@el7ven/cookie-kit 0.2.21 → 0.3.2

package/src/core/StorageAdapter.js

@@ -0,0 +1,179 @@
+/**
+ * Safe Storage Adapter — handles localStorage failures (Safari private mode, quota exceeded)
+ * @module StorageAdapter
+ */
+
+export class StorageAdapter {
+  constructor(config = {}) {
+    this.storageType = config.storageType || 'localStorage'
+    this.storageKey = config.storageKey || 'cookie_consent'
+    this.cookieExpireDays = config.consentExpireDays || 365
+    this._testStorage()
+  }
+
+  /**
+   * Test if storage is available (Safari private mode blocks localStorage)
+   */
+  _testStorage() {
+    this.isLocalStorageAvailable = false
+    this.isCookieAvailable = false
+
+    // Test localStorage
+    if (typeof window !== 'undefined' && window.localStorage) {
+      try {
+        const testKey = '__storage_test__'
+        localStorage.setItem(testKey, 'test')
+        localStorage.removeItem(testKey)
+        this.isLocalStorageAvailable = true
+      } catch (e) {
+        console.warn('[StorageAdapter] localStorage not available:', e.message)
+      }
+    }
+
+    // Test cookies
+    if (typeof document !== 'undefined') {
+      try {
+        document.cookie = '__cookie_test__=test; path=/; SameSite=Lax'
+        this.isCookieAvailable = document.cookie.includes('__cookie_test__')
+        document.cookie = '__cookie_test__=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;'
+      } catch (e) {
+        console.warn('[StorageAdapter] Cookies not available:', e.message)
+      }
+    }
+  }
+
+  /**
+   * Get data from storage
+   */
+  get(key = null) {
+    const storageKey = key || this.storageKey
+
+    try {
+      // Try localStorage first
+      if (this.storageType === 'localStorage' || this.storageType === 'both') {
+        if (this.isLocalStorageAvailable) {
+          const value = localStorage.getItem(storageKey)
+          if (value) return value
+        }
+      }
+
+      // Fallback to cookies
+      if (this.storageType === 'cookie' || this.storageType === 'both') {
+        if (this.isCookieAvailable) {
+          return this._readCookie(storageKey)
+        }
+      }
+
+      return null
+    } catch (e) {
+      console.error('[StorageAdapter] Error reading storage:', e)
+      return null
+    }
+  }
+
+  /**
+   * Set data to storage
+   */
+  set(key, value) {
+    const storageKey = typeof key === 'string' ? key : this.storageKey
+    const data = typeof key === 'string' ? value : key
+
+    // Validate data before saving
+    if (data === null || data === undefined) {
+      console.warn('[StorageAdapter] Attempted to save null/undefined data, skipping')
+      return false
+    }
+    
+    if (typeof data === 'string' && (data === 'null' || data === 'undefined')) {
+      console.warn('[StorageAdapter] Attempted to save literal "null"/"undefined" string, skipping')
+      return false
+    }
+
+    try {
+      // Try localStorage
+      if (this.storageType === 'localStorage' || this.storageType === 'both') {
+        if (this.isLocalStorageAvailable) {
+          try {
+            localStorage.setItem(storageKey, data)
+          } catch (e) {
+            // Quota exceeded — try to clear old data
+            if (e.name === 'QuotaExceededError') {
+              console.warn('[StorageAdapter] localStorage quota exceeded, falling back to cookies')
+              this.isLocalStorageAvailable = false
+            }
+          }
+        }
+      }
+
+      // Fallback to cookies
+      if (this.storageType === 'cookie' || this.storageType === 'both') {
+        if (this.isCookieAvailable) {
+          this._writeCookie(storageKey, data, this.cookieExpireDays)
+        }
+      }
+
+      return true
+    } catch (e) {
+      console.error('[StorageAdapter] Error writing storage:', e)
+      return false
+    }
+  }
+
+  /**
+   * Remove data from storage
+   */
+  remove(key = null) {
+    const storageKey = key || this.storageKey
+
+    try {
+      // Remove from localStorage
+      if (this.storageType === 'localStorage' || this.storageType === 'both') {
+        if (this.isLocalStorageAvailable) {
+          localStorage.removeItem(storageKey)
+        }
+      }
+
+      // Remove from cookies
+      if (this.storageType === 'cookie' || this.storageType === 'both') {
+        if (this.isCookieAvailable) {
+          this._writeCookie(storageKey, '', -1)
+        }
+      }
+
+      return true
+    } catch (e) {
+      console.error('[StorageAdapter] Error removing storage:', e)
+      return false
+    }
+  }
+
+  /**
+   * Check if storage is available
+   */
+  isAvailable() {
+    return this.isLocalStorageAvailable || this.isCookieAvailable
+  }
+
+  /**
+   * Get storage type being used
+   */
+  getActiveStorageType() {
+    if (this.isLocalStorageAvailable) return 'localStorage'
+    if (this.isCookieAvailable) return 'cookie'
+    return 'none'
+  }
+
+  // --- Cookie helpers ---
+
+  _readCookie(name) {
+    if (typeof document === 'undefined') return null
+    const match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)'))
+    return match ? decodeURIComponent(match[2]) : null
+  }
+
+  _writeCookie(name, value, days) {
+    if (typeof document === 'undefined') return
+    const expires = new Date(Date.now() + days * 864e5).toUTCString()
+    document.cookie = `${name}=${encodeURIComponent(value)}; expires=${expires}; path=/; SameSite=Lax`
+  }
+}

package/src/core/analytics.js

@@ -127,27 +127,115 @@ export function loadYandexMetrica(counterId) {
 }
 
 /**
- * Block/unblock scripts based on consent categories
- * Scripts with data-cookie-category attribute will be managed
- * @param {Object} categories - { analytics: true, marketing: false }
+ * Block all scripts with data-cookie-category BEFORE consent.
+ * Call this as early as possible (before DOMContentLoaded).
+ * Rewrites script type to text/plain so they don't execute.
+ *
+ * Usage in HTML:
+ *   <script data-cookie-category="analytics" src="..."></script>
+ *   <script data-cookie-category="marketing">inline code</script>
  */
-export function manageScriptBlocking(categories = {}) {
+export function blockScriptsBeforeConsent() {
   if (typeof document === 'undefined') return
 
+  // MutationObserver to catch dynamically added scripts
+  const observer = new MutationObserver((mutations) => {
+    for (const mutation of mutations) {
+      for (const node of mutation.addedNodes) {
+        if (node.tagName === 'SCRIPT' && node.getAttribute('data-cookie-category')) {
+          const category = node.getAttribute('data-cookie-category')
+          // Check if consent already given for this category
+          if (!_hasConsentFor(category)) {
+            node.type = 'text/plain'
+            if (node.src) {
+              node.dataset.originalSrc = node.src
+              node.removeAttribute('src')
+            }
+          }
+        }
+      }
+    }
+  })
+
+  observer.observe(document.documentElement, { childList: true, subtree: true })
+
+  // Also block any scripts already in the DOM
   document.querySelectorAll('script[data-cookie-category]').forEach(script => {
+    const category = script.getAttribute('data-cookie-category')
+    if (!_hasConsentFor(category)) {
+      if (!script.dataset.blocked) {
+        script.dataset.blocked = 'true'
+        // Already executed scripts can't be un-executed,
+        // but we mark them so future loads respect consent
+      }
+    }
+  })
+
+  // Store observer reference for cleanup
+  if (typeof window !== 'undefined') {
+    window.__cookieKitScriptObserver = observer
+  }
+
+  return observer
+}
+
+/**
+ * Unblock and execute scripts for consented categories.
+ * @param {Object} categories - { analytics: true, marketing: false }
+ */
+export function unblockConsentedScripts(categories = {}) {
+  if (typeof document === 'undefined') return
+
+  document.querySelectorAll('script[data-cookie-category][type="text/plain"]').forEach(script => {
     const category = script.getAttribute('data-cookie-category')
     if (categories[category]) {
-      // Re-enable script
-      if (script.type === 'text/plain' && script.dataset.originalSrc) {
-        const newScript = document.createElement('script')
+      const newScript = document.createElement('script')
+
+      // Copy attributes
+      for (const attr of script.attributes) {
+        if (attr.name !== 'type' && attr.name !== 'data-original-src') {
+          newScript.setAttribute(attr.name, attr.value)
+        }
+      }
+
+      // Restore src or inline content
+      if (script.dataset.originalSrc) {
         newScript.src = script.dataset.originalSrc
         newScript.async = true
-        script.parentNode.replaceChild(newScript, script)
+      } else if (script.textContent) {
+        newScript.textContent = script.textContent
       }
+
+      newScript.type = 'text/javascript'
+      script.parentNode.replaceChild(newScript, script)
     }
   })
 }
 
+/**
+ * Check localStorage for existing consent for a category
+ * @private
+ */
+function _hasConsentFor(category) {
+  if (typeof localStorage === 'undefined') return false
+  try {
+    const stored = localStorage.getItem('cookie_consent')
+    if (!stored) return false
+    const consent = JSON.parse(stored)
+    return consent?.categories?.[category] === true
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Legacy alias
+ * @param {Object} categories - { analytics: true, marketing: false }
+ */
+export function manageScriptBlocking(categories = {}) {
+  unblockConsentedScripts(categories)
+}
+
 /**
  * Create analytics manager that auto-integrates with cookie consent
  * @param {Object} config - { ga4: 'G-XXX', gtm: 'GTM-XXX', metaPixel: 'XXX', yandexMetrica: 'XXX' }
@@ -160,6 +248,9 @@ export function createAnalyticsManager(config = {}) {
     if (initialized) return
     initialized = true
 
+    // Block scripts before consent
+    blockScriptsBeforeConsent()
+
     // Always init Google Consent Mode first (denied by default)
     initGoogleConsentMode()
 
@@ -181,8 +272,8 @@ export function createAnalyticsManager(config = {}) {
       if (config.metaPixel) loadMetaPixel(config.metaPixel)
     }
 
-    // Manage script blocking
-    manageScriptBlocking(categories)
+    // Unblock scripts for consented categories
+    unblockConsentedScripts(categories)
   }
 
   const connectToCookieConsent = () => {

package/src/core/index.js

@@ -32,7 +32,7 @@ const DEFAULT_CONFIG = {
       label: 'Necesare',
       description: 'Cookie-uri esențiale pentru funcționarea site-ului',
       required: true,
-      locked: true,
+      disabled: true,
       enabled: true
     },
     analytics: {
@@ -40,24 +40,24 @@ const DEFAULT_CONFIG = {
       label: 'Analiză',
       description: 'Cookie-uri pentru analiza traficului și comportamentului utilizatorilor',
       required: false,
-      locked: false,
-      enabled: true
+      disabled: false,
+      enabled: false
     },
     marketing: {
       id: 'marketing',
       label: 'Marketing',
       description: 'Cookie-uri pentru publicitate personalizată',
       required: false,
-      locked: false,
-      enabled: true
+      disabled: false,
+      enabled: false
     },
     preferences: {
       id: 'preferences',
       label: 'Preferințe',
       description: 'Cookie-uri pentru salvarea preferințelor utilizatorului',
       required: false,
-      locked: false,
-      enabled: true
+      disabled: false,
+      enabled: false
     }
   },