startClientMfaSession helper, deduplicate mfa flow code

Author: j-chmielewski

new-ui/src/shared/components/LocationCard/api/startClientMfaSession.ts

@@ -0,0 +1,91 @@
+import { fetch } from '@tauri-apps/plugin-http';
+import { api } from '../../../rust-api/api';
+import type {
+  EdgeRequestHeaders,
+  InstanceInfo,
+  LocationInfo,
+} from '../../../rust-api/types';
+
+export const CLIENT_MFA_ENDPOINT = 'api/v1/client-mfa';
+
+export class MfaStartError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'MfaStartError';
+  }
+}
+
+export type MfaStartMethod = 0 | 1 | 2 | 4;
+
+export type MfaStartResponse = {
+  token: string;
+  challenge?: string;
+};
+
+type MfaStartErrorResponse = {
+  error?: string;
+};
+
+type StartClientMfaSessionParams = {
+  instance: InstanceInfo;
+  location: LocationInfo;
+  method: MfaStartMethod;
+};
+
+type StartClientMfaSessionResult = {
+  response: MfaStartResponse;
+  headers: EdgeRequestHeaders;
+};
+
+export const startClientMfaSession = async ({
+  instance,
+  location,
+  method,
+}: StartClientMfaSessionParams): Promise<StartClientMfaSessionResult> => {
+  let headers: EdgeRequestHeaders;
+  try {
+    headers = await api.getEdgeRequestHeaders();
+  } catch {
+    throw new MfaStartError('Failed to load request headers');
+  }
+
+  let posture_data: unknown;
+  try {
+    posture_data = location.posture_check_required
+      ? await api.getPostureData()
+      : undefined;
+  } catch {
+    throw new MfaStartError('Failed to load posture data');
+  }
+
+  try {
+    const response = await fetch(`${instance.proxy_url}${CLIENT_MFA_ENDPOINT}/start`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...headers,
+      },
+      body: JSON.stringify({
+        method,
+        pubkey: instance.pubkey,
+        location_id: location.network_id,
+        posture_data,
+      }),
+    });
+
+    if (!response.ok) {
+      const data = (await response.json()) as MfaStartErrorResponse;
+      throw new MfaStartError(data.error ?? 'Failed to start MFA');
+    }
+
+    return {
+      response: (await response.json()) as MfaStartResponse,
+      headers,
+    };
+  } catch (err) {
+    if (err instanceof MfaStartError) {
+      throw err;
+    }
+    throw new MfaStartError('Failed to reach server');
+  }
+};

new-ui/src/shared/components/LocationCard/hooks/useMfaConnect.ts

@@ -3,21 +3,12 @@ import { fetch } from '@tauri-apps/plugin-http';
 import { error } from '@tauri-apps/plugin-log';
 import { useCallback, useEffect, useRef, useState } from 'react';
 import { api } from '../../../rust-api/api';
-import {
-  getInstancesQueryOptions,
-  getPlatformHeaderQueryOptions,
-} from '../../../rust-api/query';
+import { getInstancesQueryOptions } from '../../../rust-api/query';
 import type { EdgeRequestHeaders } from '../../../rust-api/types';
+import { CLIENT_MFA_ENDPOINT, startClientMfaSession } from '../api/startClientMfaSession';
 import { useLocationCardContext } from '../context/context';
 import { LocationCardViews } from '../context/types';
 
-const MFA_ENDPOINT = 'api/v1/client-mfa';
-
-type MfaStartResponse = {
-  token: string;
-  challenge?: string;
-};
-
 type MfaFinishResponse = {
   preshared_key: string;
 };
@@ -37,7 +28,6 @@ export const useMfaConnect = (method: 0 | 1) => {
   const [requestHeaders, setRequestHeaders] = useState<EdgeRequestHeaders | null>(null);
 
   const { data: instances } = useQuery(getInstancesQueryOptions);
-  const { data: platformHeader } = useQuery(getPlatformHeaderQueryOptions);
 
   const instance = instances?.find((i) => i.id === location.instance_id);
 
@@ -52,79 +42,44 @@ export const useMfaConnect = (method: 0 | 1) => {
     },
   });
 
-  // Fire the /start request exactly once when instance + platformHeader are ready.
+  // Fire the /start request exactly once when instance data is ready.
   const startCalled = useRef(false);
 
   // biome-ignore lint/correctness/useExhaustiveDependencies: intentional one-shot trigger via startCalled ref
   useEffect(() => {
-    if (!instance || !platformHeader || startCalled.current) return;
+    if (!instance || startCalled.current) return;
     startCalled.current = true;
 
     setIsStarting(true);
 
     (async () => {
-      let headers: EdgeRequestHeaders;
       try {
-        headers = await api.getEdgeRequestHeaders();
-        setRequestHeaders(headers);
-      } catch {
-        setStartError('Failed to load request headers');
-        setIsStarting(false);
-        return;
-      }
-
-      let posture_data: unknown;
-      try {
-        posture_data = location.posture_check_required
-          ? await api.getPostureData()
-          : undefined;
-      } catch {
-        setStartError('Failed to load posture data');
-        setIsStarting(false);
-        return;
-      }
-
-      try {
-        const res = await fetch(`${instance.proxy_url}${MFA_ENDPOINT}/start`, {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            ...headers,
-          },
-          body: JSON.stringify({
-            method,
-            pubkey: instance.pubkey,
-            location_id: location.network_id,
-            posture_data,
-          }),
+        const { response, headers } = await startClientMfaSession({
+          instance,
+          location,
+          method,
         });
-
-        if (res.ok) {
-          const data = (await res.json()) as MfaStartResponse;
-          setToken(data.token);
-        } else {
-          const data = (await res.json()) as MfaErrorResponse;
-          setStartError(data.error ?? 'Failed to start MFA');
-        }
-      } catch {
-        setStartError('Failed to reach server');
+        setRequestHeaders(headers);
+        setToken(response.token);
+      } catch (err) {
+        setStartError(err instanceof Error ? err.message : 'Failed to start MFA');
       } finally {
         setIsStarting(false);
       }
     })();
-  }, [instance, platformHeader]);
+  }, [instance]);
 
   const verifyCode = useCallback(
     async (code: string) => {
-      if (!token || !instance || !platformHeader || !requestHeaders) return;
+      if (!token || !instance || !requestHeaders) return;
 
       setIsVerifying(true);
       setVerifyError(null);
 
       const body = JSON.stringify({ token, code });
 
       try {
-        const res = await fetch(`${instance.proxy_url}${MFA_ENDPOINT}/finish`, {
+        const res = await fetch(`${instance.proxy_url}${CLIENT_MFA_ENDPOINT}/finish`, {
           method: 'POST',
           headers: {
             'Content-Type': 'application/json',
@@ -160,7 +115,7 @@ export const useMfaConnect = (method: 0 | 1) => {
         setIsVerifying(false);
       }
     },
-    [token, instance, platformHeader, requestHeaders, location, connectMutate, setView],
+    [token, instance, requestHeaders, location, connectMutate, setView],
   );
 
   return { token, isStarting, startError, verifyCode, isVerifying, verifyError };

new-ui/src/shared/components/LocationCard/hooks/useMfaMobileConnect.ts

@@ -1,23 +1,12 @@
 import { encode } from '@stablelib/base64';
 import { useMutation } from '@tanstack/react-query';
-import { fetch } from '@tauri-apps/plugin-http';
 import { error } from '@tauri-apps/plugin-log';
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { api } from '../../../rust-api/api';
+import { CLIENT_MFA_ENDPOINT, startClientMfaSession } from '../api/startClientMfaSession';
 import { useLocationCardContext } from '../context/context';
 import { LocationCardViews } from '../context/types';
 
-const MFA_ENDPOINT = 'api/v1/client-mfa';
-
-type MfaStartResponse = {
-  token: string;
-  challenge: string;
-};
-
-type MfaErrorResponse = {
-  error: string;
-};
-
 type TokenData = {
   token: string;
   challenge: string;
@@ -55,7 +44,7 @@ export const useMfaMobileConnect = () => {
       .replace(
         /^https:/,
         'wss:',
-      )}${MFA_ENDPOINT}/remote?token=${encodeURIComponent(tokenData.token)}`;
+      )}${CLIENT_MFA_ENDPOINT}/remote?token=${encodeURIComponent(tokenData.token)}`;
 
     expectedCloseRef.current = false;
     const ws = new WebSocket(wsUrl);
@@ -144,48 +133,22 @@ export const useMfaMobileConnect = () => {
     // Clear previous token → triggers WS cleanup via effect
     setTokenData(null);
 
-    let headers: Record<string, string>;
     try {
-      headers = await api.getEdgeRequestHeaders();
-    } catch {
-      setStartError('Failed to load request headers');
-      setIsStarting(false);
-      return;
-    }
-
-    let posture_data: unknown;
-    try {
-      posture_data = location.posture_check_required
-        ? await api.getPostureData()
-        : undefined;
-    } catch {
-      setStartError('Failed to load posture data');
-      setIsStarting(false);
-      return;
-    }
-
-    try {
-      const res = await fetch(`${instance.proxy_url}${MFA_ENDPOINT}/start`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json', ...headers },
-        body: JSON.stringify({
-          method: 4,
-          pubkey: instance.pubkey,
-          location_id: location.network_id,
-          posture_data,
-        }),
+      const { response } = await startClientMfaSession({
+        instance,
+        location,
+        method: 4,
       });
-
-      if (res.ok) {
-        const data = (await res.json()) as MfaStartResponse;
-        setTokenData({ token: data.token, challenge: data.challenge });
-      } else {
-        const data = (await res.json()) as MfaErrorResponse;
-        setStartError(data.error ?? 'Failed to start mobile authentication');
-        error(`Mobile MFA start failed for location ${location.id}: ${data.error}`);
+      if (!response.challenge) {
+        setStartError('Unsupported response from proxy');
+        return;
       }
+
+      setTokenData({ token: response.token, challenge: response.challenge });
     } catch (e) {
-      setStartError('Failed to reach server');
+      setStartError(
+        e instanceof Error ? e.message : 'Failed to start mobile authentication',
+      );
       error(`Mobile MFA start network error for location ${location.id}: ${e}`);
     } finally {
       setIsStarting(false);