nodebb-plugin-pdf-secure 1.2.19 → 1.2.20

package/docs/plans/2026-02-24-premium-gate-design.md

@@ -0,0 +1,52 @@
+# Premium Gate Design
+
+## Problem
+All PDFs are currently fully viewable by all users. We need to restrict non-Premium users to viewing only the first page, with a lock overlay prompting them to upgrade.
+
+## Requirements
+- Users in the "Premium" NodeBB group see all PDF pages
+- Users NOT in "Premium" see only the first page
+- Locked pages show a warning overlay with:
+  - Lock icon + "Premium required" message
+  - Link to forumtest.ieu.app/premium
+  - Secondary message about uploading materials to become Premium
+- Admins and Global Moderators always get full access
+
+## Approach: Server-Side Control
+
+### Server Changes
+
+**library.js (viewer route, line ~83):**
+- Replace `const isPremium = true;` with actual group membership check
+- Use `groups.isMember(req.uid, 'Premium')`
+- Admin + Global Mod bypass (already exists for direct access, reuse pattern)
+- Inject `isPremium` and `totalPages` into `window.PDF_SECURE_CONFIG`
+
+**lib/pdf-handler.js:**
+- Add `getTotalPages(filename)` function
+- Loads PDF, returns `srcDoc.getPageCount()`
+- Used by viewer route to tell client how many pages exist
+
+**lib/controllers.js:**
+- No changes needed - already handles `isPremium` flag from nonce data
+
+### Client Changes
+
+**static/viewer.html / viewer-app.js:**
+- After PDF loads, if `isPremium === false`:
+  - Show only 1 page (server already sends only 1 page)
+  - Below the first page, render a lock overlay
+  - Overlay content:
+    - Lock icon (SVG)
+    - "Bu icerigi goruntulemek icin Premium uyelik gereklidir"
+    - "Premium Satin Al" button → forumtest.ieu.app/premium
+    - "Materyal yukleyerek de Premium olabilirsiniz!" secondary text
+
+### Flow
+1. User clicks PDF → viewer route called
+2. Server checks Premium group membership
+3. isPremium flag set in nonce + injected to viewer HTML
+4. If not premium: server sends single-page PDF via getSinglePagePdf()
+5. Client shows the page + lock overlay with upgrade prompt
+6. If premium: server sends full PDF via getFullPdf()
+7. Client shows all pages normally

package/docs/plans/2026-02-24-premium-gate.md

@@ -0,0 +1,323 @@
+# Premium Gate Implementation Plan
+
+> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
+
+**Goal:** Restrict non-Premium users to viewing only the first PDF page, with a lock overlay prompting upgrade.
+
+**Architecture:** Server checks user's "Premium" group membership, sends single-page PDF for non-premium users. Client renders a lock overlay below the first page showing upgrade prompts. Admin/Global Moderators always get full access.
+
+**Tech Stack:** NodeBB plugin (Node.js), pdf-lib, PDF.js viewer, LESS/CSS
+
+---
+
+### Task 1: Add getTotalPages to pdf-handler
+
+**Files:**
+- Modify: `lib/pdf-handler.js`
+
+**Step 1: Add getTotalPages function**
+
+Add after `getSinglePagePdf` (after line 89):
+
+```javascript
+PdfHandler.getTotalPages = async function (filename) {
+	const filePath = PdfHandler.resolveFilePath(filename);
+	if (!filePath) {
+		throw new Error('Invalid filename');
+	}
+
+	if (!fs.existsSync(filePath)) {
+		throw new Error('File not found');
+	}
+
+	const pdfBytes = await fs.promises.readFile(filePath);
+	const srcDoc = await PDFDocument.load(pdfBytes);
+	return srcDoc.getPageCount();
+};
+```
+
+**Step 2: Commit**
+
+```bash
+git add lib/pdf-handler.js
+git commit -m "feat: add getTotalPages to pdf-handler"
+```
+
+---
+
+### Task 2: Add Premium group check to viewer route
+
+**Files:**
+- Modify: `library.js` (lines 63-119, the viewer route)
+
+**Step 1: Replace hardcoded isPremium with group check**
+
+In `library.js`, replace line 83:
+```javascript
+const isPremium = true;
+```
+
+With:
+```javascript
+// Check if user is Premium (admins/global mods always premium)
+let isPremium = false;
+if (req.uid) {
+	const [isAdmin, isGlobalMod, isPremiumMember] = await Promise.all([
+		groups.isMember(req.uid, 'administrators'),
+		groups.isMember(req.uid, 'Global Moderators'),
+		groups.isMember(req.uid, 'Premium'),
+	]);
+	isPremium = isAdmin || isGlobalMod || isPremiumMember;
+}
+```
+
+**Step 2: Add totalPages to config injection**
+
+In `library.js`, inside the viewer route handler, before the nonce generation, add:
+```javascript
+// Get total page count for non-premium lock overlay
+const pdfHandler = require('./lib/pdf-handler');
+let totalPages = 1;
+try {
+	totalPages = await pdfHandler.getTotalPages(safeName);
+} catch (e) {
+	console.error('[PDF-Secure] Failed to get page count:', e.message);
+}
+```
+
+Note: Move the `pdfHandler` require to the top of the file (line 10 area) instead of inline.
+
+**Step 3: Inject isPremium and totalPages into viewer config**
+
+In the `window.PDF_SECURE_CONFIG` object (around line 108-114), add two new fields:
+```javascript
+window.PDF_SECURE_CONFIG = {
+	filename: ${JSON.stringify(safeName)},
+	relativePath: ${JSON.stringify(req.app.get('relative_path') || '')},
+	csrfToken: ${JSON.stringify(req.csrfToken ? req.csrfToken() : '')},
+	nonce: ${JSON.stringify(nonceData.nonce)},
+	dk: ${JSON.stringify(nonceData.xorKey)},
+	isPremium: ${JSON.stringify(isPremium)},
+	totalPages: ${JSON.stringify(totalPages)}
+};
+```
+
+**Step 4: Make the viewer route handler async**
+
+The current route handler at line 64 is a sync callback: `router.get('/plugins/pdf-secure/viewer', (req, res) => {`
+
+Change it to async: `router.get('/plugins/pdf-secure/viewer', async (req, res) => {`
+
+**Step 5: Commit**
+
+```bash
+git add library.js
+git commit -m "feat: check Premium group membership in viewer route"
+```
+
+---
+
+### Task 3: Add lock overlay to viewer-app.js
+
+**Files:**
+- Modify: `static/viewer-app.js`
+
+**Step 1: Add premium lock overlay after PDF loads**
+
+In `autoLoadSecurePDF()`, after `await loadPDFFromBuffer(pdfBuffer);` (line 262), add the lock overlay logic. The config is still available at this point (it gets deleted on line 270).
+
+Insert before `pdfBuffer = null;` (line 267):
+
+```javascript
+// Premium Gate: Show lock overlay for non-premium users
+if (config.isPremium === false && config.totalPages > 1) {
+	showPremiumLockOverlay(config.totalPages);
+}
+```
+
+**Step 2: Add showPremiumLockOverlay function**
+
+Add this function inside the IIFE, before `autoLoadSecurePDF()`:
+
+```javascript
+function showPremiumLockOverlay(totalPages) {
+	const viewerEl = document.getElementById('viewer');
+	if (!viewerEl) return;
+
+	const overlay = document.createElement('div');
+	overlay.id = 'premiumLockOverlay';
+	overlay.innerHTML = `
+		<div class="premium-lock-icon">
+			<svg viewBox="0 0 24 24" width="64" height="64" fill="#ffd700">
+				<path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1s3.1 1.39 3.1 3.1v2z"/>
+			</svg>
+		</div>
+		<div class="premium-lock-pages">
+			${totalPages - 1} sayfa daha kilitli
+		</div>
+		<div class="premium-lock-message">
+			Bu icerigi goruntuleye devam etmek icin Premium uyelik gereklidir.
+		</div>
+		<a href="https://forumtest.ieu.app/premium" target="_blank" class="premium-lock-button">
+			Premium Satin Al
+		</a>
+		<div class="premium-lock-secondary">
+			Materyal yukleyerek de Premium olabilirsiniz!
+		</div>
+	`;
+
+	viewerEl.appendChild(overlay);
+}
+```
+
+**Step 3: Commit**
+
+```bash
+git add static/viewer-app.js
+git commit -m "feat: add premium lock overlay for non-premium users"
+```
+
+---
+
+### Task 4: Add lock overlay CSS styles
+
+**Files:**
+- Modify: `static/viewer.html` (inline styles section)
+
+**Step 1: Add premium lock overlay styles**
+
+Add these styles inside the `<style>` tag in viewer.html, before the closing `</style>`:
+
+```css
+/* Premium Lock Overlay */
+#premiumLockOverlay {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    padding: 60px 20px;
+    text-align: center;
+    background: linear-gradient(180deg, rgba(31,31,31,0.95) 0%, rgba(20,20,20,0.98) 100%);
+    border-top: 2px solid rgba(255, 215, 0, 0.3);
+    min-height: 400px;
+    margin: 0 auto;
+    max-width: 100%;
+}
+
+.premium-lock-icon {
+    margin-bottom: 20px;
+    opacity: 0.9;
+}
+
+.premium-lock-pages {
+    font-size: 22px;
+    font-weight: 600;
+    color: #ffd700;
+    margin-bottom: 12px;
+}
+
+.premium-lock-message {
+    font-size: 16px;
+    color: #a0a0a0;
+    margin-bottom: 28px;
+    max-width: 400px;
+    line-height: 1.5;
+}
+
+.premium-lock-button {
+    display: inline-block;
+    padding: 14px 40px;
+    background: linear-gradient(135deg, #ffd700 0%, #ffaa00 100%);
+    color: #1a1a1a;
+    font-size: 16px;
+    font-weight: 700;
+    border-radius: 8px;
+    text-decoration: none;
+    transition: transform 0.2s, box-shadow 0.2s;
+    box-shadow: 0 4px 15px rgba(255, 215, 0, 0.3);
+}
+
+.premium-lock-button:hover {
+    transform: translateY(-2px);
+    box-shadow: 0 6px 20px rgba(255, 215, 0, 0.4);
+}
+
+.premium-lock-secondary {
+    margin-top: 20px;
+    font-size: 14px;
+    color: #888;
+    font-style: italic;
+}
+
+@media (max-width: 768px) {
+    #premiumLockOverlay {
+        padding: 40px 16px;
+        min-height: 300px;
+    }
+
+    .premium-lock-pages {
+        font-size: 18px;
+    }
+
+    .premium-lock-message {
+        font-size: 14px;
+    }
+
+    .premium-lock-button {
+        padding: 12px 32px;
+        font-size: 14px;
+    }
+}
+```
+
+**Step 2: Commit**
+
+```bash
+git add static/viewer.html
+git commit -m "feat: add premium lock overlay CSS styles"
+```
+
+---
+
+### Task 5: Hide sidebar and page count for non-premium users
+
+**Files:**
+- Modify: `static/viewer-app.js`
+
+**Step 1: Update page count display for non-premium**
+
+In the `pagesinit` event handler (around line 360-362), update the page count to show total pages from config instead of the actual loaded pages:
+
+Find the `eventBus.on('pagesinit', ...)` handler and wrap the pageCount update:
+
+```javascript
+eventBus.on('pagesinit', () => {
+    pdfViewer.currentScaleValue = 'page-width';
+    // For non-premium, show "1 / totalPages" instead of "1 / 1"
+    const savedConfig = window._pdfSecurePremiumInfo;
+    if (savedConfig && !savedConfig.isPremium && savedConfig.totalPages > 1) {
+        document.getElementById('pageCount').textContent = `/ ${savedConfig.totalPages}`;
+    } else {
+        document.getElementById('pageCount').textContent = `/ ${pdfViewer.pagesCount}`;
+    }
+});
+```
+
+**Step 2: Save premium info before config is deleted**
+
+In `autoLoadSecurePDF()`, right before the config delete line (`delete window.PDF_SECURE_CONFIG`), save the premium info:
+
+```javascript
+// Save premium info for UI (page count display)
+window._pdfSecurePremiumInfo = {
+    isPremium: config.isPremium,
+    totalPages: config.totalPages
+};
+```
+
+**Step 3: Commit**
+
+```bash
+git add static/viewer-app.js
+git commit -m "feat: show real total page count for non-premium users"
+```

package/lib/pdf-handler.js

@@ -6,6 +6,7 @@ const { PDFDocument } = require('pdf-lib');
 const nconf = require.main.require('nconf');
 
 const singlePageCache = new Map();
+const pageCountCache = new Map();
 const CACHE_TTL = 60 * 60 * 1000; // 1 hour
 
 // Periodic cleanup of expired cache entries
@@ -16,6 +17,11 @@ setInterval(() => {
 			singlePageCache.delete(key);
 		}
 	}
+	for (const [key, entry] of pageCountCache.entries()) {
+		if (now - entry.createdAt > CACHE_TTL) {
+			pageCountCache.delete(key);
+		}
+	}
 }, 10 * 60 * 1000).unref(); // cleanup every 10 minutes
 
 const PdfHandler = module.exports;
@@ -72,6 +78,10 @@ PdfHandler.getSinglePagePdf = async function (filename) {
 	const existingPdfBytes = await fs.promises.readFile(filePath);
 	const srcDoc = await PDFDocument.load(existingPdfBytes);
 
+	// Cache page count while we have the document loaded (avoids double read)
+	const totalPages = srcDoc.getPageCount();
+	pageCountCache.set(filename, { count: totalPages, createdAt: Date.now() });
+
 	const newDoc = await PDFDocument.create();
 	const [copiedPage] = await newDoc.copyPages(srcDoc, [0]);
 	newDoc.addPage(copiedPage);
@@ -87,3 +97,26 @@ PdfHandler.getSinglePagePdf = async function (filename) {
 
 	return buffer;
 };
+
+PdfHandler.getTotalPages = async function (filename) {
+	const cached = pageCountCache.get(filename);
+	if (cached && (Date.now() - cached.createdAt < CACHE_TTL)) {
+		return cached.count;
+	}
+
+	const filePath = PdfHandler.resolveFilePath(filename);
+	if (!filePath) {
+		throw new Error('Invalid filename');
+	}
+
+	if (!fs.existsSync(filePath)) {
+		throw new Error('File not found');
+	}
+
+	const pdfBytes = await fs.promises.readFile(filePath);
+	const srcDoc = await PDFDocument.load(pdfBytes);
+	const count = srcDoc.getPageCount();
+
+	pageCountCache.set(filename, { count, createdAt: Date.now() });
+	return count;
+};

package/library.js

@@ -61,7 +61,7 @@ plugin.init = async (params) => {
 	routeHelpers.setupAdminPageRoute(router, '/admin/plugins/pdf-secure', controllers.renderAdminPage);
 
 	// Viewer page route (fullscreen Mozilla PDF.js viewer, guests allowed)
-	router.get('/plugins/pdf-secure/viewer', (req, res) => {
+	router.get('/plugins/pdf-secure/viewer', async (req, res) => {
 		const { file } = req.query;
 		if (!file) {
 			return res.status(400).send('Missing file parameter');
@@ -78,10 +78,20 @@ plugin.init = async (params) => {
 			return res.status(500).send('Viewer not available');
 		}
 
-		// Generate nonce + key HERE (in viewer route)
-		// This way the key is ONLY embedded in HTML, never in a separate API response
-		const isPremium = true;
-		const nonceData = nonceStore.generate(req.uid || 0, safeName, isPremium);
+		// Check if user is Premium (admins/global mods always premium)
+		let isPremium = false;
+		if (req.uid) {
+			const [isAdmin, isGlobalMod, isPremiumMember] = await Promise.all([
+				groups.isMember(req.uid, 'administrators'),
+				groups.isMember(req.uid, 'Global Moderators'),
+				groups.isMember(req.uid, 'Premium'),
+			]);
+			isPremium = isAdmin || isGlobalMod || isPremiumMember;
+		}
+
+		// Always send full PDF (client-side premium gating)
+		// isPremium flag is sent to client for UI control only
+		const nonceData = nonceStore.generate(req.uid || 0, safeName, true);
 
 		// Serve the viewer template with comprehensive security headers
 		res.set({
@@ -110,7 +120,8 @@ plugin.init = async (params) => {
 						relativePath: ${JSON.stringify(req.app.get('relative_path') || '')},
 						csrfToken: ${JSON.stringify(req.csrfToken ? req.csrfToken() : '')},
 						nonce: ${JSON.stringify(nonceData.nonce)},
-						dk: ${JSON.stringify(nonceData.xorKey)}
+						dk: ${JSON.stringify(nonceData.xorKey)},
+						isPremium: ${JSON.stringify(isPremium)}
 					};
 				</script>
 			</head>`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure",
-  "version": "1.2.19",
+  "version": "1.2.20",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/static/viewer-app.js

@@ -2,6 +2,10 @@
 (function () {
     'use strict';
 
+    // Security: Capture config early and delete from window immediately
+    const _cfg = window.PDF_SECURE_CONFIG ? Object.assign({}, window.PDF_SECURE_CONFIG) : null;
+    delete window.PDF_SECURE_CONFIG;
+
     // ============================================
     // CANVAS EXPORT PROTECTION
     // Block toDataURL/toBlob for PDF render canvas only
@@ -45,6 +49,9 @@
     let pathSegments = [];
     let drawRAF = null;
 
+    // Premium info (saved before config deletion for UI use)
+    let premiumInfo = null;
+
     // Annotation persistence - stores SVG innerHTML per page
     const annotationsStore = new Map();
     const annotationRotations = new Map(); // tracks rotation when annotations were saved
@@ -91,8 +98,7 @@
             firstPageRendered = true;
             // Notify parent that PDF is fully rendered (for queue system)
             if (window.parent && window.parent !== window) {
-                const config = window.PDF_SECURE_CONFIG || {};
-                window.parent.postMessage({ type: 'pdf-secure-ready', filename: config.filename }, window.location.origin);
+                window.parent.postMessage({ type: 'pdf-secure-ready', filename: (_cfg || {}).filename }, window.location.origin);
                 console.log('[PDF-Secure] First page rendered, notifying parent');
             }
         }
@@ -165,14 +171,106 @@
         return data.buffer;
     }
 
+    function showPremiumLockOverlay(totalPages) {
+        const viewerEl = document.getElementById('viewer');
+        if (!viewerEl) return;
+
+        const overlay = document.createElement('div');
+        overlay.id = 'premiumLockOverlay';
+        overlay.innerHTML = `
+            <div class="premium-lock-icon">
+                <svg viewBox="0 0 24 24" width="64" height="64" fill="#ffd700">
+                    <path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1s3.1 1.39 3.1 3.1v2z"/>
+                </svg>
+            </div>
+            <div class="premium-lock-pages">
+                ${totalPages - 1} sayfa daha kilitli
+            </div>
+            <div class="premium-lock-message">
+                Bu icerigi goruntulemeye devam etmek icin Premium uyelik gereklidir.
+            </div>
+            <a href="https://forumtest.ieu.app/premium" target="_blank" class="premium-lock-button">
+                Premium Satin Al
+            </a>
+            <div class="premium-lock-secondary">
+                Materyal yukleyerek de Premium olabilirsiniz!
+            </div>
+        `;
+
+        viewerEl.appendChild(overlay);
+    }
+
+    // ============================================
+    // PREMIUM INTEGRITY: Periodic Check (2s interval)
+    // Hides pages 2+, recreates overlay if removed, forces page 1
+    // ============================================
+    function startPeriodicCheck() {
+        setInterval(function () {
+            if (!premiumInfo || premiumInfo.isPremium) return;
+            // Hide all pages beyond page 1
+            var pages = document.querySelectorAll('#viewer .page');
+            pages.forEach(function (page, idx) {
+                if (idx > 0 && page.style.display !== 'none') {
+                    page.style.display = 'none';
+                }
+            });
+            // Ensure overlay exists
+            if (!document.getElementById('premiumLockOverlay')) {
+                showPremiumLockOverlay(premiumInfo.totalPages);
+            }
+            // Force page 1 if somehow on another page
+            if (pdfViewer && pdfViewer.currentPageNumber > 1) {
+                pdfViewer.currentPageNumber = 1;
+            }
+        }, 2000);
+    }
+
+    // ============================================
+    // PREMIUM INTEGRITY: MutationObserver Anti-Tampering
+    // Recreates overlay on removal, re-hides pages on style change
+    // ============================================
+    function setupAntiTampering() {
+        var viewerEl = document.getElementById('viewer');
+        if (!viewerEl) return;
+
+        // Observer 1: Watch for overlay removal (childList)
+        new MutationObserver(function (mutations) {
+            for (var i = 0; i < mutations.length; i++) {
+                var removed = mutations[i].removedNodes;
+                for (var j = 0; j < removed.length; j++) {
+                    if (removed[j].id === 'premiumLockOverlay') {
+                        showPremiumLockOverlay(premiumInfo.totalPages);
+                        return;
+                    }
+                }
+            }
+        }).observe(viewerEl, { childList: true });
+
+        // Observer 2: Watch for page visibility tampering (attributes)
+        new MutationObserver(function (mutations) {
+            for (var i = 0; i < mutations.length; i++) {
+                var m = mutations[i];
+                if (m.type === 'attributes' && m.attributeName === 'style') {
+                    var target = m.target;
+                    if (target.classList && target.classList.contains('page')) {
+                        var pageNum = parseInt(target.dataset.pageNumber || '0', 10);
+                        if (pageNum > 1 && target.style.display !== 'none') {
+                            target.style.display = 'none';
+                        }
+                    }
+                }
+            }
+        }).observe(viewerEl, { childList: true, subtree: true, attributes: true, attributeFilter: ['style'] });
+    }
+
     // Auto-load PDF if config is present (injected by NodeBB plugin)
     async function autoLoadSecurePDF() {
-        if (!window.PDF_SECURE_CONFIG || !window.PDF_SECURE_CONFIG.filename) {
+        if (!_cfg || !_cfg.filename) {
             console.log('[PDF-Secure] No config found, showing file picker');
             return;
         }
 
-        const config = window.PDF_SECURE_CONFIG;
+        const config = _cfg;
         console.log('[PDF-Secure] Auto-loading:', config.filename);
 
         // Show loading state
@@ -244,8 +342,8 @@
                     pdfBuffer = encodedBuffer;
                 }
 
-                // Send buffer to parent for caching
-                if (window.parent && window.parent !== window) {
+                // Send buffer to parent for caching (premium only - non-premium must not leak decoded buffer)
+                if (_cfg.isPremium !== false && window.parent && window.parent !== window) {
                     // Clone buffer for parent (we keep original)
                     const bufferCopy = pdfBuffer.slice(0);
                     window.parent.postMessage({
@@ -261,14 +359,21 @@
             // Step 4: Load into viewer
             await loadPDFFromBuffer(pdfBuffer);
 
+            // Premium Gate: Client-side page restriction for non-premium users
+            if (config.isPremium === false && pdfDoc && pdfDoc.numPages > 1) {
+                premiumInfo = Object.freeze({ isPremium: false, totalPages: pdfDoc.numPages });
+                showPremiumLockOverlay(pdfDoc.numPages);
+                startPeriodicCheck();
+                setupAntiTampering();
+            } else {
+                premiumInfo = Object.freeze({ isPremium: true, totalPages: pdfDoc ? pdfDoc.numPages : 1 });
+            }
+
             // Step 5: Moved to pagerendered event for proper timing
 
             // Step 6: Security - clear references to prevent extraction
             pdfBuffer = null;
 
-            // Security: Delete config containing sensitive data (nonce, key)
-            delete window.PDF_SECURE_CONFIG;
-
             // Security: Remove PDF.js globals to prevent console manipulation
             delete window.pdfjsLib;
             delete window.pdfjsViewer;
@@ -292,10 +397,9 @@
 
             // Notify parent of error (prevents 60s queue hang)
             if (window.parent && window.parent !== window) {
-                const config = window.PDF_SECURE_CONFIG || {};
                 window.parent.postMessage({
                     type: 'pdf-secure-ready',
-                    filename: config.filename,
+                    filename: (_cfg || {}).filename,
                     error: err.message
                 }, window.location.origin);
             }
@@ -325,10 +429,16 @@
         // Create placeholder thumbnails for all pages
         for (let i = 1; i <= pdfDoc.numPages; i++) {
             const thumb = document.createElement('div');
-            thumb.className = 'thumbnail' + (i === 1 ? ' active' : '');
+            const isLocked = premiumInfo && !premiumInfo.isPremium && premiumInfo.totalPages > 1 && i > 1;
+            thumb.className = 'thumbnail' + (i === 1 ? ' active' : '') + (isLocked ? ' locked' : '');
             thumb.dataset.page = i;
-            thumb.innerHTML = `<div class="thumbnailNum">${i}</div>`;
+            if (isLocked) {
+                thumb.innerHTML = `<div class="thumbnailNum">${i}</div><div class="thumbnail-lock">&#128274;</div>`;
+            } else {
+                thumb.innerHTML = `<div class="thumbnailNum">${i}</div>`;
+            }
             thumb.onclick = () => {
+                if (isLocked) return;
                 pdfViewer.currentPageNumber = i;
                 document.querySelectorAll('.thumbnail').forEach(t => t.classList.remove('active'));
                 thumb.classList.add('active');
@@ -339,7 +449,7 @@
         // Lazy render thumbnails with IntersectionObserver
         const thumbObserver = new IntersectionObserver((entries) => {
             entries.forEach(async (entry) => {
-                if (entry.isIntersecting && !entry.target.dataset.rendered) {
+                if (entry.isIntersecting && !entry.target.dataset.rendered && !entry.target.classList.contains('locked')) {
                     entry.target.dataset.rendered = 'true';
                     const pageNum = parseInt(entry.target.dataset.page);
                     const page = await pdfDoc.getPage(pageNum);
@@ -359,10 +469,31 @@
     // Events
     eventBus.on('pagesinit', () => {
         pdfViewer.currentScaleValue = 'page-width';
-        document.getElementById('pageCount').textContent = `/ ${pdfViewer.pagesCount}`;
+
+        // Premium Gate: Hide all pages beyond page 1 immediately
+        if (premiumInfo && !premiumInfo.isPremium && premiumInfo.totalPages > 1) {
+            for (let i = 1; i < pdfViewer.pagesCount; i++) {
+                const pageView = pdfViewer.getPageView(i); // 0-indexed
+                if (pageView && pageView.div) {
+                    pageView.div.style.display = 'none';
+                }
+            }
+        }
+
+        if (premiumInfo && !premiumInfo.isPremium && premiumInfo.totalPages > 1) {
+            document.getElementById('pageCount').textContent = `/ ${premiumInfo.totalPages}`;
+        } else {
+            document.getElementById('pageCount').textContent = `/ ${pdfViewer.pagesCount}`;
+        }
     });
 
     eventBus.on('pagechanging', (evt) => {
+        // Premium Gate: Block navigation beyond page 1 for non-premium users
+        if (premiumInfo && !premiumInfo.isPremium && premiumInfo.totalPages > 1 && evt.pageNumber > 1) {
+            // Force back to page 1
+            setTimeout(() => { pdfViewer.currentPageNumber = 1; }, 0);
+            return;
+        }
         document.getElementById('pageInput').value = evt.pageNumber;
         // Update active thumbnail
         document.querySelectorAll('.thumbnail').forEach(t => {
@@ -385,6 +516,15 @@
     });
 
     eventBus.on('pagerendered', (evt) => {
+        // Premium Gate: Hide pages beyond page 1 for non-premium users
+        if (premiumInfo && !premiumInfo.isPremium && premiumInfo.totalPages > 1 && evt.pageNumber > 1) {
+            const pageView = pdfViewer.getPageView(evt.pageNumber - 1);
+            if (pageView && pageView.div) {
+                pageView.div.style.display = 'none';
+            }
+            return;
+        }
+
         injectAnnotationLayer(evt.pageNumber);
 
         // Rotation is handled natively by PDF.js via pagesRotation
@@ -393,6 +533,11 @@
     // Page Navigation
     document.getElementById('pageInput').onchange = (e) => {
         const num = parseInt(e.target.value);
+        // Premium Gate: Block manual page input beyond page 1
+        if (premiumInfo && !premiumInfo.isPremium && premiumInfo.totalPages > 1 && num > 1) {
+            e.target.value = 1;
+            return;
+        }
         if (num >= 1 && num <= pdfViewer.pagesCount) {
             pdfViewer.currentPageNumber = num;
         }

package/static/viewer.html

@@ -1572,6 +1572,106 @@
                 touch-action: manipulation;
             }
         }
+
+        /* Premium Lock Overlay */
+        #premiumLockOverlay {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            padding: 60px 20px;
+            text-align: center;
+            background: linear-gradient(180deg, rgba(31,31,31,0.95) 0%, rgba(20,20,20,0.98) 100%);
+            border-top: 2px solid rgba(255, 215, 0, 0.3);
+            min-height: 400px;
+            margin: 0 auto;
+            max-width: 100%;
+        }
+
+        .premium-lock-icon {
+            margin-bottom: 20px;
+            opacity: 0.9;
+        }
+
+        .premium-lock-pages {
+            font-size: 22px;
+            font-weight: 600;
+            color: #ffd700;
+            margin-bottom: 12px;
+        }
+
+        .premium-lock-message {
+            font-size: 16px;
+            color: #a0a0a0;
+            margin-bottom: 28px;
+            max-width: 400px;
+            line-height: 1.5;
+        }
+
+        .premium-lock-button {
+            display: inline-block;
+            padding: 14px 40px;
+            background: linear-gradient(135deg, #ffd700 0%, #ffaa00 100%);
+            color: #1a1a1a;
+            font-size: 16px;
+            font-weight: 700;
+            border-radius: 8px;
+            text-decoration: none;
+            transition: transform 0.2s, box-shadow 0.2s;
+            box-shadow: 0 4px 15px rgba(255, 215, 0, 0.3);
+        }
+
+        .premium-lock-button:hover {
+            transform: translateY(-2px);
+            box-shadow: 0 6px 20px rgba(255, 215, 0, 0.4);
+        }
+
+        .premium-lock-secondary {
+            margin-top: 20px;
+            font-size: 14px;
+            color: #888;
+            font-style: italic;
+        }
+
+        /* Locked Thumbnails */
+        .thumbnail.locked {
+            opacity: 0.4;
+            cursor: not-allowed;
+            position: relative;
+        }
+
+        .thumbnail.locked:hover {
+            border-color: rgba(255, 215, 0, 0.4);
+        }
+
+        .thumbnail-lock {
+            position: absolute;
+            top: 50%;
+            left: 50%;
+            transform: translate(-50%, -50%);
+            font-size: 20px;
+            z-index: 2;
+        }
+
+        @media (max-width: 768px) {
+            #premiumLockOverlay {
+                padding: 40px 16px;
+                min-height: 300px;
+            }
+
+            .premium-lock-pages {
+                font-size: 18px;
+            }
+
+            .premium-lock-message {
+                font-size: 14px;
+            }
+
+            .premium-lock-button {
+                padding: 12px 32px;
+                font-size: 14px;
+            }
+        }
     </style>
 </head>
 
@@ -1954,6 +2054,10 @@
         (function () {
             'use strict';
 
+            // Security: Capture config early and delete from window immediately
+            const _cfg = window.PDF_SECURE_CONFIG ? Object.assign({}, window.PDF_SECURE_CONFIG) : null;
+            delete window.PDF_SECURE_CONFIG;
+
             // ============================================
             // CANVAS EXPORT PROTECTION
             // Block toDataURL/toBlob for PDF render canvas only
@@ -1995,6 +2099,9 @@
             let currentPath = null;
             let currentDrawingPage = null;
 
+            // Premium info (saved before config deletion for UI use)
+            let premiumInfo = null;
+
             // RAF throttle for smooth drawing performance
             let pathSegments = [];  // Buffer path segments
             let drawRAF = null;     // requestAnimationFrame ID
@@ -2044,8 +2151,7 @@
                     firstPageRendered = true;
                     // Notify parent that PDF is fully rendered (for queue system)
                     if (window.parent && window.parent !== window) {
-                        const config = window.PDF_SECURE_CONFIG || {};
-                        window.parent.postMessage({ type: 'pdf-secure-ready', filename: config.filename }, window.location.origin);
+                        window.parent.postMessage({ type: 'pdf-secure-ready', filename: (_cfg || {}).filename }, window.location.origin);
                         console.log('[PDF-Secure] First page rendered, notifying parent');
                     }
                 }
@@ -2118,14 +2224,90 @@
                 return data.buffer;
             }
 
+            function showPremiumLockOverlay(totalPages) {
+                var viewerEl = document.getElementById('viewer');
+                if (!viewerEl) return;
+
+                var overlay = document.createElement('div');
+                overlay.id = 'premiumLockOverlay';
+                overlay.innerHTML = '\
+                    <div class="premium-lock-icon">\
+                        <svg viewBox="0 0 24 24" width="64" height="64" fill="#ffd700">\
+                            <path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1s3.1 1.39 3.1 3.1v2z"/>\
+                        </svg>\
+                    </div>\
+                    <div class="premium-lock-pages">' + (totalPages - 1) + ' sayfa daha kilitli</div>\
+                    <div class="premium-lock-message">Bu icerigi goruntulemeye devam etmek icin Premium uyelik gereklidir.</div>\
+                    <a href="https://forumtest.ieu.app/premium" target="_blank" class="premium-lock-button">Premium Satin Al</a>\
+                    <div class="premium-lock-secondary">Materyal yukleyerek de Premium olabilirsiniz!</div>';
+
+                viewerEl.appendChild(overlay);
+            }
+
+            // ============================================
+            // PREMIUM INTEGRITY: Periodic Check (2s interval)
+            // ============================================
+            function startPeriodicCheck() {
+                setInterval(function () {
+                    if (!premiumInfo || premiumInfo.isPremium) return;
+                    var pages = document.querySelectorAll('#viewer .page');
+                    pages.forEach(function (page, idx) {
+                        if (idx > 0 && page.style.display !== 'none') {
+                            page.style.display = 'none';
+                        }
+                    });
+                    if (!document.getElementById('premiumLockOverlay')) {
+                        showPremiumLockOverlay(premiumInfo.totalPages);
+                    }
+                    if (pdfViewer && pdfViewer.currentPageNumber > 1) {
+                        pdfViewer.currentPageNumber = 1;
+                    }
+                }, 2000);
+            }
+
+            // ============================================
+            // PREMIUM INTEGRITY: MutationObserver Anti-Tampering
+            // ============================================
+            function setupAntiTampering() {
+                var viewerEl = document.getElementById('viewer');
+                if (!viewerEl) return;
+
+                new MutationObserver(function (mutations) {
+                    for (var i = 0; i < mutations.length; i++) {
+                        var removed = mutations[i].removedNodes;
+                        for (var j = 0; j < removed.length; j++) {
+                            if (removed[j].id === 'premiumLockOverlay') {
+                                showPremiumLockOverlay(premiumInfo.totalPages);
+                                return;
+                            }
+                        }
+                    }
+                }).observe(viewerEl, { childList: true });
+
+                new MutationObserver(function (mutations) {
+                    for (var i = 0; i < mutations.length; i++) {
+                        var m = mutations[i];
+                        if (m.type === 'attributes' && m.attributeName === 'style') {
+                            var target = m.target;
+                            if (target.classList && target.classList.contains('page')) {
+                                var pageNum = parseInt(target.dataset.pageNumber || '0', 10);
+                                if (pageNum > 1 && target.style.display !== 'none') {
+                                    target.style.display = 'none';
+                                }
+                            }
+                        }
+                    }
+                }).observe(viewerEl, { childList: true, subtree: true, attributes: true, attributeFilter: ['style'] });
+            }
+
             // Auto-load PDF if config is present (injected by NodeBB plugin)
             async function autoLoadSecurePDF() {
-                if (!window.PDF_SECURE_CONFIG || !window.PDF_SECURE_CONFIG.filename) {
+                if (!_cfg || !_cfg.filename) {
                     console.log('[PDF-Secure] No config found, showing file picker');
                     return;
                 }
 
-                const config = window.PDF_SECURE_CONFIG;
+                const config = _cfg;
                 console.log('[PDF-Secure] Auto-loading:', config.filename);
 
                 // Show loading state
@@ -2197,8 +2379,8 @@
                             pdfBuffer = encodedBuffer;
                         }
 
-                        // Send buffer to parent for caching
-                        if (window.parent && window.parent !== window) {
+                        // Send buffer to parent for caching (premium only - non-premium must not leak decoded buffer)
+                        if (_cfg.isPremium !== false && window.parent && window.parent !== window) {
                             // Clone buffer for parent (we keep original)
                             const bufferCopy = pdfBuffer.slice(0);
                             window.parent.postMessage({
@@ -2214,14 +2396,21 @@
                     // Step 4: Load into viewer
                     await loadPDFFromBuffer(pdfBuffer);
 
+                    // Premium Gate: Client-side page restriction for non-premium users
+                    if (config.isPremium === false && pdfDoc && pdfDoc.numPages > 1) {
+                        premiumInfo = Object.freeze({ isPremium: false, totalPages: pdfDoc.numPages });
+                        showPremiumLockOverlay(pdfDoc.numPages);
+                        startPeriodicCheck();
+                        setupAntiTampering();
+                    } else {
+                        premiumInfo = Object.freeze({ isPremium: true, totalPages: pdfDoc ? pdfDoc.numPages : 1 });
+                    }
+
                     // Step 5: Moved to pagerendered event for proper timing
 
                     // Step 6: Security - clear references to prevent extraction
                     pdfBuffer = null;
 
-                    // Security: Delete config containing sensitive data (nonce, key)
-                    delete window.PDF_SECURE_CONFIG;
-
                     // Security: Remove PDF.js globals to prevent console manipulation
                     delete window.pdfjsLib;
                     delete window.pdfjsViewer;
@@ -2245,10 +2434,9 @@
 
                     // Notify parent of error (prevents 60s queue hang)
                     if (window.parent && window.parent !== window) {
-                        const config = window.PDF_SECURE_CONFIG || {};
                         window.parent.postMessage({
                             type: 'pdf-secure-ready',
-                            filename: config.filename,
+                            filename: (_cfg || {}).filename,
                             error: err.message
                         }, window.location.origin);
                     }