npm - webhanger-front - Versions diffs - 1.0.0 → 1.0.1 - Mend

webhanger-front 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,167 @@
+# webhanger-front
+Browser SDK for WebHanger. Loads encrypted UI components from CDN and injects them into the DOM. No eval, no readable source — decrypted in memory and applied directly.
+---
+## Install
+```bash
+npm install webhanger-front
+```
+Or via script tag:
+```html
+<script src="https://unpkg.com/webhanger-front/browser.js"></script>
+```
+---
+## Usage
+### Script tag (plain HTML)
+```html
+<div data-wh></div>
+<script src="https://unpkg.com/webhanger-front/browser.js"></script>
+<script>
+  WebHangerFront.load(
+    "https://xxx.cloudfront.net/components/navbar@1.0.0.js",
+    "wh_1234567890",   // projectId from webhanger.config.json
+    "your-token",
+    0                  // expires: 0 = never, or unix timestamp
+  );
+</script>
+```
+### ESM (Vite, Webpack, Rollup)
+```js
+import { load } from "webhanger-front";
+await load(
+  "https://xxx.cloudfront.net/components/navbar@1.0.0.js",
+  "wh_1234567890",
+  "your-token",
+  0
+);
+```
+### React
+```jsx
+import { useEffect } from "react";
+import { load } from "webhanger-front";
+export default function Navbar() {
+  useEffect(() => {
+    load(
+      "https://xxx.cloudfront.net/components/navbar@1.0.0.js",
+      "wh_1234567890",
+      "your-token",
+      0,
+      "#navbar-mount"
+    );
+  }, []);
+  return <div id="navbar-mount" />;
+}
+```
+### Vue
+```vue
+<template>
+  <div ref="mount" />
+</template>
+<script setup>
+import { onMounted, ref } from "vue";
+import { load } from "webhanger-front";
+const mount = ref(null);
+onMounted(() => {
+  load(
+    "https://xxx.cloudfront.net/components/navbar@1.0.0.js",
+    "wh_1234567890",
+    "your-token",
+    0,
+    "#navbar-mount"
+  );
+});
+</script>
+```
+---
+## API
+### `load(cdnUrl, projectId, token, expires, selector?)`
+| Param | Type | Description |
+|---|---|---|
+| `cdnUrl` | `string` | Full CDN URL of the component |
+| `projectId` | `string` | Your WebHanger project ID — used as decrypt key |
+| `token` | `string` | HMAC signed token from `wh deploy` |
+| `expires` | `number` | Unix timestamp expiry. `0` = never expires |
+| `selector` | `string` | CSS selector for mount target. Default: `[data-wh]` |
+```js
+await load(cdnUrl, projectId, token, expires, "[data-wh]");
+```
+---
+### `clearCache()`
+Clears all cached components from localStorage and IndexedDB.
+```js
+import { clearCache } from "webhanger-front";
+await clearCache();
+```
+---
+### `version`
+```js
+import { version } from "webhanger-front";
+console.log(version); // "1.0.0"
+```
+---
+## Caching
+Components are automatically cached after first load:
+| Size | Storage |
+|---|---|
+| < 50KB | `localStorage` |
+| >= 50KB | `IndexedDB` |
+Cache key is `cdnUrl@expires` — changing the version or expiry busts the cache automatically.
+---
+## Offline support
+Register the service worker from the `webhanger` package for offline component delivery:
+```js
+navigator.serviceWorker.register("/webhanger.sw.js");
+```
+---
+## How it works
+1. Fetches encrypted JSON payload from CDN
+2. Decrypts each chunk in memory using `projectId` as cipher key
+3. Injects CSS into `<head>`, HTML into mount target, JS via `<script>`
+4. No `eval` — browser parses JS natively
+5. Payload on CDN is unreadable without the projectId

package/browser.js CHANGED Viewed

@@ -8,17 +8,17 @@
     const LS_PREFIX = "wh_";
     const SIZE_THRESHOLD = 50 * 1024;
-    function xorDecode(str, key) {
-        let out = "";
-        for (let i = 0; i < str.length; i++) {
-            out += String.fromCharCode(str.charCodeAt(i) ^ key.charCodeAt(i % key.length));
-        }
-        return out;
-    }
+    // UTF-8 safe XOR decrypt — mirrors bundler byte-level encoding
     function decrypt(b64, projectId, salt) {
         if (!b64) return "";
-        return xorDecode(atob(b64), projectId + salt);
+        const key = projectId + salt;
+        const bytes = Uint8Array.from(atob(b64), c => c.charCodeAt(0));
+        const keyBytes = new TextEncoder().encode(key);
+        const out = new Uint8Array(bytes.length);
+        for (let i = 0; i < bytes.length; i++) {
+            out[i] = bytes[i] ^ keyBytes[i % keyBytes.length];
+        }
+        return new TextDecoder().decode(out);
     }
     function openIDB() {
@@ -77,6 +77,38 @@
         return await res.text();
     }
+    // ─── Load external CDN assets ─────────────────────────────────────────────
+    function loadAsset(asset) {
+        return new Promise((resolve) => {
+            const existing = asset.type === "style"
+                ? document.querySelector(`link[href="${asset.url}"]`)
+                : document.querySelector(`script[src="${asset.url}"]`);
+            if (existing) return resolve();
+            if (asset.type === "style") {
+                const link = document.createElement("link");
+                link.rel = "stylesheet";
+                link.href = asset.url;
+                link.onload = resolve;
+                link.onerror = resolve;
+                document.head.appendChild(link);
+            } else {
+                const script = document.createElement("script");
+                script.src = asset.url;
+                if (asset.defer) script.defer = true;
+                if (asset.async) script.async = true;
+                script.onload = resolve;
+                script.onerror = resolve;
+                document.head.appendChild(script);
+            }
+        });
+    }
+    async function loadAssets(assets = []) {
+        for (const asset of assets) await loadAsset(asset);
+    }
     function injectComponent(encryptedPayload, projectId, targetSelector) {
         const target = document.querySelector(targetSelector || "[data-wh]");
         if (!target) { console.warn("[WebHanger] No mount target found."); return; }
@@ -104,7 +136,50 @@
         }
     }
-    async function load(cdnUrl, projectId, token, expires, selector = "[data-wh]") {
+    // ─── Loading Signaler ─────────────────────────────────────────────────────
+    // Fires callbacks at each stage of the load lifecycle.
+    // Stages: "start" | "fetching" | "assets" | "injecting" | "done" | "error"
+    function createSignaler(onSignal) {
+        return function signal(stage, detail = {}) {
+            if (typeof onSignal === "function") {
+                onSignal({ stage, ...detail });
+            }
+        };
+    }
+    // ─── Built-in preloader ───────────────────────────────────────────────────
+    function createPreloader(selector) {
+        const target = document.querySelector(selector || "[data-wh]");
+        if (!target) return { show: () => {}, hide: () => {} };
+        const loader = document.createElement("div");
+        loader.setAttribute("data-wh-loader", "");
+        loader.style.cssText = `
+            display:flex; align-items:center; justify-content:center;
+            padding: 24px; width:100%; box-sizing:border-box;
+        `;
+        loader.innerHTML = `
+            <div style="
+                width:28px; height:28px;
+                border:3px solid #e5e7eb;
+                border-top-color:#6366f1;
+                border-radius:50%;
+                animation:wh-spin 0.7s linear infinite;
+            "></div>
+            <style>
+                @keyframes wh-spin { to { transform: rotate(360deg); } }
+            </style>
+        `;
+        return {
+            show() { target.appendChild(loader); },
+            hide() { if (loader.parentNode) loader.parentNode.removeChild(loader); }
+        };
+    }
+    async function load(cdnUrl, projectId, token, expires, selector = "[data-wh]", onSignal = null) {
         if (!cdnUrl || !projectId || !token || expires === undefined || expires === null) {
             console.error("[WebHanger] Missing required params: cdnUrl, projectId, token, expires");
             return;
@@ -113,26 +188,70 @@
             console.warn("[WebHanger] Token expired.");
             return;
         }
+        const signal = createSignaler(onSignal);
+        const preloader = createPreloader(selector);
+        signal("start", { cdnUrl, selector });
+        preloader.show();
         const cacheKey = `${cdnUrl}@${expires}`;
         try {
+            signal("fetching");
             let payload = await cacheGet(cacheKey);
             if (!payload) {
                 payload = await fetchComponent(cdnUrl, token, expires);
                 await cacheSet(cacheKey, payload);
             }
+            let parsed;
+            try { parsed = JSON.parse(payload); } catch (_) { parsed = {}; }
+            if (parsed.assets && parsed.assets.length) {
+                signal("assets", { count: parsed.assets.length, assets: parsed.assets });
+                await loadAssets(parsed.assets);
+            }
+            signal("injecting");
+            preloader.hide();
             injectComponent(payload, projectId, selector);
+            signal("done");
         } catch (err) {
+            preloader.hide();
+            signal("error", { message: err.message });
             console.error("[WebHanger] Load failed:", err.message);
         }
     }
     async function clearCache() {
+        // 1. Clear all wh_ keys from localStorage
         Object.keys(localStorage)
             .filter(k => k.startsWith(LS_PREFIX))
             .forEach(k => localStorage.removeItem(k));
-        const db = await openIDB();
-        const tx = db.transaction(IDB_STORE, "readwrite");
-        tx.objectStore(IDB_STORE).clear();
+        // 2. Clear IndexedDB store
+        try {
+            const db = await openIDB();
+            const tx = db.transaction(IDB_STORE, "readwrite");
+            tx.objectStore(IDB_STORE).clear();
+        } catch (_) {}
+        // 3. Clear service worker caches
+        if ("caches" in window) {
+            const keys = await caches.keys();
+            await Promise.all(keys.map(k => caches.delete(k)));
+        }
+        // 4. Unregister service workers
+        if ("serviceWorker" in navigator) {
+            const regs = await navigator.serviceWorker.getRegistrations();
+            await Promise.all(regs.map(r => r.unregister()));
+        }
+        // 5. Clear sessionStorage wh_ keys
+        Object.keys(sessionStorage)
+            .filter(k => k.startsWith(LS_PREFIX))
+            .forEach(k => sessionStorage.removeItem(k));
     }
     global.WebHangerFront = { load, clearCache, version: VERSION };

package/index.js CHANGED Viewed

@@ -9,17 +9,17 @@ const SIZE_THRESHOLD = 50 * 1024;
 // ─── Decrypt ─────────────────────────────────────────────────────────────────
-function xorDecode(str, key) {
-    let out = "";
-    for (let i = 0; i < str.length; i++) {
-        out += String.fromCharCode(str.charCodeAt(i) ^ key.charCodeAt(i % key.length));
-    }
-    return out;
-}
+// UTF-8 safe XOR decrypt
 function decrypt(b64, projectId, salt) {
     if (!b64) return "";
-    return xorDecode(atob(b64), projectId + salt);
+    const key = projectId + salt;
+    const bytes = Uint8Array.from(atob(b64), c => c.charCodeAt(0));
+    const keyBytes = new TextEncoder().encode(key);
+    const out = new Uint8Array(bytes.length);
+    for (let i = 0; i < bytes.length; i++) {
+        out[i] = bytes[i] ^ keyBytes[i % keyBytes.length];
+    }
+    return new TextDecoder().decode(out);
 }
 // ─── IndexedDB ────────────────────────────────────────────────────────────────
@@ -73,6 +73,38 @@ async function cacheSet(key, value) {
     await idbSet(key, value);
 }
+// ─── Load external CDN assets ─────────────────────────────────────────────────
+function loadAsset(asset) {
+    return new Promise((resolve) => {
+        const existing = asset.type === "style"
+            ? document.querySelector(`link[href="${asset.url}"]`)
+            : document.querySelector(`script[src="${asset.url}"]`);
+        if (existing) return resolve();
+        if (asset.type === "style") {
+            const link = document.createElement("link");
+            link.rel = "stylesheet";
+            link.href = asset.url;
+            link.onload = resolve;
+            link.onerror = resolve;
+            document.head.appendChild(link);
+        } else {
+            const script = document.createElement("script");
+            script.src = asset.url;
+            if (asset.defer) script.defer = true;
+            if (asset.async) script.async = true;
+            script.onload = resolve;
+            script.onerror = resolve;
+            document.head.appendChild(script);
+        }
+    });
+}
+async function loadAssets(assets = []) {
+    for (const asset of assets) await loadAsset(asset);
+}
 // ─── Fetch ────────────────────────────────────────────────────────────────────
 async function fetchComponent(cdnUrl, token, expires) {
@@ -143,6 +175,12 @@ export async function load(cdnUrl, projectId, token, expires, selector = "[data-
             payload = await fetchComponent(cdnUrl, token, expires);
             await cacheSet(cacheKey, payload);
         }
+        try {
+            const parsed = JSON.parse(payload);
+            if (parsed.assets && parsed.assets.length) await loadAssets(parsed.assets);
+        } catch (_) {}
         injectComponent(payload, projectId, selector);
     } catch (err) {
         console.error("[WebHanger] Load failed:", err.message);
@@ -153,13 +191,34 @@ export async function load(cdnUrl, projectId, token, expires, selector = "[data-
  * Clear cached components from localStorage + IndexedDB.
  */
 export async function clearCache() {
+    // localStorage
     Object.keys(localStorage)
         .filter(k => k.startsWith(LS_PREFIX))
         .forEach(k => localStorage.removeItem(k));
-    const db = await openIDB();
-    const tx = db.transaction(IDB_STORE, "readwrite");
-    tx.objectStore(IDB_STORE).clear();
+    // IndexedDB
+    try {
+        const db = await openIDB();
+        const tx = db.transaction(IDB_STORE, "readwrite");
+        tx.objectStore(IDB_STORE).clear();
+    } catch (_) {}
+    // Service worker caches
+    if ("caches" in window) {
+        const keys = await caches.keys();
+        await Promise.all(keys.map(k => caches.delete(k)));
+    }
+    // Unregister service workers
+    if ("serviceWorker" in navigator) {
+        const regs = await navigator.serviceWorker.getRegistrations();
+        await Promise.all(regs.map(r => r.unregister()));
+    }
+    // sessionStorage
+    Object.keys(sessionStorage)
+        .filter(k => k.startsWith(LS_PREFIX))
+        .forEach(k => sessionStorage.removeItem(k));
 }
 export const version = VERSION;

package/package.json CHANGED Viewed

@@ -1,11 +1,17 @@
 {
   "name": "webhanger-front",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "WebHanger browser SDK — load encrypted UI components from CDN",
   "main": "index.js",
   "module": "index.js",
   "browser": "browser.js",
   "type": "module",
-  "keywords": ["webhanger", "cdn", "components", "frontend", "sdk"],
+  "keywords": [
+    "webhanger",
+    "cdn",
+    "components",
+    "frontend",
+    "sdk"
+  ],
   "license": "ISC"
 }