npm - edge-core-js - Versions diffs - 2.41.0 → 2.41.2 - Mend

edge-core-js 2.41.0 → 2.41.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/CHANGELOG.md +8 -0
package/android/src/main/assets/edge-core-js/edge-core.js +1 -1
package/android/src/main/assets/edge-core-js/index.html +1 -1
package/android/src/main/java/app/edge/reactnative/core/EdgeCoreModule.java +31 -0
package/android/src/main/java/app/edge/reactnative/core/EdgeCorePackage.java +1 -1
package/android/src/main/java/app/edge/reactnative/core/EdgeCoreWebView.java +117 -65
package/android/src/main/java/app/edge/reactnative/core/LocalContentWebViewClient.java +79 -0
package/edge-core-js.podspec +3 -1
package/ios/EdgeAssetsSchemeHandler.swift +175 -0
package/ios/EdgeCoreModule.m +4 -0
package/ios/EdgeCoreModule.swift +15 -0
package/ios/EdgeCoreWebView.swift +32 -45
package/lib/io/react-native/react-native-worker.js +3 -31
package/lib/libs.d.js +12 -0
package/lib/node/index.js +1 -1
package/lib/react-native.js +41 -4
package/lib/util/nym.js +1 -8
package/lib/util/promise.js +1 -1
package/package.json +1 -1
package/android/src/main/java/app/edge/reactnative/core/BundleHTTPServer.java +0 -318
package/ios/BundleHTTPServer.swift +0 -394

package/android/src/main/assets/edge-core-js/index.html CHANGED Viewed

@@ -3,7 +3,7 @@
   <head>
     <meta charset="utf-8" />
     <title>edge-core-js</title>
-    <script charset="utf-8" defer src="/edge-core.js"></script>
+    <script charset="utf-8" defer src="edge-core.js"></script>
   </head>
   <body></body>
 </html>

package/android/src/main/java/app/edge/reactnative/core/EdgeCoreModule.java ADDED Viewed

@@ -0,0 +1,31 @@
+package app.edge.reactnative.core;
+import androidx.annotation.NonNull;
+import com.facebook.react.bridge.ReactApplicationContext;
+import com.facebook.react.bridge.ReactContextBaseJavaModule;
+import java.util.HashMap;
+import java.util.Map;
+/**
+ * Native module that exports constants for edge-core-js. Accessible via
+ * NativeModules.EdgeCoreModule.getConstants() in JavaScript.
+ */
+public class EdgeCoreModule extends ReactContextBaseJavaModule {
+  public EdgeCoreModule(ReactApplicationContext context) {
+    super(context);
+  }
+  @NonNull
+  @Override
+  public String getName() {
+    return "EdgeCoreModule";
+  }
+  @Override
+  public Map<String, Object> getConstants() {
+    final Map<String, Object> constants = new HashMap<>();
+    constants.put("bundleBaseUri", LocalContentWebViewClient.BUNDLE_BASE_URI);
+    constants.put("rootBaseUri", "file:///android_asset/");
+    return constants;
+  }
+}

package/android/src/main/java/app/edge/reactnative/core/EdgeCorePackage.java CHANGED Viewed

@@ -12,7 +12,7 @@ public class EdgeCorePackage implements ReactPackage {
   @NonNull
   @Override
   public List<NativeModule> createNativeModules(@NonNull ReactApplicationContext reactContext) {
-    return Collections.emptyList();
+    return Collections.<NativeModule>singletonList(new EdgeCoreModule(reactContext));
   }
   @NonNull

package/android/src/main/java/app/edge/reactnative/core/EdgeCoreWebView.java CHANGED Viewed

@@ -1,27 +1,44 @@
 package app.edge.reactnative.core;
-import android.graphics.Bitmap;
-import android.os.Handler;
-import android.os.Looper;
+import android.content.res.AssetManager;
 import android.util.Log;
 import android.webkit.JavascriptInterface;
+import android.webkit.WebResourceResponse;
 import android.webkit.WebView;
-import android.webkit.WebViewClient;
 import com.facebook.react.bridge.Arguments;
 import com.facebook.react.bridge.WritableMap;
 import com.facebook.react.uimanager.ThemedReactContext;
 import com.facebook.react.uimanager.events.RCTEventEmitter;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
 import org.json.JSONArray;
+/**
+ * A WebView that loads edge-core-js content using WebViewAssetLoader.
+ *
+ * <p>Uses WebViewAssetLoader to serve local assets via HTTPS URLs, which: - Provides a proper
+ * non-null origin for same-origin policy compliance - Eliminates the need for a local HTTP server -
+ * Is more secure (content served directly from assets without network stack)
+ *
+ * <p>Includes Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers required for
+ * SharedArrayBuffer support (needed by mixFetch web workers).
+ *
+ * <p>Note: WebViewAssetLoader only handles requests within this specific WebView instance. It does
+ * not register a system-wide URL handler - other apps cannot access these URLs.
+ */
 class EdgeCoreWebView extends WebView {
   private static final String TAG = "EdgeCoreWebView";
+  /** Default URL for the WebView. Uses the WebViewAssetLoader URL format. */
+  private static final String DEFAULT_SOURCE =
+      LocalContentWebViewClient.BUNDLE_BASE_URI + "/edge-core-js/index.html";
   private final ThemedReactContext mContext;
   private final EdgeNative mNative;
-  private BundleHTTPServer mHttpServer;
-  private int mServerPort = 0;
-  private boolean mServerReady = false;
-  private boolean mIsDestroyed = false;
-  private final Handler mMainHandler = new Handler(Looper.getMainLooper());
   // react api--------------------------------------------------------------
@@ -49,61 +66,106 @@ class EdgeCoreWebView extends WebView {
     mContext = context;
     mNative = new EdgeNative(mContext.getFilesDir());
-    getSettings().setAllowFileAccess(true);
+    getSettings().setAllowFileAccess(false);
     getSettings().setJavaScriptEnabled(true);
-    setWebViewClient(new Client());
+    setWebViewClient(new LocalContentWebViewClient(this));
     addJavascriptInterface(new JsMethods(), "edgeCore");
-    // Start the HTTP server on an ephemeral port bound to loopback only
-    mHttpServer = new BundleHTTPServer(context);
-    mHttpServer.start(new BundleHTTPServer.OnServerStartedListener() {
-      @Override
-      public void onServerStarted(int port) {
-        mMainHandler.post(() -> {
-          // Check if WebView was destroyed before this callback executed
-          if (mIsDestroyed) return;
-          mServerPort = port;
-          mServerReady = true;
-          // Now that the server is ready with its assigned port, load the page
-          visitPage();
-        });
-      }
-      @Override
-      public void onServerError(Exception error) {
-        Log.e(TAG, "Failed to start HTTP server: " + error.getMessage());
-        // Server failed to start - the WebView won't be able to load local content
-      }
-    });
+    // WebViewAssetLoader is ready immediately - no async startup needed
+    visitPage();
   }
   @Override
   protected void onDetachedFromWindow() {
     super.onDetachedFromWindow();
-    // Mark as destroyed first to prevent callbacks from calling methods on destroyed WebView
-    mIsDestroyed = true;
-    // Stop the HTTP server when view is detached
-    if (mHttpServer != null) {
-      mHttpServer.stop();
-      mHttpServer = null;
-    }
     destroy();
   }
-  // callbacks -------------------------------------------------------------
+  // file serving ----------------------------------------------------------
+  /**
+   * Serve a file from assets with COOP/COEP headers. Package-private for use by
+   * LocalContentWebViewClient.
+   */
+  WebResourceResponse serveFileWithHeaders(String resourcePath) {
+    AssetManager assetManager = mContext.getAssets();
+    byte[] data = null;
+    try (InputStream inputStream = assetManager.open(resourcePath)) {
+      data = readAllBytes(inputStream);
+      Log.d(TAG, "Serving file: " + resourcePath);
+    } catch (IOException e) {
+      // File not in assets
+    }
-  class Client extends WebViewClient {
-    @Override
-    public void onReceivedError(WebView view, int errorCode, String description, String failingUrl) {
-      // Reload on navigation errors (matches iOS didFailProvisionalNavigation behavior)
-      visitPage();
+    if (data == null) {
+      Log.d(TAG, "File not found: " + resourcePath);
+      return createNotFoundResponse();
     }
+    String mimeType = getMimeType(resourcePath);
+    return createResponseWithHeaders(mimeType, data);
+  }
+  /** Create a WebResourceResponse with COOP/COEP headers for SharedArrayBuffer support. */
+  private WebResourceResponse createResponseWithHeaders(String mimeType, byte[] data) {
+    Map<String, String> headers = new HashMap<>();
+    // CORS headers to allow cross-origin requests (needed for debug mode with localhost)
+    headers.put("Access-Control-Allow-Origin", "*");
+    headers.put("Cross-Origin-Resource-Policy", "cross-origin");
+    // Cross-origin isolation headers required for SharedArrayBuffer (needed by mixFetch web
+    // workers)
+    headers.put("Cross-Origin-Opener-Policy", "same-origin");
+    headers.put("Cross-Origin-Embedder-Policy", "require-corp");
+    return new WebResourceResponse(
+        mimeType, "UTF-8", 200, "OK", headers, new ByteArrayInputStream(data));
+  }
+  /** Create a 404 Not Found response. Package-private for use by LocalContentWebViewClient. */
+  WebResourceResponse createNotFoundResponse() {
+    Map<String, String> headers = new HashMap<>();
+    // CORS headers
+    headers.put("Access-Control-Allow-Origin", "*");
+    headers.put("Cross-Origin-Resource-Policy", "cross-origin");
+    // Include COOP/COEP even on error responses
+    headers.put("Cross-Origin-Opener-Policy", "same-origin");
+    headers.put("Cross-Origin-Embedder-Policy", "require-corp");
+    return new WebResourceResponse(
+        "text/plain",
+        "UTF-8",
+        404,
+        "Not Found",
+        headers,
+        new ByteArrayInputStream("Not Found".getBytes()));
   }
+  private byte[] readAllBytes(InputStream inputStream) throws IOException {
+    ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+    byte[] chunk = new byte[4096];
+    int bytesRead;
+    while ((bytesRead = inputStream.read(chunk)) != -1) {
+      buffer.write(chunk, 0, bytesRead);
+    }
+    return buffer.toByteArray();
+  }
+  // We only serve HTML, JS, and WASM files
+  private String getMimeType(String path) {
+    String lowerPath = path.toLowerCase();
+    if (lowerPath.endsWith(".html") || lowerPath.endsWith(".htm")) {
+      return "text/html";
+    } else if (lowerPath.endsWith(".js")) {
+      return "application/javascript";
+    } else if (lowerPath.endsWith(".wasm")) {
+      return "application/wasm";
+    }
+    return "application/octet-stream";
+  }
+  // JavaScript interface --------------------------------------------------
   class JsMethods {
     @JavascriptInterface
     public void call(int id, final String name, final String args) {
@@ -131,28 +193,18 @@ class EdgeCoreWebView extends WebView {
   // utilities -------------------------------------------------------------
-  private String defaultSource() {
-    if (!mServerReady) {
-      return null;
-    }
-    return "http://127.0.0.1:" + mServerPort + "/index.html";
-  }
-  private void visitPage() {
+  /** Reload the page. Package-private for use by LocalContentWebViewClient. */
+  void visitPage() {
     // If source is set, use it directly (e.g., webpack dev server for debugging)
-    // Otherwise, use the local bundle HTTP server with ephemeral port
+    // Otherwise, use the WebViewAssetLoader URL
     String baseUrl;
     if (mSource != null && !mSource.isEmpty()) {
       baseUrl = mSource;
     } else {
-      baseUrl = defaultSource();
-      if (baseUrl == null) {
-        Log.w(TAG, "visitPage called before server is ready");
-        return;
-      }
+      baseUrl = DEFAULT_SOURCE;
     }
-    // Load the page from the HTTP server to get COOP/COEP headers
+    // Load the page - WebViewAssetLoader intercepts and serves with COOP/COEP headers
     // which are required for SharedArrayBuffer support (needed by mixFetch web workers)
     loadUrl(baseUrl);
   }

package/android/src/main/java/app/edge/reactnative/core/LocalContentWebViewClient.java ADDED Viewed

@@ -0,0 +1,79 @@
+package app.edge.reactnative.core;
+import android.net.Uri;
+import android.webkit.WebResourceRequest;
+import android.webkit.WebResourceResponse;
+import android.webkit.WebView;
+import android.webkit.WebViewClient;
+import androidx.annotation.RequiresApi;
+/**
+ * WebViewClient that intercepts requests and serves local assets with COOP/COEP headers.
+ *
+ * <p>Works with EdgeCoreWebView to serve files from the assets folder with
+ * Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers required for
+ * SharedArrayBuffer support (needed by mixFetch web workers).
+ *
+ * <p>Note: WebViewAssetLoader only handles requests within this specific WebView instance. It does
+ * not register a system-wide URL handler - other apps cannot access these URLs.
+ */
+class LocalContentWebViewClient extends WebViewClient {
+  /** The domain used for serving local assets. This provides the origin for same-origin policy. */
+  static final String ASSET_LOADER_DOMAIN = "edge.bundle";
+  /** Base URI for serving bundled assets (e.g., "https://edge.bundle"). */
+  static final String BUNDLE_BASE_URI = "https://" + ASSET_LOADER_DOMAIN;
+  private final EdgeCoreWebView mWebView;
+  LocalContentWebViewClient(EdgeCoreWebView webView) {
+    mWebView = webView;
+  }
+  @Override
+  public void onReceivedError(WebView view, int errorCode, String description, String failingUrl) {
+    // Reload on navigation errors (matches iOS didFailProvisionalNavigation behavior)
+    mWebView.visitPage();
+  }
+  @Override
+  @RequiresApi(21)
+  public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
+    Uri uri = request.getUrl();
+    // Only intercept requests to our asset loader domain
+    if (!ASSET_LOADER_DOMAIN.equals(uri.getHost())) {
+      return null; // Let WebView handle external requests normally
+    }
+    // Get the path without leading slash
+    String path = uri.getPath();
+    if (path == null || path.isEmpty() || path.equals("/")) {
+      return mWebView.createNotFoundResponse();
+    }
+    String resourcePath = path.startsWith("/") ? path.substring(1) : path;
+    // Serve the file with COOP/COEP headers
+    return mWebView.serveFileWithHeaders(resourcePath);
+  }
+  // For API < 21, use the deprecated method
+  @Override
+  @SuppressWarnings("deprecation")
+  public WebResourceResponse shouldInterceptRequest(WebView view, String url) {
+    Uri uri = Uri.parse(url);
+    // Only intercept requests to our asset loader domain
+    if (!ASSET_LOADER_DOMAIN.equals(uri.getHost())) {
+      return null;
+    }
+    String path = uri.getPath();
+    if (path == null || path.isEmpty() || path.equals("/")) {
+      return mWebView.createNotFoundResponse();
+    }
+    String resourcePath = path.startsWith("/") ? path.substring(1) : path;
+    return mWebView.serveFileWithHeaders(resourcePath);
+  }
+}

package/edge-core-js.podspec CHANGED Viewed

@@ -24,7 +24,9 @@ Pod::Spec.new do |s|
     "android/src/main/cpp/scrypt/sysendian.h",
     "ios/Disklet.swift",
     "ios/edge-core-js-Bridging-Header.h",
-    "ios/BundleHTTPServer.swift",
+    "ios/EdgeAssetsSchemeHandler.swift",
+    "ios/EdgeCoreModule.m",
+    "ios/EdgeCoreModule.swift",
     "ios/EdgeCoreWebView.swift",
     "ios/EdgeCoreWebViewManager.m",
     "ios/EdgeCoreWebViewManager.swift",

package/ios/EdgeAssetsSchemeHandler.swift ADDED Viewed

@@ -0,0 +1,175 @@
+import Foundation
+import WebKit
+/// Custom URL scheme for serving local assets.
+let EDGE_SCHEME = "edgebundle"
+let EDGE_HOST = "edge.bundle"
+let BUNDLE_BASE_URI = "\(EDGE_SCHEME)://\(EDGE_HOST)"
+/// Handles requests to the custom "edgebundle://" URL scheme.
+/// Serves local bundle assets with COOP/COEP headers for SharedArrayBuffer support.
+///
+/// Note: WKURLSchemeHandler only handles requests within this specific WKWebView instance.
+/// It does not register a system-wide URL scheme - other apps cannot access this handler.
+class EdgeAssetsSchemeHandler: NSObject, WKURLSchemeHandler {
+  func webView(_ webView: WKWebView, start urlSchemeTask: WKURLSchemeTask) {
+    guard let url = urlSchemeTask.request.url else {
+      sendErrorResponse(urlSchemeTask, code: 400, message: "Bad Request")
+      return
+    }
+    // Get the path without leading slash
+    var path = url.path
+    if path.hasPrefix("/") {
+      path = String(path.dropFirst())
+    }
+    // Require explicit file name - no auto-matching for root path
+    if path.isEmpty {
+      sendErrorResponse(urlSchemeTask, code: 404, message: "Not Found")
+      return
+    }
+    // Load file from bundle
+    guard let data = loadFile(path: path) else {
+      print("EdgeAssetsSchemeHandler: File not found: \(path)")
+      sendErrorResponse(urlSchemeTask, code: 404, message: "Not Found")
+      return
+    }
+    let mime = mimeType(for: path)
+    let headers = [
+      "Content-Type": mime,
+      "Content-Length": "\(data.count)",
+      // CORS headers to allow cross-origin requests (needed for debug mode with localhost)
+      "Access-Control-Allow-Origin": "*",
+      "Cross-Origin-Resource-Policy": "cross-origin",
+      // Cross-origin isolation headers required for SharedArrayBuffer (needed by mixFetch web workers)
+      "Cross-Origin-Opener-Policy": "same-origin",
+      "Cross-Origin-Embedder-Policy": "require-corp",
+    ]
+    guard
+      let response = HTTPURLResponse(
+        url: url,
+        statusCode: 200,
+        httpVersion: "HTTP/1.1",
+        headerFields: headers
+      )
+    else {
+      sendErrorResponse(urlSchemeTask, code: 500, message: "Internal Server Error")
+      return
+    }
+    urlSchemeTask.didReceive(response)
+    urlSchemeTask.didReceive(data)
+    urlSchemeTask.didFinish()
+  }
+  func webView(_ webView: WKWebView, stop urlSchemeTask: WKURLSchemeTask) {
+    // Nothing to clean up - file loading is synchronous
+  }
+  // MARK: - File Loading
+  /// Load a file from the appropriate bundle location.
+  private func loadFile(path: String) -> Data? {
+    let bundlePath = Bundle.main.bundlePath
+    if path.contains(".bundle/") || path.hasPrefix("edge-core/") {
+      // Plugin bundle file or edge-core plugin - look in app bundle root
+      let fullPath = (bundlePath as NSString).appendingPathComponent(path)
+      if FileManager.default.fileExists(atPath: fullPath) {
+        do {
+          return try Data(contentsOf: URL(fileURLWithPath: fullPath))
+        } catch {
+          print("EdgeAssetsSchemeHandler: Error reading file at \(fullPath): \(error)")
+        }
+      }
+    } else {
+      // Core file - look in edge-core-js.bundle
+      let nsPath = path as NSString
+      let fileExtension = nsPath.pathExtension
+      let filename = nsPath.deletingPathExtension
+      if let bundleUrl = Bundle.main.url(forResource: "edge-core-js", withExtension: "bundle"),
+        let bundle = Bundle(url: bundleUrl)
+      {
+        var url: URL?
+        if !fileExtension.isEmpty {
+          url = bundle.url(forResource: filename, withExtension: fileExtension)
+        }
+        if let url = url {
+          do {
+            return try Data(contentsOf: url)
+          } catch {
+            print("EdgeAssetsSchemeHandler: Error reading core file: \(error)")
+          }
+        }
+      }
+    }
+    return nil
+  }
+  // MARK: - Response Helpers
+  private func sendErrorResponse(_ urlSchemeTask: WKURLSchemeTask, code: Int, message: String) {
+    // When URL is nil we cannot build an HTTP response; complete the task with didFailWithError
+    // so we never leave a task uncompleted (WKURLSchemeHandler contract).
+    guard let url = urlSchemeTask.request.url else {
+      let error = NSError(
+        domain: "EdgeAssetsSchemeHandler",
+        code: code,
+        userInfo: [NSLocalizedDescriptionKey: message]
+      )
+      urlSchemeTask.didFailWithError(error)
+      return
+    }
+    let bodyData = message.data(using: .utf8) ?? Data()
+    let headers = [
+      "Content-Type": "text/plain",
+      "Content-Length": "\(bodyData.count)",
+      // CORS headers
+      "Access-Control-Allow-Origin": "*",
+      "Cross-Origin-Resource-Policy": "cross-origin",
+      // Include COOP/COEP even on error responses
+      "Cross-Origin-Opener-Policy": "same-origin",
+      "Cross-Origin-Embedder-Policy": "require-corp",
+    ]
+    if let response = HTTPURLResponse(
+      url: url,
+      statusCode: code,
+      httpVersion: "HTTP/1.1",
+      headerFields: headers
+    ) {
+      urlSchemeTask.didReceive(response)
+      urlSchemeTask.didReceive(bodyData)
+      urlSchemeTask.didFinish()
+    } else {
+      // HTTPURLResponse creation failed; complete the task with didFailWithError
+      let error = NSError(
+        domain: "EdgeAssetsSchemeHandler",
+        code: code,
+        userInfo: [NSLocalizedDescriptionKey: message]
+      )
+      urlSchemeTask.didFailWithError(error)
+    }
+  }
+  private func mimeType(for path: String) -> String {
+    let ext = (path as NSString).pathExtension.lowercased()
+    // We only serve HTML, JS, and WASM files
+    switch ext {
+    case "html", "htm": return "text/html"
+    case "js": return "application/javascript"
+    case "wasm": return "application/wasm"
+    default: return "application/octet-stream"
+    }
+  }
+}

package/ios/EdgeCoreModule.m ADDED Viewed

@@ -0,0 +1,4 @@
+#import <React/RCTBridgeModule.h>
+@interface RCT_EXTERN_MODULE(EdgeCoreModule, NSObject)
+@end

package/ios/EdgeCoreModule.swift ADDED Viewed

@@ -0,0 +1,15 @@
+import Foundation
+/// Native module that exports constants for edge-core-js.
+/// Accessible via NativeModules.EdgeCoreModule.getConstants() in JavaScript.
+@objc(EdgeCoreModule)
+class EdgeCoreModule: NSObject {
+  @objc static func requiresMainQueueSetup() -> Bool { return false }
+  @objc func constantsToExport() -> [AnyHashable: Any]! {
+    return [
+      "bundleBaseUri": BUNDLE_BASE_URI,
+      "rootBaseUri": "file://\(Bundle.main.bundlePath)/",
+    ]
+  }
+}