIdentity){var traceId=_zsmLogger["default"].generateTraceId();_zsmLogger["default"].trace("[CHECK-SERVER-IDENTITY] called with createNewIdentity: "+createNewIdentity,traceId);_zsmLogger["default"].trace("[CHECK-SERVER-IDENTITY] customerDefinedIdentifier: "+_this.customerDefinedIdentifier,traceId);_zsmLogger["default"].trace("[CHECK-SERVER-IDENTITY] applicationId: "+_this.applicationId,traceId);createNewIdentity=createNewIdentity?{create_new_identity:"true"}:{};_zsmLogger["default"].trace("[CHECK-SERVER-IDENTITY] Final object to send: "+JSON.stringify(createNewIdentity),traceId);_this.status='CHECKING_IDENTITY_STARTING';return(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/umfa/check-identity",createNewIdentity).then(function(result){return _this.status='CHECKING_IDENTITY_FINISHED',result;})["catch"](function(error){return _this.status='CHECKING_IDENTITY_FAILED',Promise.reject(error);});};this.createIdentityThenRegistrationStart=function(traceId){if(traceId===void 0){traceId=null;}_this.status='OPTIMIZED_REGISTRATION_START';var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].debug('[OPTIMIZED-FLOW] Starting createIdentityThenRegistrationStart',actualTraceId);return(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/webauthn/registration/create-identity-then-start",{},{},'POST',actualTraceId).then(function(){var _ref4=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee4(data){return _regenerator["default"].wrap(function(_context4){while(1)switch(_context4.prev=_context4.next){case 0:(0,_classPrivateFieldLooseBase2["default"])(_this,_publicKey)[_publicKey]=data.ccr.publicKey;_zsmLogger["default"].debug("[OPTIMIZED-FLOW] Received identity_id: "+data.identity_id,actualTraceId);_zsmLogger["default"].trace("[OPTIMIZED-FLOW] Received publicKey for registration",actualTraceId);_context4.next=1;return _this.handleServerIdentityResponse(data,_this.customerDefinedIdentifier);case 1:return _context4.abrupt("return",{identity_id:data.identity_id,publicKey:data.ccr.publicKey,ccr:data.ccr});case 2:case"end":return _context4.stop();}},_callee4);}));return function(_x){return _ref4.apply(this,arguments);};}()).then(function(result){return _this.status='OPTIMIZED_REGISTRATION_STARTED',result;})["catch"](function(error){return _this.status='OPTIMIZED_REGISTRATION_FAILED',Promise.reject(error instanceof Error?error:new Error(error));});};this.registrationFinishAuthenticationStart=function(credential,traceId){if(traceId===void 0){traceId=null;}_this.status='OPTIMIZED_REGISTRATION_FINISH_AUTH_START';var actualTraceId=traceId||_zsmLogger["default"].generateTraceId();_zsmLogger["default"].debug('[OPTIMIZED-FLOW] Starting registrationFinishAuthenticationStart',actualTraceId);return(0,_classPrivateFieldLooseBase2["default"])(_this,_makePostRequest)[_makePostRequest]("api/webauthn/registration/finish-then-authentication-start",{credential:credential},{},'POST',actualTraceId).then(function(result){(0,_classPrivateFieldLooseBase2["default"])(_this,_credentialID)[_credentialID]=credential.rawId;_zsmLogger["default"].debug("[OPTIMIZED-FLOW] Registration finished and authentication started",actualTraceId);return result;}).then(function(result){return _this.status='OPTIMIZED_REGISTRATION_FINISH_AUTH_STARTED',result;})["catch"](function(error){return _this.status='OPTIMIZED_REGISTRATION_FINISH_AUTH_FAILED',_this.clearEnrollmentCredentials(),Promise.reject(error instanceof Error?error:new Error(error));});};(0,_classPrivateFieldLooseBase2["default"])(this,_host)[_host]=host;(0,_classPrivateFieldLooseBase2["default"])(this,_apiKey)[_apiKey]=apiKey;(0,_classPrivateFieldLooseBase2["default"])(this,_applicationId)[_applicationId]=applicationID;this.xhrHeaders={'Content-Type':'application/json'};}var _proto=RelyingPartyBase.prototype;_proto.storeIdentityMapping=function(){var _storeIdentityMapping=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee5(userId,identityId){return _regenerator["default"].wrap(function(_context5){while(1)switch(_context5.prev=_context5.next){case 0:_zsmLogger["default"].log("[IDENTITY-MAPPING] Base implementation: would store "+userId+" -> "+identityId);case 1:case"end":return _context5.stop();}},_callee5);}));function storeIdentityMapping(_x2,_x3){return _storeIdentityMapping.apply(this,arguments);}return storeIdentityMapping;}();_proto.lookupIdentityMapping=function(){var _lookupIdentityMapping=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee6(userId){return _regenerator["default"].wrap(function(_context6){while(1)switch(_context6.prev=_context6.next){case 0:_zsmLogger["default"].log("[IDENTITY-MAPPING] Base implementation: returning original userId "+userId);return _context6.abrupt("return",userId);case 1:case"end":return _context6.stop();}},_callee6);}));function lookupIdentityMapping(_x4){return _lookupIdentityMapping.apply(this,arguments);}return lookupIdentityMapping;}();_proto.getConsumerIdForMPC=function(){var _getConsumerIdForMPC=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee7(userId){var mapConsumerId;return _regenerator["default"].wrap(function(_context7){while(1)switch(_context7.prev=_context7.next){case 0:if(userId===void 0){userId=this.customerDefinedIdentifier;}_context7.next=1;return this.lookupIdentityMapping(userId);case 1:mapConsumerId=_context7.sent;_zsmLogger["default"].log("[IDENTITY-MAPPING] MPC consumer_id: '"+mapConsumerId+"' for user: '"+userId+"'");return _context7.abrupt("return",mapConsumerId);case 2:case"end":return _context7.stop();}},_callee7,this);}));function getConsumerIdForMPC(_x5){return _getConsumerIdForMPC.apply(this,arguments);}return getConsumerIdForMPC;}();_proto.handleServerIdentityResponse=function(){var _handleServerIdentityResponse=(0,_asyncToGenerator2["default"])(_regenerator["default"].mark(function _callee8(serverResponse,userId){return _regenerator["default"].wrap(function(_context8){while(1)switch(_context8.prev=_context8.next){case 0:if(userId===void 0){userId=this.customerDefinedIdentifier;}if(!(serverResponse!=null&&serverResponse.identity_id&&userId)){_context8.next=2;break;}_context8.next=1;return this.storeIdentityMapping(userId,serverResponse.identity_id);case 1:_zsmLogger["default"].debug("[IDENTITY-MAPPING] Processed server identity response for user: "+userId);case 2:case"end":return _context8.stop();}},_callee8,this);}));function handleServerIdentityResponse(_x6,_x7){return _handleServerIdentityResponse.apply(this,arguments);}return handleServerIdentityResponse;}();return(0,_createClass2["default"])(RelyingPartyBase,[{key:"host",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_host)[_host];}},{key:"apiKey",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_apiKey)[_apiKey];}},{key:"applicationId",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_applicationId)[_applicationId];}},{key:"userIdentifier",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_customerDefinedIdentifier)[_customerDefinedIdentifier];},set:function set(v){return(0,_classPrivateFieldLooseBase2["default"])(this,_customerDefinedIdentifier)[_customerDefinedIdentifier]=v;}},{key:"customerDefinedIdentifier",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_customerDefinedIdentifier)[_customerDefinedIdentifier];},set:function set(v){return(0,_classPrivateFieldLooseBase2["default"])(this,_customerDefinedIdentifier)[_customerDefinedIdentifier]=v;}},{key:"publicKey",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_publicKey)[_publicKey];}},{key:"credentialID",get:function get(){return(0,_classPrivateFieldLooseBase2["default"])(this,_credentialID)[_credentialID];},set:function set(v){return(0,_classPrivateFieldLooseBase2["default"])(this,_credentialID)[_credentialID]=v;}}]);}();var _default=exports["default"]=RelyingPartyBase;