nodebb-plugin-pdf-secure 1.0.9 → 1.1.1

package/library.js

@@ -1,5 +1,7 @@
 'use strict';
 
+const path = require('path');
+const fs = require('fs');
 const meta = require.main.require('./src/meta');
 const groups = require.main.require('./src/groups');
 const routeHelpers = require.main.require('./src/routes/helpers');
@@ -26,6 +28,50 @@ plugin.init = async (params) => {
 
 	// Admin page route
 	routeHelpers.setupAdminPageRoute(router, '/admin/plugins/pdf-secure', controllers.renderAdminPage);
+
+	// Viewer page route (fullscreen Mozilla PDF.js viewer)
+	router.get('/plugins/pdf-secure/viewer', middleware.ensureLoggedIn, (req, res) => {
+		const { file } = req.query;
+		if (!file) {
+			return res.status(400).send('Missing file parameter');
+		}
+
+		// Sanitize filename
+		const safeName = path.basename(file);
+		if (!safeName || !safeName.toLowerCase().endsWith('.pdf')) {
+			return res.status(400).send('Invalid file');
+		}
+
+		// Serve the viewer template with security headers
+		res.set({
+			'X-Frame-Options': 'SAMEORIGIN',
+			'X-Content-Type-Options': 'nosniff',
+			'Cache-Control': 'no-store, no-cache, must-revalidate, private',
+		});
+
+		// Read and send the viewer HTML
+		const viewerPath = path.join(__dirname, 'static', 'viewer.html');
+		fs.readFile(viewerPath, 'utf8', (err, html) => {
+			if (err) {
+				return res.status(500).send('Viewer not found');
+			}
+
+			// Inject the filename and config into the viewer
+			const injectedHtml = html
+				.replace('</head>', `
+					<script>
+						window.PDF_SECURE_CONFIG = {
+							filename: ${JSON.stringify(safeName)},
+							relativePath: ${JSON.stringify(req.app.get('relative_path') || '')},
+							csrfToken: ${JSON.stringify(req.csrfToken ? req.csrfToken() : '')}
+						};
+					</script>
+				</head>`)
+				.replace('id="uploadOverlay">', 'id="uploadOverlay" class="hidden">');
+
+			res.type('html').send(injectedHtml);
+		});
+	});
 };
 
 plugin.addRoutes = async ({ router, middleware, helpers }) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure",
-  "version": "1.0.9",
+  "version": "1.1.1",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/lib/main.js

@@ -2,22 +2,7 @@
 
 console.log('[PDF-Secure] main.js loaded');
 
-// Load PDF.js via inline <script type="module"> → expose globally
-(function () {
-	var base = (window.config ? config.relative_path : '') + '/plugins/nodebb-plugin-pdf-secure/static/lib';
-	var s = document.createElement('script');
-	s.type = 'module';
-	s.textContent =
-		'import { getDocument, GlobalWorkerOptions } from "' + base + '/pdf.min.mjs";\n' +
-		'GlobalWorkerOptions.workerSrc = "' + base + '/pdf.worker.min.mjs";\n' +
-		'window.__pdfSecureLib = { getDocument: getDocument };\n' +
-		'window.dispatchEvent(new CustomEvent("pdf-secure-lib-ready"));\n' +
-		'console.log("[PDF-Secure] PDF.js library ready");';
-	document.head.appendChild(s);
-	console.log('[PDF-Secure] PDF.js module injected');
-})();
-
-// Main plugin logic
+// Main plugin logic - PDF links become inline embedded viewers
 (async function () {
 	try {
 		var hooks = await app.require('hooks');
@@ -34,7 +19,7 @@ console.log('[PDF-Secure] main.js loaded');
 	function interceptPdfLinks() {
 		var postContents = document.querySelectorAll('[component="post/content"]');
 
-		postContents.forEach(function (content, idx) {
+		postContents.forEach(function (content) {
 			var pdfLinks = content.querySelectorAll('a[href$=".pdf"], a[href$=".PDF"]');
 
 			pdfLinks.forEach(function (link) {
@@ -44,156 +29,55 @@ console.log('[PDF-Secure] main.js loaded');
 				var href = link.getAttribute('href');
 				var parts = href.split('/');
 				var filename = parts[parts.length - 1];
-				console.log('[PDF-Secure] Processing:', filename);
+				console.log('[PDF-Secure] Embedding:', filename);
 
+				// Create inline viewer container
 				var container = document.createElement('div');
-				container.className = 'pdf-secure-inline';
-				container.innerHTML =
-					'<div class="pdf-secure-toolbar">' +
-						'<div class="pdf-secure-toolbar-left">' +
-							'<svg class="pdf-secure-icon" viewBox="0 0 24 24"><path d="M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="currentColor"/></svg>' +
-							'<span class="pdf-secure-filename">' + escapeHtml(link.textContent || filename) + '</span>' +
-						'</div>' +
-						'<div class="pdf-secure-toolbar-right">' +
-							'<span class="pdf-secure-pagecount"></span>' +
-						'</div>' +
+				container.className = 'pdf-secure-embed';
+
+				// Header with filename
+				var header = document.createElement('div');
+				header.className = 'pdf-secure-embed-header';
+				header.innerHTML =
+					'<div class="pdf-secure-embed-title">' +
+					'<svg viewBox="0 0 24 24"><path d="M14 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="currentColor"/></svg>' +
+					'<span>' + escapeHtml(link.textContent || filename) + '</span>' +
 					'</div>' +
-					'<div class="pdf-secure-viewer-area">' +
-						'<div class="pdf-secure-loading">' +
-							'<div class="pdf-secure-spinner"></div>' +
-							'<span>Loading PDF...</span>' +
-						'</div>' +
-						'<div class="pdf-secure-error"></div>' +
-						'<div class="pdf-secure-pages"></div>' +
+					'<div class="pdf-secure-embed-actions">' +
+					'<button class="pdf-secure-fullscreen-btn" title="Tam Ekran">' +
+					'<svg viewBox="0 0 24 24"><path d="M7 14H5v5h5v-2H7v-3zm-2-4h2V7h3V5H5v5zm12 7h-3v2h5v-5h-2v3zM14 5v2h3v3h2V5h-5z" fill="currentColor"/></svg>' +
+					'</button>' +
 					'</div>';
-
-				link.replaceWith(container);
-				loadPdf(container, filename);
-			});
-		});
-	}
-
-	function getPdfLib() {
-		if (window.__pdfSecureLib) return Promise.resolve(window.__pdfSecureLib);
-		return new Promise(function (resolve) {
-			window.addEventListener('pdf-secure-lib-ready', function () {
-				resolve(window.__pdfSecureLib);
-			}, { once: true });
-		});
-	}
-
-	async function loadPdf(container, filename) {
-		var loadingEl = container.querySelector('.pdf-secure-loading');
-		var errorEl = container.querySelector('.pdf-secure-error');
-		var pagesEl = container.querySelector('.pdf-secure-pages');
-		var pagecountEl = container.querySelector('.pdf-secure-pagecount');
-
-		function showError(msg) {
-			console.error('[PDF-Secure] ERROR ' + filename + ':', msg);
-			loadingEl.style.display = 'none';
-			errorEl.style.display = 'flex';
-			errorEl.textContent = msg;
-		}
-
-		try {
-			// 1. Nonce
-			var nonceRes = await fetch(
-				config.relative_path + '/api/v3/plugins/pdf-secure/nonce?file=' + encodeURIComponent(filename),
-				{ credentials: 'same-origin', headers: { 'x-csrf-token': config.csrf_token } }
-			);
-			if (!nonceRes.ok) {
-				showError(nonceRes.status === 401 ? 'Log in to view this PDF.' : 'Failed to load PDF (' + nonceRes.status + ')');
-				return;
-			}
-			var result = await nonceRes.json();
-			var nonce = result.response.nonce;
-			console.log('[PDF-Secure] Nonce OK:', nonce);
-
-			// 2. PDF binary
-			var pdfRes = await fetch(
-				config.relative_path + '/api/v3/plugins/pdf-secure/pdf-data?nonce=' + encodeURIComponent(nonce),
-				{ credentials: 'same-origin' }
-			);
-			if (!pdfRes.ok) { showError('Failed to load PDF data (' + pdfRes.status + ')'); return; }
-			var pdfArrayBuffer = await pdfRes.arrayBuffer();
-			console.log('[PDF-Secure] PDF loaded:', pdfArrayBuffer.byteLength, 'bytes');
-
-			// 3. PDF.js
-			var lib = await getPdfLib();
-			if (!lib || !lib.getDocument) { showError('PDF.js library failed to load.'); return; }
-
-			var pdfDoc = await lib.getDocument({ data: new Uint8Array(pdfArrayBuffer) }).promise;
-			var totalPages = pdfDoc.numPages;
-			console.log('[PDF-Secure] Pages:', totalPages);
-
-			loadingEl.style.display = 'none';
-			pagecountEl.textContent = totalPages + ' page' + (totalPages > 1 ? 's' : '');
-
-			// Security
-			container.addEventListener('contextmenu', function (e) { e.preventDefault(); });
-			container.addEventListener('dragstart', function (e) { e.preventDefault(); });
-			container.addEventListener('selectstart', function (e) { e.preventDefault(); });
-
-			// 4. Render ALL pages
-			var viewerArea = container.querySelector('.pdf-secure-viewer-area');
-			var pageCanvases = [];
-
-			for (var i = 1; i <= totalPages; i++) {
-				var pageWrapper = document.createElement('div');
-				pageWrapper.className = 'pdf-secure-page';
-				var canvas = document.createElement('canvas');
-				pageWrapper.appendChild(canvas);
-				pagesEl.appendChild(pageWrapper);
-				pageCanvases.push({ canvas: canvas, pageNum: i, rendered: false });
-			}
-
-			// Render visible pages (IntersectionObserver for performance)
-			var observer = new IntersectionObserver(function (entries) {
-				entries.forEach(function (entry) {
-					if (entry.isIntersecting) {
-						var idx = parseInt(entry.target.dataset.pageIdx, 10);
-						var item = pageCanvases[idx];
-						if (item && !item.rendered) {
-							item.rendered = true;
-							renderPage(pdfDoc, item.canvas, item.pageNum, viewerArea.clientWidth);
-						}
+				container.appendChild(header);
+
+				// Iframe for viewer
+				var iframeWrapper = document.createElement('div');
+				iframeWrapper.className = 'pdf-secure-embed-body';
+
+				var iframe = document.createElement('iframe');
+				iframe.className = 'pdf-secure-iframe';
+				iframe.src = config.relative_path + '/plugins/pdf-secure/viewer?file=' + encodeURIComponent(filename);
+				iframe.setAttribute('frameborder', '0');
+				iframe.setAttribute('allowfullscreen', 'true');
+				iframe.setAttribute('loading', 'lazy');
+
+				iframeWrapper.appendChild(iframe);
+				container.appendChild(iframeWrapper);
+
+				// Fullscreen button handler
+				header.querySelector('.pdf-secure-fullscreen-btn').addEventListener('click', function () {
+					if (iframe.requestFullscreen) {
+						iframe.requestFullscreen();
+					} else if (iframe.webkitRequestFullscreen) {
+						iframe.webkitRequestFullscreen();
+					} else if (iframe.msRequestFullscreen) {
+						iframe.msRequestFullscreen();
 					}
 				});
-			}, { root: viewerArea, rootMargin: '200px' });
 
-			pageCanvases.forEach(function (item, idx) {
-				item.canvas.parentElement.dataset.pageIdx = idx;
-				observer.observe(item.canvas.parentElement);
+				link.replaceWith(container);
 			});
-
-			console.log('[PDF-Secure] DONE:', filename);
-		} catch (err) {
-			console.error('[PDF-Secure] CATCH:', err);
-			showError('Failed to load PDF.');
-		}
-	}
-
-	async function renderPage(pdfDoc, canvas, pageNum, containerWidth) {
-		try {
-			var page = await pdfDoc.getPage(pageNum);
-			var vp = page.getViewport({ scale: 1 });
-			// Use container width minus padding for scale
-			var availableWidth = containerWidth - 40;
-			var scale = Math.min(availableWidth / vp.width, 2.5);
-			var scaled = page.getViewport({ scale: scale });
-
-			canvas.width = scaled.width;
-			canvas.height = scaled.height;
-
-			await page.render({
-				canvasContext: canvas.getContext('2d'),
-				viewport: scaled,
-			}).promise;
-
-			console.log('[PDF-Secure] Rendered page', pageNum);
-		} catch (err) {
-			console.error('[PDF-Secure] Render error page ' + pageNum + ':', err);
-		}
+		});
 	}
 
 	function escapeHtml(str) {

package/static/style.less

@@ -1,169 +1,123 @@
-/* PDF Secure Viewer — Inline Preview (Edge-style dark theme) */
+/* PDF Secure Viewer — Inline Embed Styles for NodeBB */
 
-.pdf-secure-inline {
-	border-radius: 8px;
+/* Embedded PDF Container */
+.pdf-secure-embed {
+	margin: 16px 0;
+	border-radius: 12px;
 	overflow: hidden;
-	margin: 12px 0;
-	max-width: 100%;
-	user-select: none;
-	-webkit-user-select: none;
-	box-shadow: 0 2px 12px rgba(0, 0, 0, 0.25);
-	border: 1px solid #404040;
+	background: #1f1f1f;
+	border: 1px solid rgba(255, 255, 255, 0.1);
+	box-shadow: 0 4px 20px rgba(0, 0, 0, 0.25);
 }
 
-/* Toolbar — matches viewer.html */
-.pdf-secure-toolbar {
+/* Header */
+.pdf-secure-embed-header {
 	display: flex;
 	align-items: center;
 	justify-content: space-between;
-	padding: 0 12px;
-	height: 42px;
-	background: #2d2d2d;
-	border-bottom: 1px solid #404040;
-	color: #fff;
-	font-family: "Segoe UI", system-ui, -apple-system, sans-serif;
-	font-size: 13px;
-}
-
-.pdf-secure-toolbar-left {
-	display: flex;
-	align-items: center;
-	gap: 8px;
-	min-width: 0;
+	padding: 10px 16px;
+	background: linear-gradient(135deg, #2d2d2d 0%, #252525 100%);
+	border-bottom: 1px solid rgba(255, 255, 255, 0.08);
 }
 
-.pdf-secure-toolbar-right {
+.pdf-secure-embed-title {
 	display: flex;
 	align-items: center;
-	gap: 8px;
-	flex-shrink: 0;
+	gap: 10px;
+	color: #fff;
+	font-size: 14px;
+	font-weight: 500;
 }
 
-.pdf-secure-icon {
-	width: 18px;
-	height: 18px;
-	color: #a0a0a0;
+.pdf-secure-embed-title svg {
+	width: 20px;
+	height: 20px;
+	fill: #e81224;
 	flex-shrink: 0;
 }
 
-.pdf-secure-filename {
+.pdf-secure-embed-title span {
 	white-space: nowrap;
 	overflow: hidden;
 	text-overflow: ellipsis;
-	font-weight: 500;
-}
-
-.pdf-secure-pagecount {
-	color: #a0a0a0;
-	font-size: 12px;
-	white-space: nowrap;
+	max-width: 400px;
 }
 
-/* Viewer area — matches viewer.html #viewerContainer */
-.pdf-secure-viewer-area {
-	background: #525659;
-	max-height: 700px;
-	overflow-y: auto;
-	overflow-x: hidden;
-	position: relative;
-
-	/* Scrollbar styling */
-	&::-webkit-scrollbar {
-		width: 8px;
-	}
-	&::-webkit-scrollbar-track {
-		background: #2d2d2d;
-	}
-	&::-webkit-scrollbar-thumb {
-		background: #3d3d3d;
-		border-radius: 4px;
-	}
-	&::-webkit-scrollbar-thumb:hover {
-		background: #555;
-	}
-}
-
-/* Each page — matches viewer.html .pdfViewer .page */
-.pdf-secure-page {
-	margin: 8px auto;
-	box-shadow: 0 2px 8px rgba(0, 0, 0, 0.3);
+.pdf-secure-embed-actions {
 	display: flex;
-	justify-content: center;
-	width: fit-content;
-
-	canvas {
-		display: block;
-		max-width: 100%;
-		pointer-events: none;
-	}
-}
-
-/* Pages container */
-.pdf-secure-pages {
-	padding: 4px 0;
+	gap: 8px;
 }
 
-/* Loading spinner */
-.pdf-secure-loading {
+.pdf-secure-fullscreen-btn {
 	display: flex;
-	flex-direction: column;
 	align-items: center;
 	justify-content: center;
-	gap: 12px;
-	min-height: 300px;
-	color: #a0a0a0;
-	font-size: 14px;
-	font-family: "Segoe UI", system-ui, sans-serif;
-}
-
-.pdf-secure-spinner {
 	width: 32px;
 	height: 32px;
-	border: 3px solid #3d3d3d;
-	border-top-color: #0078d4;
-	border-radius: 50%;
-	animation: pdf-secure-spin 0.8s linear infinite;
+	background: rgba(255, 255, 255, 0.08);
+	border: none;
+	border-radius: 6px;
+	cursor: pointer;
+	transition: all 0.2s;
 }
 
-@keyframes pdf-secure-spin {
-	to { transform: rotate(360deg); }
+.pdf-secure-fullscreen-btn:hover {
+	background: rgba(255, 255, 255, 0.15);
 }
 
-/* Error */
-.pdf-secure-error {
-	display: none;
-	align-items: center;
-	justify-content: center;
-	min-height: 200px;
-	color: #e81224;
-	font-size: 14px;
-	text-align: center;
-	padding: 20px;
-	font-family: "Segoe UI", system-ui, sans-serif;
+.pdf-secure-fullscreen-btn svg {
+	width: 18px;
+	height: 18px;
+	fill: #fff;
 }
 
-/* Anti-print */
-@media print {
-	.pdf-secure-inline {
-		display: none !important;
-	}
+/* Viewer Body */
+.pdf-secure-embed-body {
+	position: relative;
+	width: 100%;
+	height: 600px;
+	background: #525659;
+}
+
+.pdf-secure-iframe {
+	width: 100%;
+	height: 100%;
+	border: none;
+	display: block;
 }
 
 /* Responsive */
 @media (max-width: 768px) {
-	.pdf-secure-viewer-area {
-		max-height: 500px;
+	.pdf-secure-embed-body {
+		height: 450px;
 	}
 
-	.pdf-secure-toolbar {
-		height: 38px;
-		padding: 0 8px;
-		font-size: 12px;
+	.pdf-secure-embed-title span {
+		max-width: 200px;
 	}
 }
 
 @media (max-width: 480px) {
-	.pdf-secure-viewer-area {
-		max-height: 400px;
+	.pdf-secure-embed-body {
+		height: 350px;
+	}
+
+	.pdf-secure-embed-header {
+		padding: 8px 12px;
+	}
+
+	.pdf-secure-embed-title {
+		font-size: 13px;
+	}
+
+	.pdf-secure-embed-title span {
+		max-width: 150px;
 	}
 }
+
+/* Anti-print */
+@media print {
+	.pdf-secure-embed {
+		display: none !important;
+	}
+}

package/{viewer.html → static/viewer.html}

@@ -40,6 +40,53 @@
             font-size: 14px;
             overflow: hidden;
             color: var(--text-primary);
+            /* Security: prevent text selection globally */
+            -webkit-user-select: none;
+            -moz-user-select: none;
+            -ms-user-select: none;
+            user-select: none;
+        }
+
+        /* Print Protection - hide everything when printing */
+        @media print {
+
+            html,
+            body,
+            #viewerContainer,
+            #viewer,
+            .pdfViewer,
+            .page {
+                display: none !important;
+                visibility: hidden !important;
+            }
+
+            body::before {
+                content: 'Bu içeriğin yazdırılması engellenmiştir.' !important;
+                display: block !important;
+                font-size: 24px;
+                padding: 50px;
+                text-align: center;
+                color: #666;
+            }
+        }
+
+        /* Loading Spinner Animation */
+        @keyframes spin {
+            from {
+                transform: rotate(0deg);
+            }
+
+            to {
+                transform: rotate(360deg);
+            }
+        }
+
+        .spin {
+            animation: spin 1s linear infinite;
+        }
+
+        .dropzone svg.spin {
+            fill: var(--accent);
         }
 
         /* Toolbar - Edge Style */
@@ -1357,6 +1404,90 @@
             generateThumbnails();
         }
 
+        // Load PDF from ArrayBuffer (for secure nonce-based loading)
+        async function loadPDFFromBuffer(arrayBuffer) {
+            uploadOverlay.classList.add('hidden');
+
+            pdfDoc = await pdfjsLib.getDocument({ data: arrayBuffer }).promise;
+
+            pdfViewer.setDocument(pdfDoc);
+            linkService.setDocument(pdfDoc);
+
+            ['zoomIn', 'zoomOut', 'pageInput', 'rotateLeft', 'rotateRight'].forEach(id => {
+                document.getElementById(id).disabled = false;
+            });
+
+            generateThumbnails();
+        }
+
+        // Auto-load PDF if config is present (injected by NodeBB plugin)
+        async function autoLoadSecurePDF() {
+            if (!window.PDF_SECURE_CONFIG || !window.PDF_SECURE_CONFIG.filename) {
+                console.log('[PDF-Secure] No config found, showing file picker');
+                return;
+            }
+
+            const config = window.PDF_SECURE_CONFIG;
+            console.log('[PDF-Secure] Auto-loading:', config.filename);
+
+            // Show loading state
+            const dropzone = document.getElementById('dropzone');
+            if (dropzone) {
+                dropzone.innerHTML = `
+                    <svg viewBox="0 0 24 24" class="spin">
+                        <path d="M12 4V2A10 10 0 0 0 2 12h2a8 8 0 0 1 8-8z" />
+                    </svg>
+                    <h2>PDF Yükleniyor...</h2>
+                    <p>${config.filename}</p>
+                `;
+            }
+
+            try {
+                // Step 1: Get nonce
+                const nonceUrl = config.relativePath + '/api/v3/plugins/pdf-secure/nonce?file=' + encodeURIComponent(config.filename);
+                const nonceRes = await fetch(nonceUrl, {
+                    credentials: 'same-origin',
+                    headers: { 'x-csrf-token': config.csrfToken }
+                });
+
+                if (!nonceRes.ok) {
+                    throw new Error(nonceRes.status === 401 ? 'Giriş yapmanız gerekiyor' : 'Nonce alınamadı');
+                }
+
+                const nonceData = await nonceRes.json();
+                const nonce = nonceData.response.nonce;
+
+                // Step 2: Fetch PDF binary
+                const pdfUrl = config.relativePath + '/api/v3/plugins/pdf-secure/pdf-data?nonce=' + encodeURIComponent(nonce);
+                const pdfRes = await fetch(pdfUrl, { credentials: 'same-origin' });
+
+                if (!pdfRes.ok) {
+                    throw new Error('PDF yüklenemedi (' + pdfRes.status + ')');
+                }
+
+                const pdfBuffer = await pdfRes.arrayBuffer();
+                console.log('[PDF-Secure] PDF loaded:', pdfBuffer.byteLength, 'bytes');
+
+                // Load into viewer
+                await loadPDFFromBuffer(pdfBuffer);
+
+            } catch (err) {
+                console.error('[PDF-Secure] Auto-load error:', err);
+                if (dropzone) {
+                    dropzone.innerHTML = `
+                        <svg viewBox="0 0 24 24" style="fill: #e81224;">
+                            <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 15h-2v-2h2v2zm0-4h-2V7h2v6z"/>
+                        </svg>
+                        <h2>Hata</h2>
+                        <p>${err.message}</p>
+                    `;
+                }
+            }
+        }
+
+        // Run auto-load on page ready
+        autoLoadSecurePDF();
+
         // Generate Thumbnails
         async function generateThumbnails() {
             thumbnailContainer.innerHTML = '';