chore: desktop app accounts communication via accounts proxy

Author: abose

serve-proxy.js

@@ -7,8 +7,12 @@ const path = require('path');
 const fs = require('fs');
 const httpProxy = require('http-proxy');
 
+const ACCOUNT_PROD = 'https://account.phcode.dev';
+const ACCOUNT_STAGING = 'https://account-stage.phcode.dev';
+const ACCOUNT_DEV = 'http://localhost:5000';
+
 // Account server configuration - switch between local and production
-let accountServer = 'https://account.phcode.dev'; // Production
+let accountServer = ACCOUNT_PROD; // Production
 // Set to local development server if --localAccount flag is provided
 
 // Default configuration
@@ -24,6 +28,8 @@ let config = {
 // Parse command line arguments
 function parseArgs() {
     const args = process.argv.slice(2);
+    let hasLocalAccount = false;
+    let hasStagingAccount = false;
 
     for (let i = 0; i < args.length; i++) {
         const arg = args[i];
@@ -46,11 +52,21 @@ function parseArgs() {
         } else if (arg === '--log-ip') {
             config.logIp = true;
         } else if (arg === '--localAccount') {
-            accountServer = 'http://localhost:5000';
+            hasLocalAccount = true;
+            accountServer = ACCOUNT_DEV;
+        } else if (arg === '--stagingAccount') {
+            hasStagingAccount = true;
+            accountServer = ACCOUNT_STAGING;
         } else if (!arg.startsWith('-')) {
             config.root = path.resolve(arg);
         }
     }
+
+    // Check for mutually exclusive flags
+    if (hasLocalAccount && hasStagingAccount) {
+        console.error('Error: --localAccount and --stagingAccount cannot be used together');
+        process.exit(1);
+    }
 }
 
 // Create proxy server
@@ -81,15 +97,15 @@ proxy.on('proxyReq', (proxyReq, req) => {
 
     // Transform referer from localhost:8000 to phcode.dev
     if (originalReferer && originalReferer.includes('localhost:8000')) {
-        const newReferer = originalReferer.replace(/localhost:8000/g, 'phcode.dev');
+        const newReferer = originalReferer.replace(/http:\/\/localhost:8000/g, 'https://phcode.dev');
         proxyReq.setHeader('Referer', newReferer);
     } else if (!originalReferer) {
         proxyReq.setHeader('Referer', 'https://phcode.dev/');
     }
 
     // Transform origin from localhost:8000 to phcode.dev
     if (originalOrigin && originalOrigin.includes('localhost:8000')) {
-        const newOrigin = originalOrigin.replace(/localhost:8000/g, 'phcode.dev');
+        const newOrigin = originalOrigin.replace(/http:\/\/localhost:8000/g, 'https://phcode.dev');
         proxyReq.setHeader('Origin', newOrigin);
     }
 

src/services/login-desktop.js

@@ -80,9 +80,19 @@ define(function (require, exports, module) {
      * For desktop apps, this directly uses the configured account URL
      */
     function getAccountBaseURL() {
+        if (location.hostname === 'localhost' || location.hostname === '127.0.0.1') {
+            return '/proxy/accounts';
+        }
         return Phoenix.config.account_url.replace(/\/$/, ''); // Remove trailing slash
     }
 
+    /**
+     * Get the account website URL for opening browser tabs
+     */
+    function _getAccountWebURL() {
+        return Phoenix.config.account_url;
+    }
+
     const ERR_RETRY_LATER = "retry_later";
     const ERR_INVALID = "invalid";
 
@@ -96,7 +106,7 @@ define(function (require, exports, module) {
      * never rejects.
      */
     async function _resolveAPIKey(apiKey, validationCode) {
-        const resolveURL = `${Phoenix.config.account_url}resolveAppSessionID?appSessionID=${apiKey}&validationCode=${validationCode}`;
+        const resolveURL = `${getAccountBaseURL()}/resolveAppSessionID?appSessionID=${apiKey}&validationCode=${validationCode}`;
         if (!navigator.onLine) {
             return {err: ERR_RETRY_LATER};
         }
@@ -196,7 +206,7 @@ define(function (require, exports, module) {
         const authPortURL = _getAutoAuthPortURL();
         const platformStr = PLATFORM_STRINGS[Phoenix.platform] || Phoenix.platform;
         const appName = encodeURIComponent(`${Strings.APP_NAME} Desktop on ${platformStr}`);
-        const resolveURL = `${Phoenix.config.account_url}getAppAuthSession?autoAuthPort=${authPortURL}&appName=${appName}`;
+        const resolveURL = `${getAccountBaseURL()}/getAppAuthSession?autoAuthPort=${authPortURL}&appName=${appName}`;
         // {"isSuccess":true,"appSessionID":"a uuid...","validationCode":"SWXP07"}
         try {
             if(Phoenix.isTestWindow && fetchFn === fetch){
@@ -254,7 +264,7 @@ define(function (require, exports, module) {
         }
         const {appSessionID, validationCode} = appAuthSession;
         await setAutoVerificationCode(validationCode);
-        const appSignInURL = `${Phoenix.config.account_url}authorizeApp?appSessionID=${appSessionID}`;
+        const appSignInURL = `${_getAccountWebURL()}authorizeApp?appSessionID=${appSessionID}`;
 
         // Show dialog with validation code
         const dialogData = {
@@ -350,7 +360,7 @@ define(function (require, exports, module) {
     }
 
     async function signOutAccount() {
-        const resolveURL = `${Phoenix.config.account_url}logoutSession`;
+        const resolveURL = `${getAccountBaseURL()}/logoutSession`;
         try {
             let input = {
                 appSessionID: userProfile.apiKey
@@ -378,7 +388,7 @@ define(function (require, exports, module) {
                     Strings.SIGNED_OUT_FAILED_MESSAGE
                 );
                 dialog.done(() => {
-                    NativeApp.openURLInDefaultBrowser(Phoenix.config.account_url + "#advanced");
+                    NativeApp.openURLInDefaultBrowser(_getAccountWebURL() + "#advanced");
                 });
                 Metrics.countEvent(Metrics.EVENT_TYPE.AUTH, 'logoutFail', Phoenix.platform);
                 return;
@@ -399,7 +409,7 @@ define(function (require, exports, module) {
                 Strings.SIGNED_OUT_FAILED_MESSAGE
             );
             dialog.done(() => {
-                NativeApp.openURLInDefaultBrowser(Phoenix.config.account_url + "#advanced");
+                NativeApp.openURLInDefaultBrowser(_getAccountWebURL() + "#advanced");
             });
             Metrics.countEvent(Metrics.EVENT_TYPE.AUTH, 'getAppAuth', Phoenix.platform);
             logger.reportError(error, "Failed to call logout calling" + resolveURL);

src/services/manage-licenses.js

@@ -44,6 +44,9 @@ define(function (require, exports, module) {
      * Get the API base URL for license operations
      */
     function _getAPIBaseURL() {
+        if (location.hostname === 'localhost' || location.hostname === '127.0.0.1') {
+            return '/proxy/accounts';
+        }
         return Phoenix.config.account_url.replace(/\/$/, ''); // Remove trailing slash
     }
 

src/services/readme-login-desktop-no_dist.md

@@ -241,9 +241,8 @@ pref.on('change', _verifyLogin);
 
 For testing desktop authentication with a local account server:
 
-1. **Configure Account URL:**
-   - Edit `src/config.json`
-   - Change `account_url` from `https://account.phcode.dev/` to `http://localhost:5000/` (or your local server URL)
+1. **Configure Proxy Server:**
+    - use `npm run serveLocalAccount` to serve phoenix repo server, instead of using npm run serve command.
 
 2. **Rebuild Application:**
    ```bash
@@ -326,4 +325,4 @@ if(resolveResponse.userDetails) {
 
 For desktop implementation details, see the source code in `src/services/login-desktop.js`. For browser authentication, see `src/services/login-browser.js` and `readme-login-browser-no_dist.md`.
 
-For deeper understanding of the Kernel Mode Trust security architecture and secure credential storage implementation, refer to the Kernel Mode Trust source files (out of scope for this document).
+For deeper understanding of the Kernel Mode Trust security architecture and secure credential storage implementation, refer to the Kernel Mode Trust source files (out of scope for this document).