feat: experimental captcha support

micwallace · micwallace · commit 9dcc9e20cfa5 · 2024-11-21T16:17:30.000+11:00
Open TS viewer window to resolve proxy.
This allows us to break out of the extension sandbox.
diff --git a/apps/extension/components/TokenScriptIframe.tsx b/apps/extension/components/TokenScriptIframe.tsx
@@ -16,21 +16,36 @@ export function TokenScriptIframe(props: {
       }
 
       if (event.data?.source === "TLINK_API_REQUEST") {
-        iframeRef.current?.contentWindow?.postMessage(
-          {
+        try {
+          iframeRef.current?.contentWindow?.postMessage(
+              {
+                type: "TLINK_API_RESPONSE",
+                source: "TLINK_API_RESPONSE",
+                data: {
+                  uid: event.data.data.uid,
+                  method: event.data.data.method,
+                  response: await handleTlinkApiRequest(
+                      event.data.data.method,
+                      event.data.data.payload
+                  )
+                }
+              },
+              "*"
+          )
+        } catch (e) {
+          console.error("TLink API request failed: ", e);
+          iframeRef.current?.contentWindow?.postMessage({
             type: "TLINK_API_RESPONSE",
             source: "TLINK_API_RESPONSE",
             data: {
               uid: event.data.data.uid,
               method: event.data.data.method,
-              response: handleTlinkApiRequest(
-                event.data.data.method,
-                event.data.data.payload
-              )
+              error: e.message
             }
-          },
-          "*"
-        )
+          }, "*");
+        }
+
+        return;
       }
 
       if (event.data?.source === "tlink") {
diff --git a/apps/extension/entrypoints/background.ts b/apps/extension/entrypoints/background.ts
@@ -1,10 +1,26 @@
+import {getTwitterHandle} from "@/lib/get-twitter-handle.ts";
+
 export default defineBackground(() => {
   // never mark the function here async
   chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
     if (!sender.tab || !sender.tab.id) {
       return null
     }
 
+    if (msg.type === "TLINK_API_REQUEST"){
+
+      console.log("Handling TLink API request from background: ", msg);
+
+      handleTlinkApiRequest(msg.method, msg.payload).then((res) => {
+        sendResponse(res);
+      }).catch((err) => {
+        // TODO: Error handling
+        console.error("error handling message", err, msg);
+      })
+
+      return true;
+    }
+
     let rpcMethod: string = ""
     let params: any = []
 
@@ -37,12 +53,60 @@ export default defineBackground(() => {
         }
       })
       .catch((err) => {
-        console.error("error handling message", err)
+        console.error("error handling message", err, msg)
       })
 
     return true
   })
 
+  async function handleTlinkApiRequest(method: string, payload: any) {
+    switch (method) {
+      case "getTurnstileToken":
+      case "getRecaptchaToken":
+        return handleTlinkApiViaTSViewerWindow(method, payload);
+    }
+  }
+
+  async function handleTlinkApiViaTSViewerWindow(method: string, payload: any){
+
+    return new Promise(async (resolve, reject) => {
+
+      let popup: WindowProxy|null;
+
+      const requestUrl = `http://localhost:3333/?viewType=tlink-api&method=${method}&payload=${encodeURIComponent(JSON.stringify(payload))}`
+
+      function handleMessage(event: MessageEvent){
+        if (event.source !== popup) {
+          return
+        }
+
+        popup!.onclose = null;
+
+        resolve(event.data);
+      }
+
+      window.addEventListener("message", handleMessage);
+
+
+      //popup = window.open(requestUrl, "", 'toolbar=no,location=no,status=no,menubar=no,scrollbars=yes,resizable=yes,width=550px,height=800px`');
+      popup = await chrome.windows.create({
+        url: requestUrl,
+        type: 'popup',
+        focused: true,
+        setSelfAsOpener: true
+        // incognito, top, left, ...
+      }) as WindowProxy;
+
+      if (!popup)
+        reject("Failed to open the popup window");
+
+      popup!.onclose = () => {
+        reject("Popup closed");
+      }
+
+    });
+  }
+
   async function handleWalletCommunication({
     tabId,
     rpcMethod,
diff --git a/apps/extension/entrypoints/sandbox/index.html b/apps/extension/entrypoints/sandbox/index.html
@@ -17,11 +17,6 @@
         height: 100%;
       }
     </style>
-    <script async src="https://www.google.com/recaptcha/api.js?render=explicit"></script>
-    <script
-            src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"
-            defer
-    ></script>
   </head>
   <body>
     <div id="root">
@@ -33,92 +28,6 @@
         sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-modals"></iframe>
     </div>
     <script>
-      const DEFAULT_RC_SITE_KEY = "6LeXSIIqAAAAAJlp04ct42518YoNJeWiUtUTItTb";
-
-      const widgetIds = {};
-
-      async function getRecaptchaToken(sitekey, action){
-
-        return new Promise((resolve, reject) => {
-
-          if (!sitekey)
-            sitekey = DEFAULT_RC_SITE_KEY;
-
-          grecaptcha.ready(function() {
-            const elemId = `recaptcha-${sitekey}`;
-            let widgetId;
-            if (widgetIds[sitekey] === undefined){
-              const elem = document.createElement("div");
-              elem.id = elemId;
-              document.body.append(elem);
-              widgetId = grecaptcha.render(elemId, {
-                sitekey,
-                size: 'invisible'
-              });
-              widgetIds[sitekey] = widgetId;
-            } else {
-              widgetId = widgetIds[sitekey];
-              const elem = document.getElementById(elemId).getElementsByClassName("grecaptcha-badge")[0];
-              if (elem) elem.style.visibility = "visible";
-            }
-
-            grecaptcha.execute(widgetId, {action: action ?? "recaptcha"}).then(function(token) {
-              resolve(token);
-              setTimeout(() => {
-                const elem = document.getElementById(elemId).getElementsByClassName("grecaptcha-badge")[0];
-                if (elem) elem.style.visibility = "hidden";
-              }, 5000);
-            }).catch(e => {
-              reject(e);
-            });
-          });
-        })
-      }
-
-      const DEFAULT_TS_SITE_KEY = "0x4AAAAAAA0Rmw6kZyekmiSB";
-
-      async function getTurnstileToken(sitekey){
-
-        return new Promise((resolve, reject) => {
-
-          if (!sitekey)
-            sitekey = DEFAULT_TS_SITE_KEY;
-
-          const elemId = `turnstile-${sitekey}`;
-          let elem;
-
-          try {
-            let widgetId;
-
-            if (!document.getElementById(elemId)) {
-              elem = document.createElement("div");
-              elem.id = elemId;
-              elem.classList.add("turnstile-widget");
-              document.body.append(elem);
-            }
-
-            widgetId = turnstile.render("#" + elemId, {
-              sitekey,
-              callback: function (token) {
-                console.log(`Challenge Success ${token}`);
-                resolve(token);
-                turnstile.remove(widgetId);
-                elem.remove();
-              },
-              'error-callback': function (error){
-                console.error("Turnstile error: ", error);
-                turnstile.remove(widgetId);
-                elem.remove();
-                reject(error);
-              }
-            });
-          } catch (e){
-            reject(e);
-            if (elem)
-              elem.remove();
-          }
-        })
-      }
 
       ;(function () {
         const iframe = document.getElementById("tlink-iframe")
@@ -134,36 +43,6 @@
           }
 
           if (event.data.type === "TLINK_API_REQUEST") {
-
-            // grecaptcha must be loaded in the extension context
-            const req = event.data.data;
-
-            if (req.method === "getRecaptchaToken") {
-              event.data.source = "TLINK_API_RESPONSE";
-              try {
-                const response = await getRecaptchaToken(req.payload?.sitekey, req.payload.action);
-                event.data.data.response = response;
-              } catch (e){
-                console.error(e);
-                event.data.data.error = e.message;
-              }
-              iframe?.contentWindow?.postMessage(event.data, "*");
-              return;
-            }
-
-            if (req.method === "getTurnstileToken") {
-              event.data.source = "TLINK_API_RESPONSE";
-              try {
-                const response = await getTurnstileToken(req.payload?.sitekey);
-                event.data.data.response = response;
-              } catch (e){
-                console.error(e);
-                event.data.data.error = e.message;
-              }
-              iframe?.contentWindow?.postMessage(event.data, "*");
-              return;
-            }
-
             // forward ts viewer API request out
             window.parent.postMessage(
               { source: "TLINK_API_REQUEST", data: event.data.data },
diff --git a/apps/extension/lib/handle-tlink-api.ts b/apps/extension/lib/handle-tlink-api.ts
@@ -1,14 +1,65 @@
 import { getTwitterHandle } from "@/lib/get-twitter-handle"
 
-export function handleTlinkApiRequest(method: string, payload: any) {
+export async function handleTlinkApiRequest(method: string, payload: any) {
   switch (method) {
     case "getTlinkContext":
       return {
         handle: getTwitterHandle(),
         API_KEY:
           "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwcm9qZWN0IjoibXVsdGktY2hhbm5lbC1yZW5kZXJpbmctdGxpbmsiLCJpYXQiOjE3MjcxNzE1MDl9.9864en0XJbVgzACE_gHrQ00mr6fgctNRXWZ0Nex3DcQ"
       }
+    case "getTurnstileToken":
+    case "getRecaptchaToken":
+     /*return await chrome.runtime.sendMessage({
+        type: "TLINK_API_REQUEST",
+        method,
+        payload
+      })*/
+      return await handleTlinkApiViaTSViewerWindow(method, payload);
   }
 
   return null
 }
+
+async function handleTlinkApiViaTSViewerWindow(method: string, payload: any){
+
+    return new Promise(async (resolve, reject) => {
+
+        let popup: WindowProxy|null;
+        let closedTimer;
+
+        const requestUrl = `http://localhost:3333/?viewType=tlink-api&method=${method}&payload=${encodeURIComponent(JSON.stringify(payload))}`
+
+        function handleMessage(event: MessageEvent){
+
+            if (event.source !== popup || event.data.type !== "TLINK_API_RESPONSE") {
+                return
+            }
+
+            if (closedTimer)
+                clearInterval(closedTimer)
+
+            if (event.data.response){
+                resolve(event.data.response);
+            } else {
+                reject(new Error(event.data.error));
+            }
+
+            popup?.close();
+        }
+
+        window.addEventListener("message", handleMessage);
+
+        popup = window.open(requestUrl, "", 'toolbar=no,location=no,status=no,menubar=no,scrollbars=yes,resizable=yes,width=250px,height=250px`');
+
+        if (!popup)
+            reject(new Error("Failed to open the popup window"));
+
+        closedTimer = setInterval(() => {
+            if (!popup || popup.closed){
+                reject(new Error("Popup closed"));
+            }
+        }, 1000)
+
+    });
+}
