Modernise the passkey.js client script

dahlia · dahlia · commit a7e367ad97dd · 2026-05-15T10:56:13.000+09:00
Two cleanups in one pass, both inside src/public/passkey.js: - Replace every `var` with `const`, except for the two locals in postJson's !response.ok branch (`detail` and `error.message` fallback path) which are written conditionally and stay `let`. The rest of the script was already using async/await and arrow functions, so `const` is in keeping with the style. - Replace the `(async function () { ... })()` IIFEs that wrapped the async work inside the submit and click handlers with `async (event) => { ... }` / `async () => { ... }` passed directly to addEventListener. The extra indentation level goes away and the handler is a single function instead of a sync function that immediately fires off an async one. No runtime behaviour change. #487 (comment) #487 (comment) Assisted-by: Claude Code:claude-opus-4-7
diff --git a/src/public/passkey.js b/src/public/passkey.js
@@ -10,7 +10,7 @@
 "use strict";
 
 (function () {
-  var lib = window.SimpleWebAuthnBrowser;
+  const lib = window.SimpleWebAuthnBrowser;
   if (lib == null) return;
 
   function setStatus(el, message, isError) {
@@ -21,7 +21,7 @@
   }
 
   async function postJson(path, body) {
-    var response = await fetch(path, {
+    const response = await fetch(path, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       credentials: "same-origin",
@@ -39,13 +39,13 @@
       throw new Error("Session expired; redirecting to sign in.");
     }
     if (!response.ok) {
-      var detail;
+      let detail;
       try {
         detail = await response.json();
       } catch (_err) {
         detail = null;
       }
-      var error = new Error(
+      const error = new Error(
         (detail && detail.error) ||
           "Request failed with status " + response.status,
       );
@@ -55,78 +55,74 @@
     // 204 No Content (used by the registration-finish endpoint on success)
     // has an empty body and would throw if we asked for JSON.
     if (response.status === 204) return null;
-    var len = response.headers.get("Content-Length");
+    const len = response.headers.get("Content-Length");
     if (len === "0") return null;
     return response.json();
   }
 
   function bindEnroll(form) {
     if (form == null) return;
-    var status = document.getElementById("passkey-enroll-status");
-    form.addEventListener("submit", function (event) {
+    const status = document.getElementById("passkey-enroll-status");
+    form.addEventListener("submit", async (event) => {
       event.preventDefault();
-      var nicknameInput = form.querySelector('input[name="nickname"]');
-      var nickname = nicknameInput ? nicknameInput.value.trim() : "";
-      var submitButton = form.querySelector('button[type="submit"]');
+      const nicknameInput = form.querySelector('input[name="nickname"]');
+      const nickname = nicknameInput ? nicknameInput.value.trim() : "";
+      const submitButton = form.querySelector('button[type="submit"]');
       if (submitButton) submitButton.disabled = true;
       setStatus(status, "Follow the prompts on your device…", false);
-      (async function () {
-        try {
-          var options = await postJson("/auth/passkeys/registration/begin");
-          var registrationResponse = await lib.startRegistration({
-            optionsJSON: options,
-          });
-          await postJson("/auth/passkeys/registration/finish", {
-            nickname: nickname,
-            registrationResponse: registrationResponse,
-          });
-          setStatus(status, "Passkey added.", false);
-          window.location.reload();
-        } catch (err) {
-          var name = err && err.name ? err.name : "";
-          var message =
-            name === "NotAllowedError"
-              ? "Enrollment was cancelled."
-              : err && err.message
-                ? err.message
-                : "Could not enroll a passkey.";
-          setStatus(status, message, true);
-          if (submitButton) submitButton.disabled = false;
-        }
-      })();
+      try {
+        const options = await postJson("/auth/passkeys/registration/begin");
+        const registrationResponse = await lib.startRegistration({
+          optionsJSON: options,
+        });
+        await postJson("/auth/passkeys/registration/finish", {
+          nickname: nickname,
+          registrationResponse: registrationResponse,
+        });
+        setStatus(status, "Passkey added.", false);
+        window.location.reload();
+      } catch (err) {
+        const name = err && err.name ? err.name : "";
+        const message =
+          name === "NotAllowedError"
+            ? "Enrollment was cancelled."
+            : err && err.message
+              ? err.message
+              : "Could not enroll a passkey.";
+        setStatus(status, message, true);
+        if (submitButton) submitButton.disabled = false;
+      }
     });
   }
 
   function bindSignIn(button) {
     if (button == null) return;
-    var status = document.getElementById("passkey-signin-status");
-    button.addEventListener("click", function () {
-      var next = button.getAttribute("data-next") || "";
+    const status = document.getElementById("passkey-signin-status");
+    button.addEventListener("click", async () => {
+      const next = button.getAttribute("data-next") || "";
       button.disabled = true;
       setStatus(status, "Choose a passkey on your device…", false);
-      (async function () {
-        try {
-          var options = await postJson("/login/passkey/begin");
-          var authenticationResponse = await lib.startAuthentication({
-            optionsJSON: options,
-          });
-          var result = await postJson("/login/passkey/finish", {
-            next: next,
-            authenticationResponse: authenticationResponse,
-          });
-          window.location.assign(result.redirect || "/");
-        } catch (err) {
-          var name = err && err.name ? err.name : "";
-          var message =
-            name === "NotAllowedError"
-              ? "Sign-in was cancelled."
-              : err && err.message
-                ? err.message
-                : "Could not sign in with a passkey.";
-          setStatus(status, message, true);
-          button.disabled = false;
-        }
-      })();
+      try {
+        const options = await postJson("/login/passkey/begin");
+        const authenticationResponse = await lib.startAuthentication({
+          optionsJSON: options,
+        });
+        const result = await postJson("/login/passkey/finish", {
+          next: next,
+          authenticationResponse: authenticationResponse,
+        });
+        window.location.assign(result.redirect || "/");
+      } catch (err) {
+        const name = err && err.name ? err.name : "";
+        const message =
+          name === "NotAllowedError"
+            ? "Sign-in was cancelled."
+            : err && err.message
+              ? err.message
+              : "Could not sign in with a passkey.";
+        setStatus(status, message, true);
+        button.disabled = false;
+      }
     });
   }
 
