npm - signal-bridge - Versions diffs - 1.0.8 → 1.0.9 - Mend

signal-bridge 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +316 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -242,6 +242,322 @@ Dirancang untuk kebutuhan komunikasi microfrontend / iframe integration dengan f
 ---
+---
+## 🐘 Tutorial: Integrasi dengan Laravel
+### Gambaran Skenario
+```
+[ Laravel Host (parent) ] <---postMessage---> [ iframe (Remote) ]
+```
+Ada dua posisi Laravel dalam integrasi ini:
+| Posisi | Deskripsi |
+|---|---|
+| **Host** | Laravel menampilkan halaman yang memuat iframe aplikasi lain |
+| **Remote** | Halaman Laravel di-embed sebagai iframe oleh aplikasi lain |
+---
+### Skenario A — Laravel sebagai Host (menampilkan iframe)
+Laravel membuka halaman yang memuat iframe dari SPA lain (React, Vue, dsb).
+**`resources/views/host.blade.php`**
+```html
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Host App</title>
+    <!-- Sertakan library untuk fungsi encrypt jika dibutuhkan -->
+    <script src="https://cdn.jsdelivr.net/npm/signal-bridge/dist/index.global.js"></script>
+</head>
+<body>
+    <iframe
+        id="remote-frame"
+        src="https://app-remote.example.com"
+        width="100%"
+        height="600"
+    ></iframe>
+    <script>
+        const iframe = document.getElementById('remote-frame');
+        const REMOTE_ORIGIN = 'https://app-remote.example.com';
+        // Terima pesan dari iframe
+        window.addEventListener('message', function (event) {
+            if (event.origin !== REMOTE_ORIGIN) return;
+            if (event.data.__source !== 'remote') return;
+            const { type, payload } = event.data;
+            if (type === 'ready') {
+                console.log('Remote siap:', payload);
+                // Kirim data ke remote setelah ia siap
+                iframe.contentWindow.postMessage({
+                    type: 'user-data',
+                    payload: {
+                        name: '{{ auth()->user()->name }}',
+                        role: '{{ auth()->user()->role }}',
+                    },
+                    txn: 'txn-001',
+                    __source: 'host',
+                }, REMOTE_ORIGIN);
+            }
+            if (type === 'logout') {
+                // Remote minta logout di host juga
+                window.location.href = '/logout';
+            }
+        });
+    </script>
+</body>
+</html>
+```
+---
+### Skenario B — Laravel sebagai Remote (berjalan di dalam iframe)
+Halaman Laravel di-embed sebagai iframe oleh aplikasi lain.
+**`resources/views/remote.blade.php`**
+```html
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Remote App</title>
+    <script src="https://cdn.jsdelivr.net/npm/signal-bridge/dist/index.global.js"></script>
+</head>
+<body>
+    <div id="app">
+        <p id="user-name">Memuat data...</p>
+    </div>
+    <script>
+        // Inisialisasi bridge — otomatis mengirim sinyal "ready" ke host
+        const bridge = window.signalBridge.init('my-laravel-app', {
+            allowedHostOrigins: ['https://host-app.example.com'],
+            debug: true, // aktifkan log di console (nonaktifkan di production)
+        });
+        // Dengarkan pesan dari host
+        bridge.listen(function (message) {
+            // Handshake awal dari host — host mengirim token & user terenkripsi
+            // txn digunakan sebagai key dekripsi per-sesi
+            if (message.type === 'connection') {
+                const token    = bridge.decrypt(message?.token, message?.txn);
+                const userData = bridge.decrypt(message?.user,  message?.txn);
+                console.log('Decrypted Token:', token);
+                console.log('Decrypted User Data:', userData);
+                // Simpan ke state atau tampilkan ke UI
+                document.getElementById('user-name').textContent = userData?.name ?? '';
+            }
+            // Host mengirim perintah ganti role
+            if (message.type === 'change-role') {
+                const role = bridge.decrypt(message?.data, message?.txn);
+                console.log('Decrypted Role selected:', role);
+                // Lakukan sesuatu dengan role, misalnya redirect atau reload data
+            }
+        });
+        // Kirim event ke host
+        bridge.emit('page-loaded', { path: window.location.pathname });
+    </script>
+</body>
+</html>
+```
+**Route:**
+```php
+// routes/web.php
+Route::get('/remote', function () {
+    return view('remote');
+})->middleware('auth');
+```
+---
+### Skenario C — Dengan Enkripsi AES
+Gunakan `cryptoKey` agar payload dienkripsi saat dikirim lewat postMessage.
+**`.env`**
+```
+BRIDGE_KEY=Xk9mN3pQrT2wAbCd
+```
+**`config/app.php`**
+```php
+'bridge_key' => env('BRIDGE_KEY'),
+```
+**Sisi Host (mengirim payload terenkripsi):**
+```html
+<script src="https://cdn.jsdelivr.net/npm/signal-bridge/dist/index.global.js"></script>
+<script>
+    const SECRET_KEY = '{{ config("app.bridge_key") }}';
+    const REMOTE_ORIGIN = 'https://app-remote.example.com';
+    window.addEventListener('message', function (event) {
+        if (event.origin !== REMOTE_ORIGIN) return;
+        if (event.data.__source !== 'remote') return;
+        if (event.data.type === 'ready') {
+            // Enkripsi payload sebelum dikirim
+            const encryptedPayload = window.signalBridge.encrypt(
+                { token: '{{ session("api_token") }}', userId: {{ auth()->id() }} },
+                SECRET_KEY
+            );
+            document.getElementById('remote-frame').contentWindow.postMessage({
+                type: 'auth',
+                payload: encryptedPayload,
+                txn: 'txn-auth-001',
+                __source: 'host',
+            }, REMOTE_ORIGIN);
+        }
+    });
+</script>
+```
+**Sisi Remote (blade dalam iframe — payload otomatis di-decrypt):**
+```html
+<script src="https://cdn.jsdelivr.net/npm/signal-bridge/dist/index.global.js"></script>
+<script>
+    const bridge = window.signalBridge.init('my-laravel-app', {
+        allowedHostOrigins: ['https://host-app.example.com'],
+        cryptoKey: '{{ config("app.bridge_key") }}', // key yang sama
+    });
+    bridge.listen(function (message) {
+        // payload sudah otomatis di-decrypt oleh library
+        if (message.type === 'auth') {
+            console.log('User ID:', message.payload.userId);
+            console.log('Token:', message.payload.token);
+        }
+    });
+</script>
+```
+---
+### Skenario D — Menggunakan NPM + Vite (Laravel Modern)
+**Install:**
+```bash
+npm install signal-bridge
+```
+**`resources/js/bridge.js`**
+```js
+import { initBridge, signalBridge } from 'signal-bridge';
+const bridge = initBridge('my-app', {
+    allowedHostOrigins: [import.meta.env.VITE_HOST_ORIGIN],
+    cryptoKey: import.meta.env.VITE_BRIDGE_KEY,
+    debug: import.meta.env.DEV,
+});
+bridge.listen((message) => {
+    if (message.type === 'user-data') {
+        console.log('Data dari host:', message.payload);
+    }
+});
+bridge.emit('page-loaded', { path: window.location.pathname });
+// Export untuk dipakai di file lain
+export { bridge };
+```
+**`.env`**
+```
+VITE_HOST_ORIGIN=https://host-app.example.com
+VITE_BRIDGE_KEY=Xk9mN3pQrT2wAbCd
+```
+**`resources/views/remote.blade.php`**
+```html
+<!DOCTYPE html>
+<html>
+<head>
+    @vite(['resources/js/app.js', 'resources/js/bridge.js'])
+</head>
+<body>
+    <div id="app"></div>
+</body>
+</html>
+```
+**Akses instance dari file lain (misalnya di komponen Alpine.js / Livewire):**
+```js
+import { signalBridge } from 'signal-bridge';
+// Ambil instance yang sudah dibuat sebelumnya
+const bridge = signalBridge();
+bridge.emit('form-submit', { id: 123 });
+```
+---
+### Menggunakan generateKey untuk Membuat Key Baru
+Jika butuh membuat `BRIDGE_KEY` baru, jalankan di console browser atau Node:
+```js
+import { generateKey } from 'signal-bridge';
+console.log(generateKey(24)); // contoh: "Xk9mN3pQrT2wAbCdEfGhIjKl"
+```
+---
+### Catatan Penting untuk Laravel
+- Selalu set `allowedHostOrigins` secara eksplisit, jangan gunakan wildcard.
+- Simpan `BRIDGE_KEY` di `.env`, bukan hardcode di Blade atau JS.
+- `config('app.bridge_key')` yang di-render ke Blade tetap tampak di source HTML — hanya gunakan untuk data non-kritis.
+- Untuk transfer token/kredensial sensitif, tetap gunakan endpoint API Laravel dengan autentikasi Sanctum/session, bukan lewat bridge.
+- Pastikan header `X-Frame-Options` / `Content-Security-Policy: frame-ancestors` dikonfigurasi benar di Laravel agar hanya host yang diizinkan yang bisa embed halaman Anda.
+**Contoh CSP di `app/Http/Middleware/`:**
+```php
+// Di middleware atau kernel
+$response->headers->set(
+    'Content-Security-Policy',
+    "frame-ancestors 'self' https://host-app.example.com"
+);
+```
+---
 ## 📜 License
 MIT License © 2026 - EkaHersada

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "signal-bridge",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": "Secure iframe communication bridge",
   "author": "Ekahersada <ekahersada@gmail.com>",
   "main": "dist/index.js",