refactor: secure KernalModeTrust.loginService

Author: abose

src/services/login-browser.js

@@ -43,15 +43,14 @@
  */
 
 define(function (require, exports, module) {
-    const EventDispatcher = require("utils/EventDispatcher"),
-        PreferencesManager  = require("preferences/PreferencesManager"),
+    require("./login-service"); // after this, loginService will be in KernalModeTrust
+    const PreferencesManager  = require("preferences/PreferencesManager"),
         Metrics = require("utils/Metrics"),
         Dialogs = require("widgets/Dialogs"),
         DefaultDialogs = require("widgets/DefaultDialogs"),
         Strings = require("strings"),
         StringUtils = require("utils/StringUtils"),
         ProfileMenu  = require("./profile-menu"),
-        LoginService = require("./login-service"),
         Mustache = require("thirdparty/mustache/mustache"),
         browserLoginWaitingTemplate = require("text!./html/browser-login-waiting-dialog.html");
 
@@ -60,11 +59,7 @@ define(function (require, exports, module) {
         // integrated extensions will have access to kernal mode, but not external extensions
         throw new Error("Browser Login service should have access to KernalModeTrust. Cannot boot without trust ring");
     }
-    const secureExports = {};
-    // Only set loginService for browser apps to avoid conflict with desktop login
-    if (!Phoenix.isNativeApp) {
-        KernalModeTrust.loginService = secureExports;
-    }
+    const LoginService = KernalModeTrust.loginService;
 
     // user profile structure: "customerID": "uuid...", "firstName":"Aa","lastName":"bb",
     // "email":"[email protected]", "loginTime":1750074393853, "isSuccess": true,
@@ -75,14 +70,6 @@ define(function (require, exports, module) {
     // just used as trigger to notify different windows about user profile changes
     const PREF_USER_PROFILE_VERSION = "userProfileVersion";
 
-    EventDispatcher.makeEventDispatcher(exports);
-    EventDispatcher.makeEventDispatcher(secureExports);
-
-    const _EVT_PAGE_FOCUSED = "page_focused";
-    $(window).focus(function () {
-        exports.trigger(_EVT_PAGE_FOCUSED);
-    });
-
     function isLoggedIn() {
         return isLoggedInUser;
     }
@@ -199,7 +186,6 @@ define(function (require, exports, module) {
     }
 
     let loginWaitingDialog = null;
-    let focusCheckInterval = null;
 
     /**
      * Show waiting dialog with auto-detection and manual check options
@@ -288,10 +274,6 @@ define(function (require, exports, module) {
             loginWaitingDialog.close();
             loginWaitingDialog = null;
         }
-        if (focusCheckInterval) {
-            clearInterval(focusCheckInterval);
-            focusCheckInterval = null;
-        }
         $(window).off('focus.loginWaiting');
     }
 
@@ -413,14 +395,13 @@ define(function (require, exports, module) {
     if (!Phoenix.isNativeApp) {
         init();
         // kernal exports
-        secureExports.isLoggedIn = isLoggedIn;
-        secureExports.signInToAccount = signInToBrowser;
-        secureExports.signOutAccount = signOutBrowser;
-        secureExports.getProfile = getProfile;
-        secureExports.verifyLoginStatus = () => _verifyBrowserLogin(false);
-        secureExports.getAccountBaseURL = _getAccountBaseURL;
-        secureExports.getEntitlements = LoginService.getEntitlements;
-        secureExports.EVENT_ENTITLEMENTS_CHANGED = LoginService.EVENT_ENTITLEMENTS_CHANGED;
+        // Add to existing KernalModeTrust.loginService from login-service.js
+        LoginService.isLoggedIn = isLoggedIn;
+        LoginService.signInToAccount = signInToBrowser;
+        LoginService.signOutAccount = signOutBrowser;
+        LoginService.getProfile = getProfile;
+        LoginService.verifyLoginStatus = () => _verifyBrowserLogin(false);
+        LoginService.getAccountBaseURL = _getAccountBaseURL;
     }
 
     // public exports

src/services/login-desktop.js

@@ -19,6 +19,8 @@
 /*global logger*/
 
 define(function (require, exports, module) {
+    require("./login-service"); // after this, loginService will be in KernalModeTrust
+
     const EventDispatcher = require("utils/EventDispatcher"),
         PreferencesManager  = require("preferences/PreferencesManager"),
         Metrics = require("utils/Metrics"),
@@ -27,7 +29,6 @@ define(function (require, exports, module) {
         Strings = require("strings"),
         NativeApp = require("utils/NativeApp"),
         ProfileMenu  = require("./profile-menu"),
-        LoginService = require("./login-service"),
         Mustache = require("thirdparty/mustache/mustache"),
         NodeConnector = require("NodeConnector"),
         otpDialogTemplate = require("text!./html/otp-dialog.html");
@@ -37,11 +38,8 @@ define(function (require, exports, module) {
         // integrated extensions will have access to kernal mode, but not external extensions
         throw new Error("Login service should have access to KernalModeTrust. Cannot boot without trust ring");
     }
-    const secureExports = {};
-    // Only set loginService for native apps to avoid conflict with browser login
-    if (Phoenix.isNativeApp) {
-        KernalModeTrust.loginService = secureExports;
-    }
+    const LoginService = KernalModeTrust.loginService;
+
     // user profile is something like "apiKey": "uuid...", validationCode: "dfdf", "firstName":"Aa","lastName":"bb",
     // "email":"[email protected]", "customerID":"uuid...","loginTime":1750074393853,
     // "profileIcon":{"color":"#14b8a6","initials":"AB"}
@@ -51,12 +49,11 @@ define(function (require, exports, module) {
     // just used as trigger to notify different windows about user profile changes
     const PREF_USER_PROFILE_VERSION = "userProfileVersion";
 
-    EventDispatcher.makeEventDispatcher(exports);
-    EventDispatcher.makeEventDispatcher(secureExports);
-
     const _EVT_PAGE_FOCUSED = "page_focused";
+    const focusWatcher = {};
+    EventDispatcher.makeEventDispatcher(focusWatcher);
     $(window).focus(function () {
-        exports.trigger(_EVT_PAGE_FOCUSED);
+        focusWatcher.trigger(_EVT_PAGE_FOCUSED);
     });
 
     const AUTH_CONNECTOR_ID = "ph_auth";
@@ -320,7 +317,7 @@ define(function (require, exports, module) {
             }
         }
         let isAutoSignedIn = false;
-        exports.on(_EVT_PAGE_FOCUSED, checkLoginStatus);
+        focusWatcher.on(_EVT_PAGE_FOCUSED, checkLoginStatus);
         async function _AutoSignedIn() {
             isAutoSignedIn = true;
             await checkLoginStatus();
@@ -329,7 +326,7 @@ define(function (require, exports, module) {
 
         // Clean up when dialog is closed
         dialog.done(function() {
-            exports.off(_EVT_PAGE_FOCUSED, checkLoginStatus);
+            focusWatcher.off(_EVT_PAGE_FOCUSED, checkLoginStatus);
             authNodeConnector.off(EVENT_CONNECTED, _AutoSignedIn);
             clearTimeout(closeTimeout);
             Metrics.countEvent(Metrics.EVENT_TYPE.AUTH,
@@ -411,15 +408,13 @@ define(function (require, exports, module) {
     // Only set exports for native apps to avoid conflict with browser login
     if (Phoenix.isNativeApp) {
         init();
-        // kernal exports
-        secureExports.isLoggedIn = isLoggedIn;
-        secureExports.signInToAccount = signInToAccount;
-        secureExports.signOutAccount = signOutAccount;
-        secureExports.getProfile = getProfile;
-        secureExports.verifyLoginStatus = () => _verifyLogin(false);
-        secureExports.getAccountBaseURL = getAccountBaseURL;
-        secureExports.getEntitlements = LoginService.getEntitlements;
-        secureExports.EVENT_ENTITLEMENTS_CHANGED = LoginService.EVENT_ENTITLEMENTS_CHANGED;
+        // kernal exports - add to existing KernalModeTrust.loginService from login-service.js
+        LoginService.isLoggedIn = isLoggedIn;
+        LoginService.signInToAccount = signInToAccount;
+        LoginService.signOutAccount = signOutAccount;
+        LoginService.getProfile = getProfile;
+        LoginService.verifyLoginStatus = () => _verifyLogin(false);
+        LoginService.getAccountBaseURL = getAccountBaseURL;
     }
 
     // public exports

src/services/login-service.js

@@ -24,14 +24,17 @@
  */
 
 define(function (require, exports, module) {
-    const Promotions = require("./promotions");
+    require("./setup-login-service"); // this adds loginService to KernalModeTrust
+    require("./promotions");
 
     const KernalModeTrust = window.KernalModeTrust;
     if(!KernalModeTrust){
         // integrated extensions will have access to kernal mode, but not external extensions
         throw new Error("Login service should have access to KernalModeTrust. Cannot boot without trust ring");
     }
 
+    const LoginService = KernalModeTrust.loginService;
+
     // Event constants
     const EVENT_ENTITLEMENTS_CHANGED = "entitlements_changed";
 
@@ -44,7 +47,7 @@ define(function (require, exports, module) {
      */
     async function getEntitlements(forceRefresh = false) {
         // Return null if not logged in
-        if (!KernalModeTrust.loginService.isLoggedIn()) {
+        if (!LoginService.isLoggedIn()) {
             return null;
         }
 
@@ -54,7 +57,7 @@ define(function (require, exports, module) {
         }
 
         try {
-            const accountBaseURL = KernalModeTrust.loginService.getAccountBaseURL();
+            const accountBaseURL = LoginService.getAccountBaseURL();
             const language = Phoenix.app && Phoenix.app.language ? Phoenix.app.language : 'en';
             let url = `${accountBaseURL}/getAppEntitlements?lang=${language}`;
             let fetchOptions = {
@@ -67,7 +70,7 @@ define(function (require, exports, module) {
             // Handle different authentication methods for browser vs desktop
             if (Phoenix.isNativeApp) {
                 // Desktop app: use appSessionID and validationCode
-                const profile = KernalModeTrust.loginService.getProfile();
+                const profile = LoginService.getProfile();
                 if (profile && profile.apiKey && profile.validationCode) {
                     url += `&appSessionID=${encodeURIComponent(profile.apiKey)}&validationCode=${encodeURIComponent(profile.validationCode)}`;
                 } else {
@@ -91,7 +94,7 @@ define(function (require, exports, module) {
 
                     // Trigger event if entitlements changed
                     if (entitlementsChanged) {
-                        KernalModeTrust.loginService.trigger(EVENT_ENTITLEMENTS_CHANGED, result);
+                        LoginService.trigger(EVENT_ENTITLEMENTS_CHANGED, result);
                     }
 
                     return cachedEntitlements;
@@ -113,14 +116,14 @@ define(function (require, exports, module) {
             cachedEntitlements = null;
 
             // Trigger event when entitlements are cleared
-            if (KernalModeTrust.loginService.trigger) {
-                KernalModeTrust.loginService.trigger(EVENT_ENTITLEMENTS_CHANGED, null);
+            if (LoginService.trigger) {
+                LoginService.trigger(EVENT_ENTITLEMENTS_CHANGED, null);
             }
         }
     }
 
-    // Exports
-    exports.EVENT_ENTITLEMENTS_CHANGED = EVENT_ENTITLEMENTS_CHANGED;
-    exports.getEntitlements = getEntitlements;
-    exports.clearEntitlements = clearEntitlements;
+    // Add functions to secure exports
+    LoginService.getEntitlements = getEntitlements;
+    LoginService.clearEntitlements = clearEntitlements;
+    LoginService.EVENT_ENTITLEMENTS_CHANGED = EVENT_ENTITLEMENTS_CHANGED;
 });

src/services/profile-menu.js

@@ -539,7 +539,7 @@ define(function (require, exports, module) {
         _removeProfileIcon();
 
         // Clear cached entitlements when user logs out
-        LoginService.clearEntitlements();
+        KernalModeTrust.loginService.clearEntitlements();
 
         // Reset branding to free mode
         _updateBranding(null);
@@ -563,4 +563,6 @@ define(function (require, exports, module) {
     exports.init = init;
     exports.setNotLoggedIn = setNotLoggedIn;
     exports.setLoggedIn = setLoggedIn;
+
+    // dont public exports things that extensions can use to get/put credentials and entitlements, display mods is fine
 });

src/services/promotions.js

@@ -31,17 +31,16 @@
 
 define(function (require, exports, module) {
 
-    const EventDispatcher = require("utils/EventDispatcher"),
-        Metrics = require("utils/Metrics"),
+    require("./setup-login-service"); // this adds loginService to KernalModeTrust
+    const Metrics = require("utils/Metrics"),
         semver = require("thirdparty/semver.browser");
 
     const KernalModeTrust = window.KernalModeTrust;
     if (!KernalModeTrust) {
         throw new Error("Promotions service requires access to KernalModeTrust. Cannot boot without trust ring");
     }
 
-    // Make this module an event dispatcher
-    EventDispatcher.makeEventDispatcher(exports);
+    const LoginService = KernalModeTrust.loginService;
 
     // Constants
     const EVENT_PRO_UPGRADE_ON_INSTALL = "pro_upgrade_on_install";
@@ -244,7 +243,7 @@ define(function (require, exports, module) {
         console.log(`Pro trial activated for ${trialDays} days`);
 
         // Trigger the event for UI to handle
-        exports.trigger(EVENT_PRO_UPGRADE_ON_INSTALL, {
+        LoginService.trigger(EVENT_PRO_UPGRADE_ON_INSTALL, {
             trialDays: trialDays,
             isFirstInstall: !existingTrialData
         });
@@ -273,8 +272,9 @@ define(function (require, exports, module) {
         });
     }, TRIAL_POLL_MS);
 
-    // Public exports
-    exports.isProTrialActivated = isProTrialActivated;
-    exports.EVENT_PRO_UPGRADE_ON_INSTALL = EVENT_PRO_UPGRADE_ON_INSTALL;
+    // Add to secure exports
+    LoginService.isProTrialActivated = isProTrialActivated;
+    LoginService.EVENT_PRO_UPGRADE_ON_INSTALL = EVENT_PRO_UPGRADE_ON_INSTALL;
 
+    // no public exports to prevent extension tampering
 });

src/services/setup-login-service.js

@@ -0,0 +1,43 @@
+/*
+ * GNU AGPL-3.0 License
+ *
+ * Copyright (c) 2021 - present core.ai . All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Affero General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see https://opensource.org/licenses/AGPL-3.0.
+ *
+ */
+
+/**
+ * Shared Login Service kernal mode trust setup
+ *
+ * This module contains shared login service functionality used by both
+ * browser and desktop login implementations, including entitlements management.
+ */
+
+define(function (require, exports, module) {
+    const EventDispatcher = require("utils/EventDispatcher");
+
+    const KernalModeTrust = window.KernalModeTrust;
+    if(!KernalModeTrust){
+        // integrated extensions will have access to kernal mode, but not external extensions
+        throw new Error("Login service should have access to KernalModeTrust. Cannot boot without trust ring");
+    }
+
+    // Create secure exports and set up KernalModeTrust.loginService
+    const secureExports = {};
+    EventDispatcher.makeEventDispatcher(secureExports);
+
+    // Set up loginService for both native and browser apps
+    KernalModeTrust.loginService = secureExports;
+
+    // no public exports to prevent extension tampering
+});