npm - signal-bridge - Versions diffs - 1.0.8 → 1.0.10 - Mend

signal-bridge 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +252 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -242,6 +242,258 @@ Dirancang untuk kebutuhan komunikasi microfrontend / iframe integration dengan f
 ---
+---
+## 🐘 Tutorial: Integrasi dengan Laravel (sebagai Remote)
+Posisi Laravel di sini adalah **Remote** — halaman Laravel berjalan di dalam iframe yang di-embed oleh aplikasi Host lain.
+```
+[ Host (parent window) ] ---postMessage---> [ Laravel (iframe / remote) ]
+```
+---
+### Instalasi
+Via CDN di Blade:
+```html
+<script src="https://cdn.jsdelivr.net/npm/signal-bridge/dist/index.global.js"></script>
+```
+Atau via NPM (Laravel Vite):
+```bash
+npm install signal-bridge
+```
+---
+### Setup Dasar
+**`resources/views/remote.blade.php`**
+```html
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Remote App</title>
+    <script src="https://cdn.jsdelivr.net/npm/signal-bridge/dist/index.global.js"></script>
+</head>
+<body>
+    <div id="app"></div>
+    <script>
+        const bridge = window.signalBridge.init('my-laravel-app', {
+            allowedHostOrigins: ['https://host-app.example.com'],
+            debug: true,
+        });
+        bridge.listen(function (message) {
+            /**
+             * Handshake dari host.
+             * Payload yang diterima:
+             * {
+             *   "type": "connection",
+             *   "payload": {
+             *     "token": "xxxx",
+             *     "txn": "2mFMfAtLD",
+             *     "idChangeRole": null,
+             *     "ticket": "ST-1780470879-VGVVGUVY0L",
+             *     "path": "/dashboard"
+             *   },
+             *   "__source": "host",
+             *   "__origin": "https://host-app.example.com"
+             * }
+             */
+            if (message.type === 'connection') {
+                const { token, txn, ticket, path, idChangeRole } = message.payload;
+                // Dekripsi token menggunakan txn sebagai key per-sesi
+                const decryptedToken = window.signalBridge.decrypt(token, txn);
+                console.log('Decrypted Token:', decryptedToken);
+                console.log('Ticket:', ticket);
+                console.log('Path:', path);
+                console.log('idChangeRole:', idChangeRole);
+                // Simpan token ke state / localStorage sesuai kebutuhan
+                // Arahkan ke path yang dikirim host
+                if (path && path !== window.location.pathname) {
+                    window.location.href = path;
+                }
+            }
+            // Host meminta ganti role
+            if (message.type === 'change-role') {
+                const { data, txn } = message.payload;
+                const role = window.signalBridge.decrypt(data, txn);
+                console.log('Decrypted Role selected:', role);
+                // Lakukan reload atau update state sesuai role baru
+            }
+        });
+        // Emit navigate saat halaman pertama kali dimuat
+        bridge.emit('navigate', { path: window.location.pathname });
+        // Emit navigate setiap perubahan URL (back/forward browser)
+        window.addEventListener('popstate', function () {
+            bridge.emit('navigate', { path: window.location.pathname });
+        });
+        // Emit navigate setiap perubahan hash (untuk hash-based routing)
+        window.addEventListener('hashchange', function () {
+            const path = location.hash.startsWith('#/')
+                ? location.hash.slice(1)
+                : location.pathname;
+            bridge.emit('navigate', { path });
+        });
+    </script>
+</body>
+</html>
+```
+> Pesan yang dikirim ke host akan berbentuk:
+> ```json
+> {
+>   "app_id": "my-laravel-app",
+>   "type": "navigate",
+>   "payload": { "path": "/u/dashboard" },
+>   "txn": "",
+>   "__origin": "https://your-laravel-app.com",
+>   "__source": "remote"
+> }
+> ```
+**Route:**
+```php
+// routes/web.php
+Route::get('/remote', function () {
+    return view('remote');
+});
+```
+---
+### Menggunakan NPM + Vite
+**`resources/js/bridge.js`**
+```js
+import { initBridge } from 'signal-bridge';
+const bridge = initBridge('my-laravel-app', {
+    allowedHostOrigins: [import.meta.env.VITE_HOST_ORIGIN],
+    debug: import.meta.env.DEV,
+});
+bridge.listen((message) => {
+    if (message.type === 'connection') {
+        const { token, txn, ticket, path, idChangeRole } = message.payload;
+        const decryptedToken = window.signalBridge.decrypt(token, txn);
+        console.log('Decrypted Token:', decryptedToken);
+        console.log('Ticket:', ticket);
+        console.log('Path:', path);
+        console.log('idChangeRole:', idChangeRole);
+    }
+    if (message.type === 'change-role') {
+        const { data, txn } = message.payload;
+        const role = window.signalBridge.decrypt(data, txn);
+        console.log('Decrypted Role selected:', role);
+    }
+});
+// Emit navigate saat halaman pertama kali dimuat
+bridge.emit('navigate', { path: window.location.pathname });
+// Untuk Inertia.js — hook ke router event
+// import { router } from '@inertiajs/vue3';
+// router.on('navigate', () => bridge.emit('navigate', { path: window.location.pathname }));
+export { bridge };
+```
+**`.env`**
+```
+VITE_HOST_ORIGIN=https://host-app.example.com
+```
+**`resources/views/remote.blade.php`**
+```html
+<!DOCTYPE html>
+<html>
+<head>
+    @vite(['resources/js/app.js', 'resources/js/bridge.js'])
+</head>
+<body>
+    <div id="app"></div>
+</body>
+</html>
+```
+---
+### Akses Instance dari File Lain
+```js
+import { signalBridge } from 'signal-bridge';
+// Ambil instance yang sudah dibuat tanpa init ulang
+const bridge = signalBridge();
+bridge.emit('form-submit', { id: 123 });
+```
+---
+### Catatan Keamanan
+- Selalu set `allowedHostOrigins` secara eksplisit, jangan pakai wildcard.
+- `txn` adalah key dekripsi per-sesi yang dikirim Host — jangan simpan permanen.
+- Konfigurasi `Content-Security-Policy: frame-ancestors` agar hanya Host yang diizinkan bisa embed halaman Laravel:
+```php
+// Middleware atau kernel
+$response->headers->set(
+    'Content-Security-Policy',
+    "frame-ancestors 'self' https://host-app.example.com"
+);
+```
+---
+### Catatan Penting untuk Laravel
+- Selalu set `allowedHostOrigins` secara eksplisit, jangan gunakan wildcard.
+- Simpan `BRIDGE_KEY` di `.env`, bukan hardcode di Blade atau JS.
+- `config('app.bridge_key')` yang di-render ke Blade tetap tampak di source HTML — hanya gunakan untuk data non-kritis.
+- Untuk transfer token/kredensial sensitif, tetap gunakan endpoint API Laravel dengan autentikasi Sanctum/session, bukan lewat bridge.
+- Pastikan header `X-Frame-Options` / `Content-Security-Policy: frame-ancestors` dikonfigurasi benar di Laravel agar hanya host yang diizinkan yang bisa embed halaman Anda.
+**Contoh CSP di `app/Http/Middleware/`:**
+```php
+// Di middleware atau kernel
+$response->headers->set(
+    'Content-Security-Policy',
+    "frame-ancestors 'self' https://host-app.example.com"
+);
+```
+---
 ## 📜 License
 MIT License © 2026 - EkaHersada

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "signal-bridge",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "Secure iframe communication bridge",
   "author": "Ekahersada <ekahersada@gmail.com>",
   "main": "dist/index.js",