npm - agentlink-sdk - Versions diffs - 1.0.2 → 1.0.4 - Mend

agentlink-sdk 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,16 +1,3 @@
-interface URLData {
-    data: any;
-    type: string;
-}
-/**
- * 将数据编码为 URL hash
- */
-declare function encodeDataToUrl(data: any, type: string, baseUrl: string): Promise<string>;
-/**
- * 从 URL 中解码数据
- */
-declare function decodeDataFromUrl(urlStr: string): Promise<URLData | null>;
 interface AgentLinkClientOptions {
     /**
      * 服务端验证地址
@@ -26,13 +13,38 @@ interface WhitelistResponse {
     whitelist: WhitelistInfo | WhitelistInfo[] | null;
     origin: string | null;
 }
+interface SenderInfo {
+    domain: string;
+    description: string | null;
+}
 /**
- * AgentLink 客户端 SDK (URL Hash 方案)
+ * AgentLink 客户端 SDK (URL Hash + Token 方案)
  */
 declare class AgentLinkClient {
     private serverUrl;
     private static DEFAULT_WINDOW_NAME;
+    private token;
+    private tokenPromise;
+    private static tokenCache;
+    private static whitelistCache;
+    private static CACHE_TTL;
     constructor(options: AgentLinkClientOptions);
+    /**
+     * 确保有 Token（自动获取）
+     */
+    private ensureToken;
+    /**
+     * 从服务器获取 Token
+     */
+    private fetchToken;
+    /**
+     * 检查域名是否在白名单中
+     */
+    private checkWhitelist;
+    /**
+     * 验证发送端的 Token 和 Origin
+     */
+    private verifySender;
     /**
      * 发送数据到目标应用
      * @param targetUrl 目标应用的地址
@@ -43,13 +55,19 @@ declare class AgentLinkClient {
     sendData(targetUrl: string, data: any, type: string, windowName?: string): Promise<void>;
     /**
      * 监听来自 URL 的数据
-     * @param callback 接收到数据时的回调函数
+     * @param callback 接收到数据时的回调函数，现在包含验证信息
      */
-    receiveData(callback: (data: any, type: string) => void): () => void;
+    receiveData(callback: (data: any, type: string, senderInfo?: SenderInfo, verification?: string) => void): () => void;
     /**
-     * 从当前 URL 获取数据并验证接收方白名单
+     * 从当前 URL 获取数据并验证发送方
+     * 即使验证失败也返回数据，但会标记验证状态
      */
-    getDataFromUrl(url?: string): Promise<URLData | null>;
+    getDataFromUrl(url?: string): Promise<{
+        data: any;
+        type: string;
+        senderInfo?: SenderInfo;
+        verification?: string;
+    } | null>;
     /**
      * 获取白名单信息
      */
@@ -73,6 +91,22 @@ declare function uint8ArrayToBase64(arr: Uint8Array): string;
  */
 declare function base64ToUint8Array(base64: string): Uint8Array;
+interface URLData {
+    data: any;
+    type: string;
+    token: string;
+    origin: string;
+    verification?: string;
+}
+/**
+ * 将数据编码为 URL hash
+ */
+declare function encodeDataToUrl(data: any, type: string, token: string, origin: string, baseUrl: string, verification?: string): Promise<string>;
+/**
+ * 从 URL 中解码数据
+ */
+declare function decodeDataFromUrl(urlStr: string): Promise<URLData | null>;
 /**
  * 验证域名是否在白名单中
  */
@@ -82,4 +116,4 @@ declare function verifyWhitelist(serverUrl: string, origin?: string): Promise<bo
  */
 declare function fetchWhitelistInfo(serverUrl: string, includeAll?: boolean): Promise<any>;
-export { AgentLinkClient, type AgentLinkClientOptions, type URLData, type WhitelistInfo, type WhitelistResponse, base64ToUint8Array, compress, decodeDataFromUrl, decompress, encodeDataToUrl, fetchWhitelistInfo, uint8ArrayToBase64, verifyWhitelist };
+export { AgentLinkClient, type AgentLinkClientOptions, type SenderInfo, type URLData, type WhitelistInfo, type WhitelistResponse, base64ToUint8Array, compress, decodeDataFromUrl, decompress, encodeDataToUrl, fetchWhitelistInfo, uint8ArrayToBase64, verifyWhitelist };

package/dist/index.d.ts CHANGED Viewed

@@ -1,16 +1,3 @@
-interface URLData {
-    data: any;
-    type: string;
-}
-/**
- * 将数据编码为 URL hash
- */
-declare function encodeDataToUrl(data: any, type: string, baseUrl: string): Promise<string>;
-/**
- * 从 URL 中解码数据
- */
-declare function decodeDataFromUrl(urlStr: string): Promise<URLData | null>;
 interface AgentLinkClientOptions {
     /**
      * 服务端验证地址
@@ -26,13 +13,38 @@ interface WhitelistResponse {
     whitelist: WhitelistInfo | WhitelistInfo[] | null;
     origin: string | null;
 }
+interface SenderInfo {
+    domain: string;
+    description: string | null;
+}
 /**
- * AgentLink 客户端 SDK (URL Hash 方案)
+ * AgentLink 客户端 SDK (URL Hash + Token 方案)
  */
 declare class AgentLinkClient {
     private serverUrl;
     private static DEFAULT_WINDOW_NAME;
+    private token;
+    private tokenPromise;
+    private static tokenCache;
+    private static whitelistCache;
+    private static CACHE_TTL;
     constructor(options: AgentLinkClientOptions);
+    /**
+     * 确保有 Token（自动获取）
+     */
+    private ensureToken;
+    /**
+     * 从服务器获取 Token
+     */
+    private fetchToken;
+    /**
+     * 检查域名是否在白名单中
+     */
+    private checkWhitelist;
+    /**
+     * 验证发送端的 Token 和 Origin
+     */
+    private verifySender;
     /**
      * 发送数据到目标应用
      * @param targetUrl 目标应用的地址
@@ -43,13 +55,19 @@ declare class AgentLinkClient {
     sendData(targetUrl: string, data: any, type: string, windowName?: string): Promise<void>;
     /**
      * 监听来自 URL 的数据
-     * @param callback 接收到数据时的回调函数
+     * @param callback 接收到数据时的回调函数，现在包含验证信息
      */
-    receiveData(callback: (data: any, type: string) => void): () => void;
+    receiveData(callback: (data: any, type: string, senderInfo?: SenderInfo, verification?: string) => void): () => void;
     /**
-     * 从当前 URL 获取数据并验证接收方白名单
+     * 从当前 URL 获取数据并验证发送方
+     * 即使验证失败也返回数据，但会标记验证状态
      */
-    getDataFromUrl(url?: string): Promise<URLData | null>;
+    getDataFromUrl(url?: string): Promise<{
+        data: any;
+        type: string;
+        senderInfo?: SenderInfo;
+        verification?: string;
+    } | null>;
     /**
      * 获取白名单信息
      */
@@ -73,6 +91,22 @@ declare function uint8ArrayToBase64(arr: Uint8Array): string;
  */
 declare function base64ToUint8Array(base64: string): Uint8Array;
+interface URLData {
+    data: any;
+    type: string;
+    token: string;
+    origin: string;
+    verification?: string;
+}
+/**
+ * 将数据编码为 URL hash
+ */
+declare function encodeDataToUrl(data: any, type: string, token: string, origin: string, baseUrl: string, verification?: string): Promise<string>;
+/**
+ * 从 URL 中解码数据
+ */
+declare function decodeDataFromUrl(urlStr: string): Promise<URLData | null>;
 /**
  * 验证域名是否在白名单中
  */
@@ -82,4 +116,4 @@ declare function verifyWhitelist(serverUrl: string, origin?: string): Promise<bo
  */
 declare function fetchWhitelistInfo(serverUrl: string, includeAll?: boolean): Promise<any>;
-export { AgentLinkClient, type AgentLinkClientOptions, type URLData, type WhitelistInfo, type WhitelistResponse, base64ToUint8Array, compress, decodeDataFromUrl, decompress, encodeDataToUrl, fetchWhitelistInfo, uint8ArrayToBase64, verifyWhitelist };
+export { AgentLinkClient, type AgentLinkClientOptions, type SenderInfo, type URLData, type WhitelistInfo, type WhitelistResponse, base64ToUint8Array, compress, decodeDataFromUrl, decompress, encodeDataToUrl, fetchWhitelistInfo, uint8ArrayToBase64, verifyWhitelist };

package/dist/index.js CHANGED Viewed

@@ -66,8 +66,11 @@ function base64ToUint8Array(base64) {
 }
 // src/utils/url.ts
-async function encodeDataToUrl(data, type, baseUrl) {
-  const payload = { data, type };
+async function encodeDataToUrl(data, type, token, origin, baseUrl, verification) {
+  const payload = { data, type, token, origin };
+  if (verification !== void 0) {
+    payload.verification = verification;
+  }
   const jsonString = JSON.stringify(payload);
   const compressed = await compress(jsonString);
   const base64 = uint8ArrayToBase64(compressed);
@@ -137,8 +140,79 @@ async function fetchWhitelistInfo(serverUrl, includeAll = false) {
 // src/client.ts
 var _AgentLinkClient = class _AgentLinkClient {
   constructor(options) {
+    // 发送端 Token 缓存（实例级别）
+    this.token = null;
+    this.tokenPromise = null;
     this.serverUrl = options.serverUrl.replace(/\/$/, "");
   }
+  /**
+   * 确保有 Token（自动获取）
+   */
+  async ensureToken() {
+    if (this.token) return this.token;
+    if (!this.tokenPromise) {
+      this.tokenPromise = this.fetchToken();
+    }
+    return this.tokenPromise;
+  }
+  /**
+   * 从服务器获取 Token
+   */
+  async fetchToken() {
+    const origin = window.location.origin;
+    const response = await fetch(`${this.serverUrl}/api/tokens/get?origin=${encodeURIComponent(origin)}`);
+    if (!response.ok) {
+      const data2 = await response.json();
+      throw new Error(`[AgentLink] Failed to get token: ${data2.error || response.statusText}`);
+    }
+    const data = await response.json();
+    if (!data.token) {
+      throw new Error("[AgentLink] No token returned from server");
+    }
+    const token = data.token;
+    this.token = token;
+    return token;
+  }
+  /**
+   * 检查域名是否在白名单中
+   */
+  async checkWhitelist(origin) {
+    const cached = _AgentLinkClient.whitelistCache.get(origin);
+    if (cached && Date.now() - cached.timestamp < _AgentLinkClient.CACHE_TTL) {
+      return cached.verified;
+    }
+    const verified = await verifyWhitelist(this.serverUrl, origin);
+    _AgentLinkClient.whitelistCache.set(origin, {
+      verified,
+      timestamp: Date.now()
+    });
+    return verified;
+  }
+  /**
+   * 验证发送端的 Token 和 Origin
+   */
+  async verifySender(token, origin) {
+    const cached = _AgentLinkClient.tokenCache.get(token);
+    if (cached && Date.now() - cached.timestamp < _AgentLinkClient.CACHE_TTL) {
+      return { domain: cached.domain, description: cached.description };
+    }
+    const response = await fetch(
+      `${this.serverUrl}/api/tokens/verify?token=${encodeURIComponent(token)}&origin=${encodeURIComponent(origin)}`
+    );
+    if (!response.ok) {
+      return null;
+    }
+    const data = await response.json();
+    if (!data.valid) {
+      return null;
+    }
+    _AgentLinkClient.tokenCache.set(token, {
+      domain: data.domain,
+      description: data.description,
+      timestamp: Date.now()
+    });
+    return { domain: data.domain, description: data.description };
+  }
   /**
    * 发送数据到目标应用
    * @param targetUrl 目标应用的地址
@@ -147,11 +221,11 @@ var _AgentLinkClient = class _AgentLinkClient {
    * @param windowName 窗口名称，用于复用（默认: 'agentlink-window'）
    */
   async sendData(targetUrl, data, type, windowName = _AgentLinkClient.DEFAULT_WINDOW_NAME) {
-    const isAllowed = await verifyWhitelist(this.serverUrl);
-    if (!isAllowed) {
-      throw new Error(`[AgentLink] Current origin is not whitelisted: ${window.location.origin}`);
-    }
-    const encodedUrl = await encodeDataToUrl(data, type, targetUrl);
+    const token = await this.ensureToken();
+    const origin = window.location.origin;
+    const isWhitelisted = await this.checkWhitelist(origin);
+    const verification = isWhitelisted ? "mixlab launchpad\u52A0\u901F\u8BA1\u5212" : "\u672A\u9A8C\u8BC1";
+    const encodedUrl = await encodeDataToUrl(data, type, token, origin, targetUrl, verification);
     const targetWindow = window.open(encodedUrl, windowName);
     if (!targetWindow) {
       throw new Error("[AgentLink] Failed to open target window. It might be blocked by a popup blocker.");
@@ -160,13 +234,13 @@ var _AgentLinkClient = class _AgentLinkClient {
   }
   /**
    * 监听来自 URL 的数据
-   * @param callback 接收到数据时的回调函数
+   * @param callback 接收到数据时的回调函数，现在包含验证信息
    */
   receiveData(callback) {
     const handleHashChange = async () => {
       const result = await this.getDataFromUrl();
       if (result) {
-        callback(result.data, result.type);
+        callback(result.data, result.type, result.senderInfo, result.verification);
       }
     };
     window.addEventListener("hashchange", handleHashChange);
@@ -176,19 +250,29 @@ var _AgentLinkClient = class _AgentLinkClient {
     };
   }
   /**
-   * 从当前 URL 获取数据并验证接收方白名单
+   * 从当前 URL 获取数据并验证发送方
+   * 即使验证失败也返回数据，但会标记验证状态
    */
   async getDataFromUrl(url) {
     const targetUrl = url || window.location.href;
-    const data = await decodeDataFromUrl(targetUrl);
-    if (data) {
-      const isAllowed = await verifyWhitelist(this.serverUrl);
-      if (!isAllowed) {
-        console.warn(`[AgentLink] Data received but current origin is not whitelisted: ${window.location.origin}`);
-        return null;
-      }
+    const urlData = await decodeDataFromUrl(targetUrl);
+    if (!urlData) {
+      return null;
     }
-    return data;
+    const senderInfo = await this.verifySender(urlData.token, urlData.origin);
+    let verification = urlData.verification;
+    if (!verification) {
+      verification = senderInfo ? "mixlab launchpad\u52A0\u901F\u8BA1\u5212" : "\u672A\u9A8C\u8BC1";
+    }
+    if (!senderInfo) {
+      console.warn(`[AgentLink] Data received but sender verification failed. Verification: ${verification}`);
+    }
+    return {
+      data: urlData.data,
+      type: urlData.type,
+      senderInfo: senderInfo || void 0,
+      verification
+    };
   }
   /**
    * 获取白名单信息
@@ -198,5 +282,11 @@ var _AgentLinkClient = class _AgentLinkClient {
   }
 };
 _AgentLinkClient.DEFAULT_WINDOW_NAME = "agentlink-window";
+// 接收端验证结果缓存（静态，跨实例共享）
+_AgentLinkClient.tokenCache = /* @__PURE__ */ new Map();
+// 白名单验证缓存（避免重复请求）
+_AgentLinkClient.whitelistCache = /* @__PURE__ */ new Map();
+// 缓存过期时间：1 小时
+_AgentLinkClient.CACHE_TTL = 60 * 60 * 1e3;
 var AgentLinkClient = _AgentLinkClient;
 //# sourceMappingURL=index.js.map

package/dist/index.mjs CHANGED Viewed

@@ -32,8 +32,11 @@ function base64ToUint8Array(base64) {
 }
 // src/utils/url.ts
-async function encodeDataToUrl(data, type, baseUrl) {
-  const payload = { data, type };
+async function encodeDataToUrl(data, type, token, origin, baseUrl, verification) {
+  const payload = { data, type, token, origin };
+  if (verification !== void 0) {
+    payload.verification = verification;
+  }
   const jsonString = JSON.stringify(payload);
   const compressed = await compress(jsonString);
   const base64 = uint8ArrayToBase64(compressed);
@@ -103,8 +106,79 @@ async function fetchWhitelistInfo(serverUrl, includeAll = false) {
 // src/client.ts
 var _AgentLinkClient = class _AgentLinkClient {
   constructor(options) {
+    // 发送端 Token 缓存（实例级别）
+    this.token = null;
+    this.tokenPromise = null;
     this.serverUrl = options.serverUrl.replace(/\/$/, "");
   }
+  /**
+   * 确保有 Token（自动获取）
+   */
+  async ensureToken() {
+    if (this.token) return this.token;
+    if (!this.tokenPromise) {
+      this.tokenPromise = this.fetchToken();
+    }
+    return this.tokenPromise;
+  }
+  /**
+   * 从服务器获取 Token
+   */
+  async fetchToken() {
+    const origin = window.location.origin;
+    const response = await fetch(`${this.serverUrl}/api/tokens/get?origin=${encodeURIComponent(origin)}`);
+    if (!response.ok) {
+      const data2 = await response.json();
+      throw new Error(`[AgentLink] Failed to get token: ${data2.error || response.statusText}`);
+    }
+    const data = await response.json();
+    if (!data.token) {
+      throw new Error("[AgentLink] No token returned from server");
+    }
+    const token = data.token;
+    this.token = token;
+    return token;
+  }
+  /**
+   * 检查域名是否在白名单中
+   */
+  async checkWhitelist(origin) {
+    const cached = _AgentLinkClient.whitelistCache.get(origin);
+    if (cached && Date.now() - cached.timestamp < _AgentLinkClient.CACHE_TTL) {
+      return cached.verified;
+    }
+    const verified = await verifyWhitelist(this.serverUrl, origin);
+    _AgentLinkClient.whitelistCache.set(origin, {
+      verified,
+      timestamp: Date.now()
+    });
+    return verified;
+  }
+  /**
+   * 验证发送端的 Token 和 Origin
+   */
+  async verifySender(token, origin) {
+    const cached = _AgentLinkClient.tokenCache.get(token);
+    if (cached && Date.now() - cached.timestamp < _AgentLinkClient.CACHE_TTL) {
+      return { domain: cached.domain, description: cached.description };
+    }
+    const response = await fetch(
+      `${this.serverUrl}/api/tokens/verify?token=${encodeURIComponent(token)}&origin=${encodeURIComponent(origin)}`
+    );
+    if (!response.ok) {
+      return null;
+    }
+    const data = await response.json();
+    if (!data.valid) {
+      return null;
+    }
+    _AgentLinkClient.tokenCache.set(token, {
+      domain: data.domain,
+      description: data.description,
+      timestamp: Date.now()
+    });
+    return { domain: data.domain, description: data.description };
+  }
   /**
    * 发送数据到目标应用
    * @param targetUrl 目标应用的地址
@@ -113,11 +187,11 @@ var _AgentLinkClient = class _AgentLinkClient {
    * @param windowName 窗口名称，用于复用（默认: 'agentlink-window'）
    */
   async sendData(targetUrl, data, type, windowName = _AgentLinkClient.DEFAULT_WINDOW_NAME) {
-    const isAllowed = await verifyWhitelist(this.serverUrl);
-    if (!isAllowed) {
-      throw new Error(`[AgentLink] Current origin is not whitelisted: ${window.location.origin}`);
-    }
-    const encodedUrl = await encodeDataToUrl(data, type, targetUrl);
+    const token = await this.ensureToken();
+    const origin = window.location.origin;
+    const isWhitelisted = await this.checkWhitelist(origin);
+    const verification = isWhitelisted ? "mixlab launchpad\u52A0\u901F\u8BA1\u5212" : "\u672A\u9A8C\u8BC1";
+    const encodedUrl = await encodeDataToUrl(data, type, token, origin, targetUrl, verification);
     const targetWindow = window.open(encodedUrl, windowName);
     if (!targetWindow) {
       throw new Error("[AgentLink] Failed to open target window. It might be blocked by a popup blocker.");
@@ -126,13 +200,13 @@ var _AgentLinkClient = class _AgentLinkClient {
   }
   /**
    * 监听来自 URL 的数据
-   * @param callback 接收到数据时的回调函数
+   * @param callback 接收到数据时的回调函数，现在包含验证信息
    */
   receiveData(callback) {
     const handleHashChange = async () => {
       const result = await this.getDataFromUrl();
       if (result) {
-        callback(result.data, result.type);
+        callback(result.data, result.type, result.senderInfo, result.verification);
       }
     };
     window.addEventListener("hashchange", handleHashChange);
@@ -142,19 +216,29 @@ var _AgentLinkClient = class _AgentLinkClient {
     };
   }
   /**
-   * 从当前 URL 获取数据并验证接收方白名单
+   * 从当前 URL 获取数据并验证发送方
+   * 即使验证失败也返回数据，但会标记验证状态
    */
   async getDataFromUrl(url) {
     const targetUrl = url || window.location.href;
-    const data = await decodeDataFromUrl(targetUrl);
-    if (data) {
-      const isAllowed = await verifyWhitelist(this.serverUrl);
-      if (!isAllowed) {
-        console.warn(`[AgentLink] Data received but current origin is not whitelisted: ${window.location.origin}`);
-        return null;
-      }
+    const urlData = await decodeDataFromUrl(targetUrl);
+    if (!urlData) {
+      return null;
     }
-    return data;
+    const senderInfo = await this.verifySender(urlData.token, urlData.origin);
+    let verification = urlData.verification;
+    if (!verification) {
+      verification = senderInfo ? "mixlab launchpad\u52A0\u901F\u8BA1\u5212" : "\u672A\u9A8C\u8BC1";
+    }
+    if (!senderInfo) {
+      console.warn(`[AgentLink] Data received but sender verification failed. Verification: ${verification}`);
+    }
+    return {
+      data: urlData.data,
+      type: urlData.type,
+      senderInfo: senderInfo || void 0,
+      verification
+    };
   }
   /**
    * 获取白名单信息
@@ -164,6 +248,12 @@ var _AgentLinkClient = class _AgentLinkClient {
   }
 };
 _AgentLinkClient.DEFAULT_WINDOW_NAME = "agentlink-window";
+// 接收端验证结果缓存（静态，跨实例共享）
+_AgentLinkClient.tokenCache = /* @__PURE__ */ new Map();
+// 白名单验证缓存（避免重复请求）
+_AgentLinkClient.whitelistCache = /* @__PURE__ */ new Map();
+// 缓存过期时间：1 小时
+_AgentLinkClient.CACHE_TTL = 60 * 60 * 1e3;
 var AgentLinkClient = _AgentLinkClient;
 export {
   AgentLinkClient,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "agentlink-sdk",
-    "version": "1.0.2",
+    "version": "1.0.4",
     "description": "AgentLink client SDK for cross-domain data synchronization via URL hash",
     "main": "dist/index.js",
     "module": "dist/index.esm.js",