feat: nethcti-middleware (#72)

Author: tommaso-ascani

package-lock.json

@@ -49,7 +49,7 @@
     "@nethesis/nethesis-brands-svg-icons": "github:nethesis/Font-Awesome#ns-brands",
     "@nethesis/nethesis-light-svg-icons": "github:nethesis/Font-Awesome#ns-light",
     "@nethesis/nethesis-solid-svg-icons": "github:nethesis/Font-Awesome#ns-solid",
-    "@nethesis/phone-island": "^0.15.11",
+    "@nethesis/phone-island": "^0.17.4",
     "@tailwindcss/forms": "^0.5.7",
     "@types/lodash": "^4.14.202",
     "@types/node": "^18.19.9",

package.json

@@ -109,7 +109,16 @@
     "Account List title": "Account list",
     "Account List description": "Choose an account to continue to NethLink.",
     "Delete account": "Are you sure you want to delete {{username}}?",
-    "Back": "Back"
+    "Back": "Back",
+    "User not authorized for NethLink": "User not authorized for NethLink",
+    "Generic error": "Generic error",
+    "2FA": {
+      "OTP code": "OTP code",
+      "OTP invalid": "The code you entered is invalid or has expired. Please check your authenticator app and try again.",
+      "OTP verification failed": "OTP verification failed",
+      "Two-Factor Authentication": "Two-Factor Authentication",
+      "Enter the 6-digit code (OTP code) from your authenticator app. If you cannot access the app, you can use one recovery OTP code.": "Enter the 6-digit code (OTP code) from your authenticator app. If you cannot access the app, you can use one recovery OTP code."
+    }
   },
   "SplashScreen": {
     "Description": "Welcome to NethLink, a desktop solution for seamless communication. Make and receive calls, save contacts to you phonebook and much more.",

public/locales/en/translations.json

@@ -109,7 +109,16 @@
     "Account List title": "Account disponibili",
     "Account List description": "Scegliete un account per proseguire con NethLink.",
     "Delete account": "Sei sicuro di voler eliminare {{username}}?",
-    "Back": "Indietro"
+    "Back": "Indietro",
+    "User not authorized for NethLink": "Utente non autorizzato per NethLink",
+    "Generic error": "Errore generico",
+    "2FA": {
+      "OTP code": "Codice OTP",
+      "OTP invalid": "Il codice inserito non è valido o è scaduto. Controlla la tua app di autenticazione e riprova.",
+      "OTP verification failed": "Verifica OTP fallita",
+      "Two-Factor Authentication": "Autenticazione a Due Fattori",
+      "Enter the 6-digit code (OTP code) from your authenticator app. If you cannot access the app, you can use one recovery OTP code.": "Inserisci il codice a 6 cifre (codice OTP) dalla tua app di autenticazione. Se non puoi accedere all'app, puoi utilizzare un codice OTP di recupero."
+    }
   },
   "SplashScreen": {
     "Description": "Benvenuti in NethLink, la soluzione desktop per comunicazioni senza confini. Effettua e ricevi chiamate, salva i contatti nella tua rubrica e molto altro ancora.",

public/locales/it/translations.json

@@ -5,7 +5,8 @@ import { store } from '@/lib/mainStore'
 import { useNethVoiceAPI } from '@shared/useNethVoiceAPI'
 import { useLogin } from '@shared/useLogin'
 import { NetworkController } from './NetworkController'
-import { delay, getAccountUID } from '@shared/utils/utils'
+import { getAccountUID } from '@shared/utils/utils'
+import { requires2FA, isJWTExpired } from '@shared/utils/jwt'
 
 const defaultConfig: ConfigFile = {
   lastUser: undefined,
@@ -76,7 +77,75 @@ export class AccountController {
           const decryptString = safeStorage.decryptString(psw)
           const _accountData = JSON.parse(decryptString)
           const password = _accountData.password
+
+          // Check if saved token is still valid and doesn't require 2FA
+          if (lastLoggedAccount.jwtToken) {
+            if (!isJWTExpired(lastLoggedAccount.jwtToken)) {
+              // Token is still valid locally, check if it requires 2FA
+              if (requires2FA(lastLoggedAccount.jwtToken)) {
+                Log.info('auto login failed: 2FA required, user interaction needed')
+                return false
+              }
+
+              // Token looks valid locally, but we need to verify with server
+              // The token might have been invalidated (e.g., 2FA disabled/enabled)
+              Log.info('auto login: validating saved token with server...')
+
+              try {
+                // Make a simple API call to verify the token is still accepted by the server
+                // Use the /api/user/me endpoint to validate the token
+                const testUrl = `https://${lastLoggedAccount.host}/api/user/me`
+                const response = await NetworkController.instance.get(testUrl, {
+                  headers: {
+                    'Authorization': `Bearer ${lastLoggedAccount.jwtToken}`
+                  }
+                } as any)
+
+                // If we get here, the token is valid on the server
+                Log.info('auto login: token validated with server, using saved token')
+              } catch (error: any) {
+                // Token was rejected by server (401/403) or network error
+                Log.info('auto login failed: saved token rejected by server', error?.response?.status || error?.message)
+                return false
+              }
+
+              // Update store with the saved account (don't do a new login!)
+              // IMPORTANT: Preserve auth.lastUser and auth.lastUserCryptPsw so they are saved to disk
+              // IMPORTANT: Set connection: true to prevent "No internet connection" banner
+              store.updateStore({
+                account: lastLoggedAccount,
+                theme: lastLoggedAccount.theme,
+                connection: true,
+                accountStatus: store.store.accountStatus || 'offline',
+                isCallsEnabled: store.store.isCallsEnabled || false,
+                auth: {
+                  ...authAppData,
+                  lastUser: authAppData.lastUser,
+                  lastUserCryptPsw: authAppData.lastUserCryptPsw
+                }
+              }, 'autoLogin')
+
+              return true
+            } else {
+              Log.info('auto login: saved token expired, need to re-login')
+            }
+          }
+
+          // Token is expired or doesn't exist, do a new login
           const tempLoggedAccount = await this.NethVoiceAPI.Authentication.login(lastLoggedAccount.host, lastLoggedAccount.username, password)
+
+          // Check if 2FA is required - auto-login should fail in this case
+          if (tempLoggedAccount.jwtToken && requires2FA(tempLoggedAccount.jwtToken)) {
+            Log.info('auto login failed: 2FA required, user interaction needed')
+            return false
+          }
+
+          // Auto-login only works with JWT tokens (no legacy support)
+          if (!tempLoggedAccount.jwtToken) {
+            Log.info('auto login failed: no JWT token received')
+            return false
+          }
+
           let loggedAccount: Account = {
             ...lastLoggedAccount,
             ...tempLoggedAccount,

src/main/classes/controllers/AccountController.ts

@@ -10,6 +10,7 @@ import { Extension, Size } from '@shared/types'
 export class PhoneIslandController {
   static instance: PhoneIslandController
   window: PhoneIslandWindow
+  private isWarmingUp: boolean = false
 
   constructor() {
     PhoneIslandController.instance = this
@@ -30,7 +31,8 @@ export class PhoneIslandController {
         if (h === 0 && w === 0) {
           window.hide()
         } else {
-          if (!window.isVisible()) {
+          // Don't show window during warm-up
+          if (!window.isVisible() && !this.isWarmingUp) {
             window.show()
             window.setAlwaysOnTop(true)
           }
@@ -148,6 +150,60 @@ export class PhoneIslandController {
     }
   }
 
+  muteAudio() {
+    try {
+      const window = this.window.getWindow()
+      if (window && window.webContents) {
+        window.webContents.setAudioMuted(true)
+        Log.info('PhoneIsland audio muted')
+      }
+    } catch (e) {
+      Log.warning('error during muting PhoneIsland audio:', e)
+    }
+  }
+
+  unmuteAudio() {
+    try {
+      const window = this.window.getWindow()
+      if (window && window.webContents) {
+        window.webContents.setAudioMuted(false)
+        Log.info('PhoneIsland audio unmuted')
+      }
+    } catch (e) {
+      Log.warning('error during unmuting PhoneIsland audio:', e)
+    }
+  }
+
+  forceHide() {
+    try {
+      const window = this.window.getWindow()
+      if (window) {
+        this.isWarmingUp = true
+        window.hide()
+        Log.info('PhoneIsland window hidden')
+      }
+    } catch (e) {
+      Log.warning('error during force hiding PhoneIsland:', e)
+    }
+  }
+
+  forceShow() {
+    try {
+      const window = this.window.getWindow()
+      if (window) {
+        this.isWarmingUp = false
+        // Only show if there's actually content (size > 0)
+        const bounds = window.getBounds()
+        if (bounds.width > 0 && bounds.height > 0) {
+          window.show()
+          window.setAlwaysOnTop(true)
+          Log.info('PhoneIsland window shown')
+        }
+      }
+    } catch (e) {
+      Log.warning('error during force showing PhoneIsland:', e)
+    }
+  }
 
   async safeQuit() {
     await this.logout()

src/main/classes/controllers/PhoneIslandController.ts

@@ -18,6 +18,9 @@ import os from 'os'
 
 const { keyboard, Key } = require("@nut-tree-fork/nut-js");
 
+// Global flag to ensure audio warm-up runs only once per app session
+let hasRunAudioWarmup = false
+
 function onSyncEmitter<T>(
   channel: IPC_EVENTS,
   asyncCallback: (...args: any[]) => Promise<T>