300 lines
9.5 KiB
TypeScript
300 lines
9.5 KiB
TypeScript
/// Credential capture module.
|
|
///
|
|
/// Detects login form submissions and prompts the user to save or update
|
|
/// credentials in the vault. Supports bar and toast prompt styles.
|
|
///
|
|
/// The prompt renders inside a closed Shadow DOM so the host page cannot
|
|
/// read overlay contents via document.querySelector or rewrite them via
|
|
/// insertAdjacentHTML. All caller-supplied strings (hostname, username)
|
|
/// are applied via textContent, never innerHTML.
|
|
|
|
import type { Request, Response } from '../shared/messages';
|
|
import type { DeviceSettings } from '../shared/types';
|
|
import { createShadowHost, type ShadowSurface } from './shadow';
|
|
|
|
// --- State ---
|
|
|
|
const hookedForms = new WeakSet<HTMLFormElement>();
|
|
const hookedButtons = new WeakSet<HTMLElement>();
|
|
let currentPrompt: ShadowSurface | null = null;
|
|
|
|
// --- Messaging ---
|
|
|
|
function sendMessage(request: Request): Promise<Response> {
|
|
return new Promise((resolve) => {
|
|
chrome.runtime.sendMessage(request, (response: Response) => {
|
|
resolve(response);
|
|
});
|
|
});
|
|
}
|
|
|
|
// --- Username detection (same priority as detector.ts) ---
|
|
|
|
function findUsernameValue(pwField: HTMLInputElement): string {
|
|
const form = pwField.closest('form');
|
|
const scope = form ?? document;
|
|
const inputs = scope.querySelectorAll<HTMLInputElement>('input');
|
|
|
|
// 1. autocomplete="username"
|
|
for (const input of inputs) {
|
|
if (input === pwField) continue;
|
|
if (input.autocomplete === 'username' && input.value) return input.value;
|
|
}
|
|
|
|
// 2. autocomplete="email"
|
|
for (const input of inputs) {
|
|
if (input === pwField) continue;
|
|
if (input.autocomplete === 'email' && input.value) return input.value;
|
|
}
|
|
|
|
// 3. type="email"
|
|
for (const input of inputs) {
|
|
if (input === pwField) continue;
|
|
if (input.type === 'email' && input.value) return input.value;
|
|
}
|
|
|
|
// 4. name/id matching common patterns
|
|
const pattern = /user|email|login|account/i;
|
|
for (const input of inputs) {
|
|
if (input === pwField) continue;
|
|
if (input.type === 'hidden' || input.type === 'password') continue;
|
|
if ((pattern.test(input.name) || pattern.test(input.id)) && input.value) return input.value;
|
|
}
|
|
|
|
// 5. Nearest preceding visible text input
|
|
const allInputs = Array.from(inputs);
|
|
const pwIndex = allInputs.indexOf(pwField);
|
|
for (let i = pwIndex - 1; i >= 0; i--) {
|
|
const input = allInputs[i];
|
|
if (input.type === 'hidden' || input.type === 'password' || input.type === 'submit') continue;
|
|
if (input.offsetWidth > 0 && input.offsetHeight > 0 && input.value) return input.value;
|
|
}
|
|
|
|
return '';
|
|
}
|
|
|
|
// --- Form submission handler ---
|
|
|
|
async function onFormSubmit(pwField: HTMLInputElement): Promise<void> {
|
|
const password = pwField.value;
|
|
if (!password) return;
|
|
|
|
const username = findUsernameValue(pwField);
|
|
|
|
// Note: `url` is NOT sent — router derives origin from sender.tab.url.
|
|
const resp = await sendMessage({
|
|
type: 'check_credential',
|
|
username,
|
|
password,
|
|
});
|
|
|
|
if (!resp.ok) return;
|
|
|
|
const data = resp.data as { action: string; entryId?: string; entryName?: string };
|
|
if (data.action === 'skip') return;
|
|
|
|
// Fetch settings for prompt style. Content scripts have direct
|
|
// chrome.storage.local access (manifest grants "storage"), so we don't
|
|
// need to round-trip through the SW for this — which also avoids the
|
|
// router's content→popup-only rejection for 'get_settings'.
|
|
const stored = await chrome.storage.local.get('relicarioSettings');
|
|
const settings: DeviceSettings = (stored.relicarioSettings as DeviceSettings)
|
|
?? { captureEnabled: true, captureStyle: 'bar' };
|
|
|
|
showPrompt(settings.captureStyle, data.action, username, password);
|
|
}
|
|
|
|
// --- Prompt UI ---
|
|
|
|
function removeExistingPrompt(): void {
|
|
if (currentPrompt) {
|
|
currentPrompt.destroy();
|
|
currentPrompt = null;
|
|
}
|
|
}
|
|
|
|
function showPrompt(
|
|
style: 'bar' | 'toast',
|
|
action: string,
|
|
username: string,
|
|
password: string,
|
|
): void {
|
|
removeExistingPrompt();
|
|
|
|
const hostname = (() => {
|
|
try { return new URL(window.location.href).hostname; } catch { return window.location.href; }
|
|
})();
|
|
|
|
const surface = createShadowHost();
|
|
currentPrompt = surface;
|
|
const { host, root } = surface;
|
|
|
|
// Position the host on the page; all further styling lives inside the
|
|
// shadow root so the page's CSS can't reach us.
|
|
const baseHostStyles = 'z-index: 2147483647; position: fixed;';
|
|
if (style === 'bar') {
|
|
host.style.cssText = `${baseHostStyles} top:0; left:0; right:0;`;
|
|
} else {
|
|
host.style.cssText = `${baseHostStyles} bottom:16px; right:16px;`;
|
|
}
|
|
|
|
// --- Build prompt DOM via createElement / textContent only ---
|
|
|
|
const container = document.createElement('div');
|
|
const containerBase = [
|
|
'font-family: "SF Mono", "Fira Code", "Cascadia Code", monospace',
|
|
'font-size: 13px',
|
|
'color: #c9d1d9',
|
|
'background: #161b22',
|
|
'box-sizing: border-box',
|
|
'line-height: 1.4',
|
|
];
|
|
if (style === 'bar') {
|
|
container.style.cssText = [
|
|
...containerBase,
|
|
'padding: 10px 16px',
|
|
'display: flex',
|
|
'align-items: center',
|
|
'gap: 12px',
|
|
'border-bottom: 1px solid #30363d',
|
|
'box-shadow: 0 2px 8px rgba(0,0,0,0.4)',
|
|
'transform: translateY(-100%)',
|
|
'transition: transform 0.3s ease',
|
|
].join('; ');
|
|
} else {
|
|
container.style.cssText = [
|
|
...containerBase,
|
|
'padding: 12px 16px',
|
|
'border-radius: 4px',
|
|
'border: 1px solid #30363d',
|
|
'box-shadow: 0 4px 12px rgba(0,0,0,0.4)',
|
|
'max-width: 360px',
|
|
'opacity: 0',
|
|
'transition: opacity 0.3s ease',
|
|
].join('; ');
|
|
}
|
|
|
|
const actionLabel = action === 'update' ? 'Update' : 'Save';
|
|
|
|
// Message span: "<actionLabel> login for <hostname>(<username>)?"
|
|
const msgSpan = document.createElement('span');
|
|
msgSpan.style.cssText = 'flex:1; overflow:hidden; text-overflow:ellipsis; white-space:nowrap;';
|
|
msgSpan.appendChild(document.createTextNode(`${actionLabel} login for `));
|
|
const hostStrong = document.createElement('strong');
|
|
hostStrong.style.color = '#d2ab43';
|
|
hostStrong.textContent = hostname;
|
|
msgSpan.appendChild(hostStrong);
|
|
if (username) {
|
|
msgSpan.appendChild(document.createTextNode(` (${username})`));
|
|
}
|
|
msgSpan.appendChild(document.createTextNode('?'));
|
|
|
|
const saveBtn = document.createElement('button');
|
|
saveBtn.textContent = actionLabel;
|
|
saveBtn.style.cssText = [
|
|
'background:#7c5719', 'color:#fff', 'border:none', 'padding:5px 14px',
|
|
'border-radius:3px', 'cursor:pointer', 'font-family:inherit', 'font-size:12px',
|
|
'white-space:nowrap',
|
|
].join('; ');
|
|
|
|
const neverBtn = document.createElement('button');
|
|
neverBtn.textContent = 'Never';
|
|
neverBtn.style.cssText = [
|
|
'background:transparent', 'color:#8b949e', 'border:1px solid #30363d',
|
|
'padding:5px 10px', 'border-radius:3px', 'cursor:pointer',
|
|
'font-family:inherit', 'font-size:12px', 'white-space:nowrap',
|
|
].join('; ');
|
|
|
|
const closeBtn = document.createElement('button');
|
|
closeBtn.textContent = '✕';
|
|
closeBtn.style.cssText = [
|
|
'background:transparent', 'color:#8b949e', 'border:none',
|
|
'cursor:pointer', 'font-size:16px', 'padding:2px 6px',
|
|
'font-family:inherit', 'line-height:1',
|
|
].join('; ');
|
|
|
|
container.append(msgSpan, saveBtn, neverBtn, closeBtn);
|
|
root.appendChild(container);
|
|
|
|
// Animate in
|
|
requestAnimationFrame(() => {
|
|
if (style === 'bar') {
|
|
container.style.transform = 'translateY(0)';
|
|
} else {
|
|
container.style.opacity = '1';
|
|
}
|
|
});
|
|
|
|
// Auto-dismiss for toast
|
|
let autoDismissTimer: ReturnType<typeof setTimeout> | null = null;
|
|
if (style === 'toast') {
|
|
autoDismissTimer = setTimeout(() => removeExistingPrompt(), 15000);
|
|
}
|
|
|
|
const clearAutoDismiss = (): void => {
|
|
if (autoDismissTimer) clearTimeout(autoDismissTimer);
|
|
};
|
|
|
|
// Save button — single content-callable message; the SW figures out
|
|
// whether this is an add or an update (and enforces origin-binding).
|
|
saveBtn.addEventListener('click', async () => {
|
|
clearAutoDismiss();
|
|
const resp = await sendMessage({ type: 'capture_save_login', username, password });
|
|
if (!resp.ok) {
|
|
msgSpan.textContent = `✗ ${resp.error}`;
|
|
return;
|
|
}
|
|
msgSpan.textContent = '✓ Saved';
|
|
saveBtn.style.display = 'none';
|
|
neverBtn.style.display = 'none';
|
|
setTimeout(() => removeExistingPrompt(), 1500);
|
|
});
|
|
|
|
// Never button: router derives hostname from sender.tab.url (no `hostname` field)
|
|
neverBtn.addEventListener('click', async () => {
|
|
clearAutoDismiss();
|
|
await sendMessage({ type: 'blacklist_site' });
|
|
removeExistingPrompt();
|
|
});
|
|
|
|
// Close button
|
|
closeBtn.addEventListener('click', () => {
|
|
clearAutoDismiss();
|
|
removeExistingPrompt();
|
|
});
|
|
}
|
|
|
|
// --- Form hooking ---
|
|
|
|
export function hookForms(): void {
|
|
const passwordFields = document.querySelectorAll<HTMLInputElement>('input[type="password"]');
|
|
|
|
for (const pwField of passwordFields) {
|
|
if (pwField.offsetWidth < 20 || pwField.offsetHeight < 10) continue;
|
|
|
|
const form = pwField.closest('form');
|
|
|
|
if (form && !hookedForms.has(form)) {
|
|
hookedForms.add(form);
|
|
form.addEventListener('submit', () => {
|
|
onFormSubmit(pwField);
|
|
});
|
|
}
|
|
|
|
// Hook submit buttons (for forms that submit via JS click handlers)
|
|
const scope = form ?? pwField.parentElement;
|
|
if (!scope) continue;
|
|
|
|
const buttons = scope.querySelectorAll<HTMLElement>(
|
|
'button[type="submit"], input[type="submit"], button:not([type])',
|
|
);
|
|
for (const btn of buttons) {
|
|
if (hookedButtons.has(btn)) continue;
|
|
hookedButtons.add(btn);
|
|
btn.addEventListener('click', () => {
|
|
onFormSubmit(pwField);
|
|
});
|
|
}
|
|
}
|
|
}
|