172 lines
7.0 KiB
HTML
172 lines
7.0 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Sign In</title>
|
|
<script src="https://cdn.tailwindcss.com"></script>
|
|
<script src="https://cdn.jsdelivr.net/npm/pocketbase@0.26.5/dist/pocketbase.umd.js"></script>
|
|
<script src="auth.js"></script>
|
|
<script src="token-manager.js"></script>
|
|
</head>
|
|
<body class="font-sans bg-gradient-to-br from-indigo-500 to-purple-600 min-h-screen flex items-center justify-center">
|
|
<div class="bg-white p-12 rounded-2xl shadow-2xl text-center max-w-md w-[90%]">
|
|
<h1 class="text-gray-800 mb-2 text-3xl">Welcome</h1>
|
|
<p class="text-gray-600 mb-8">Sign in with your Microsoft account</p>
|
|
|
|
<button id="loginBtn" onclick="login()" class="bg-blue-600 text-white border-none py-3.5 px-8 text-base rounded-md cursor-pointer transition-colors duration-200 font-medium hover:bg-blue-700 disabled:bg-gray-400 disabled:cursor-not-allowed">Sign in with Microsoft</button>
|
|
|
|
<div class="text-red-600 mt-4 hidden" id="error"></div>
|
|
|
|
<div class="hidden mt-8 text-left bg-gray-50 p-6 rounded-lg" id="userInfo">
|
|
<h2 class="text-lg mb-4 text-gray-800">Signed in</h2>
|
|
<p class="mb-3 text-gray-600 break-all"><strong class="text-gray-800">Name:</strong> <span id="displayName"></span></p>
|
|
<p class="mb-3 text-gray-600 break-all"><strong class="text-gray-800">Email:</strong> <span id="email"></span></p>
|
|
|
|
<button id="continueBtn" onclick="goToIndex()" class="hidden mt-4 bg-blue-600 text-white border-none py-3.5 px-8 text-base rounded-md cursor-pointer transition-colors duration-200 font-medium hover:bg-blue-700 disabled:bg-gray-400 disabled:cursor-not-allowed w-full">Continue to Job Info</button>
|
|
<button onclick="logout()" class="bg-gray-600 text-white border-none py-3.5 px-8 text-base rounded-md cursor-pointer transition-colors duration-200 font-medium hover:bg-gray-700 mt-4">Sign out</button>
|
|
</div>
|
|
</div>
|
|
|
|
<script>
|
|
const { pb, getDisplayName } = window.Auth;
|
|
let tokenManager;
|
|
|
|
const loginBtn = document.getElementById('loginBtn');
|
|
const errorEl = document.getElementById('error');
|
|
const userInfo = document.getElementById('userInfo');
|
|
const continueBtn = document.getElementById('continueBtn');
|
|
const GRAPH_REAUTH_FLAG = 'graphReauthAttempted';
|
|
|
|
function goToIndex() {
|
|
window.location.href = 'index.html';
|
|
}
|
|
|
|
function showAuthedUI(displayName, email) {
|
|
loginBtn.classList.add('hidden');
|
|
loginBtn.disabled = false;
|
|
loginBtn.textContent = 'Sign in with Microsoft';
|
|
userInfo.classList.remove('hidden');
|
|
continueBtn.classList.remove('hidden');
|
|
document.getElementById('displayName').textContent = displayName || 'Unknown';
|
|
document.getElementById('email').textContent = email || 'Not available';
|
|
}
|
|
|
|
async function login() {
|
|
loginBtn.disabled = true;
|
|
loginBtn.textContent = 'Signing in...';
|
|
errorEl.classList.add('hidden');
|
|
|
|
try {
|
|
// Step 1: Authenticate with PocketBase via Microsoft OAuth
|
|
const authData = await pb.collection('users').authWithOAuth2({
|
|
provider: 'microsoft',
|
|
});
|
|
|
|
// Step 2: Try to get Graph token from PB response
|
|
let graphToken = (
|
|
authData?.meta?.graphAccessToken ||
|
|
authData?.meta?.graph_token ||
|
|
authData?.meta?.graphToken ||
|
|
authData?.meta?.accessToken ||
|
|
authData?.meta?.access_token ||
|
|
authData?.meta?.token ||
|
|
''
|
|
);
|
|
|
|
// Step 3: If no Graph token from PB, use the OAuth token as the Graph token
|
|
// (PB's Microsoft OAuth should return a token that works with Graph API)
|
|
if (!graphToken && authData?.meta?.rawUser) {
|
|
// The OAuth token from Microsoft should work for Graph API calls
|
|
graphToken = authData?.token || authData?.meta?.accessToken || '';
|
|
}
|
|
|
|
if (graphToken) {
|
|
const expiresAt = authData?.meta?.graphTokenExpiresAt || new Date(Date.now() + 3600000).toISOString();
|
|
await tokenManager.setToken(graphToken, expiresAt);
|
|
console.log('[Login] Graph token stored successfully');
|
|
}
|
|
|
|
displayUserInfo(authData);
|
|
} catch (error) {
|
|
console.error('Login failed:', error);
|
|
errorEl.textContent = error.message || 'Authentication failed. Please try again.';
|
|
errorEl.classList.remove('hidden');
|
|
loginBtn.disabled = false;
|
|
loginBtn.textContent = 'Sign in with Microsoft';
|
|
}
|
|
}
|
|
|
|
function logout() {
|
|
if (tokenManager) tokenManager.stopRefreshCycle();
|
|
pb.authStore.clear();
|
|
localStorage.removeItem('graphAccessToken');
|
|
localStorage.removeItem('graphTokenExpiresAt');
|
|
loginBtn.classList.remove('hidden');
|
|
userInfo.classList.add('hidden');
|
|
continueBtn.classList.add('hidden');
|
|
loginBtn.disabled = false;
|
|
loginBtn.textContent = 'Sign in with Microsoft';
|
|
}
|
|
|
|
function displayUserInfo(authData) {
|
|
console.log('Auth response:', authData);
|
|
console.log('Auth meta:', authData?.meta);
|
|
const displayName = getDisplayName();
|
|
const email = authData?.meta?.rawUser?.email || authData?.record?.email || pb.authStore.model?.email || 'Not available';
|
|
|
|
// Extract token from metadata with fallback checks
|
|
const graphToken = (
|
|
authData?.meta?.graphAccessToken ||
|
|
authData?.meta?.graph_token ||
|
|
authData?.meta?.graphToken ||
|
|
authData?.meta?.accessToken ||
|
|
authData?.meta?.access_token ||
|
|
authData?.meta?.token ||
|
|
authData?.meta?.rawToken ||
|
|
authData?.meta?.authData?.access_token ||
|
|
''
|
|
);
|
|
|
|
const expiresAt = authData?.meta?.graphTokenExpiresAt || new Date(Date.now() + 3600000).toISOString();
|
|
|
|
console.log('Extracted Graph token:', graphToken ? graphToken.substring(0, 30) + '...' : 'NOT FOUND');
|
|
|
|
if (graphToken) {
|
|
// Store via TokenManager (syncs to all tiers)
|
|
tokenManager.setToken(graphToken, expiresAt).then(() => {
|
|
localStorage.removeItem(GRAPH_REAUTH_FLAG);
|
|
showAuthedUI(displayName, email);
|
|
});
|
|
} else {
|
|
console.warn('No graph token in auth response');
|
|
showAuthedUI(displayName, email);
|
|
}
|
|
}
|
|
|
|
(async () => {
|
|
// Initialize TokenManager
|
|
tokenManager = new TokenManager(pb);
|
|
await tokenManager.init();
|
|
|
|
const params = new URLSearchParams(window.location.search);
|
|
const reauth = params.get('reauth') === '1';
|
|
if (pb.authStore.isValid) {
|
|
try {
|
|
const authData = await pb.collection('users').authRefresh();
|
|
displayUserInfo(authData);
|
|
// If we came from a reauth flow and now have a token, go back automatically
|
|
const hasToken = await tokenManager.getToken();
|
|
if (reauth && hasToken) {
|
|
window.location.href = 'index.html';
|
|
}
|
|
} catch (err) {
|
|
pb.authStore.clear();
|
|
logout();
|
|
}
|
|
}
|
|
})();
|
|
</script>
|
|
</body>
|
|
</html>
|