npm - @botfabrik/engine-webclient - Versions diffs - 4.93.2 → 4.93.4 - Mend

@botfabrik/engine-webclient 4.93.2 → 4.93.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/client/assets/{index-DBZImkhZ.js → index-Y-O4sres.js} +87 -87
package/dist/client/assets/index-Y-O4sres.js.map +1 -0
package/dist/client/index.html +1 -1
package/dist/createSessionInfo.test.js +1 -6
package/dist/index.d.ts +0 -6
package/dist/index.js +15 -80
package/dist/requestSessionData.d.ts +1 -0
package/dist/requestSessionData.js +5 -0
package/dist/requestSessionData.test.js +16 -9
package/package.json +2 -4
package/dist/client/assets/index-DBZImkhZ.js.map +0 -1

package/dist/client/index.html CHANGED Viewed

@@ -13,7 +13,7 @@
     <meta name="theme-color" content="#000000" />
     <meta name="google" content="notranslate" />
     <title>Bubble Chat Client</title>
-    <script type="module" crossorigin src="./assets/index-DBZImkhZ.js"></script>
+    <script type="module" crossorigin src="./assets/index-Y-O4sres.js"></script>
     <link rel="stylesheet" crossorigin href="./assets/index-CQifi_K_.css">
   </head>

package/dist/createSessionInfo.test.js CHANGED Viewed

@@ -6,9 +6,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const globals_1 = require("@jest/globals");
 const createSessionInfo_1 = __importDefault(require("./createSessionInfo"));
 (0, globals_1.describe)('create session info', () => {
-    const props = {
-        sessionTokenSecret: 'some-secret',
-    };
     const querystrings = {};
     const headers = {
         host: 'fluance-chatbot.scapp.io',
@@ -46,7 +43,7 @@ const createSessionInfo_1 = __importDefault(require("./createSessionInfo"));
         environment: 'PROD',
     };
     (0, globals_1.it)('without user payload', async () => {
-        const sessionInfo = await (0, createSessionInfo_1.default)(socket, 'my-client', 'TEST', defaultSessionInfo, 'my-user-id', 'de_DE', { email: 'hans@example.com' }, props)();
+        const sessionInfo = await (0, createSessionInfo_1.default)(socket, 'my-client', 'TEST', defaultSessionInfo, 'my-user-id', 'de_DE', { email: 'hans@example.com' }, {})();
         // client
         (0, globals_1.expect)(sessionInfo.client.name).toBe('my-client');
         (0, globals_1.expect)(sessionInfo.client.type).toBe('webclient');
@@ -73,7 +70,6 @@ const createSessionInfo_1 = __importDefault(require("./createSessionInfo"));
         };
         const props = {
             requestUserInfos,
-            sessionTokenSecret: 'some-secret',
         };
         const sessionInfo = await (0, createSessionInfo_1.default)(socket, 'my-client', 'TEST', defaultSessionInfo, 'my-user-id', 'de_DE', {}, props)();
         (0, globals_1.expect)(sessionInfo.user.id).toBe('hans.muster@PRIMARY');
@@ -88,7 +84,6 @@ const createSessionInfo_1 = __importDefault(require("./createSessionInfo"));
         };
         const props = {
             requestUserInfos,
-            sessionTokenSecret: 'some-secret',
         };
         const sessionInfo = await (0, createSessionInfo_1.default)(socket, 'my-client', 'TEST', defaultSessionInfo, 'my-user-id', 'de_DE', {}, props)();
         (0, globals_1.expect)(sessionInfo.user.id).toBe('my-user-id');

package/dist/index.d.ts CHANGED Viewed

@@ -13,12 +13,6 @@ export interface WebClientProps {
     speech?: SpeechToTextProps | undefined;
     expandChatWindowAtStart?: Devices;
     fabVisible?: boolean;
-    /**
-     * A secret key used to generate and verify session tokens (e.g. HMAC).
-     * Should be long, random, and stored securely (e.g. via environment variable).
-     * Used for signing tokens that identify sessions over insecure channels like WebSocket.
-     */
-    sessionTokenSecret: string;
     /**
      * Displays a start screen before a new chat begins, useful for user opt-in (e.g., terms acceptance).
      * Contains a text (`start-screen.intro` in Markdown), form fields, and a start button (`start-screen.start-chat`).

package/dist/index.js CHANGED Viewed

@@ -6,9 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CLIENT_TYPE = exports.Devices = void 0;
 const engine_domain_1 = require("@botfabrik/engine-domain");
 const engine_transcript_export_1 = require("@botfabrik/engine-transcript-export");
-const cookie_parser_1 = __importDefault(require("cookie-parser"));
-const crypto_1 = require("crypto");
 const express_1 = require("express");
+const node_crypto_1 = require("node:crypto");
 const package_json_1 = require("../package.json");
 const createSessionInfo_1 = __importDefault(require("./createSessionInfo"));
 const extractLocale_1 = __importDefault(require("./extractLocale"));
@@ -19,6 +18,8 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
 const setTranslations_1 = __importDefault(require("./setTranslations"));
 const speechToText_1 = __importDefault(require("./speechToText"));
 const views_1 = __importDefault(require("./views"));
+const SESSION_ID_COOKIE_NAME = 'session-id';
+const USER_ID_COOKIE_NAME = 'user-id';
 var Devices;
 (function (Devices) {
     Devices["All"] = "all";
@@ -26,15 +27,11 @@ var Devices;
     Devices["Desktop"] = "desktop";
     Devices["None"] = "none";
 })(Devices || (exports.Devices = Devices = {}));
-const SESSION_ID_COOKIE_NAME = 'session-id';
-const USER_ID_COOKIE_NAME = 'user-id';
 exports.default = (clientName, environment, props) => async (bot) => {
     const logger = bot.logger.child({ clientType: exports.CLIENT_TYPE, clientName });
-    bot.webserver.express.use((0, cookie_parser_1.default)());
     // serve transcript pdf
-    bot.webserver.express.get(`/${clientName}/transcript-pdf`, async (req, res) => {
-        const cookies = req.cookies || {};
-        const sessionId = cookies[SESSION_ID_COOKIE_NAME];
+    bot.webserver.express.use('/transcript-pdf/:sessionId', async (req, res) => {
+        const sessionId = req.params['sessionId'];
         if (sessionId?.length) {
             const session = await bot.createSession(sessionId);
             const pdf = await (0, engine_transcript_export_1.getPdf)(session);
@@ -67,25 +64,19 @@ exports.default = (clientName, environment, props) => async (bot) => {
         });
     }
     bot.webserver.express.use(`/${clientName}/embed`, (0, express_1.static)(__dirname + '/embed', serveStaticOptions));
+    // TODO: remove in future versions
     bot.webserver.express.get(`/${clientName}/me/session`, (req, res) => {
+        logger.info('Old client access get token');
         const cookies = req.cookies || {};
-        const sessionId = cookies[SESSION_ID_COOKIE_NAME] || (0, crypto_1.randomUUID)();
+        const sessionId = cookies[SESSION_ID_COOKIE_NAME] || (0, node_crypto_1.randomUUID)();
         const userId = cookies[USER_ID_COOKIE_NAME] ||
             cookies['bubble-chat-user-id'] || // TODO: remove in future versions
-            (0, crypto_1.randomUUID)();
-        const sessionIdToken = generateSignedToken(sessionId, props.sessionTokenSecret);
-        const userIdToken = generateSignedToken(userId, props.sessionTokenSecret);
-        res.cookie(SESSION_ID_COOKIE_NAME, sessionId, {
-            ...buildCookieOptions(clientName, bot),
-            maxAge: 24 * 60 * 60 * 1000, // 1 day
-        });
-        if (!cookies[USER_ID_COOKIE_NAME]) {
-            res.cookie(USER_ID_COOKIE_NAME, userId, buildCookieOptions(clientName, bot));
-        }
-        res.status(201).json({ sessionIdToken, userIdToken });
+            (0, node_crypto_1.randomUUID)();
+        res.status(201).json({ sessionIdToken: sessionId, userIdToken: userId });
     });
+    // TODO: remove in future versions
     bot.webserver.express.delete(`/${clientName}/me/session`, (_req, res) => {
-        res.clearCookie(SESSION_ID_COOKIE_NAME, buildCookieOptions(clientName, bot));
+        logger.info('Old client access delete token');
         res.sendStatus(204);
     });
     bot.webserver.express.get(`/${clientName}/logo.svg`, (_req, res) => {
@@ -143,29 +134,13 @@ const onTerminateSession = (socket, bot) => async ({ sessionId, // passed if the
     socket.leave(sessionId);
     await session.dispatch(engine_domain_1.Actions.guestDisconnected(sessionId));
 };
-const onStartChat = (socket, props, bot, clientName, environment, logger) => async ({ sessionIdToken, sessionId: oldSessionId, // optional, used for old clients
-userIdToken, querystrings, }) => {
+const onStartChat = (socket, props, bot, clientName, environment, logger) => async ({ sessionId: sessionIdFromClient, userId: defaultUserId, querystrings, sessionIdToken, userIdToken, }) => {
     const locale = (0, extractLocale_1.default)(querystrings, socket.request.headers['accept-language']);
-    let sessionId = verifySignedToken(sessionIdToken, props.sessionTokenSecret);
-    let userId = verifySignedToken(userIdToken, props.sessionTokenSecret);
-    // TODO: remove temporary code in future versions
-    // this code is relevant for old clients
-    if (!sessionId && oldSessionId) {
-        logger.info(`Received an old session ID from client: ${oldSessionId}. It will be replaced with a new one.`);
-        sessionId = oldSessionId;
-    }
-    if (!userId) {
-        userId = (0, crypto_1.randomUUID)();
-    }
-    if (!sessionId || !userId) {
-        logger.error(`Invalid session ID token received from client: ${sessionIdToken}`);
-        return;
-    }
     const sessionsCollection = bot.store.db.collection('sessions');
-    const { sessionInfo: defaultSessionInfo, isNew } = await (0, requestSessionData_1.default)(sessionId, querystrings, sessionsCollection, clientName, props);
+    const { sessionId, sessionInfo: defaultSessionInfo, isNew, } = await (0, requestSessionData_1.default)(sessionIdFromClient || sessionIdToken, querystrings, sessionsCollection, clientName, props);
     // create a channel for each session
     socket.join(sessionId);
-    const sessionInfo = await (0, createSessionInfo_1.default)(socket, clientName, environment, defaultSessionInfo, userId, locale, querystrings, props)();
+    const sessionInfo = await (0, createSessionInfo_1.default)(socket, clientName, environment, defaultSessionInfo, defaultUserId || userIdToken, locale, querystrings, props)();
     const session = await bot.createSession(sessionId, sessionInfo);
     sendConfigurationToClient(socket, props, bot, clientName);
     // sending persisted state to client
@@ -242,44 +217,4 @@ const sendConfigurationToClient = (socket, props, bot, clientName) => {
         });
     }
 };
-const buildCookieOptions = (clientName, bot) => {
-    const isLocalhost = bot.webserver.baseUrl === 'http://localhost:3000';
-    return {
-        httpOnly: true, // 🔒 Not accessible via JS
-        secure: !isLocalhost, // ✅ true only for HTTPS
-        sameSite: 'none', // Important, if chat-widget runs under a different domain
-        path: `/${clientName}`, // Path for the cookie
-    };
-};
-/**
- * Generates a signed token.
- *
- * @param payload
- * @param secret
- * @returns token in the format "payload.signature"
- */
-const generateSignedToken = (payload, secret) => {
-    const signature = (0, crypto_1.createHmac)('sha256', secret).update(payload).digest('hex');
-    return `${payload}.${signature}`;
-};
-/**
- * Verifies a signed token.
- *
- * @param token in the format "payload.signature"
- * @param secret
- * @returns payload if the token is valid, otherwise null.
- */
-const verifySignedToken = (token, secret) => {
-    if (!token)
-        return null;
-    const [payload, signature] = token.split('.');
-    if (!payload || !signature)
-        return null;
-    const expectedSignature = (0, crypto_1.createHmac)('sha256', secret)
-        .update(payload)
-        .digest('hex');
-    if (signature !== expectedSignature)
-        return null;
-    return payload;
-};
 exports.CLIENT_TYPE = 'webclient';

package/dist/requestSessionData.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { SessionInfo } from '@botfabrik/engine-domain';
 import { type WebClientProps } from './index';
 import type { SessionInfoClientPayload, SessionInfoUserPayload } from './types';
 interface SessionData {
+    sessionId: string;
     sessionInfo: SessionInfo<SessionInfoClientPayload, SessionInfoUserPayload>;
     isNew: boolean;
 }

package/dist/requestSessionData.js CHANGED Viewed

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const crypto_1 = require("crypto");
 const index_1 = require("./index");
 const requestSessionData = async (sessionId, querystrings, sessionsCollection, clientName, props) => {
     const baseQuery = {
@@ -21,13 +22,16 @@ const requestSessionData = async (sessionId, querystrings, sessionsCollection, c
         };
     }
     const sessionRecord = await sessionsCollection.findOne(findSessionRecordQuery, { _id: 1, sessionInfo: 1 });
+    let sesId;
     let sessionInfo;
     let isNew;
     if (sessionRecord) {
+        sesId = sessionRecord._id;
         sessionInfo = sessionRecord.sessionInfo;
         isNew = false;
     }
     else {
+        sesId = (0, crypto_1.randomUUID)();
         sessionInfo = {
             client: {},
             user: {},
@@ -36,6 +40,7 @@ const requestSessionData = async (sessionId, querystrings, sessionsCollection, c
         isNew = true;
     }
     return {
+        sessionId: sesId,
         sessionInfo,
         isNew,
     };

package/dist/requestSessionData.test.js CHANGED Viewed

@@ -5,13 +5,18 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const globals_1 = require("@jest/globals");
 const requestSessionData_1 = __importDefault(require("./requestSessionData"));
+globals_1.jest.mock('crypto', () => {
+    const original = globals_1.jest.requireActual('crypto');
+    return {
+        v4: globals_1.jest.fn(() => 'uuid'),
+        ...original,
+        randomUUID: globals_1.jest.fn(() => 'some-uuid'),
+    };
+});
 (0, globals_1.describe)('request session id', () => {
     (0, globals_1.beforeEach)(() => {
         globals_1.jest.clearAllMocks();
     });
-    const props = {
-        sessionTokenSecret: 'some-secret',
-    };
     const querystrings = {
         accessToken: 'access-token',
     };
@@ -21,13 +26,14 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
         const sessionsCollection = {
             findOne,
         };
-        const { isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', props);
+        const { sessionId, isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', {});
         (0, globals_1.expect)(findOne).toHaveBeenCalledTimes(1);
         (0, globals_1.expect)(findOne).toHaveBeenCalledWith({
             _id: 'session-id',
             'sessionInfo.client.name': 'test-bot',
             'sessionInfo.client.type': 'webclient',
         }, { _id: 1, sessionInfo: 1 });
+        (0, globals_1.expect)(sessionId).toBe('some-uuid');
         (0, globals_1.expect)(isNew).toBe(true);
     });
     (0, globals_1.it)('when sessionId has been passed by query param and exists in db', async () => {
@@ -36,13 +42,14 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
         const sessionsCollection = {
             findOne,
         };
-        const { isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', props);
+        const { sessionId, isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', {});
         (0, globals_1.expect)(findOne).toHaveBeenCalledTimes(1);
         (0, globals_1.expect)(findOne).toHaveBeenCalledWith({
             _id: 'session-id',
             'sessionInfo.client.name': 'test-bot',
             'sessionInfo.client.type': 'webclient',
         }, { _id: 1, sessionInfo: 1 });
+        (0, globals_1.expect)(sessionId).toBe('session-id');
         (0, globals_1.expect)(isNew).toBe(false);
     });
     (0, globals_1.it)('when requestSessionRecordQuery has been passed as webclient property but no such session exists in db', async () => {
@@ -54,10 +61,9 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
         const requestSessionRecordQuery = globals_1.jest.fn();
         const props = {
             requestSessionRecordQuery,
-            sessionTokenSecret: 'some-secret',
         };
         requestSessionRecordQuery.mockReturnValueOnce(Promise.resolve({ 'sessionInfo.user.id': 'hans@apptiva.ch' }));
-        const { isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', props);
+        const { sessionId, isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', props);
         (0, globals_1.expect)(requestSessionRecordQuery).toHaveBeenCalledTimes(1);
         (0, globals_1.expect)(requestSessionRecordQuery).toHaveBeenCalledWith({
             querystrings,
@@ -69,6 +75,7 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
             'sessionInfo.client.type': 'webclient',
             'sessionInfo.user.id': 'hans@apptiva.ch',
         }, { _id: 1, sessionInfo: 1 });
+        (0, globals_1.expect)(sessionId).toBe('some-uuid');
         (0, globals_1.expect)(isNew).toBe(true);
     });
     (0, globals_1.it)('when requestSessionRecordQuery has been passed as webclient property and session exists in db', async () => {
@@ -80,10 +87,9 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
         const requestSessionRecordQuery = globals_1.jest.fn();
         const props = {
             requestSessionRecordQuery,
-            sessionTokenSecret: 'some-secret',
         };
         requestSessionRecordQuery.mockReturnValueOnce(Promise.resolve({ 'sessionInfo.user.id': 'hans@apptiva.ch' }));
-        const { isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', props);
+        const { sessionId, isNew } = await (0, requestSessionData_1.default)('session-id', querystrings, sessionsCollection, 'test-bot', props);
         (0, globals_1.expect)(requestSessionRecordQuery).toHaveBeenCalledTimes(1);
         (0, globals_1.expect)(requestSessionRecordQuery).toHaveBeenCalledWith({
             querystrings,
@@ -95,6 +101,7 @@ const requestSessionData_1 = __importDefault(require("./requestSessionData"));
             'sessionInfo.client.type': 'webclient',
             'sessionInfo.user.id': 'hans@apptiva.ch',
         }, { _id: 1, sessionInfo: 1 });
+        (0, globals_1.expect)(sessionId).toBe('session-id');
         (0, globals_1.expect)(isNew).toBe(false);
     });
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@botfabrik/engine-webclient",
-  "version": "4.93.2",
+  "version": "4.93.4",
   "description": "Webclient for Botfabriks Bot Engine",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -25,13 +25,11 @@
     "@botfabrik/engine-utils": "^4.90.6",
     "@google-cloud/speech": "^7.1.0",
     "accept-language-parser": "^1.5.0",
-    "cookie-parser": "^1.4.7",
     "express": "^5.1.0",
     "uuid": "^11.1.0"
   },
   "devDependencies": {
     "@types/accept-language-parser": "^1.5.8",
-    "@types/cookie-parser": "^1.4.9",
     "@types/express": "^5.0.3",
     "@types/serve-static": "^1.15.8",
     "@types/ua-parser-js": "^0.7.39",
@@ -41,5 +39,5 @@
     "tsx": "^4.20.1",
     "typescript": "5.8.3"
   },
-  "gitHead": "f148c84858fbaa4b025af8c3cc536069fd8e3ead"
+  "gitHead": "55a358c8f29b658cb1579f66d88cbdcef4561b36"
 }