* Read the desktop-SSO broker file, but only if the request is plausibly * from the Electron desktop app *and* coming from the local machine. * * The broker file lives in the user's home directory and trusts the local * trust boundary — a non-loopback request that pretends to be Electron * via
( event: H3Event, )
| 267 | * Returns null when the safety checks fail or the file isn't present. |
| 268 | */ |
| 269 | async function readDesktopSsoSafely( |
| 270 | event: H3Event, |
| 271 | ): Promise<Awaited<ReturnType<typeof readDesktopSso>>> { |
| 272 | if (process.env.NODE_ENV === "production") return null; |
| 273 | if (!isElectronRequest(event)) return null; |
| 274 | // Loopback-only: 127.0.0.1, ::1, and the IPv4-mapped form. |
| 275 | let ip: string | undefined; |
| 276 | try { |
| 277 | ip = getRequestIP(event) ?? undefined; |
| 278 | } catch { |
| 279 | ip = undefined; |
| 280 | } |
| 281 | // Strip an optional zone id (e.g. "fe80::1%en0") before comparing. |
| 282 | const normalised = (ip ?? "").split("%")[0]; |
| 283 | const isLoopback = |
| 284 | normalised === "127.0.0.1" || |
| 285 | normalised === "::1" || |
| 286 | normalised === "::ffff:127.0.0.1" || |
| 287 | normalised.startsWith("127."); |
| 288 | if (!isLoopback) return null; |
| 289 | return await readDesktopSso(); |
| 290 | } |
| 291 | |
| 292 | /** |
| 293 | * Extract the framework session token from a Better Auth response's |
no test coverage detected