@needle-tools/engine 5.1.0-alpha.5 → 5.1.0-canary.02ccb45

package/src/engine/engine_license.ts

@@ -7,19 +7,33 @@ import { SSR } from "./engine_ssr.js";
 import type { IContext } from "./engine_types.js";
 import { getParam } from "./engine_utils.js";
 
-const debug = getParam("debuglicense");
+const debug = getParam("__debuglic__");
 
-const _licenseCheckResultChangedCallbacks: ((result: boolean) => void)[] = [];
+const $lPERZMM: ((result: boolean) => void)[] = [];
 
-// This is modified by a bundler (e.g. vite)
-// Do not edit manually
-let NEEDLE_ENGINE_LICENSE_TYPE: string = "basic";
-if (debug)
-    console.log("License Type: " + NEEDLE_ENGINE_LICENSE_TYPE)
+// DO NOT EDIT MANUALLY
+let fFDtghiT: string = "";
+// eslint-disable-next-line prefer-const
+let $NAqiWhRF: string = "";
+
+if (debug) {
+    console.log("License Type: " + fFDtghiT);
+    if ($NAqiWhRF) {
+        console.log("License JWT: " + $NAqiWhRF);
+        try {
+            const payload = JSON.parse(atob($NAqiWhRF.split(".")[1].replace(/-/g, '+').replace(/_/g, '/')));
+            console.log("License JWT payload:", payload);
+        }
+        catch { console.log("License JWT payload: (failed to decode)"); }
+    }
+    else {
+        console.log("License JWT: (none)");
+    }
+}
 
 /** @internal */
-export function hasProLicense() {
-    switch (NEEDLE_ENGINE_LICENSE_TYPE) {
+export function UsFaeEU() {
+    switch (fFDtghiT) {
         case "pro":
         case "enterprise":
             return true;
@@ -28,8 +42,8 @@ export function hasProLicense() {
 }
 
 /** @internal */
-export function hasIndieLicense() {
-    switch (NEEDLE_ENGINE_LICENSE_TYPE) {
+export function _$xxpfa() {
+    switch (fFDtghiT) {
         case "indie":
             return true;
     }
@@ -37,8 +51,8 @@ export function hasIndieLicense() {
 }
 
 /** @internal */
-export function hasEduLicense() {
-    switch (NEEDLE_ENGINE_LICENSE_TYPE) {
+export function _$fONrFrf() {
+    switch (fFDtghiT) {
         case "edu":
             return true;
     }
@@ -46,20 +60,20 @@ export function hasEduLicense() {
 }
 
 /** @internal */
-export function hasCommercialLicense() {
-    return hasProLicense() || hasIndieLicense() || hasEduLicense();
+export function _$HwXA() {
+    return UsFaeEU() || _$xxpfa() || _$fONrFrf();
 }
 
 
 /** @internal */
-export function onLicenseCheckResultChanged(cb: (result: boolean) => void) {
-    if (hasProLicense() || hasIndieLicense() || hasEduLicense())
+export function _uIFN(cb: (result: boolean) => void) {
+    if (UsFaeEU() || _$xxpfa() || _$fONrFrf())
         return cb(true);
-    _licenseCheckResultChangedCallbacks.push(cb);
+    $lPERZMM.push(cb);
 }
 
-function invokeLicenseCheckResultChanged(result: boolean) {
-    for (const cb of _licenseCheckResultChangedCallbacks) {
+function FHaO(result: boolean) {
+    for (const cb of $lPERZMM) {
         try {
             cb(result);
         }
@@ -70,6 +84,128 @@ function invokeLicenseCheckResultChanged(result: boolean) {
 }
 
 
+// #region JWT
+
+// ECDSA P-256 public key for verifying license JWTs (verification-only, safe to ship)
+/* eslint-disable no-secrets/no-secrets -- public key, not a secret */
+const _$eFebWu = {
+    kty: "EC",
+    crv: "P-256",
+    x: "A34nyKMjhQYVgzeE4tyLUYdx34TAKogDa7v7PRaO9Lg",
+    y: "JZI9IQavGCpGjEG_-pa0J-MHQYWJYINUM-MnvSu0TmE",
+} as const;
+/* eslint-enable no-secrets/no-secrets */
+
+/** Base64url decode (RFC 7515) */
+function base64urlDecode(str: string): Uint8Array {
+    const base64 = str.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = base64 + '='.repeat((4 - base64.length % 4) % 4);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}
+
+/**
+ * Verify a JWT license token and return the `type` claim if valid.
+ * Returns null if the JWT is missing, malformed, or has an invalid signature.
+ */
+async function _$VqCN(jwt: string): Promise<string | null> {
+    if (!jwt) return null;
+    try {
+        const parts = jwt.split(".");
+        if (parts.length !== 3) return null;
+
+        const [headerB64, payloadB64, signatureB64] = parts;
+
+        const key = await crypto.subtle.importKey(
+            "jwk",
+            _$eFebWu,
+            { name: "ECDSA", namedCurve: "P-256" },
+            false,
+            ["verify"]
+        );
+
+        const signingInput = new TextEncoder().encode(`${headerB64}.${payloadB64}`);
+        const signature = base64urlDecode(signatureB64);
+
+        const valid = await crypto.subtle.verify(
+            { name: "ECDSA", hash: "SHA-256" },
+            key,
+            signature.buffer as ArrayBuffer,
+            signingInput
+        );
+
+        if (!valid) {
+            if (debug) console.warn("JWT: signature verification failed");
+            return null;
+        }
+
+        const payloadStr = new TextDecoder().decode(base64urlDecode(payloadB64));
+        const payload = JSON.parse(payloadStr);
+
+        if (typeof payload.type !== "string" || payload.type.length === 0) {
+            if (debug) console.warn("JWT: missing or invalid 'type' claim");
+            return null;
+        }
+
+        // Optional: check expiration if present (future-proof — server doesn't set this yet)
+        if (typeof payload.exp === "number") {
+            const nowSeconds = Math.floor(Date.now() / 1000);
+            if (nowSeconds > payload.exp) {
+                if (debug) console.warn("JWT: token has expired (exp=" + payload.exp + ", now=" + nowSeconds + ")");
+                return null;
+            }
+        }
+
+        // Optional: check audience/domain if present (future-proof — server doesn't set this yet)
+        if (payload.aud) {
+            const currentHost = typeof window !== "undefined" ? window.location.hostname : undefined;
+            if (currentHost) {
+                const allowed = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
+                if (!allowed.some((a: string) => currentHost === a || currentHost.endsWith("." + a))) {
+                    if (debug) console.warn("JWT: domain '" + currentHost + "' not in allowed audience: " + allowed.join(", "));
+                    return null;
+                }
+            }
+        }
+
+        if (debug) console.log("JWT: verified license type: " + payload.type);
+        return payload.type;
+    }
+    catch (err) {
+        if (debug) console.error("JWT: verification error", err);
+        return null;
+    }
+}
+
+/** Verify the injected JWT and update the license type if valid.
+ * The engine ONLY trusts the JWT — the plain fFDtghiT string is ignored. */
+let _jwtVerificationPromise: Promise<void> | undefined = undefined;
+async function _$esPHqPbk(): Promise<void> {
+    // NOTE: do NOT add an `if (!$NAqiWhRF) return` guard here.
+    // esbuild (Vite dependency pre-bundling) would see the variable as constant ""
+    // and tree-shake the entire JWT verification code path.
+    const jwt = $NAqiWhRF;
+    // Clear after reading — this reassignment also prevents esbuild from
+    // constant-folding the variable (it now has multiple assignment sites).
+    $NAqiWhRF = "";
+    const verifiedType = await _$VqCN(jwt);
+    if (verifiedType) {
+        fFDtghiT = verifiedType;
+        if (debug) console.log("License type set from verified JWT: " + verifiedType);
+        FHaO(_$HwXA());
+    }
+    else {
+        fFDtghiT = "basic";
+        if (debug && jwt) console.warn("JWT verification failed — license reset to basic");
+    }
+}
+
+// #endregion JWT License Verification
+
 
 // #region Telemetry
 export namespace Telemetry {
@@ -135,7 +271,7 @@ export namespace Telemetry {
 
         const attribute = domElement?.getAttribute("no-telemetry");
         if (attribute === "" || attribute === "true" || attribute === "1") {
-            if (NEEDLE_ENGINE_LICENSE_TYPE === "pro" || NEEDLE_ENGINE_LICENSE_TYPE === "enterprise") {
+            if (fFDtghiT === "pro" || fFDtghiT === "enterprise") {
                 if (debug) console.debug("Telemetry is disabled via no-telemetry attribute");
                 return false;
             }
@@ -242,22 +378,32 @@ export namespace Telemetry {
 }
 
 
-export function initLicense() {
+export function NJzpPtg() {
+
+    if(fFDtghiT === "") fFDtghiT = "basic";
+
+    // Start JWT verification — must be here (not top-level) to avoid tree-shaking
+    _jwtVerificationPromise = _$esPHqPbk();
+
     Telemetry.init();
     ContextRegistry.registerCallback(ContextEvent.ContextRegistered, evt => {
-        showLicenseInfo(evt.context);
-        handleForbidden(evt.context);
-        setTimeout(() => sendUsageMessageToAnalyticsBackend(evt.context), 2000);
+        _$gQtqwCB(evt.context);
+        _CdPSmGkr(evt.context);
+        setTimeout(() => $HSXqXU(evt.context), 2000);
     });
 }
 
-export let runtimeLicenseCheckPromise: Promise<void> | undefined = undefined;
+export let _$FUOmM: Promise<void> | undefined = undefined;
 let applicationIsForbidden = false;
 let applicationForbiddenText = "";
-async function checkLicense() {
+async function __oQxZ() {
     // Only perform the runtime license check once
-    if (runtimeLicenseCheckPromise) return runtimeLicenseCheckPromise;
-    if (NEEDLE_ENGINE_LICENSE_TYPE === "basic") {
+    if (_$FUOmM) return _$FUOmM;
+    // Wait for JWT verification to complete first (if running)
+    if (_jwtVerificationPromise) {
+        await _jwtVerificationPromise;
+    }
+    if (fFDtghiT === "basic") {
         try {
             const licenseUrl = "https://needle.tools/api/v1/needle-engine/check?location=" + encodeURIComponent(window.location.href) + "&version=" + VERSION + "&generator=" + encodeURIComponent(GENERATOR);
             const res = await fetch(licenseUrl, {
@@ -269,29 +415,29 @@ async function checkLicense() {
             if (res?.status === 200) {
                 applicationIsForbidden = false;
                 if (debug) console.log("License check succeeded");
-                NEEDLE_ENGINE_LICENSE_TYPE = "pro";
-                invokeLicenseCheckResultChanged(true);
+                fFDtghiT = "pro";
+                FHaO(true);
             }
             else if (res?.status === 403) {
-                invokeLicenseCheckResultChanged(false);
+                FHaO(false);
                 applicationIsForbidden = true;
                 applicationForbiddenText = await res.text();
             }
             else {
-                invokeLicenseCheckResultChanged(false);
+                FHaO(false);
                 if (debug) console.log("License check failed with status " + res?.status);
             }
         }
         catch (err) {
-            invokeLicenseCheckResultChanged(false);
+            FHaO(false);
             if (debug) console.error("License check failed", err);
         }
     }
-    else if (debug) console.log("Runtime license check is skipped because license is already applied as \"" + NEEDLE_ENGINE_LICENSE_TYPE + "\"");
+    else if (debug) console.log("Runtime license check is skipped because license is already applied as \"" + fFDtghiT + "\"");
 }
-runtimeLicenseCheckPromise = checkLicense();
+_$FUOmM = __oQxZ();
 
-async function handleForbidden(ctx: IContext) {
+async function _CdPSmGkr(ctx: IContext) {
     function createForbiddenElement() {
         const div = document.createElement("div");
         div.className = "needle-forbidden";
@@ -356,40 +502,40 @@ async function handleForbidden(ctx: IContext) {
     }, 500)
 }
 
-async function showLicenseInfo(ctx: IContext) {
+async function _$gQtqwCB(ctx: IContext) {
     try {
-        if (!hasProLicense() && !hasIndieLicense()) {
-            return onNonCommercialVersionDetected(ctx);
+        if (!UsFaeEU() && !_$xxpfa()) {
+            return $IkwxjeKh(ctx);
         }
     }
     catch (err) {
         if (debug) console.log("License check failed", err)
-        return onNonCommercialVersionDetected(ctx)
+        return $IkwxjeKh(ctx)
     }
-    if (debug) onNonCommercialVersionDetected(ctx)
+    if (debug) $IkwxjeKh(ctx)
 }
 
 
 
-async function onNonCommercialVersionDetected(ctx: IContext) {
+async function $IkwxjeKh(ctx: IContext) {
 
     // if the engine loads faster than the license check, we need to capture the ready event here
     let isReady = false;
     ctx.domElement.addEventListener("ready", () => isReady = true);
 
-    await runtimeLicenseCheckPromise?.catch(() => { });
+    await _$FUOmM?.catch(() => { });
 
 
-    if (hasProLicense() || hasIndieLicense()) return;
-    if (hasCommercialLicense() === false) logNonCommercialUse();
+    if (UsFaeEU() || _$xxpfa()) return;
+    if (_$HwXA() === false) $vODKpHVX();
 
     // check if the engine is already ready (meaning has finished loading)
     if (isReady) {
-        insertNonCommercialUseHint(ctx);
+        __pVF(ctx);
     }
     else {
         ctx.domElement.addEventListener("ready", () => {
-            insertNonCommercialUseHint(ctx);
+            __pVF(ctx);
         });
     }
 }
@@ -397,7 +543,7 @@ async function onNonCommercialVersionDetected(ctx: IContext) {
 // const licenseElementIdentifier = "needle-license-element";
 // const licenseDuration = 10000;
 // const licenseDelay = 1200;
-function insertNonCommercialUseHint(ctx: IContext) {
+function __pVF(ctx: IContext) {
 
     const style = `
         position: relative;
@@ -410,7 +556,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
         padding: 10px;
         padding-left: 30px;
     `;
-    if (NEEDLE_ENGINE_LICENSE_TYPE === "edu") {
+    if (fFDtghiT === "edu") {
         if (navigator.webdriver) {
             console.log("This project is supported by Needle for Education – https://needle.tools");
         }
@@ -467,7 +613,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
         }
     }, 1000);
 
-    if (hasEduLicense()) {
+    if (_$fONrFrf()) {
         const removeDelay = 20_000;
         setTimeout(() => {
             clearInterval(interval);
@@ -476,7 +622,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
             const intervalInMinutes = 5;
             setTimeout(() => {
                 if (ctx.domElement.parentNode)
-                    insertNonCommercialUseHint(ctx);
+                    __pVF(ctx);
             }, 1000 * 60 * intervalInMinutes)
         }, removeDelay);
     }
@@ -487,7 +633,7 @@ function insertNonCommercialUseHint(ctx: IContext) {
 const base64Logo = "data:image/webp;base64,UklGRrABAABXRUJQVlA4WAoAAAAQAAAAHwAAHwAAQUxQSKEAAAARN6CmbSM4WR7vdARON11EBDq3fLiNbVtVzpMCPlKAEzsx0Y/x+Ovuv4dn0EFE/ydAvz6YggXzgh5sVgXM/zOC/4sii7qgGvB5N7hmuQYwkvazWAu1JPW41FXSHq6pnaQWvqYH18Fc0j1hO/BFTtIeSBlJi5w6qIIO7IOrwhFsB2Yxukif0FTRLpXswHR8MxbslKe9VZsn/Ub5C7YFOpqSTABWUDgg6AAAAFAGAJ0BKiAAIAA+7VyoTqmkpCI3+qgBMB2JbACdMt69DwMIQBLhkTO6XwY00UEDK6cNIDnuNibPf0EgAP7Y1myuiQHLDsF/0h5unrGh6WAbv7aegg2ZMd3uRKfT/3SJztcaujYfTvMXspfCTmYcoO6a+vhC3ss4M8uM58t4siiu59I4aOl59e9Sr6xoxYlHf2v+NnBNpJYeJf8jABQAId/PXuBkLEFkiCucgSGEcfhvajql/j3reCGl0M5/9gQWy7ayNPs+wlvIxFnNfSlfuND4CZOCyxOHhRqOmHN4ULHo3tCSrUNvgAA=";
 
 let lastLogTime = 0;
-async function logNonCommercialUse(_logo?: string) {
+async function $vODKpHVX(_logo?: string) {
     const now = Date.now();
     if (now - lastLogTime < 2000) return;
     lastLogTime = now;
@@ -520,7 +666,7 @@ async function logNonCommercialUse(_logo?: string) {
 }
 
 
-async function sendUsageMessageToAnalyticsBackend(context: IContext) {
+async function $HSXqXU(context: IContext) {
     // We can't send beacons from cross-origin isolated pages
     if (window.crossOriginIsolated) return;
 
@@ -535,7 +681,7 @@ async function sendUsageMessageToAnalyticsBackend(context: IContext) {
 
             // current url without query parameters
             const currentUrl = window.location.href.split("?")[0];
-            const license = NEEDLE_ENGINE_LICENSE_TYPE;
+            const license = fFDtghiT;
 
             const beaconData = {
                 license,

package/src/engine/engine_networking_blob.ts

@@ -1,7 +1,7 @@
 import { FileLoader } from "three";
 
 import { showBalloonWarning } from "./debug/index.js";
-import { hasCommercialLicense } from "./engine_license.js";
+import { _$HwXA } from "./engine_license.js";
 import { delay } from "./engine_utils.js";
 import { md5AsBytes, md5Hex, sha256Base64 } from "./engine_utils_hash.js";
 
@@ -45,7 +45,7 @@ export namespace BlobStorage {
      */
     export function canUpload(info: { filesize: number }) {
         const sizeInMB = info.filesize / 1024 / 1024;
-        if (hasCommercialLicense()) {
+        if (_$HwXA()) {
             return sizeInMB < maxSizeInMB;
         }
         return sizeInMB < maxFreeSizeInMB;
@@ -100,7 +100,7 @@ export namespace BlobStorage {
             console.warn(`Your file is too large for uploading (${filesizeInMB.toFixed(1)}MB). Max allowed size is ${maxSizeInMB}MB`);
             return null;
         }
-        else if (!hasCommercialLicense() && filesizeInMB > maxFreeSizeInMB) {
+        else if (!_$HwXA() && filesizeInMB > maxFreeSizeInMB) {
             if (opts?.silent !== true) showBalloonWarning(`File is too large for uploading. Please get a <a href=\"https://needle.tools/pricing\" target=\"_blank\">commercial license</a> to upload files larger than 5MB`);
             console.warn(`Your file is too large for uploading (${filesizeInMB.toFixed(1)}MB). Max size is 5MB for non-commercial users. Please get a commercial license at https://needle.tools/pricing for larger files (up to 50MB)`);
             return null;

package/src/engine/engine_utils_format.ts

@@ -205,7 +205,26 @@ export function tryDetermineMimetypeFromBinary(url: string, data: ArrayBuffer, r
         if (debug) console.debug("OBJ detected");
         return "model/obj";
     }
-    else if (response.headers.has("content-type")) {
+    // Run registered mimetype callbacks BEFORE the Content-Type-based dispatch
+    // below. Otherwise files served as `image/*` (HDRIs, KTX2 textures, etc.)
+    // hit the hardcoded `image/* → "unsupported"` early-out and the engine
+    // never asks our custom detectors whether they want to claim them.
+    // Known binary signatures (GLTF, USD, FBX, OBJ above) still resolve first
+    // and bypass this loop — no perf regression for the common path.
+    for (const callback of registeredMimetypeCallbacks) {
+        const mimetype = callback({
+            url: url,
+            response: response,
+            contentType: response.headers.get("content-type"),
+            bytes: bytes
+        })
+        if (mimetype) {
+            if (debug) console.debug(`Mimetype callback returned: ${mimetype}`);
+            return mimetype;
+        }
+    }
+
+    if (response.headers.has("content-type")) {
         const content_type = response.headers.get("content-type");
         if (content_type?.startsWith("image/")) {
             if (debug) console.debug("Image detected, not a model file");
@@ -259,19 +278,6 @@ export function tryDetermineMimetypeFromBinary(url: string, data: ArrayBuffer, r
     //     return "gltf";
     // }
 
-    for (const callback of registeredMimetypeCallbacks) {
-        const mimetype = callback({
-            url: url,
-            response: response,
-            contentType: response.headers.get("content-type"),
-            bytes: bytes
-        })
-        if (mimetype) {
-            if (debug) console.debug(`Mimetype callback returned: ${mimetype}`);
-            return mimetype;
-        }
-    }
-
 
     if (isDevEnvironment() || debug) {
         const text = new TextDecoder().decode(data.slice(0, Math.min(data.byteLength, 32)));

package/src/engine/engine_utils_qrcode.ts

@@ -4,7 +4,7 @@ import { Quaternion, Vector2, Vector3, Vector4 } from "three";
 
 import { needleLogoOnlySVG } from "./assets/index.js";
 import { isDevEnvironment } from "./debug/debug.js";
-import { hasCommercialLicense } from "./engine_license.js";
+import { _$HwXA } from "./engine_license.js";
 import { InternalAttributeUtils } from "./engine_utils_attributes.js";
 import type { NeedleEngineWebComponent } from "./webcomponents/needle-engine.js";
 
@@ -135,7 +135,7 @@ async function internalRenderQRCodeOverlays(canvas: HTMLCanvasElement, args: { s
         console.debug("[QR Code] No web component found")
     }
 
-    const canUseCustomLogo = hasCommercialLicense();
+    const canUseCustomLogo = _$HwXA();
 
     // Query logo src from needle-engine attribute.
     // For any supported attribute it's possible to use "falsey" values (e.g. "0" or "false" to disable the logo in the QR code)

package/src/engine/webcomponents/needle menu/needle-menu-spatial.ts

@@ -2,7 +2,7 @@ import { Mesh, Object3D, TextureLoader, Vector4 } from "three";
 import ThreeMeshUI from "three-mesh-ui";
 
 import { addNewComponent } from "../../engine_components.js";
-import { hasProLicense } from "../../engine_license.js";
+import { UsFaeEU } from "../../engine_license.js";
 import { OneEuroFilterXYZ } from "../../engine_math.js";
 import type { Context } from "../../engine_setup.js";
 import { lookAtObject } from "../../engine_three_utils.js";
@@ -321,7 +321,7 @@ export class NeedleSpatialMenu {
         }
         if (this.menu) {
             const index = this.menu.children.indexOf(this._poweredByNeedleElement as any);
-            if (!this._showNeedleLogo && hasProLicense()) {
+            if (!this._showNeedleLogo && UsFaeEU()) {
                 if (index >= 0) {
                     this._poweredByNeedleElement.removeFromParent();
                     this.markDirty();

package/src/engine/webcomponents/needle menu/needle-menu.ts

@@ -1,6 +1,6 @@
 import { showBalloonMessage } from "../../debug/debug.js";
 import type { Context } from "../../engine_context.js";
-import { hasCommercialLicense, onLicenseCheckResultChanged, Telemetry } from "../../engine_license.js";
+import { _$HwXA, _uIFN, Telemetry } from "../../engine_license.js";
 import { isLocalNetwork } from "../../engine_networking_utils.js";
 import { HTMLElementBase } from "../../engine_ssr.js";
 import { DeviceUtilities, getParam } from "../../engine_utils.js";
@@ -778,8 +778,8 @@ export class NeedleMenuElement extends HTMLElementBase {
         try {
             // if the user has a license then we CAN hide the needle logo
             // calling this method immediately will cause an issue with vite bundling tho
-            window.requestAnimationFrame(() => onLicenseCheckResultChanged(res => {
-                if (res == true && hasCommercialLicense() && !debugNonCommercial) {
+            window.requestAnimationFrame(() => _uIFN(res => {
+                if (res == true && _$HwXA() && !debugNonCommercial) {
                     let visible = this._userRequestedLogoVisible;
                     if (visible === undefined) visible = false;
                     this.___onSetLogoVisible(visible);
@@ -830,7 +830,7 @@ export class NeedleMenuElement extends HTMLElementBase {
                 // ensure the menu is not hidden or removed
                 const requiredParent = this?.parentNode;
                 if (this.style.display != "flex" || this.style.visibility != "visible" || this.style.opacity != "1" || requiredParent != this._domElement?.shadowRoot) {
-                    if (!hasCommercialLicense()) {
+                    if (!_$HwXA()) {
                         const change = changeEventCounter++;
                         // if a user doesn't have a local pro license *but* for development the menu is hidden then we show a warning
                         if (isLocalNetwork() && this._userRequestedMenuVisible === false) {
@@ -918,7 +918,7 @@ export class NeedleMenuElement extends HTMLElementBase {
     showNeedleLogo(visible: boolean) {
         this._userRequestedLogoVisible = visible;
         if (!visible) {
-            if (!hasCommercialLicense() || debugNonCommercial) {
+            if (!_$HwXA() || debugNonCommercial) {
                 console.warn("[Needle Engine] You need a PRO license to hide the Needle Engine logo in production.");
                 const localNetwork = isLocalNetwork()
                 if (!localNetwork) return;

package/src/engine/webcomponents/needle-engine.loading.ts

@@ -1,6 +1,6 @@
 import { needleLogoOnlySVG } from "../assets/index.js"
 import { isDevEnvironment, showBalloonWarning } from "../debug/index.js";
-import { hasCommercialLicense, hasProLicense, runtimeLicenseCheckPromise } from "../engine_license.js";
+import { _$HwXA, UsFaeEU, _$FUOmM } from "../engine_license.js";
 import { Mathf } from "../engine_math.js";
 import { LoadingProgressArgs } from "../engine_setup.js";
 import { getParam } from "../engine_utils.js";
@@ -205,7 +205,7 @@ export class EngineLoadingView implements ILoadingViewHandler {
         }
 
 
-        const hasLicense = hasProLicense();
+        const hasLicense = UsFaeEU();
         if (!existing) {
             this._loadingElement.style.position = "absolute";
             this._loadingElement.style.width = "100%";
@@ -373,7 +373,7 @@ export class EngineLoadingView implements ILoadingViewHandler {
 
     // private async handleRuntimeLicense(loadingElement: HTMLElement) {
     //     // First check if we have a commercial license
-    //     let commercialLicense = hasCommercialLicense();
+    //     let commercialLicense = _$HwXA();
     //     // if it's the case then we don't need to perform a runtime check
     //     if (commercialLicense) return;
 
@@ -393,10 +393,10 @@ export class EngineLoadingView implements ILoadingViewHandler {
     //     loadingElement.appendChild(nonCommercialContainer);
 
     //     // Use the runtime license check
-    //     if (!isDevEnvironment() && runtimeLicenseCheckPromise) {
+    //     if (!isDevEnvironment() && _$FUOmM) {
     //         if (debugLicense) console.log("Waiting for runtime license check");
-    //         await runtimeLicenseCheckPromise;
-    //         commercialLicense = hasCommercialLicense();
+    //         await _$FUOmM;
+    //         commercialLicense = _$HwXA();
     //     }
     //     if (commercialLicense) return;
     //     nonCommercialContainer.style.transition = "opacity .5s ease-in-out";

package/src/engine/webcomponents/needle-engine.ts

@@ -1,7 +1,7 @@
 import { isDevEnvironment, showBalloonWarning } from "../debug/index.js";
 import { PUBLIC_KEY, VERSION } from "../engine_constants.js";
 import { ContextEvent, ContextRegistry } from "../engine_context_registry.js";
-import { hasCommercialLicense } from "../engine_license.js";
+import { _$HwXA } from "../engine_license.js";
 import { onStart } from "../engine_lifecycle_api.js";
 import { setDracoDecoderPath, setDracoDecoderType, setKtx2TranscoderPath } from "../engine_loaders.gltf.js";
 import { Context, ContextCreateArgs } from "../engine_setup.js";
@@ -546,7 +546,7 @@ export class NeedleEngineWebComponent extends HTMLElementBase implements INeedle
 
 
         // Loading start events
-        const allowOverridingDefaultLoading = hasCommercialLicense();
+        const allowOverridingDefaultLoading = _$HwXA();
         // default loading can be overriden by calling preventDefault in the onload start event
         this.ensureLoadStartIsRegistered();
         let useDefaultLoading = this.dispatchEvent(new CustomEvent("loadstart", {

package/src/engine/xr/TempXRContext.ts

@@ -3,7 +3,7 @@ import { ArrayCamera, AxesHelper, Camera, Color, DirectionalLight, Fog, GridHelp
 import { needleLogoOnlySVG } from "../assets/index.js";
 import { isDevEnvironment } from "../debug/index.js";
 import { ObjectUtils, PrimitiveType } from "../engine_create_objects.js";
-import { hasCommercialLicense } from "../engine_license.js";
+import { _$HwXA } from "../engine_license.js";
 import { Mathf } from "../engine_math.js";
 import { delay, DeviceUtilities } from "../engine_utils.js";
 
@@ -215,7 +215,7 @@ export class TemporaryXRContext {
         this._scene.background = new Color(0x000000);
 
         let logoSrc = needleLogoOnlySVG;
-        if (hasCommercialLicense()) {
+        if (_$HwXA()) {
             const htmlComponent = document.querySelector("needle-engine");
             if (htmlComponent) {
                 const licenseLogo = htmlComponent.getAttribute("logo-src");

package/src/engine-components/AudioSource.ts

@@ -563,7 +563,7 @@ export class AudioSource extends Behaviour {
         if (typeof clip === "string") {
             if (debug)
                 console.log(clip);
-            if (clip.endsWith(".mp3") || clip.endsWith(".wav") || clip.endsWith(".ogg") || clip.endsWith(".flac") || clip.endsWith(".aac") || clip.endsWith(".webm")) {
+            if (clip.endsWith(".mp3") || clip.endsWith(".wav") || clip.endsWith(".ogg") || clip.endsWith(".opus") || clip.endsWith(".flac") || clip.endsWith(".aac") || clip.endsWith(".webm")) {
                 if (!this.audioLoader)
                     this.audioLoader = new AudioLoader();
                 this.shouldPlay = true;

package/src/engine-components/DropListener.ts

@@ -776,6 +776,7 @@ namespace FileHelper {
                 if (debug) setTimeout(() => PreviewHelper.removePreview(args.guid), 3000);
                 else PreviewHelper.removePreview(args.guid);
                 console.warn("Unsupported file type: " + url.toString());
+                resolve(null);
             }
         });
     }