import { createFileRoute, Navigate, useNavigate } from "@tanstack/react-router"; import { useEffect, useMemo, useState } from "react"; import { supabase } from "@/integrations/supabase/client"; import { useVault } from "@/lib/vault-context"; import { deriveKey, encryptString, decryptString, hashPin, randomSaltB64, } from "@/lib/crypto"; import { isBiometricSupported, registerBiometric, verifyBiometric, cachePinForBiometric, getCachedPin, clearCachedPin, } from "@/lib/biometric"; import { Shield, Search, Plus, LogOut, KeyRound, CreditCard, Copy, Eye, EyeOff, Trash2, Pencil, Fingerprint, Folder, Settings as SettingsIcon, X, ExternalLink, } from "lucide-react"; import { toast } from "sonner"; export const Route = createFileRoute("/vault")({ component: VaultGate, head: () => ({ meta: [{ title: "Meu cofre — AppPass" }] }), }); function VaultGate() { const { session, loading, profile, vaultKey } = useVault(); if (loading) return ; if (!session) return ; if (!profile) return ; if (!profile.master_pin_hash || !profile.encryption_salt) return ; if (!vaultKey) return ; return ; } function FullscreenSpinner() { return (
); } /* ---------------- PIN SETUP ---------------- */ function SetupPin() { const { session, refreshProfile, setVaultKey } = useVault(); const [pin, setPin] = useState(""); const [confirm, setConfirm] = useState(""); const [recoveryEmail, setRecoveryEmail] = useState(session?.user?.email ?? ""); const [busy, setBusy] = useState(false); const save = async (e: React.FormEvent) => { e.preventDefault(); if (pin.length < 4) return toast.error("Use ao menos 4 dígitos."); if (pin !== confirm) return toast.error("PINs não conferem."); setBusy(true); try { const salt = randomSaltB64(); const pinHash = await hashPin(pin, salt); const key = await deriveKey(pin, salt); const { error } = await supabase .from("profiles") .update({ master_pin_hash: pinHash, encryption_salt: salt, recovery_email: recoveryEmail || null, }) .eq("id", session!.user.id); if (error) throw error; cachePinForBiometric(session!.user.id, pin); setVaultKey(key); await refreshProfile(); toast.success("Cofre criado!"); } catch (err) { toast.error((err as Error).message); } finally { setBusy(false); } }; return (

Criar PIN mestre

Este PIN cifra seu cofre localmente. Sem ele, ninguém — nem nós — pode ler seus dados.

setPin(e.target.value)} className="mt-1 w-full rounded-lg border border-border bg-input px-3 py-2.5 text-lg tracking-[0.4em] outline-none focus:border-gold" />
setConfirm(e.target.value)} className="mt-1 w-full rounded-lg border border-border bg-input px-3 py-2.5 text-lg tracking-[0.4em] outline-none focus:border-gold" />
setRecoveryEmail(e.target.value)} className="mt-1 w-full rounded-lg border border-border bg-input px-3 py-2.5 text-sm outline-none focus:border-gold" />
); } /* ---------------- UNLOCK ---------------- */ function UnlockScreen() { const { session, profile, setVaultKey, signOut } = useVault(); const [pin, setPin] = useState(""); const [busy, setBusy] = useState(false); const creds = (profile?.webauthn_credentials as Array<{ id: string }> | null) || []; const hasBio = creds.length > 0 && isBiometricSupported(); const unlockWithPin = async (raw?: string) => { const value = raw ?? pin; if (!profile?.encryption_salt || !profile.master_pin_hash) return; setBusy(true); try { const h = await hashPin(value, profile.encryption_salt); if (h !== profile.master_pin_hash) { toast.error("PIN incorreto."); return; } const key = await deriveKey(value, profile.encryption_salt); cachePinForBiometric(session!.user.id, value); setVaultKey(key); } finally { setBusy(false); } }; const unlockWithBio = async () => { if (!hasBio) return; setBusy(true); try { const ok = await verifyBiometric(creds[0].id); if (!ok) { toast.error("Biometria não reconhecida. Use o PIN."); return; } const cachedPin = getCachedPin(session!.user.id); if (!cachedPin) { toast.error("Sessão biométrica expirada. Use o PIN uma vez."); return; } const key = await deriveKey(cachedPin, profile!.encryption_salt!); setVaultKey(key); } finally { setBusy(false); } }; return (

Desbloquear cofre

Olá, {profile?.display_name || session?.user?.email}

{hasBio && ( )}
{ e.preventDefault(); unlockWithPin(); }} className="mt-6 space-y-3" > setPin(e.target.value)} className="w-full rounded-lg border border-border bg-input px-3 py-3 text-center text-xl tracking-[0.5em] outline-none focus:border-gold" />
); } /* ---------------- DASHBOARD ---------------- */ type Category = { id: string; name: string; color: string }; type VaultItem = { id: string; category_id: string | null; item_type: "password" | "card"; title: string; login_url: string | null; username_enc: string | null; password_enc: string | null; notes_enc: string | null; card_number_enc: string | null; card_holder_enc: string | null; card_expiry_enc: string | null; card_cvv_enc: string | null; updated_at: string; }; function Dashboard() { const { session, profile, vaultKey, setVaultKey, signOut } = useVault(); const navigate = useNavigate(); const [categories, setCategories] = useState([]); const [items, setItems] = useState([]); const [query, setQuery] = useState(""); const [activeCat, setActiveCat] = useState("all"); const [showItem, setShowItem] = useState(null); const [editing, setEditing] = useState(null); const [creatingType, setCreatingType] = useState<"password" | "card" | null>(null); const [showSettings, setShowSettings] = useState(false); const [newCatName, setNewCatName] = useState(""); const load = async () => { const [{ data: cats }, { data: vis }] = await Promise.all([ supabase.from("categories").select("*").order("created_at"), supabase.from("vault_items").select("*").order("updated_at", { ascending: false }), ]); setCategories((cats as Category[]) || []); setItems((vis as VaultItem[]) || []); }; useEffect(() => { load(); // seed default categories on first load if empty // eslint-disable-next-line react-hooks/exhaustive-deps }, []); useEffect(() => { if (categories.length === 0 && session) { (async () => { await supabase.from("categories").insert([ { user_id: session.user.id, name: "Sites", color: "#0d7a5f", icon: "globe" }, { user_id: session.user.id, name: "Apps", color: "#c9a84c", icon: "smartphone" }, { user_id: session.user.id, name: "Cartões", color: "#5cbdb9", icon: "credit-card" }, ]); load(); })(); } }, [categories.length, session]); const filtered = useMemo(() => { const q = query.toLowerCase().trim(); return items.filter((i) => { if (activeCat !== "all" && i.category_id !== activeCat) return false; if (!q) return true; return ( i.title.toLowerCase().includes(q) || (i.login_url ?? "").toLowerCase().includes(q) ); }); }, [items, query, activeCat]); const lock = () => { setVaultKey(null); }; const addCategory = async () => { const name = newCatName.trim(); if (!name) return; const { error } = await supabase.from("categories").insert({ user_id: session!.user.id, name, color: "#0d7a5f", }); if (error) toast.error(error.message); setNewCatName(""); load(); }; const deleteCategory = async (id: string) => { if (!confirm("Excluir categoria? Itens permanecerão sem categoria.")) return; await supabase.from("categories").delete().eq("id", id); load(); }; const deleteItem = async (id: string) => { if (!confirm("Excluir este item?")) return; await supabase.from("vault_items").delete().eq("id", id); setShowItem(null); load(); }; return (
AppPass
setQuery(e.target.value)} className="w-full rounded-xl border border-border bg-card px-10 py-3 text-sm outline-none focus:border-gold" />
setActiveCat("all")}>Todos {categories.map((c) => ( setActiveCat(c.id)} color={c.color}> {c.name} ))}
{filtered.length === 0 ? ( setCreatingType("password")} /> ) : (
{filtered.map((item) => ( c.id === item.category_id)} onOpen={() => setShowItem(item)} /> ))}
)}
{/* Floating add button */}
{showItem && vaultKey && ( c.id === showItem.category_id)} vaultKey={vaultKey} onClose={() => setShowItem(null)} onEdit={() => { setEditing(showItem); setShowItem(null); }} onDelete={() => deleteItem(showItem.id)} /> )} {(creatingType || editing) && vaultKey && session && ( { setCreatingType(null); setEditing(null); }} onSaved={() => { setCreatingType(null); setEditing(null); load(); }} /> )} {showSettings && ( setShowSettings(false)} categories={categories} onAddCategory={addCategory} onDeleteCategory={deleteCategory} newCatName={newCatName} setNewCatName={setNewCatName} reload={load} /> )}
); } function Chip({ children, active, onClick, color }: { children: React.ReactNode; active?: boolean; onClick?: () => void; color?: string }) { return ( ); } function EmptyState({ onAdd }: { onAdd: () => void }) { return (

Seu cofre está vazio

Adicione sua primeira senha para começar.

); } function ItemCard({ item, category, onOpen }: { item: VaultItem; category?: Category; onOpen: () => void }) { const Icon = item.item_type === "card" ? CreditCard : KeyRound; return ( ); } /* ---------------- ITEM DETAIL ---------------- */ function ItemDetail({ item, category, vaultKey, onClose, onEdit, onDelete, }: { item: VaultItem; category?: Category; vaultKey: CryptoKey; onClose: () => void; onEdit: () => void; onDelete: () => void; }) { const [data, setData] = useState>({}); const [reveal, setReveal] = useState>({}); useEffect(() => { (async () => { const out: Record = {}; const fields: Array<[keyof VaultItem, string]> = [ ["username_enc", "username"], ["password_enc", "password"], ["notes_enc", "notes"], ["card_number_enc", "card_number"], ["card_holder_enc", "card_holder"], ["card_expiry_enc", "card_expiry"], ["card_cvv_enc", "card_cvv"], ]; for (const [src, dst] of fields) { const v = item[src] as string | null; if (v) out[dst] = await decryptString(vaultKey, v); } setData(out); })(); }, [item, vaultKey]); const copy = async (label: string, value?: string) => { if (!value) return; await navigator.clipboard.writeText(value); toast.success(`${label} copiado`); }; const isCard = item.item_type === "card"; return (
{category && {category.name}} {isCard ? "Cartão" : "Senha"}

{item.title}

{item.login_url && ( {item.login_url} copy("Link", item.login_url!)} /> )} {!isCard && ( <> {data.username && ( {data.username} copy("Usuário", data.username)} /> )} {data.password && ( {reveal.password ? data.password : "••••••••••"} setReveal((r) => ({ ...r, password: !r.password }))} shown={reveal.password} onCopy={() => copy("Senha", data.password)} /> )} )} {isCard && ( <> {data.card_number && ( {reveal.num ? data.card_number : maskCard(data.card_number)} setReveal((r) => ({ ...r, num: !r.num }))} shown={reveal.num} onCopy={() => copy("Número", data.card_number)} /> )} {data.card_holder && {data.card_holder} copy("Titular", data.card_holder)} />} {data.card_expiry && {data.card_expiry} copy("Validade", data.card_expiry)} />} {data.card_cvv && ( {reveal.cvv ? data.card_cvv : "•••"} setReveal((r) => ({ ...r, cvv: !r.cvv }))} shown={reveal.cvv} onCopy={() => copy("CVV", data.card_cvv)} /> )} )} {data.notes && ( {data.notes} )}
); } function maskCard(s: string) { const digits = s.replace(/\s/g, ""); return "•••• •••• •••• " + digits.slice(-4); } function Field({ label, children }: { label: string; children: React.ReactNode }) { return (
{label}
{children}
); } function ActionBtns({ onCopy, onToggle, shown }: { onCopy?: () => void; onToggle?: () => void; shown?: boolean }) { return (
{onToggle && ( {shown ? : } )} {onCopy && ( )}
); } function IconBtn({ children, ...rest }: React.ButtonHTMLAttributes) { return ( ); } /* ---------------- ITEM EDITOR ---------------- */ function ItemEditor({ userId, categories, vaultKey, item, defaultType, onClose, onSaved, }: { userId: string; categories: Category[]; vaultKey: CryptoKey; item?: VaultItem; defaultType: "password" | "card"; onClose: () => void; onSaved: () => void; }) { const [type] = useState<"password" | "card">(item?.item_type ?? defaultType); const [title, setTitle] = useState(item?.title ?? ""); const [categoryId, setCategoryId] = useState(item?.category_id ?? null); const [loginUrl, setLoginUrl] = useState(item?.login_url ?? ""); const [username, setUsername] = useState(""); const [password, setPassword] = useState(""); const [notes, setNotes] = useState(""); const [cardNumber, setCardNumber] = useState(""); const [cardHolder, setCardHolder] = useState(""); const [cardExpiry, setCardExpiry] = useState(""); const [cardCvv, setCardCvv] = useState(""); const [busy, setBusy] = useState(false); useEffect(() => { if (!item) return; (async () => { setUsername(await decryptString(vaultKey, item.username_enc)); setPassword(await decryptString(vaultKey, item.password_enc)); setNotes(await decryptString(vaultKey, item.notes_enc)); setCardNumber(await decryptString(vaultKey, item.card_number_enc)); setCardHolder(await decryptString(vaultKey, item.card_holder_enc)); setCardExpiry(await decryptString(vaultKey, item.card_expiry_enc)); setCardCvv(await decryptString(vaultKey, item.card_cvv_enc)); })(); }, [item, vaultKey]); const save = async (e: React.FormEvent) => { e.preventDefault(); if (!title.trim()) return toast.error("Dê um título ao item."); setBusy(true); try { const payload = { user_id: userId, category_id: categoryId, item_type: type, title: title.trim(), login_url: loginUrl.trim() || null, username_enc: username ? await encryptString(vaultKey, username) : null, password_enc: password ? await encryptString(vaultKey, password) : null, notes_enc: notes ? await encryptString(vaultKey, notes) : null, card_number_enc: cardNumber ? await encryptString(vaultKey, cardNumber) : null, card_holder_enc: cardHolder ? await encryptString(vaultKey, cardHolder) : null, card_expiry_enc: cardExpiry ? await encryptString(vaultKey, cardExpiry) : null, card_cvv_enc: cardCvv ? await encryptString(vaultKey, cardCvv) : null, }; const { error } = item ? await supabase.from("vault_items").update(payload).eq("id", item.id) : await supabase.from("vault_items").insert(payload); if (error) throw error; toast.success(item ? "Atualizado" : "Salvo no cofre"); onSaved(); } catch (err) { toast.error((err as Error).message); } finally { setBusy(false); } }; return (

{item ? "Editar" : type === "card" ? "Novo cartão" : "Nova senha"}

{type === "password" && ( <> )} {type === "card" && ( <>
)}