Catch errors in async IIFE. Use strict path comparison. Hide spinner on error.

Author: aarmam

example/src/main/resources/templates/webeid-callback.html

@@ -12,9 +12,10 @@
 </head>
 
 <body class="loading-page">
-<h2>Completing signing…</h2>
-<div class="spinner"></div>
-
+<div id="spinner-message">
+    <h2>Completing signing…</h2>
+    <div class="spinner"></div>
+</div>
 <div id="error-message" class="alert alert-danger" style="display: none;" role="alert">
     <div class="message"></div>
     <pre class="details"></pre>
@@ -25,85 +26,78 @@ <h2>Completing signing…</h2>
 </p>
 
 <script type="module">
-    import { showErrorMessage } from '/js/errors.js';
+    import {showErrorMessage, checkHttpError} from '/js/errors.js';
 
+    // Using an async IIFE for mobile WebView compatibility:
+    // top-level await is not supported in some mobile browsers/WebViews.
     (async () => {
-        try {
-            const fragment = window.location.hash.slice(1);
-
-            if (!fragment) {
-              throw new Error("Missing payload fragment");
-            }
-
-            const decoded = atob(fragment);
-            const payload = JSON.parse(decoded);
-
-            if (payload.error) {
-                console.error("WebEID mobile error:", payload);
-
-                showErrorMessage({
-                    code: payload.code ?? "UNKNOWN_ERROR",
-                    message: payload.message ?? "Signing failed",
-                });
-
-                const actions = document.getElementById("error-actions");
-                const goBackButton = document.getElementById("back-button");
-                actions.style.display = "block";
-                goBackButton.addEventListener("click", () => {
-                    window.location.replace("/welcome?error=webeid-callback");
-                });
-
-                return;
-            }
-
-            const csrfHeaderName = document.querySelector('#csrfheadername').content;
-            const csrfToken = document.querySelector('#csrftoken').content;
-            const path = window.location.pathname;
+        const fragment = window.location.hash.slice(1);
 
-            let endpoint;
-            if (path.includes("/sign/mobile/certificate")) {
-                endpoint = "/sign/mobile/certificate";
-
-                payload.certificate = payload.certificate || payload.signingCertificate || null;
-                payload.supportedSignatureAlgorithms = payload.supportedSignatureAlgorithms || [];
-
-            } else if (path.includes("/sign/mobile/signature")) {
-                endpoint = "/sign/mobile/signature";
-            } else {
-                throw new Error("Unexpected callback path: " + path);
-            }
-
-            const response = await fetch(endpoint, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/json",
-                    [csrfHeaderName]: csrfToken,
-                },
-                credentials: "include",
-                body: JSON.stringify(payload),
-            });
+        if (!fragment) {
+            throw new Error("Missing response payload");
+        }
 
-            if (!response.ok) {
-                throw new Error(await response.text());
-            }
+        let payload;
+        try {
+            payload = JSON.parse(atob(fragment));
+        } catch (e) {
+            console.error(e)
+            throw new Error("Failed to parse the response");
+        }
 
-            const result = await response.json();
+        if (payload.error) {
+            const error = new Error(payload.message ?? "Signing failed");
+            error.code = payload.code;
+            throw error;
+        }
 
-            if (endpoint.endsWith("/certificate")) {
-                const { request_uri } = result;
-                window.location.replace(request_uri);
-                return;
-            }
+        const path = window.location.pathname;
+        let endpoint;
+        if (path === "/sign/mobile/certificate") {
+            endpoint = "/sign/mobile/certificate";
+        } else if (path === "/sign/mobile/signature") {
+            endpoint = "/sign/mobile/signature";
+        } else {
+            const error = new Error("Unexpected callback path: " + path);
+            error.code = "INVALID_CALLBACK_PATH";
+            throw error;
+        }
 
-            window.location.replace(
-                "/welcome?signed=" + encodeURIComponent(result.name)
-            );
+        const csrfHeaderName = document.querySelector('#csrfheadername').content;
+        const csrfToken = document.querySelector('#csrftoken').content;
+        const response = await fetch(endpoint, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                [csrfHeaderName]: csrfToken,
+            },
+            credentials: "include",
+            body: JSON.stringify(payload),
+        });
+        await checkHttpError(response);
+
+        const result = await response.json();
+        if (endpoint.endsWith("/certificate")) {
+            const {request_uri} = result;
+            window.location.replace(request_uri);
+            return;
+        }
 
-        } catch (error) {
-            console.error("Mobile callback failed", error);
+        window.location.replace(
+            "/welcome?signed=" + encodeURIComponent(result.name)
+        );
+    })().catch((error) => {
+        console.error(error);
+        showErrorMessage(error, "Signing failed");
+        const spinner = document.querySelector("#spinner-message")
+        spinner.style.display = "none";
+        const actions = document.getElementById("error-actions");
+        const goBackButton = document.getElementById("back-button");
+        actions.style.display = "block";
+        goBackButton.addEventListener("click", () => {
             window.location.replace("/welcome?error=webeid-callback");
-        }
-    })();
+        });
+    });
 </script>
 </body>
 </html>