@sharadtech/infralytiqs-sdk 1.0.1 → 1.0.3

package/src/token.ts

@@ -0,0 +1,79 @@
+/**
+ * Infralytiqs token sync.
+ *
+ * The host page (e.g. the AEM Infralytiqs.html HTL fragment) renders the
+ * tenant's current Infralytiqs token id into a global:
+ *
+ *     <script>window.IL_TOKEN = "....";</script>
+ *
+ * On SDK load we copy that value into sessionStorage so the rest of the page
+ * (and any embedded Infralytiqs widgets — e.g. the "Infralytiqs SDK" report
+ * snippet) can read a single, tab-scoped source of truth. The token is
+ * tab-scoped on purpose: it lives only for the current session/tab, mirroring
+ * how the host page re-emits a fresh `window.IL_TOKEN` on every render.
+ *
+ * Update semantics: if a token is already stored and the markup provides a
+ * different (non-empty) value, the stored token is replaced with the markup
+ * value so the freshest server-issued token always wins.
+ */
+
+import { ENV } from './envConfig';
+
+/** sessionStorage key holding the Infralytiqs token id. */
+export const TOKEN_STORAGE_KEY = `${ENV.STORAGE_PREFIX}token`;
+
+interface WindowWithToken extends Window {
+  IL_TOKEN?: unknown;
+}
+
+/**
+ * Reads `window.IL_TOKEN` and stores it in sessionStorage, updating the
+ * stored value when the markup token differs from what is already cached.
+ *
+ * @returns the token value now held in sessionStorage, or `null` when no
+ *          valid token is available.
+ */
+export function syncToken(): string | null {
+  if (typeof window === 'undefined') {
+    return null;
+  }
+
+  const w = window as WindowWithToken;
+  const markupToken = typeof w.IL_TOKEN === 'string' ? w.IL_TOKEN.trim() : '';
+
+  let stored: string | null = null;
+  try {
+    stored = sessionStorage.getItem(TOKEN_STORAGE_KEY);
+  } catch {
+    // sessionStorage unavailable (e.g. privacy mode) — nothing we can do.
+    return markupToken || null;
+  }
+
+  // No usable markup token: keep whatever is already stored (if anything).
+  if (!markupToken) {
+    return stored;
+  }
+
+  // Store on first sight or whenever the markup token has changed.
+  if (stored !== markupToken) {
+    try {
+      sessionStorage.setItem(TOKEN_STORAGE_KEY, markupToken);
+    } catch {
+      /* storage write failed — return the markup value regardless */
+    }
+  }
+
+  return markupToken;
+}
+
+/**
+ * @returns the Infralytiqs token id currently held in sessionStorage, or
+ *          `null` if none is stored / storage is unavailable.
+ */
+export function getStoredToken(): string | null {
+  try {
+    return sessionStorage.getItem(TOKEN_STORAGE_KEY);
+  } catch {
+    return null;
+  }
+}

package/src/tracker.ts

@@ -6,6 +6,7 @@ import { getUtmParams } from './utm';
 import { sendViaFetch, sendViaBeacon, TransportConfig } from './transport';
 import { installAutoCapture } from './autocapture';
 import { requestLocation, getCachedCoords } from './location';
+import { fetchRemoteClientConfig } from './remoteConfig';
 
 /**
  * Pre-init buffer entry for a `track()` call that arrived before the SDK
@@ -146,6 +147,35 @@ export class InfralytiqsTracker {
       requestLocation(this.config.debug).catch(() => { /* never throws */ });
     }
 
+    // Fire-and-forget remote tenant configuration. The server's ClickHouse
+    // module configuration (Infralytiqs Settings → Data Sources) carries
+    // browser-safe behaviour flags — today "Capture Precise Visitor
+    // Location". When the fetch succeeds the remote flag is authoritative:
+    //   • remote true  → enable captureLocation and kick off the (consented)
+    //                    geolocation prompt, even if init() left it off.
+    //   • remote false → disable captureLocation so subsequent events stop
+    //                    attaching cached coords.
+    // When the fetch fails for any reason (no token, endpoint not deployed
+    // yet, expired token, network down) it resolves null and the local
+    // init() config stays in effect — tracking is never disrupted.
+    fetchRemoteClientConfig(
+      this.config.serverUrl,
+      this.config.tenantId,
+      this.config.siteId,
+      this.config.dbName,
+      this.config.debug,
+    ).then((remote) => {
+      if (!remote) return;
+      if (remote.preciseVisitorLocation && !this.config.captureLocation) {
+        this.config.captureLocation = true;
+        this.log('Remote config enabled precise visitor location');
+        requestLocation(this.config.debug).catch(() => { /* never throws */ });
+      } else if (!remote.preciseVisitorLocation && this.config.captureLocation) {
+        this.config.captureLocation = false;
+        this.log('Remote config disabled precise visitor location');
+      }
+    }).catch(() => { /* never throws */ });
+
     // Drain anything that arrived during the async bootstrap window.
     if (this.preInitBuffer.length > 0) {
       const buffered = this.preInitBuffer.splice(0);

package/src/types.ts

@@ -84,8 +84,16 @@ export interface InfralytiqsConfig {
 	 * Coords are cached in `localStorage` for 7 days; denials are cached for
 	 * 24 hours so we don't re-prompt on every page load.
 	 *
-	 * Default: `false`. Configured per-domain in the Domain admin UI and
-	 * delivered to the SDK via `/system/client/config?domainKey=…`.
+	 * Default: `false`.
+	 *
+	 * Remote override: after `init()`, the SDK fetches the tenant's remote
+	 * client configuration from
+	 * `GET /il/analytics/:tenant_id/:site_id/client-config` (authenticated
+	 * via `window.IL_TOKEN`). The "Capture Precise Visitor Location"
+	 * checkbox on the tenant's ClickHouse server configuration (Infralytiqs
+	 * Settings → Data Sources) is authoritative when that fetch succeeds —
+	 * it can turn this flag on or off at runtime. When the fetch fails for
+	 * any reason, the value passed here stays in effect.
 	 */
 	captureLocation?: boolean;
 }