Files
op-pedal/vite/public/t3k/handleTone3000download.html
T
Robin E.R. Davies c456e5187b NAM A2 Sync
2026-05-12 12:31:21 -04:00

148 lines
5.1 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Tone3000 Download Received</title>
</head>
<body style="background: black;">
<script>
async function handleOAuthCallback(
publishableKey,
redirectUri
) {
const params = new URLSearchParams(window.location.search);
alert("Debug me"); // xxx
const code = params.get('code');
const error = params.get('error');
const returnedState = params.get('state');
const toneId = params.get('tone_id') ?? undefined;
const modelId = params.get('model_id') ?? undefined;
const canceled = params.get('canceled') === 'true';
const storedState = sessionStorage.getItem('t3k_state');
const codeVerifier = sessionStorage.getItem('t3k_code_verifier');
// Clean up PKCE state regardless of outcome
sessionStorage.removeItem('t3k_state');
sessionStorage.removeItem('t3k_code_verifier');
// Verify state to prevent CSRF
if (returnedState !== storedState) {
return { ok: false, error: 'state_mismatch' };
}
// User closed without signing in — no code to exchange
if (canceled && !code) {
return { ok: false, error: 'canceled' };
}
// Access denied — e.g. model is private and user clicked "Back"
if (error) {
return { ok: false, error };
}
if (!code || !codeVerifier) {
return { ok: false, error: 'missing_code' };
}
const res = await fetch(`${T3K_API}/api/v1/oauth/token`, {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
code_verifier: codeVerifier,
redirect_uri: redirectUri,
client_id: publishableKey,
}),
});
if (!res.ok) {
const err = await res.json().catch(() => ({}));
return { ok: false, error: (err).error ?? 'token_exchange_failed' };
}
const data = await res.json();
const tokens = {
access_token: data.access_token,
refresh_token: data.refresh_token,
expires_at: Date.now() + data.expires_in * 1000,
};
return { ok: true, tokens, toneId, modelId, ...(canceled ? { canceled: true } : {}) };
}
handleOAuthCallback().then(result => {
if (window.opener) {
window.opener.postMessage({
type: 'tone3000DownloadCallback',
...result,
}, '*');
} else {
alert("No opener window found.");
}
window.close();
}).catch(e => {
alert(`Error handling OAuth callback: ${e.message}`);
window.close();
});
// // Parse URL parameters
// const urlParams = new URLSearchParams(window.location.search);
// alert(urlParams.toString());
// const code = urlParams.get('code');
// const error = urlParams.get('error');
// const state = urlParams.get('state');
// const toneId = urlParams.get('tone_id');
// const modelId = urlParams.get('model_id');
// const canceled = urlParams.get('canceled') === 'true';
// if (state !== sessionStorage.getItem('t3k_state')) {
// alert('State mismatch. Possible CSRF attack.');
// }
// if (canceled) {
// // User exited without selecting a tone.
// // If code is present, you can still exchange it for tokens.
// // If code is absent, the user closed before signing in.
// window.close();
// } else {
// const toneUrl = urlParams.get('tone_url');
// var popupWindow = null;;
// try {
// // Send the data back to the opener window
// if (window.opener) {
// popupWindow =
// window.opener.postMessage({
// type: 'tone3000Download',
// code: code,
// error: error,
// state: state,
// tone_id: toneId,
// toneId: toneId
// }, '*');
// } else {
// alert("No opener window found.");
// }
// }
// catch (e) {
// alert(e.message);
// }
// window.close();
// }
</script>
</body>
</html>