@civitai/blocks-react 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +224 -13
- package/dist/hooks/useRequestConsent.d.ts +24 -0
- package/dist/hooks/useRequestConsent.d.ts.map +1 -0
- package/dist/hooks/useRequestConsent.js +30 -0
- package/dist/hooks/useRequestConsent.js.map +1 -0
- package/dist/hooks/useRequestSignIn.d.ts +20 -0
- package/dist/hooks/useRequestSignIn.d.ts.map +1 -0
- package/dist/hooks/useRequestSignIn.js +26 -0
- package/dist/hooks/useRequestSignIn.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/internal/iframeTransport.d.ts +1 -1
- package/dist/internal/iframeTransport.d.ts.map +1 -1
- package/dist/internal/iframeTransport.js +16 -3
- package/dist/internal/iframeTransport.js.map +1 -1
- package/dist/internal/originMatcher.d.ts +28 -0
- package/dist/internal/originMatcher.d.ts.map +1 -0
- package/dist/internal/originMatcher.js +89 -0
- package/dist/internal/originMatcher.js.map +1 -0
- package/dist/internal/validate.d.ts.map +1 -1
- package/dist/internal/validate.js +10 -2
- package/dist/internal/validate.js.map +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -4,8 +4,8 @@ React hooks and iframe transport for [Civitai App Blocks](https://developer.civi
|
|
|
4
4
|
|
|
5
5
|
Pairs with [`@civitai/app-sdk`](https://www.npmjs.com/package/@civitai/app-sdk)'s
|
|
6
6
|
`/blocks` subpath, which carries the framework-agnostic manifest, scope, and
|
|
7
|
-
`postMessage` contract. This package adds the transport that actually moves
|
|
8
|
-
|
|
7
|
+
`postMessage` contract. This package adds the transport that actually moves bytes
|
|
8
|
+
and the React hooks block authors call.
|
|
9
9
|
|
|
10
10
|
## Install
|
|
11
11
|
|
|
@@ -19,29 +19,240 @@ your block app and the SDK share a single React tree.
|
|
|
19
19
|
## Quick start
|
|
20
20
|
|
|
21
21
|
```tsx
|
|
22
|
-
import {
|
|
22
|
+
import { useRef } from 'react';
|
|
23
|
+
import { useBlockContext, useBlockResize, useBuzzWorkflow } from '@civitai/blocks-react';
|
|
24
|
+
import type { ModelSlotContext } from '@civitai/app-sdk/blocks';
|
|
23
25
|
|
|
24
26
|
export function App() {
|
|
25
|
-
const { ready, context, viewer } = useBlockContext();
|
|
26
|
-
const {
|
|
27
|
+
const { ready, context, viewer, theme } = useBlockContext();
|
|
28
|
+
const { submit, status, result } = useBuzzWorkflow();
|
|
29
|
+
const rootRef = useRef<HTMLDivElement>(null);
|
|
30
|
+
useBlockResize(rootRef); // host fits the iframe to content
|
|
31
|
+
|
|
32
|
+
if (!ready) return <div ref={rootRef}>Loading…</div>;
|
|
33
|
+
const model = context as ModelSlotContext;
|
|
27
34
|
|
|
28
|
-
if (!ready) return <div>Loading…</div>;
|
|
29
35
|
return (
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
36
|
+
// GOTCHA #60: set data-theme on YOUR OWN root — the host can't reach into
|
|
37
|
+
// the iframe to set it. Without this any [data-theme="dark"] CSS is dormant.
|
|
38
|
+
<div ref={rootRef} data-theme={theme}>
|
|
39
|
+
<p>Block for model {model.modelName} ({viewer?.username ?? 'anon'})</p>
|
|
40
|
+
<button
|
|
41
|
+
onClick={() =>
|
|
42
|
+
submit({
|
|
43
|
+
kind: 'textToImage',
|
|
44
|
+
modelId: model.modelId,
|
|
45
|
+
modelVersionId: model.modelVersionId,
|
|
46
|
+
params: { prompt: 'a cat' },
|
|
47
|
+
})
|
|
48
|
+
}
|
|
49
|
+
>
|
|
50
|
+
Generate
|
|
51
|
+
</button>
|
|
33
52
|
{status === 'done' && result?.imageUrls?.map((u) => <img key={u} src={u} />)}
|
|
34
53
|
</div>
|
|
35
54
|
);
|
|
36
55
|
}
|
|
37
56
|
```
|
|
38
57
|
|
|
39
|
-
|
|
58
|
+
> `submit` takes a full `WorkflowBody` (`{ kind, modelId, modelVersionId, params }`),
|
|
59
|
+
> **not** `{ prompt }`. Both ids come from `useBlockContext().context` narrowed to
|
|
60
|
+
> `ModelSlotContext`.
|
|
61
|
+
|
|
62
|
+
## The hooks
|
|
63
|
+
|
|
64
|
+
All hooks build on a singleton transport, so they're safe to call from any
|
|
65
|
+
component without prop-drilling. Below: one minimal snippet each.
|
|
66
|
+
|
|
67
|
+
### `useBlockContext()`
|
|
68
|
+
|
|
69
|
+
The primary hook. Returns everything the host delivered in `BLOCK_INIT` plus a
|
|
70
|
+
`ready` gate — fields are sentinel-empty before init, so gate your UI on `ready`.
|
|
71
|
+
|
|
72
|
+
```tsx
|
|
73
|
+
const { ready, context, viewer, theme, settings, blockId, blockInstanceId, appId, token, renderMode } =
|
|
74
|
+
useBlockContext();
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
- `context` — `BlockContext` (`{ slotId, … }`); narrow to `ModelSlotContext` for
|
|
78
|
+
model-page slots.
|
|
79
|
+
- `viewer` — `ViewerInfo | null` (`null` = anonymous).
|
|
80
|
+
- `theme` — `'light' | 'dark'`. **Set `data-theme={theme}` on your root** (gotcha #60).
|
|
81
|
+
- `settings` — `{ publisherSettings, userSettings }`.
|
|
82
|
+
|
|
83
|
+
### `useBlockResize(ref)`
|
|
84
|
+
|
|
85
|
+
Attach to your root element. Observes its height and posts `RESIZE_IFRAME` so the
|
|
86
|
+
host sizes the iframe to fit. No-op on the inline transport (host DOM reflows
|
|
87
|
+
naturally).
|
|
88
|
+
|
|
89
|
+
```tsx
|
|
90
|
+
const rootRef = useRef<HTMLDivElement>(null);
|
|
91
|
+
useBlockResize(rootRef);
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
> Also set `iframe.minHeight` in your manifest to the block's *real* rendered
|
|
95
|
+
> height — a too-small minHeight makes the iframe seed short and grow-jump on
|
|
96
|
+
> `BLOCK_READY` (CLS). Measure it in the dev harness (gotcha #53).
|
|
97
|
+
|
|
98
|
+
### `useBlockToken()`
|
|
99
|
+
|
|
100
|
+
Current block-scoped JWT, auto-refreshing ~2 min before expiry. Returns the token
|
|
101
|
+
fields plus a `refresh()` for the 401-retry path.
|
|
102
|
+
|
|
103
|
+
```tsx
|
|
104
|
+
const { raw, scopes, expiresAt, buzzBudget, refresh } = useBlockToken();
|
|
105
|
+
// after a 401: await refresh(); then retry the request once with the new `raw`.
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
### `useBlockSettings()`
|
|
109
|
+
|
|
110
|
+
Shorthand for `useBlockContext().settings`. Read-only from the iframe — settings
|
|
111
|
+
are *written* on the platform `/apps/installed` page, not via a bridge message.
|
|
112
|
+
|
|
113
|
+
```tsx
|
|
114
|
+
const { publisherSettings, userSettings } = useBlockSettings();
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
### `useBuzzWorkflow()`
|
|
118
|
+
|
|
119
|
+
The generation flow: `estimate` → `submit` → `poll`, host-mediated. Returns
|
|
120
|
+
`{ estimate, submit, poll, status, result, error }`.
|
|
121
|
+
|
|
122
|
+
```tsx
|
|
123
|
+
const { estimate, submit, poll, status, result } = useBuzzWorkflow();
|
|
124
|
+
const body = { kind: 'textToImage', modelId, modelVersionId, params: { prompt } };
|
|
125
|
+
await estimate(body); // status 'estimating' → 'confirming' (cost in result.cost.total)
|
|
126
|
+
const snap = await submit(body); // status 'submitting' → 'polling'; returns a workflowId
|
|
127
|
+
await poll(snap.workflowId); // you loop this on a backoff until terminal
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
**Status semantics** (gotcha #8/#9/#10):
|
|
131
|
+
|
|
132
|
+
- `status === 'confirming'` is **IDLE** (estimate landed, user reviewing the
|
|
133
|
+
cost) — keep the Generate button enabled. Only `estimating | submitting |
|
|
134
|
+
polling` are busy.
|
|
135
|
+
- `result` is populated after `estimate()` too — don't treat a non-null `result`
|
|
136
|
+
as "something is queued."
|
|
137
|
+
- The hook does **not** auto-poll. After `submit` flips status to `'polling'`,
|
|
138
|
+
the **caller** runs a `useEffect` that calls `poll(workflowId)` on a backoff
|
|
139
|
+
until the snapshot is terminal (`succeeded | failed | canceled | expired`).
|
|
140
|
+
- An over-budget / rejected submit comes back as a **resolved** snapshot with
|
|
141
|
+
`status: 'failed'` + an `error` string — the transport resolves the reply, it
|
|
142
|
+
doesn't throw. Check `snap.status`, not just `try/catch`.
|
|
143
|
+
|
|
144
|
+
> **Estimate must mirror submit** (gotcha #59): build the params for `estimate`
|
|
145
|
+
> with the *exact* same logic as `submit` — same seed decision especially. The
|
|
146
|
+
> orchestrator whatif prices a cache hit (identical workflow) at 0 and a fresh
|
|
147
|
+
> job at full cost, and the seed decides which. A drifting estimate silently
|
|
148
|
+
> mis-quotes. See the `buzz-workflow` example.
|
|
149
|
+
|
|
150
|
+
> **cancel** — `@civitai/blocks-react@0.5.0+` adds `useBuzzWorkflow().cancel(workflowId)`
|
|
151
|
+
> for a real server-side orchestrator cancel (gotcha #51), so a running workflow
|
|
152
|
+
> stops spending Buzz. Before that, cancel was client-side only (stop polling). If
|
|
153
|
+
> your installed version predates 0.5.0, do the client-side half and add the
|
|
154
|
+
> `cancel(...)` call after upgrading.
|
|
155
|
+
|
|
156
|
+
### `useBuzzPurchase()`
|
|
157
|
+
|
|
158
|
+
Open the Buzz purchase modal — the insufficient-budget recovery path.
|
|
159
|
+
|
|
160
|
+
```tsx
|
|
161
|
+
const { openPurchaseModal } = useBuzzPurchase();
|
|
162
|
+
const { purchased, newBalance } = await openPurchaseModal(suggestedAmount);
|
|
163
|
+
if (purchased) { /* retry the generation */ }
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
### `useAppStorage()`
|
|
167
|
+
|
|
168
|
+
Per-(block instance, viewer) KV datastore, host-mediated. 64 KB per value,
|
|
169
|
+
50 MB + ~1M rows per app.
|
|
170
|
+
|
|
171
|
+
```tsx
|
|
172
|
+
const storage = useAppStorage();
|
|
173
|
+
await storage.set('key', { any: 'json' }); // throws "PAYLOAD_TOO_LARGE" over a limit
|
|
174
|
+
const v = await storage.get<MyShape>('key'); // null if unset / anon
|
|
175
|
+
await storage.delete('key'); // idempotent
|
|
176
|
+
const { keys } = await storage.list({ prefix: 'note-' });
|
|
177
|
+
const quota = await storage.getQuota(); // { usedBytes, rowCount, limitBytes, limitRows }
|
|
178
|
+
```
|
|
179
|
+
|
|
180
|
+
### `useCheckpointPicker()`
|
|
181
|
+
|
|
182
|
+
Drive the platform Checkpoint picker + persist a viewer override.
|
|
183
|
+
|
|
184
|
+
```tsx
|
|
185
|
+
const { open, persist } = useCheckpointPicker();
|
|
186
|
+
const { selected } = await open({ baseModelGroup: 'SDXL', currentVersionId });
|
|
187
|
+
if (selected) await persist(selected.versionId); // null clears the override
|
|
188
|
+
```
|
|
189
|
+
|
|
190
|
+
### `useCivitaiNavigate()`
|
|
191
|
+
|
|
192
|
+
Request a navigation within civitai.com (host-mediated; fire-and-forget).
|
|
193
|
+
|
|
194
|
+
```tsx
|
|
195
|
+
const { navigate } = useCivitaiNavigate();
|
|
196
|
+
navigate('/models/12345', 'new_tab'); // 'new_tab' needs allow-popups* in the manifest sandbox
|
|
197
|
+
```
|
|
198
|
+
|
|
199
|
+
### `useBlockAnalytics()`
|
|
200
|
+
|
|
201
|
+
Fire-and-forget event tracking into the host's analytics pipeline.
|
|
202
|
+
|
|
203
|
+
```tsx
|
|
204
|
+
const { track } = useBlockAnalytics();
|
|
205
|
+
track('generate_clicked', { modelId });
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
## The `/ui` subexport
|
|
209
|
+
|
|
210
|
+
Opinionated components, imported separately so a transport-only block stays lean.
|
|
211
|
+
v0 ships the headless, manifest-driven `SettingsForm`:
|
|
212
|
+
|
|
213
|
+
```tsx
|
|
214
|
+
import { SettingsForm } from '@civitai/blocks-react/ui';
|
|
215
|
+
|
|
216
|
+
<SettingsForm
|
|
217
|
+
manifestSettings={manifest.settings}
|
|
218
|
+
declaredScopes={manifest.scopes}
|
|
219
|
+
forScope="viewer" // or "publisher"
|
|
220
|
+
initialValues={settings.userSettings}
|
|
221
|
+
onSubmit={async (values) => { /* persist (platform page) */ }}
|
|
222
|
+
/>
|
|
223
|
+
```
|
|
224
|
+
|
|
225
|
+
Unstyled native controls (host themes them). `isFieldVisible` + `SettingsFormError`
|
|
226
|
+
are also exported. See the `settings` example.
|
|
227
|
+
|
|
228
|
+
## Lower-level transport
|
|
229
|
+
|
|
230
|
+
For non-React or advanced use, the transport primitives are exported too:
|
|
231
|
+
`IframeTransport`, `InlineTransport`, `BlockTransportDetector`,
|
|
232
|
+
`readAllowedOriginsFromEnv`, `getTransport`, and `sendTypedRequest`. Hooks are the
|
|
233
|
+
recommended surface; reach for these only when a hook doesn't fit.
|
|
234
|
+
|
|
235
|
+
## Examples
|
|
236
|
+
|
|
237
|
+
Runnable, minimal blocks — one per feature, each with its own README:
|
|
238
|
+
|
|
239
|
+
- [`hello-world`](https://github.com/civitai/civitai-app-starters/tree/main/starters/examples/hello-world) — `useBlockContext`, lifecycle, `data-theme` (#60)
|
|
240
|
+
- [`settings`](https://github.com/civitai/civitai-app-starters/tree/main/starters/examples/settings) — manifest settings + `SettingsForm`
|
|
241
|
+
- [`buzz-workflow`](https://github.com/civitai/civitai-app-starters/tree/main/starters/examples/buzz-workflow) — `useBuzzWorkflow` (#59, #8/#9/#10, #19)
|
|
242
|
+
- [`kv-storage`](https://github.com/civitai/civitai-app-starters/tree/main/starters/examples/kv-storage) — `useAppStorage`
|
|
243
|
+
- [`scopes-api`](https://github.com/civitai/civitai-app-starters/tree/main/starters/examples/scopes-api) — scopes + REST + `useBlockToken`
|
|
244
|
+
- [`buzz-purchase`](https://github.com/civitai/civitai-app-starters/tree/main/starters/examples/buzz-purchase) — `useBuzzPurchase`
|
|
245
|
+
|
|
246
|
+
## Version compatibility
|
|
40
247
|
|
|
41
|
-
|
|
42
|
-
|
|
248
|
+
| `@civitai/blocks-react` | pairs with `@civitai/app-sdk` | adds |
|
|
249
|
+
|---|---|---|
|
|
250
|
+
| `0.5.0` | `^0.7.0` | `useBuzzWorkflow().cancel()` (real server-side cancel, gotcha #51) |
|
|
251
|
+
| `0.4.x` | `^0.6.0` | `useAppStorage`, `SettingsForm` (`/ui`) |
|
|
252
|
+
| `0.3.x` | `^0.5.0` | earlier hook set |
|
|
43
253
|
|
|
44
|
-
|
|
254
|
+
Always keep `@civitai/app-sdk` at or above the paired minor — the React package
|
|
255
|
+
peer-depends on the SDK's message/type contract.
|
|
45
256
|
|
|
46
257
|
## License
|
|
47
258
|
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Lazy consent. Asks the host to open civitai.com's consent UI when a
|
|
3
|
+
* LOGGED-IN viewer clicks an action whose consent-gated scope the block token
|
|
4
|
+
* is missing — e.g. the block's Generate button needs `ai:write:budgeted` /
|
|
5
|
+
* `buzz:read:self` but the viewer hasn't granted them yet (so the mint withheld
|
|
6
|
+
* them and `useBlockToken().scopes` doesn't include them). The host validates
|
|
7
|
+
* the message like every inbound one (origin + `event.source` pinned, only
|
|
8
|
+
* honored after BLOCK_READY) and opens its consent UI.
|
|
9
|
+
*
|
|
10
|
+
* `scopes` is an optional advisory hint of which scopes the action needs; the
|
|
11
|
+
* host independently grants the missing set it computed at mint, so the block
|
|
12
|
+
* can omit it.
|
|
13
|
+
*
|
|
14
|
+
* Fire-and-forget: the host doesn't reply. On grant the host re-mints the block
|
|
15
|
+
* token and pushes a TOKEN_REFRESH carrying the now-granted scopes — observe
|
|
16
|
+
* `useBlockToken().scopes` and retry the action once the scope appears. Mirrors
|
|
17
|
+
* {@link useRequestSignIn} (the anonymous-conversion analog).
|
|
18
|
+
*/
|
|
19
|
+
export declare function useRequestConsent(): {
|
|
20
|
+
requestConsent: (payload?: {
|
|
21
|
+
scopes?: string[];
|
|
22
|
+
}) => void;
|
|
23
|
+
};
|
|
24
|
+
//# sourceMappingURL=useRequestConsent.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useRequestConsent.d.ts","sourceRoot":"","sources":["../../src/hooks/useRequestConsent.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,iBAAiB,IAAI;IACnC,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,KAAK,IAAI,CAAC;CAC3D,CAQA"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { useCallback } from 'react';
|
|
2
|
+
import { getTransport } from '../internal/singleton.js';
|
|
3
|
+
/**
|
|
4
|
+
* Lazy consent. Asks the host to open civitai.com's consent UI when a
|
|
5
|
+
* LOGGED-IN viewer clicks an action whose consent-gated scope the block token
|
|
6
|
+
* is missing — e.g. the block's Generate button needs `ai:write:budgeted` /
|
|
7
|
+
* `buzz:read:self` but the viewer hasn't granted them yet (so the mint withheld
|
|
8
|
+
* them and `useBlockToken().scopes` doesn't include them). The host validates
|
|
9
|
+
* the message like every inbound one (origin + `event.source` pinned, only
|
|
10
|
+
* honored after BLOCK_READY) and opens its consent UI.
|
|
11
|
+
*
|
|
12
|
+
* `scopes` is an optional advisory hint of which scopes the action needs; the
|
|
13
|
+
* host independently grants the missing set it computed at mint, so the block
|
|
14
|
+
* can omit it.
|
|
15
|
+
*
|
|
16
|
+
* Fire-and-forget: the host doesn't reply. On grant the host re-mints the block
|
|
17
|
+
* token and pushes a TOKEN_REFRESH carrying the now-granted scopes — observe
|
|
18
|
+
* `useBlockToken().scopes` and retry the action once the scope appears. Mirrors
|
|
19
|
+
* {@link useRequestSignIn} (the anonymous-conversion analog).
|
|
20
|
+
*/
|
|
21
|
+
export function useRequestConsent() {
|
|
22
|
+
const requestConsent = useCallback((payload) => {
|
|
23
|
+
getTransport().sendMessage({
|
|
24
|
+
type: 'REQUEST_CONSENT',
|
|
25
|
+
...(payload ? { payload } : {}),
|
|
26
|
+
});
|
|
27
|
+
}, []);
|
|
28
|
+
return { requestConsent };
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=useRequestConsent.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useRequestConsent.js","sourceRoot":"","sources":["../../src/hooks/useRequestConsent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAEpC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,iBAAiB;IAG/B,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,OAA+B,EAAE,EAAE;QACrE,YAAY,EAAE,CAAC,WAAW,CAAC;YACzB,IAAI,EAAE,iBAAiB;YACvB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChC,CAAC,CAAC;IACL,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,OAAO,EAAE,cAAc,EAAE,CAAC;AAC5B,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anonymous conversion. Asks the host to start civitai.com's login flow when a
|
|
3
|
+
* logged-out viewer (`useBlockContext().viewer === null`) clicks an action that
|
|
4
|
+
* needs auth/money — e.g. the block's Generate button. The host validates the
|
|
5
|
+
* message like every inbound one (origin + `event.source` pinned, only honored
|
|
6
|
+
* after BLOCK_READY) and opens its login UI.
|
|
7
|
+
*
|
|
8
|
+
* `returnUrl` is an optional same-origin in-app path to return to after sign-in;
|
|
9
|
+
* the host sanitises it (rejecting absolute / protocol-relative values) and
|
|
10
|
+
* defaults to the current page when omitted.
|
|
11
|
+
*
|
|
12
|
+
* Fire-and-forget: the host doesn't reply. After login the page reloads / the
|
|
13
|
+
* block re-inits as an authenticated viewer.
|
|
14
|
+
*/
|
|
15
|
+
export declare function useRequestSignIn(): {
|
|
16
|
+
requestSignIn: (payload?: {
|
|
17
|
+
returnUrl?: string;
|
|
18
|
+
}) => void;
|
|
19
|
+
};
|
|
20
|
+
//# sourceMappingURL=useRequestSignIn.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useRequestSignIn.d.ts","sourceRoot":"","sources":["../../src/hooks/useRequestSignIn.ts"],"names":[],"mappings":"AAIA;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,IAAI;IAClC,aAAa,EAAE,CAAC,OAAO,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;CAC3D,CAQA"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { useCallback } from 'react';
|
|
2
|
+
import { getTransport } from '../internal/singleton.js';
|
|
3
|
+
/**
|
|
4
|
+
* Anonymous conversion. Asks the host to start civitai.com's login flow when a
|
|
5
|
+
* logged-out viewer (`useBlockContext().viewer === null`) clicks an action that
|
|
6
|
+
* needs auth/money — e.g. the block's Generate button. The host validates the
|
|
7
|
+
* message like every inbound one (origin + `event.source` pinned, only honored
|
|
8
|
+
* after BLOCK_READY) and opens its login UI.
|
|
9
|
+
*
|
|
10
|
+
* `returnUrl` is an optional same-origin in-app path to return to after sign-in;
|
|
11
|
+
* the host sanitises it (rejecting absolute / protocol-relative values) and
|
|
12
|
+
* defaults to the current page when omitted.
|
|
13
|
+
*
|
|
14
|
+
* Fire-and-forget: the host doesn't reply. After login the page reloads / the
|
|
15
|
+
* block re-inits as an authenticated viewer.
|
|
16
|
+
*/
|
|
17
|
+
export function useRequestSignIn() {
|
|
18
|
+
const requestSignIn = useCallback((payload) => {
|
|
19
|
+
getTransport().sendMessage({
|
|
20
|
+
type: 'REQUEST_SIGN_IN',
|
|
21
|
+
...(payload ? { payload } : {}),
|
|
22
|
+
});
|
|
23
|
+
}, []);
|
|
24
|
+
return { requestSignIn };
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=useRequestSignIn.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"useRequestSignIn.js","sourceRoot":"","sources":["../../src/hooks/useRequestSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAEpC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB;IAG9B,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,OAAgC,EAAE,EAAE;QACrE,YAAY,EAAE,CAAC,WAAW,CAAC;YACzB,IAAI,EAAE,iBAAiB;YACvB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChC,CAAC,CAAC;IACL,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,OAAO,EAAE,aAAa,EAAE,CAAC;AAC3B,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -21,6 +21,8 @@ export { useBlockResize } from './hooks/useBlockResize.js';
|
|
|
21
21
|
export { useBuzzPurchase } from './hooks/useBuzzPurchase.js';
|
|
22
22
|
export { useCheckpointPicker } from './hooks/useCheckpointPicker.js';
|
|
23
23
|
export { useCivitaiNavigate } from './hooks/useCivitaiNavigate.js';
|
|
24
|
+
export { useRequestSignIn } from './hooks/useRequestSignIn.js';
|
|
25
|
+
export { useRequestConsent } from './hooks/useRequestConsent.js';
|
|
24
26
|
export { useBlockAnalytics } from './hooks/useBlockAnalytics.js';
|
|
25
27
|
export { useAppStorage } from './hooks/useAppStorage.js';
|
|
26
28
|
export type { AppStorageKeyEntry, AppStorageListResult, AppStorageQuota, UseAppStorage, } from './hooks/useAppStorage.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,YAAY,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAC3F,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,YAAY,EACV,aAAa,EACb,cAAc,EACd,eAAe,GAChB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,YAAY,EACV,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,EACf,aAAa,GACd,MAAM,0BAA0B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,YAAY,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAE5E,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAC3F,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,YAAY,EACV,aAAa,EACb,cAAc,EACd,eAAe,GAChB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,YAAY,EACV,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,EACf,aAAa,GACd,MAAM,0BAA0B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -19,6 +19,8 @@ export { useBlockResize } from './hooks/useBlockResize.js';
|
|
|
19
19
|
export { useBuzzPurchase } from './hooks/useBuzzPurchase.js';
|
|
20
20
|
export { useCheckpointPicker } from './hooks/useCheckpointPicker.js';
|
|
21
21
|
export { useCivitaiNavigate } from './hooks/useCivitaiNavigate.js';
|
|
22
|
+
export { useRequestSignIn } from './hooks/useRequestSignIn.js';
|
|
23
|
+
export { useRequestConsent } from './hooks/useRequestConsent.js';
|
|
22
24
|
export { useBlockAnalytics } from './hooks/useBlockAnalytics.js';
|
|
23
25
|
export { useAppStorage } from './hooks/useAppStorage.js';
|
|
24
26
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAG3F,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAO3D,QAAQ;AACR,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAG3F,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAO3D,QAAQ;AACR,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC"}
|
|
@@ -20,7 +20,7 @@ export interface IframeTransportOptions {
|
|
|
20
20
|
* correlates request/response pairs by `requestId`.
|
|
21
21
|
*/
|
|
22
22
|
export declare class IframeTransport implements BlockTransport {
|
|
23
|
-
private readonly
|
|
23
|
+
private readonly originMatcher;
|
|
24
24
|
private readonly window;
|
|
25
25
|
private snapshot;
|
|
26
26
|
private readonly listeners;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeTransport.d.ts","sourceRoot":"","sources":["../../src/internal/iframeTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EAEzB,KAAK,wBAAwB,EAC9B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAKL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,eAAe,EACrB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"iframeTransport.d.ts","sourceRoot":"","sources":["../../src/internal/iframeTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EAEzB,KAAK,wBAAwB,EAC9B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAKL,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,eAAe,EACrB,MAAM,gBAAgB,CAAC;AASxB,MAAM,WAAW,sBAAsB;IACrC;;;;;;;OAOG;IACH,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AASD;;;;;GAKG;AACH,qBAAa,eAAgB,YAAW,cAAc;IACpD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;IAC9C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAEhC,OAAO,CAAC,QAAQ,CAAiC;IACjD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAyB;IAEnD,yEAAyE;IACzE,OAAO,CAAC,YAAY,CAAuB;IAE3C,2EAA2E;IAC3E,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiD;IAC1E,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqC;IAE7D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA4B;IACxD,OAAO,CAAC,WAAW,CAAuC;IAC1D,OAAO,CAAC,UAAU,CAAwB;IAC1C,OAAO,CAAC,aAAa,CAAgC;IACrD,OAAO,CAAC,YAAY,CAAS;IAE7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAgC;gBAEpD,IAAI,EAAE,sBAAsB;IAoCxC,WAAW,IAAI,aAAa;IAI5B,SAAS,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI;IAO3C,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAIxC,WAAW,CAAC,OAAO,EAAE,oBAAoB,GAAG,IAAI;IAIhD,WAAW,CACT,OAAO,EAAE,eAAe,EACxB,YAAY,EAAE,wBAAwB,EACtC,IAAI,GAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAO,GAChC,OAAO,CAAC,OAAO,CAAC;IAmBnB,uDAAuD;IACvD,OAAO,IAAI,IAAI;IAWf,OAAO,CAAC,QAAQ;IAQhB,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,aAAa;IA2FrB,OAAO,CAAC,iBAAiB;IASzB,OAAO,CAAC,IAAI;CAGb"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { isMessage, } from '@civitai/app-sdk/blocks';
|
|
2
2
|
import { EMPTY_SNAPSHOT, nextRequestId, snapshotFromInit, tokenFromWrapped, } from './transport.js';
|
|
3
|
+
import { OriginMatcher } from './originMatcher.js';
|
|
3
4
|
import { payloadValidatorFor } from './validate.js';
|
|
4
5
|
const INIT_TIMEOUT_MS = 10_000;
|
|
5
6
|
const DEFAULT_REQUEST_TIMEOUT_MS = 30_000;
|
|
@@ -10,7 +11,7 @@ const DEFAULT_REQUEST_TIMEOUT_MS = 30_000;
|
|
|
10
11
|
* correlates request/response pairs by `requestId`.
|
|
11
12
|
*/
|
|
12
13
|
export class IframeTransport {
|
|
13
|
-
|
|
14
|
+
originMatcher;
|
|
14
15
|
window;
|
|
15
16
|
snapshot = EMPTY_SNAPSHOT;
|
|
16
17
|
listeners = new Set();
|
|
@@ -30,7 +31,10 @@ export class IframeTransport {
|
|
|
30
31
|
throw new Error('IframeTransport: allowedParentOrigins must contain at least one entry. ' +
|
|
31
32
|
'Configure NEXT_PUBLIC_BLOCK_ALLOWED_PARENT_ORIGINS (or the framework equivalent).');
|
|
32
33
|
}
|
|
33
|
-
|
|
34
|
+
// Build the matcher from the allowlist. Exact entries match by equality;
|
|
35
|
+
// `https://*.example.com` entries match any subdomain on a dot boundary
|
|
36
|
+
// (mirrors the host-side CSP frame-ancestors convention).
|
|
37
|
+
this.originMatcher = new OriginMatcher(opts.allowedParentOrigins);
|
|
34
38
|
this.window = opts.window ?? globalThis.window;
|
|
35
39
|
if (!this.window) {
|
|
36
40
|
throw new Error('IframeTransport: no window available; cannot mount on the server.');
|
|
@@ -111,7 +115,7 @@ export class IframeTransport {
|
|
|
111
115
|
this.window.parent.postMessage(msg, this.parentOrigin);
|
|
112
116
|
}
|
|
113
117
|
handleMessage(event) {
|
|
114
|
-
if (!this.
|
|
118
|
+
if (!this.originMatcher.matches(event.origin))
|
|
115
119
|
return;
|
|
116
120
|
const data = event.data;
|
|
117
121
|
if (data == null || typeof data !== 'object' || typeof data.type !== 'string')
|
|
@@ -126,6 +130,15 @@ export class IframeTransport {
|
|
|
126
130
|
console.warn(`IframeTransport: dropping malformed "${data.type}" message from ${event.origin}`);
|
|
127
131
|
return;
|
|
128
132
|
}
|
|
133
|
+
// CONTRACT — load-bearing, do NOT weaken the `!this.initResolved` guard:
|
|
134
|
+
// BLOCK_INIT is DEDUPED. Only the FIRST valid init is honored; every repeat
|
|
135
|
+
// is a complete no-op (no re-snapshot, no re-emit to subscribers, no second
|
|
136
|
+
// BLOCK_READY, parentOrigin frozen to the first sender). The civitai host
|
|
137
|
+
// (`IframeHost.tsx`) depends on this: to defeat the cross-origin iframe
|
|
138
|
+
// `onLoad` race it RE-SENDS BLOCK_INIT on a ~400ms interval until it observes
|
|
139
|
+
// BLOCK_READY (civitai PR #2546). If this dedupe were removed, every retry
|
|
140
|
+
// tick would re-init the block and re-emit BLOCK_READY. Pinned by
|
|
141
|
+
// iframe-transport.test.ts → "dedupes repeated BLOCK_INIT (host retry-until-ready contract)".
|
|
129
142
|
if (isMessage(data, 'BLOCK_INIT')) {
|
|
130
143
|
if (!this.initResolved) {
|
|
131
144
|
this.initResolved = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeTransport.js","sourceRoot":"","sources":["../../src/internal/iframeTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,GAKV,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,gBAAgB,GAIjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAIpD,MAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAuB1C;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IACT,
|
|
1
|
+
{"version":3,"file":"iframeTransport.js","sourceRoot":"","sources":["../../src/internal/iframeTransport.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,GAKV,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,gBAAgB,GAIjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAIpD,MAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAuB1C;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IACT,aAAa,CAAgB;IAC7B,MAAM,CAAS;IAExB,QAAQ,GAAkB,cAAc,CAAC;IAChC,SAAS,GAAG,IAAI,GAAG,EAAc,CAAC;IAEnD,yEAAyE;IACjE,YAAY,GAAkB,IAAI,CAAC;IAE3C,2EAA2E;IAC1D,QAAQ,GAA8C,EAAE,CAAC;IACzD,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAE5C,WAAW,CAA4B;IAChD,WAAW,CAAuC;IAClD,UAAU,CAAwB;IAClC,aAAa,CAAgC;IAC7C,YAAY,GAAG,KAAK,CAAC;IAEZ,eAAe,CAAgC;IAEhE,YAAY,IAA4B;QACtC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb,yEAAyE;gBACvE,mFAAmF,CACtF,CAAC;QACJ,CAAC;QACD,yEAAyE;QACzE,wEAAwE;QACxE,0DAA0D;QAC1D,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,IAAK,UAAkC,CAAC,MAAO,CAAC;QACzE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,OAAO,CAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACnE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC;YAC3B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;YACnC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;gBACzB,IAAI,CAAC,UAAU,CACb,IAAI,KAAK,CACP,2DAA2D,eAAe,MAAM;oBAC9E,mGAAmG,CACtG,CACF,CAAC;YACJ,CAAC;QACH,CAAC,EAAE,eAAe,CAAC,CAAC;QAEpB,IAAI,CAAC,eAAe,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC5D,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAChE,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,SAAS,CAAC,QAAoB;QAC5B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC;IACJ,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,WAAW,CAAC,OAA6B;QACvC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,WAAW,CACT,OAAwB,EACxB,YAAsC,EACtC,OAA+B,EAAE;QAEjC,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,0BAA0B,CAAC;QAC/D,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC9C,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;gBAChC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;oBACnC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,OAAO,CAAC,IAAI,qBAAqB,SAAS,IAAI,CAAC,CAAC,CAAC;gBACjG,CAAC;YACH,CAAC,EAAE,SAAS,CAAC,CAAC;YACd,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;gBAC1B,OAAO;gBACP,MAAM;gBACN,SAAS;gBACT,YAAY;aACb,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,OAAO;QACL,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QACjE,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACjC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;IACzB,CAAC;IAEO,QAAQ,CAAC,IAAY,EAAE,OAAgB;QAC7C,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACvC,CAAC;IAEO,aAAa;QACnB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAG,CAAC;YACnC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,GAAuC;QAC1D,uFAAuF;QACvF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,YAAa,CAAC,CAAC;IAC1D,CAAC;IAEO,aAAa,CAAC,KAAmB;QACvC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO;QACtD,MAAM,IAAI,GAAG,KAAK,CAAC,IAA6C,CAAC;QACjE,IAAI,IAAI,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO;QAEtF,kEAAkE;QAClE,gEAAgE;QAChE,oEAAoE;QACpE,yCAAyC;QACzC,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,SAAS,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1C,yFAAyF;YACzF,OAAO,CAAC,IAAI,CACV,wCAAwC,IAAI,CAAC,IAAI,kBAAkB,KAAK,CAAC,MAAM,EAAE,CAClF,CAAC;YACF,OAAO;QACT,CAAC;QAED,yEAAyE;QACzE,4EAA4E;QAC5E,4EAA4E;QAC5E,0EAA0E;QAC1E,wEAAwE;QACxE,8EAA8E;QAC9E,2EAA2E;QAC3E,kEAAkE;QAClE,8FAA8F;QAC9F,IAAI,SAAS,CAAqC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;gBACzB,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBACjC,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC;gBACjC,IAAI,CAAC,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACZ,IAAI,CAAC,aAAa,EAAE,CAAC;gBACrB,kEAAkE;gBAClE,kEAAkE;gBAClE,kEAAkE;gBAClE,iEAAiE;gBACjE,gEAAgE;gBAChE,4DAA4D;gBAC5D,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC5C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACjC,CAAC;YACD,OAAO;QACT,CAAC;QAED,iEAAiE;QACjE,6CAA6C;QAC7C,IAAI,SAAS,CAAwC,IAAI,EAAE,eAAe,CAAC,EAAE,CAAC;YAC5E,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,0EAA0E;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,OAA8C,CAAC;QACpE,IAAI,OAAmC,CAAC;QACxC,IAAI,gBAAgB,GAAkB,IAAI,CAAC;QAC3C,IAAI,OAAO,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACtD,IAAI,SAAS,IAAI,SAAS,CAAC,YAAY,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;gBACtD,OAAO,GAAG,SAAS,CAAC;gBACpB,gBAAgB,GAAG,OAAO,CAAC,SAAS,CAAC;YACvC,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,oEAAoE;QACpE,gEAAgE;QAChE,kEAAkE;QAClE,oDAAoD;QACpD,IAAI,SAAS,CAAiD,IAAI,EAAE,wBAAwB,CAAC,EAAE,CAAC;YAC9F,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,OAAO,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACzC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACtC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,IAAI,SAAS,CAAkC,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC;YAChE,oDAAoD;YACpD,OAAO;QACT,CAAC;QACD,IAAI,SAAS,CAAiC,IAAI,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC9D,OAAO;QACT,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,OAAqB;QAC7C,wEAAwE;QACxE,sEAAsE;QACtE,qEAAqE;QACrE,6CAA6C;QAC7C,IAAI,CAAC,QAAQ,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;QACvE,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAEO,IAAI;QACV,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS;YAAE,QAAQ,EAAE,CAAC;IACpD,CAAC;CACF"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Origin allowlist matching for {@link IframeTransport}.
|
|
3
|
+
*
|
|
4
|
+
* Each `allowedParentOrigins` entry is either:
|
|
5
|
+
* - an EXACT origin (`https://civitai.com`) — matched by string equality, or
|
|
6
|
+
* - a SUFFIX-WILDCARD origin (`https://*.civitaic.com`) — matches any
|
|
7
|
+
* `https://<sub>.civitaic.com`, where `<sub>` is one or more labels
|
|
8
|
+
* (single-label `pr-9` or a full subtree `a.b`), but NOT the bare apex
|
|
9
|
+
* `https://civitaic.com` and NOT a different registrable domain.
|
|
10
|
+
*
|
|
11
|
+
* The wildcard form mirrors the host-side CSP `frame-ancestors` convention
|
|
12
|
+
* (`https://*.civitaic.com`) so a single block build can trust both prod
|
|
13
|
+
* (`civitai.com`, an exact entry) and dynamic preview subdomains
|
|
14
|
+
* (`pr-N.civitaic.com`, a wildcard entry).
|
|
15
|
+
*
|
|
16
|
+
* Security: matching is scheme-pinned and suffix-anchored on a DOT boundary,
|
|
17
|
+
* so `https://*.civitaic.com` does NOT match `https://civitaic.com.attacker.tld`
|
|
18
|
+
* (different suffix) nor `https://evilcivitaic.com` (no dot boundary). A
|
|
19
|
+
* bare `*` or empty wildcard is rejected at construction.
|
|
20
|
+
*/
|
|
21
|
+
export declare class OriginMatcher {
|
|
22
|
+
private readonly exact;
|
|
23
|
+
private readonly wildcards;
|
|
24
|
+
constructor(allowedParentOrigins: readonly string[]);
|
|
25
|
+
/** True when `origin` is allowed by an exact or wildcard allowlist entry. */
|
|
26
|
+
matches(origin: string): boolean;
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=originMatcher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"originMatcher.d.ts","sourceRoot":"","sources":["../../src/internal/originMatcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AASH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA2B;gBAEzC,oBAAoB,EAAE,SAAS,MAAM,EAAE;IAoBnD,6EAA6E;IAC7E,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;CAkBjC"}
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Origin allowlist matching for {@link IframeTransport}.
|
|
3
|
+
*
|
|
4
|
+
* Each `allowedParentOrigins` entry is either:
|
|
5
|
+
* - an EXACT origin (`https://civitai.com`) — matched by string equality, or
|
|
6
|
+
* - a SUFFIX-WILDCARD origin (`https://*.civitaic.com`) — matches any
|
|
7
|
+
* `https://<sub>.civitaic.com`, where `<sub>` is one or more labels
|
|
8
|
+
* (single-label `pr-9` or a full subtree `a.b`), but NOT the bare apex
|
|
9
|
+
* `https://civitaic.com` and NOT a different registrable domain.
|
|
10
|
+
*
|
|
11
|
+
* The wildcard form mirrors the host-side CSP `frame-ancestors` convention
|
|
12
|
+
* (`https://*.civitaic.com`) so a single block build can trust both prod
|
|
13
|
+
* (`civitai.com`, an exact entry) and dynamic preview subdomains
|
|
14
|
+
* (`pr-N.civitaic.com`, a wildcard entry).
|
|
15
|
+
*
|
|
16
|
+
* Security: matching is scheme-pinned and suffix-anchored on a DOT boundary,
|
|
17
|
+
* so `https://*.civitaic.com` does NOT match `https://civitaic.com.attacker.tld`
|
|
18
|
+
* (different suffix) nor `https://evilcivitaic.com` (no dot boundary). A
|
|
19
|
+
* bare `*` or empty wildcard is rejected at construction.
|
|
20
|
+
*/
|
|
21
|
+
export class OriginMatcher {
|
|
22
|
+
exact;
|
|
23
|
+
wildcards;
|
|
24
|
+
constructor(allowedParentOrigins) {
|
|
25
|
+
const exact = new Set();
|
|
26
|
+
const wildcards = [];
|
|
27
|
+
for (const raw of allowedParentOrigins) {
|
|
28
|
+
const entry = raw.trim();
|
|
29
|
+
if (!entry)
|
|
30
|
+
continue;
|
|
31
|
+
const wildcard = parseWildcard(entry);
|
|
32
|
+
if (wildcard) {
|
|
33
|
+
wildcards.push(wildcard);
|
|
34
|
+
}
|
|
35
|
+
else {
|
|
36
|
+
exact.add(entry);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
this.exact = exact;
|
|
40
|
+
this.wildcards = wildcards;
|
|
41
|
+
}
|
|
42
|
+
/** True when `origin` is allowed by an exact or wildcard allowlist entry. */
|
|
43
|
+
matches(origin) {
|
|
44
|
+
if (this.exact.has(origin))
|
|
45
|
+
return true;
|
|
46
|
+
for (const wc of this.wildcards) {
|
|
47
|
+
if (!origin.startsWith(wc.scheme))
|
|
48
|
+
continue;
|
|
49
|
+
const host = origin.slice(wc.scheme.length);
|
|
50
|
+
// Reject anything with a path/port/query smuggled into the host span:
|
|
51
|
+
// a real `event.origin` is scheme + host (+ optional :port). We require
|
|
52
|
+
// an exact host-suffix match with at least one leading label, and no '/'.
|
|
53
|
+
if (host.includes('/'))
|
|
54
|
+
continue;
|
|
55
|
+
// The host must END with the dot-anchored suffix AND have at least one
|
|
56
|
+
// character of label before the leading dot (so the apex itself is excluded).
|
|
57
|
+
if (host.length > wc.suffix.length && host.endsWith(wc.suffix)) {
|
|
58
|
+
return true;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
return false;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Parses a `https://*.example.com`-style entry into `{scheme, suffix}`.
|
|
66
|
+
* Returns `null` for non-wildcard (exact) entries.
|
|
67
|
+
* Throws for malformed wildcards (`*` only, `https://*`, `https://*.`).
|
|
68
|
+
*/
|
|
69
|
+
function parseWildcard(entry) {
|
|
70
|
+
const star = entry.indexOf('*');
|
|
71
|
+
if (star === -1)
|
|
72
|
+
return null;
|
|
73
|
+
// Wildcard must be of the exact form `<scheme>://*.<suffix>`.
|
|
74
|
+
const marker = '://*.';
|
|
75
|
+
const markerAt = entry.indexOf(marker);
|
|
76
|
+
if (markerAt === -1) {
|
|
77
|
+
throw new Error(`IframeTransport: invalid wildcard origin "${entry}". ` +
|
|
78
|
+
'Wildcard entries must look like "https://*.example.com".');
|
|
79
|
+
}
|
|
80
|
+
const scheme = entry.slice(0, markerAt + 3); // include "://"
|
|
81
|
+
const bareSuffix = entry.slice(markerAt + marker.length); // after "://*."
|
|
82
|
+
if (!scheme || scheme === '://' || !bareSuffix) {
|
|
83
|
+
throw new Error(`IframeTransport: invalid wildcard origin "${entry}". ` +
|
|
84
|
+
'A wildcard needs a scheme and a non-empty domain suffix, e.g. "https://*.example.com".');
|
|
85
|
+
}
|
|
86
|
+
// Dot-anchor the suffix so `*.civitaic.com` only matches on a label boundary.
|
|
87
|
+
return { scheme, suffix: `.${bareSuffix}` };
|
|
88
|
+
}
|
|
89
|
+
//# sourceMappingURL=originMatcher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"originMatcher.js","sourceRoot":"","sources":["../../src/internal/originMatcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AASH,MAAM,OAAO,aAAa;IACP,KAAK,CAAsB;IAC3B,SAAS,CAA2B;IAErD,YAAY,oBAAuC;QACjD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,MAAM,SAAS,GAAoB,EAAE,CAAC;QAEtC,KAAK,MAAM,GAAG,IAAI,oBAAoB,EAAE,CAAC;YACvC,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACtC,IAAI,QAAQ,EAAE,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,6EAA6E;IAC7E,OAAO,CAAC,MAAc;QACpB,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAExC,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC;gBAAE,SAAS;YAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5C,sEAAsE;YACtE,wEAAwE;YACxE,0EAA0E;YAC1E,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,SAAS;YACjC,uEAAuE;YACvE,8EAA8E;YAC9E,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/D,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,IAAI,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7B,8DAA8D;IAC9D,MAAM,MAAM,GAAG,OAAO,CAAC;IACvB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,6CAA6C,KAAK,KAAK;YACrD,0DAA0D,CAC7D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB;IAC7D,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,gBAAgB;IAC1E,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,6CAA6C,KAAK,KAAK;YACrD,wFAAwF,CAC3F,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,UAAU,EAAE,EAAE,CAAC;AAC9C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/internal/validate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,qBAAqB,EACrB,YAAY,EACb,MAAM,yBAAyB,CAAC;AAejC;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,YAAY,CAQjE;AAED,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,gBAAgB,
|
|
1
|
+
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/internal/validate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,qBAAqB,EACrB,YAAY,EACb,MAAM,yBAAyB,CAAC;AAejC;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,YAAY,CAQjE;AAED,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,gBAAgB,CAuCzE;AAcD,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,qBAAqB,CA4B9E;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,CAAC,EAAE,OAAO,GACT,CAAC,IAAI;IAAE,KAAK,EAAE,YAAY,CAAA;CAAE,CAI9B;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,CACzC,CAAC,EAAE,OAAO,GACT,CAAC,IAAI;IAAE,KAAK,EAAE,YAAY,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAKlD;AAED,wBAAgB,oBAAoB,CAClC,CAAC,EAAE,OAAO,GACT,CAAC,IAAI;IAAE,QAAQ,EAAE,qBAAqB,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAK9D;AAED,wBAAgB,yBAAyB,CACvC,CAAC,EAAE,OAAO,GACT,CAAC,IAAI;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAMtE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,GACX,CAAC,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,GAAG,IAAI,CAuBxC"}
|
|
@@ -64,7 +64,7 @@ export function isValidBlockInitPayload(p) {
|
|
|
64
64
|
return false;
|
|
65
65
|
if (!isObject(p.settings.userSettings))
|
|
66
66
|
return false;
|
|
67
|
-
// `null` for anonymous viewers; otherwise { id, username, status }.
|
|
67
|
+
// `null` for anonymous viewers; otherwise { id, username, status? }.
|
|
68
68
|
if (p.viewer !== null) {
|
|
69
69
|
if (!isObject(p.viewer))
|
|
70
70
|
return false;
|
|
@@ -72,7 +72,15 @@ export function isValidBlockInitPayload(p) {
|
|
|
72
72
|
return false;
|
|
73
73
|
if (p.viewer.username !== null && typeof p.viewer.username !== 'string')
|
|
74
74
|
return false;
|
|
75
|
-
|
|
75
|
+
// `status` is OPTIONAL. The platform deliberately omits the viewer's coarse
|
|
76
|
+
// ban/mute moderation state from BLOCK_INIT to third-party iframes for
|
|
77
|
+
// privacy (civitai #2521). When present it must be one of the three values;
|
|
78
|
+
// when absent (undefined) the init is still valid. Requiring it here
|
|
79
|
+
// rejected every signed-in viewer's init from a #2521-minimized host.
|
|
80
|
+
if (p.viewer.status !== undefined &&
|
|
81
|
+
p.viewer.status !== 'active' &&
|
|
82
|
+
p.viewer.status !== 'banned' &&
|
|
83
|
+
p.viewer.status !== 'muted') {
|
|
76
84
|
return false;
|
|
77
85
|
}
|
|
78
86
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/internal/validate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,MAAM,QAAQ,GAAG,CAAC,CAAU,EAAgC,EAAE,CAC5D,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,CAAC;AAEtC,MAAM,gBAAgB,GAAG,CAAC,CAAU,EAAe,EAAE,CACnD,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAExC,oFAAoF;AACpF,SAAS,qBAAqB,CAAC,CAAU;IACvC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,CAAU;IAC5C,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IACtD,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACjF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,CAAU;IAChD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEzE,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEhD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IAErD,
|
|
1
|
+
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/internal/validate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,MAAM,QAAQ,GAAG,CAAC,CAAU,EAAgC,EAAE,CAC5D,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,CAAC;AAEtC,MAAM,gBAAgB,GAAG,CAAC,CAAU,EAAe,EAAE,CACnD,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAExC,oFAAoF;AACpF,SAAS,qBAAqB,CAAC,CAAU;IACvC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,CAAU;IAC5C,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IACtD,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACjF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,CAAU;IAChD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,eAAe,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEzE,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEhD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IAErD,qEAAqE;IACrE,IAAI,CAAC,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;YAAE,OAAO,KAAK,CAAC;QACtC,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAClD,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,IAAI,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QACtF,4EAA4E;QAC5E,uEAAuE;QACvE,4EAA4E;QAC5E,qEAAqE;QACrE,sEAAsE;QACtE,IACE,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS;YAC7B,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ;YAC5B,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ;YAC5B,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAC3B,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,KAAK,KAAK,OAAO,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAE5D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAS;IACxC,SAAS;IACT,YAAY;IACZ,WAAW;IACX,QAAQ;IACR,SAAS;IACT,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAS,CAAC,YAAY,CAAC,CAAC,CAAC;AACzD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAErF,MAAM,UAAU,uBAAuB,CAAC,CAAU;IAChD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACnF,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9C,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACvE,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,IAAI,OAAO,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACpF,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACnF,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IACE,OAAO,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,QAAQ;YAC3C,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,EACtD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,CAAU;IAEV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CACzC,CAAU;IAEV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,CAAU;IAEV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,CAAU;IAEV,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACnD,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACjF,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAY;IAEZ,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,YAAY;YACf,OAAO,uBAAuB,CAAC;QACjC,KAAK,eAAe;YAClB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,wBAAwB;YAC3B,OAAO,2BAA2B,CAAC;QACrC,KAAK,iBAAiB,CAAC;QACvB,KAAK,oBAAoB,CAAC;QAC1B,KAAK,iBAAiB,CAAC;QACvB,KAAK,mBAAmB;YACtB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,sBAAsB;YACzB,OAAO,yBAAyB,CAAC;QACnC,KAAK,SAAS,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC;QACd;YACE,oEAAoE;YACpE,gDAAgD;YAChD,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@civitai/blocks-react",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"description": "React hooks and iframe transport for Civitai App Blocks. Pairs with @civitai/app-sdk/blocks.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -34,7 +34,7 @@
|
|
|
34
34
|
"node": ">=20"
|
|
35
35
|
},
|
|
36
36
|
"peerDependencies": {
|
|
37
|
-
"@civitai/app-sdk": "
|
|
37
|
+
"@civitai/app-sdk": ">=0.7.0 <1",
|
|
38
38
|
"react": "^18.0.0 || ^19.0.0"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|