"use client"; import { useState, useEffect, useRef, useCallback } from "react"; import PropTypes from "prop-types"; import { Modal, Button, Input } from "@/shared/components"; import { useCopyToClipboard } from "@/shared/hooks/useCopyToClipboard"; /** * OAuth Modal Component * - Localhost: Auto callback via popup message * - Remote: Manual paste callback URL */ export default function OAuthModal({ isOpen, provider, providerInfo, onSuccess, onClose, idcConfig, }: any) { const [step, setStep] = useState("waiting"); // waiting | input | success | error | method-select | cookie-input const [authData, setAuthData] = useState(null); const [callbackUrl, setCallbackUrl] = useState(""); const [error, setError] = useState(null); const [isDeviceCode, setIsDeviceCode] = useState(false); const [deviceData, setDeviceData] = useState(null); const [polling, setPolling] = useState(false); const [authMethod, setAuthMethod] = useState(null); // 'oauth' | 'cookie' const [cookieValue, setCookieValue] = useState(""); const [cookieAuthenticating, setCookieAuthenticating] = useState(false); const popupRef = useRef(null); const { copied, copy } = useCopyToClipboard(); // State for client-only values to avoid hydration mismatch const [isLocalhost, setIsLocalhost] = useState(false); const [placeholderUrl, setPlaceholderUrl] = useState("/callback?code=..."); const callbackProcessedRef = useRef(false); const flowStartedRef = useRef(false); // Detect if running on localhost (client-side only) useEffect(() => { if (typeof window !== "undefined") { setIsLocalhost( window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1" ); setPlaceholderUrl(`${window.location.origin}/callback?code=...`); } }, []); // Define all useCallback hooks BEFORE the useEffects that reference them // Exchange tokens const exchangeTokens = useCallback( async (code, state) => { if (!authData) return; try { const res = await fetch(`/api/oauth/${provider}/exchange`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ code, redirectUri: authData.redirectUri, codeVerifier: authData.codeVerifier, state, }), }); const data = await res.json(); if (!res.ok) throw new Error(data.error); setStep("success"); onSuccess?.(); } catch (err) { setError(err.message); setStep("error"); } }, [authData, provider, onSuccess] ); // Poll for device code token const startPolling = useCallback( async (deviceCode, codeVerifier, interval, extraData) => { setPolling(true); const maxAttempts = 60; for (let i = 0; i < maxAttempts; i++) { await new Promise((r) => setTimeout(r, interval * 1000)); try { const res = await fetch(`/api/oauth/${provider}/poll`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ deviceCode, codeVerifier, extraData }), }); const data = await res.json(); if (data.success) { setStep("success"); setPolling(false); onSuccess?.(); return; } if (data.error === "expired_token" || data.error === "access_denied") { throw new Error(data.errorDescription || data.error); } if (data.error === "slow_down") { interval = Math.min(interval + 5, 30); } } catch (err) { setError(err.message); setStep("error"); setPolling(false); return; } } setError("Authorization timeout"); setStep("error"); setPolling(false); }, [provider, onSuccess] ); // Start OAuth flow const startOAuthFlow = useCallback(async () => { if (!provider) return; try { setError(null); // For iFlow, show method selection first if (provider === "iflow" && !authMethod) { setStep("method-select"); return; } // Device code flow (GitHub, Qwen, Kiro, Kimi Coding, KiloCode) if ( provider === "github" || provider === "qwen" || provider === "kiro" || provider === "kimi-coding" || provider === "kilocode" ) { setIsDeviceCode(true); setStep("waiting"); const res = await fetch(`/api/oauth/${provider}/device-code`); const data = await res.json(); if (!res.ok) throw new Error(data.error); setDeviceData(data); // Open verification URL const verifyUrl = data.verification_uri_complete || data.verification_uri; if (verifyUrl) window.open(verifyUrl, "oauth_verify"); // Start polling - pass extraData for Kiro (contains _clientId, _clientSecret) const extraData = provider === "kiro" ? { _clientId: data._clientId, _clientSecret: data._clientSecret } : null; startPolling(data.device_code, data.codeVerifier, data.interval || 5, extraData); return; } // Codex: on localhost use callback server on port 1455, // on remote use standard auth code flow (callback server is unreachable) if (provider === "codex") { if (isLocalhost) { // Localhost: use callback server on port 1455 + polling try { const serverRes = await fetch(`/api/oauth/codex/start-callback-server`); const serverData = await serverRes.json(); if (!serverRes.ok) throw new Error(serverData.error); setAuthData({ ...serverData, redirectUri: serverData.redirectUri }); setStep("waiting"); window.open(serverData.authUrl, "oauth_auth"); setPolling(true); const maxAttempts = 150; for (let i = 0; i < maxAttempts; i++) { await new Promise((r) => setTimeout(r, 2000)); const pollRes = await fetch(`/api/oauth/codex/poll-callback`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({}), }); const pollData = await pollRes.json(); if (pollData.success) { setStep("success"); setPolling(false); onSuccess?.(); return; } if (pollData.error && !pollData.pending) { throw new Error(pollData.errorDescription || pollData.error); } } setPolling(false); throw new Error("Authorization timeout"); } catch (codexErr) { setPolling(false); setStep("input"); setError(codexErr.message + " — You can paste the callback URL manually below."); } return; } // Remote: fall through to standard auth code flow below } // Authorization code flow // Always use localhost redirect_uri — this is what providers have registered. // On remote, the browser redirects to localhost (error page), user copies URL and pastes back. // Codex (OpenAI) requires exactly http://localhost:1455/auth/callback — the registered URI. // Other providers (Antigravity/Gemini via Google OAuth) accept any localhost port. let redirectUri: string; if (provider === "codex" || provider === "openai") { redirectUri = "http://localhost:1455/auth/callback"; } else if (provider === "iflow") { redirectUri = "http://localhost:8080/callback"; } else { const port = window.location.port || (window.location.protocol === "https:" ? "443" : "80"); redirectUri = `http://localhost:${port}/callback`; } const res = await fetch( `/api/oauth/${provider}/authorize?redirect_uri=${encodeURIComponent(redirectUri)}` ); const data = await res.json(); if (!res.ok) throw new Error(data.error); setAuthData({ ...data, redirectUri }); // iFlow always uses manual input mode (displays code on their page) // For non-localhost: use manual input mode (user pastes callback URL) if (provider === "iflow" || !isLocalhost) { setStep("input"); window.open(data.authUrl, "oauth_auth"); } else { // Localhost: Open popup and wait for message setStep("waiting"); popupRef.current = window.open(data.authUrl, "oauth_popup", "width=600,height=700"); // Check if popup was blocked if (!popupRef.current) { setStep("input"); } } } catch (err) { setError(err.message); setStep("error"); } }, [provider, isLocalhost, startPolling, onSuccess, authMethod]); // Handle cookie authentication for iFlow const authenticateWithCookie = useCallback(async () => { if (!cookieValue.trim()) { setError("Please enter your cookie"); return; } setCookieAuthenticating(true); setError(null); try { const res = await fetch("/api/oauth/iflow/cookie", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ cookie: cookieValue }), }); const data = await res.json(); if (!res.ok) { throw new Error(data.error || "Cookie authentication failed"); } setStep("success"); onSuccess?.(); } catch (err) { setError(err.message); setStep("error"); } finally { setCookieAuthenticating(false); } }, [cookieValue, onSuccess]); // Reset guard when modal closes useEffect(() => { if (!isOpen) { flowStartedRef.current = false; } }, [isOpen]); // Reset state and start OAuth when modal opens useEffect(() => { if (isOpen && provider) { if (flowStartedRef.current) return; // Already started, prevent duplicate flowStartedRef.current = true; setAuthData(null); setCallbackUrl(""); setError(null); setIsDeviceCode(false); setDeviceData(null); setPolling(false); setAuthMethod(null); setCookieValue(""); setCookieAuthenticating(false); // Auto start OAuth startOAuthFlow(); } }, [isOpen, provider, startOAuthFlow]); // Listen for OAuth callback via multiple methods useEffect(() => { if (!authData) return; callbackProcessedRef.current = false; // Reset when authData changes // Handler for callback data - only process once const handleCallback = async (data) => { if (callbackProcessedRef.current) return; // Already processed const { code, state, error: callbackError, errorDescription } = data; if (callbackError) { callbackProcessedRef.current = true; setError(errorDescription || callbackError); setStep("error"); return; } if (code) { callbackProcessedRef.current = true; await exchangeTokens(code, state); } }; // Method 1: postMessage from popup const handleMessage = (event) => { // Accept same-origin OR localhost with same port (remote access scenario: // dashboard at 192.168.x:port, callback redirects to localhost:port) const currentPort = window.location.port; const isLocalhostSamePort = event.origin.match(/^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/) && new URL(event.origin).port === currentPort; if (event.origin !== window.location.origin && !isLocalhostSamePort) return; if (event.data?.type === "oauth_callback") { handleCallback(event.data.data); } }; window.addEventListener("message", handleMessage); // Method 2: BroadcastChannel let channel; try { channel = new BroadcastChannel("oauth_callback"); channel.onmessage = (event) => handleCallback(event.data); } catch (e) { console.log("BroadcastChannel not supported"); } // Method 3: localStorage event const handleStorage = (event) => { if (event.key === "oauth_callback" && event.newValue) { try { const data = JSON.parse(event.newValue); handleCallback(data); localStorage.removeItem("oauth_callback"); } catch (e) { console.log("Failed to parse localStorage data"); } } }; window.addEventListener("storage", handleStorage); // Also check localStorage on mount (in case callback already happened) try { const stored = localStorage.getItem("oauth_callback"); if (stored) { const data = JSON.parse(stored); // Only use if recent (within 30 seconds) if (data.timestamp && Date.now() - data.timestamp < 30000) { handleCallback(data); localStorage.removeItem("oauth_callback"); } } } catch { // localStorage may be unavailable or data may be malformed - ignore silently } return () => { window.removeEventListener("message", handleMessage); window.removeEventListener("storage", handleStorage); if (channel) channel.close(); }; }, [authData, exchangeTokens]); // Handle manual URL input const handleManualSubmit = async () => { try { setError(null); let code, state; const input = callbackUrl.trim(); // Check if input looks like a URL or just a code if (input.includes("://") || input.startsWith("http")) { // Parse as URL const url = new URL(input); code = url.searchParams.get("code"); state = url.searchParams.get("state"); const errorParam = url.searchParams.get("error"); if (errorParam) { throw new Error(url.searchParams.get("error_description") || errorParam); } if (!code) { throw new Error("No authorization code found in URL"); } } else { // Treat as raw code (for iFlow and similar providers) code = input; state = authData?.state || null; } await exchangeTokens(code, state); } catch (err) { setError(err.message); setStep("error"); } }; if (!provider || !providerInfo) return null; return (
{/* Method Selection for iFlow */} {step === "method-select" && provider === "iflow" && ( <>

Choose how you want to connect to iFlow:

)} {/* Cookie Input for iFlow */} {step === "cookie-input" && provider === "iflow" && ( <>
info How to get your cookie:
  1. Go to https://platform.iflow.cn/ and log in
  2. Press F12 to open DevTools → Application tab
  3. Find Cookies → https://platform.iflow.cn
  4. Copy the BXAuth value