npm - nodebb-plugin-pdf-secure - Versions diffs - 1.0.1 → 1.0.2 - Mend

nodebb-plugin-pdf-secure 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/lib/main.js CHANGED Viewed

@@ -65,24 +65,42 @@
 			const result = await response.json();
 			const { nonce, isPremium } = result.response;
+			// Fetch PDF binary in parent (before iframe creation)
+			const pdfResponse = await fetch(
+				`${config.relative_path}/api/v3/plugins/pdf-secure/pdf-data?nonce=${encodeURIComponent(nonce)}`,
+				{ credentials: 'same-origin' }
+			);
+			if (!pdfResponse.ok) {
+				app.alertError('Failed to load PDF data.');
+				return;
+			}
+			const pdfArrayBuffer = await pdfResponse.arrayBuffer();
 			// Create overlay with iframe
 			const overlay = document.createElement('div');
 			overlay.className = 'pdf-secure-overlay';
 			overlay.id = 'pdf-secure-overlay';
 			const iframe = document.createElement('iframe');
-			const viewerUrl = `${config.relative_path}/plugins/nodebb-plugin-pdf-secure/static/lib/viewer.html?nonce=${encodeURIComponent(nonce)}&premium=${isPremium}&apiBase=${encodeURIComponent(config.relative_path)}`;
+			const viewerUrl = `${config.relative_path}/plugins/nodebb-plugin-pdf-secure/static/lib/viewer.html`;
 			iframe.src = viewerUrl;
 			iframe.className = 'pdf-secure-iframe';
-			iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin');
+			iframe.setAttribute('sandbox', 'allow-scripts');
 			overlay.appendChild(iframe);
 			document.body.appendChild(overlay);
-			// Listen for close message from viewer
+			// Listen for messages from viewer
 			function onMessage(e) {
+				if (e.source !== iframe.contentWindow) return;
 				if (e.data && e.data.type === 'pdf-viewer-close') {
 					closeOverlay();
+				} else if (e.data && e.data.type === 'pdf-viewer-ready') {
+					iframe.contentWindow.postMessage(
+						{ type: 'pdf-data', pdf: pdfArrayBuffer, isPremium: isPremium },
+						'*',
+						[pdfArrayBuffer]
+					);
 				}
 			}
 			window.addEventListener('message', onMessage);

package/static/lib/viewer.js CHANGED Viewed

@@ -49,17 +49,6 @@ let currentPage = 1;
 let totalPages = 0;
 let rendering = false;
-// Parse URL parameters
-const params = new URLSearchParams(window.location.search);
-const nonce = params.get('nonce');
-const isPremium = params.get('premium') === 'true';
-const apiBase = params.get('apiBase') || '';
-// Show premium banner for non-premium users
-if (!isPremium) {
-	premiumBanner.style.display = 'block';
-}
 // Close button handler
 closeBtn.addEventListener('click', () => {
 	if (window.parent && window.parent !== window) {
@@ -129,53 +118,41 @@ document.addEventListener('keydown', (e) => {
 	}
 });
-// Load PDF
-async function init() {
-	if (!nonce) {
-		showError('Missing access token.');
-		return;
+// Handle window resize
+let resizeTimeout;
+window.addEventListener('resize', () => {
+	clearTimeout(resizeTimeout);
+	resizeTimeout = setTimeout(() => {
+		if (pdfDoc) renderPage(currentPage);
+	}, 250);
+});
+// 30 second timeout for receiving PDF data
+const dataTimeout = setTimeout(() => {
+	showError('Timed out waiting for PDF data.');
+}, 30000);
+// Listen for PDF data from parent
+window.addEventListener('message', async (e) => {
+	if (!e.data || e.data.type !== 'pdf-data') return;
+	clearTimeout(dataTimeout);
+	const { pdf, isPremium } = e.data;
+	if (!isPremium) {
+		premiumBanner.style.display = 'block';
 	}
 	try {
-		const response = await fetch(`${apiBase}/api/v3/plugins/pdf-secure/pdf-data?nonce=${encodeURIComponent(nonce)}`, {
-			credentials: 'same-origin',
-		});
-		if (!response.ok) {
-			if (response.status === 401) {
-				showError('You must be logged in to view this PDF.');
-			} else if (response.status === 403) {
-				showError('Access denied. The link may have expired.');
-			} else if (response.status === 404) {
-				showError('PDF file not found.');
-			} else {
-				showError('Failed to load PDF.');
-			}
-			return;
-		}
-		const arrayBuffer = await response.arrayBuffer();
-		const data = new Uint8Array(arrayBuffer);
+		const data = new Uint8Array(pdf);
 		pdfDoc = await getDocument({ data }).promise;
 		totalPages = pdfDoc.numPages;
 		loadingEl.style.display = 'none';
 		canvas.style.display = 'block';
 		await renderPage(1);
 	} catch (err) {
 		showError('Failed to load PDF. Please try again.');
 	}
-}
-// Handle window resize
-let resizeTimeout;
-window.addEventListener('resize', () => {
-	clearTimeout(resizeTimeout);
-	resizeTimeout = setTimeout(() => {
-		if (pdfDoc) renderPage(currentPage);
-	}, 250);
 });
-init();
+// Notify parent that viewer is ready (after listener is registered)
+window.parent.postMessage({ type: 'pdf-viewer-ready' }, '*');