@xiboplayer/cache 0.5.16 → 0.5.18

package/package.json

@@ -1,9 +1,10 @@
 {
   "name": "@xiboplayer/cache",
-  "version": "0.5.16",
+  "version": "0.5.18",
   "description": "Offline caching and download management with parallel chunk downloads",
   "type": "module",
   "main": "./src/index.js",
+  "types": "./src/index.d.ts",
   "exports": {
     ".": "./src/index.js",
     "./cache": "./src/cache.js",
@@ -15,7 +16,7 @@
   },
   "dependencies": {
     "spark-md5": "^3.0.2",
-    "@xiboplayer/utils": "0.5.16"
+    "@xiboplayer/utils": "0.5.18"
   },
   "devDependencies": {
     "vitest": "^2.0.0",

package/src/download-manager.js

@@ -45,6 +45,18 @@ const URGENT_CONCURRENCY = 2; // Slots when urgent chunk is active (bandwidth fo
 const FETCH_TIMEOUT_MS = 600_000; // 10 minutes — 100MB chunk at ~2 Mbps
 const HEAD_TIMEOUT_MS = 15_000; // 15 seconds for HEAD requests
 
+// CMS origin for proxy filtering — set via setCmsOrigin() at init
+let _cmsOrigin = null;
+
+/**
+ * Set the CMS origin so toProxyUrl() only proxies CMS URLs.
+ * External URLs (CDNs, Google Fonts, geolocation APIs) pass through unchanged.
+ * @param {string} origin - e.g. 'https://cms.example.com'
+ */
+export function setCmsOrigin(origin) {
+  _cmsOrigin = origin;
+}
+
 /**
  * Infer Content-Type from file path extension.
  * Used when we skip HEAD (size already known from RequiredFiles).
@@ -114,8 +126,9 @@ export function toProxyUrl(url) {
   const loc = typeof self !== 'undefined' ? self.location : undefined;
   if (!loc || loc.hostname !== 'localhost') return url;
   const parsed = new URL(url);
-  const cmsOrigin = parsed.origin;
-  return `/file-proxy?cms=${encodeURIComponent(cmsOrigin)}&url=${encodeURIComponent(parsed.pathname + parsed.search)}`;
+  // Only proxy URLs belonging to the CMS server; external URLs pass through
+  if (_cmsOrigin && parsed.origin !== _cmsOrigin) return url;
+  return `/file-proxy?cms=${encodeURIComponent(parsed.origin)}&url=${encodeURIComponent(parsed.pathname + parsed.search)}`;
 }
 
 /**

package/src/index.d.ts

@@ -0,0 +1,40 @@
+export const VERSION: string;
+
+export class StoreClient {
+  has(type: string, id: string | number): Promise<boolean>;
+  get(type: string, id: string | number): Promise<Blob | null>;
+  put(type: string, id: string | number, body: Blob | ArrayBuffer | string, contentType?: string): Promise<boolean>;
+  remove(files: Array<{ type: string; id: string | number }>): Promise<{ deleted: number; total: number }>;
+  list(): Promise<Array<{ id: string; type: string; size: number }>>;
+}
+
+export class DownloadClient {
+  controller: ServiceWorker | null;
+  fetchReady: boolean;
+  init(): Promise<void>;
+  download(payload: object | any[]): Promise<void>;
+  prioritize(fileType: string, fileId: string): Promise<void>;
+  prioritizeLayout(mediaIds: string[]): Promise<void>;
+  getProgress(): Promise<Record<string, any>>;
+  cleanup(): void;
+}
+
+export class DownloadManager {
+  constructor(options?: { concurrency?: number; chunkSize?: number; maxChunksPerFile?: number });
+  enqueue(fileInfo: any): any;
+  prioritizeLayoutFiles(mediaIds: string[]): void;
+}
+
+export class FileDownload {}
+export class LayoutTaskBuilder {}
+export class CacheManager {}
+export class CacheAnalyzer {
+  constructor(store: StoreClient);
+}
+
+export const cacheManager: CacheManager;
+
+export function isUrlExpired(url: string): boolean;
+export function toProxyUrl(url: string): string;
+export function setCmsOrigin(origin: string): void;
+export function cacheWidgetHtml(...args: any[]): any;

package/src/index.js

@@ -4,6 +4,6 @@ export const VERSION = pkg.version;
 export { CacheManager, cacheManager } from './cache.js';
 export { StoreClient } from './store-client.js';
 export { DownloadClient } from './download-client.js';
-export { DownloadManager, FileDownload, LayoutTaskBuilder, isUrlExpired, toProxyUrl } from './download-manager.js';
+export { DownloadManager, FileDownload, LayoutTaskBuilder, isUrlExpired, toProxyUrl, setCmsOrigin } from './download-manager.js';
 export { CacheAnalyzer } from './cache-analyzer.js';
 export { cacheWidgetHtml } from './widget-html.js';

package/src/widget-html.js

@@ -4,10 +4,13 @@
  * Handles:
  * - <base> tag injection for relative path resolution
  * - CMS signed URL → local store path rewriting
- * - CSS font URL rewriting and font file caching
  * - Interactive Control hostAddress rewriting
  * - CSS object-position fix for CMS template alignment
  *
+ * Note: CSS font URL rewriting is primarily handled by the proxy layer (proxy.js).
+ * As defense-in-depth, this module also rewrites font URLs inside CSS files
+ * before storing them, in case the proxy misses the CSS detection.
+ *
  * Runs on the main thread (needs window.location for URL construction).
  * Stores content via PUT /store/... — no Cache API needed.
  */
@@ -117,60 +120,65 @@ export async function cacheWidgetHtml(layoutId, regionId, mediaId, html) {
           'svg': 'image/svg+xml'
         }[ext] || 'application/octet-stream';
 
-        // For CSS files, rewrite font URLs and store referenced font files
+        // Defense-in-depth: rewrite font URLs inside CSS files before storing.
+        // The proxy normally handles this, but if it misses CSS detection
+        // (e.g. CMS returns unexpected Content-Type), we catch it here.
+        // Also handles truncated CSS from CMS (missing closing ');}) due to
+        // Content-Length mismatch after URL expansion).
         if (ext === 'css') {
           let cssText = await resp.text();
-          const fontResources = [];
-          const fontUrlRegex = /url\((['"]?)(https?:\/\/[^'")\s]+\?[^'")\s]*file=([^&'")\s]+\.(?:woff2?|ttf|otf|eot|svg))[^'")\s]*)\1\)/gi;
-          cssText = cssText.replace(fontUrlRegex, (_match, quote, fullUrl, fontFilename) => {
-            fontResources.push({ filename: fontFilename, originalUrl: fullUrl });
-            log.info(`Rewrote font URL in CSS: ${fontFilename}`);
-            return `url(${quote}${BASE}/cache/static/${encodeURIComponent(fontFilename)}${quote})`;
+          // Match any CMS signed URL with a file= query param in the CSS text.
+          // Uses a simple approach: find all https:// URLs with file=<name>, then
+          // filter to fonts by extension or fileType=font. This handles both normal
+          // url('...') and truncated CSS (where the closing '); is missing).
+          const CMS_SIGNED_URL_RE = /https?:\/\/[^\s'")\]]+\?[^\s'")\]]*file=([^&\s'")\]]+)[^\s'")\]]*/g;
+          const FONT_EXTS = /\.(?:woff2?|ttf|otf|eot|svg)$/i;
+          const fontJobs = [];
+
+          cssText = cssText.replace(CMS_SIGNED_URL_RE, (fullUrl, fontFilename) => {
+            if (!FONT_EXTS.test(fontFilename) && !fullUrl.includes('fileType=font')) return fullUrl;
+            fontJobs.push({ filename: fontFilename, originalUrl: fullUrl });
+            log.info(`Rewrote CSS font URL: ${fontFilename}`);
+            return `${BASE}/cache/static/${encodeURIComponent(fontFilename)}`;
           });
 
-          const cssResp = await fetch(`/store/static/${filename}`, {
-            method: 'PUT',
-            headers: { 'Content-Type': 'text/css' },
-            body: cssText,
-          });
-          cssResp.body?.cancel();
-          log.info(`Stored CSS with ${fontResources.length} rewritten font URLs: ${filename}`);
-
-          // Fetch and store referenced font files
-          await Promise.all(fontResources.map(async ({ filename: fontFile, originalUrl: fontUrl }) => {
-            // Check if already stored
+          // Fetch and store each referenced font file
+          await Promise.all(fontJobs.map(async (font) => {
             try {
-              const headResp = await fetch(`/store/static/${encodeURIComponent(fontFile)}`, { method: 'HEAD' });
-              if (headResp.ok) return;
+              const headResp = await fetch(`/store/static/${font.filename}`, { method: 'HEAD' });
+              if (headResp.ok) return; // Already stored
             } catch { /* proceed */ }
-
             try {
-              const fontResp = await fetch(toProxyUrl(fontUrl));
-              if (!fontResp.ok) {
-                fontResp.body?.cancel();
-                log.warn(`Failed to fetch font: ${fontFile} (HTTP ${fontResp.status})`);
-                return;
-              }
+              const fontResp = await fetch(toProxyUrl(font.originalUrl));
+              if (!fontResp.ok) { fontResp.body?.cancel(); return; }
               const fontBlob = await fontResp.blob();
-              const fontExt = fontFile.split('.').pop().toLowerCase();
+              const fontExt = font.filename.split('.').pop().toLowerCase();
               const fontContentType = {
                 'otf': 'font/otf', 'ttf': 'font/ttf',
                 'woff': 'font/woff', 'woff2': 'font/woff2',
-                'eot': 'application/vnd.ms-fontobject',
-                'svg': 'image/svg+xml'
+                'eot': 'application/vnd.ms-fontobject', 'svg': 'image/svg+xml',
               }[fontExt] || 'application/octet-stream';
-
-              const fontPutResp = await fetch(`/store/static/${encodeURIComponent(fontFile)}`, {
+              const putFont = await fetch(`/store/static/${font.filename}`, {
                 method: 'PUT',
                 headers: { 'Content-Type': fontContentType },
                 body: fontBlob,
               });
-              fontPutResp.body?.cancel();
-              log.info(`Stored font: ${fontFile} (${fontContentType}, ${fontBlob.size} bytes)`);
-            } catch (fontErr) {
-              log.warn(`Failed to store font: ${fontFile}`, fontErr);
+              putFont.body?.cancel();
+              log.info(`Stored font: ${font.filename} (${fontBlob.size} bytes)`);
+            } catch (e) {
+              log.warn(`Failed to store font: ${font.filename}`, e);
             }
           }));
+
+          // Store the rewritten CSS
+          const cssBlob = new Blob([cssText], { type: 'text/css' });
+          const staticResp = await fetch(`/store/static/${filename}`, {
+            method: 'PUT',
+            headers: { 'Content-Type': 'text/css' },
+            body: cssBlob,
+          });
+          staticResp.body?.cancel();
+          log.info(`Stored CSS with ${fontJobs.length} rewritten font URLs: ${filename} (${cssText.length} bytes)`);
         } else {
           const blob = await resp.blob();
           const staticResp = await fetch(`/store/static/${filename}`, {

package/src/widget-html.test.js

@@ -196,12 +196,15 @@ describe('cacheWidgetHtml', () => {
       expect(widgetKey).toBeTruthy();
     });
 
-    it('caches font files referenced in fonts.css', async () => {
+    it('stores fonts.css as a blob (font rewriting handled by proxy)', async () => {
       await cacheWidgetHtml('472', '223', '193', makeRssTickerHtml());
 
-      // fonts.css contains url("...Poppins-Regular.ttf") which should be fetched
-      const fontFetched = fetchedUrls.some(u => u.includes('Poppins-Regular.ttf'));
-      expect(fontFetched).toBe(true);
+      // fonts.css should be fetched and stored, but font files inside it
+      // are NOT parsed/fetched here — the proxy rewrites CSS font URLs
+      const cssFetched = fetchedUrls.some(u => u.includes('fonts.css'));
+      expect(cssFetched).toBe(true);
+      const cssStored = [...storeContents.keys()].some(k => k.includes('fonts.css'));
+      expect(cssStored).toBe(true);
     });
   });