Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 1 | /** |
| 2 | * The plugin system is based |
| 3 | * on registered widgets (iframes) from |
| 4 | * foreign services. |
| 5 | * The server component spawns new iframes and |
| 6 | * listens to them. |
| 7 | * |
| 8 | * @author Nils Diewald |
| 9 | */ |
| 10 | |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 11 | define(["plugin/widget", "util"], function (widgetClass) { |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 12 | "use strict"; |
| 13 | |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 14 | // Contains all widgets to address with |
| 15 | // messages to them |
| 16 | var widgets = {}; |
| 17 | |
Akron | e8e2c95 | 2018-07-04 13:43:12 +0200 | [diff] [blame] | 18 | // This is a counter to limit acceptable incoming messages |
| 19 | // to a certain amount. For every message, this counter will |
| 20 | // be decreased (down to 0), for every second this will be |
| 21 | // increased (up to 100). |
| 22 | // Once a widget surpasses the limit, it will be killed |
| 23 | // and called suspicious. |
| 24 | var maxMessages = 100; |
| 25 | var limits = {}; |
| 26 | |
| 27 | // TODO: |
| 28 | // It may be useful to establish a watcher that pings |
| 29 | // all widgets every second to see if it is still alive. |
| 30 | |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 31 | return { |
| 32 | |
| 33 | /** |
| 34 | * Create new plugin management system |
| 35 | */ |
| 36 | create : function () { |
| 37 | return Object.create(this)._init(); |
| 38 | }, |
| 39 | |
| 40 | /* |
| 41 | * Initialize the plugin manager by establishing |
| 42 | * the global 'message' hook. |
| 43 | */ |
| 44 | _init : function () { |
| 45 | |
Akron | e8e2c95 | 2018-07-04 13:43:12 +0200 | [diff] [blame] | 46 | // TODO: |
| 47 | // It is better to establish the listener |
| 48 | // only in case there is a widget |
| 49 | |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 50 | var that = this; |
Akron | b43c8c6 | 2018-07-04 18:27:28 +0200 | [diff] [blame] | 51 | this._listener = this._receiveMsg.bind(that); |
| 52 | window.addEventListener("message", this._listener); |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 53 | |
| 54 | // Every second increase the limits of all registered widgets |
| 55 | var myTimer = setInterval(function () { |
| 56 | for (var i in limits) { |
| 57 | if (limits[i]++ >= maxMessages) { |
| 58 | limits[i] = maxMessages; |
| 59 | } |
| 60 | } |
| 61 | }, 1000); |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 62 | return this; |
| 63 | }, |
| 64 | |
| 65 | /** |
Akron | e8e2c95 | 2018-07-04 13:43:12 +0200 | [diff] [blame] | 66 | * Open a new widget as a child to a certain element |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 67 | */ |
| 68 | addWidget : function (element, src) { |
| 69 | |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 70 | // Create a unique random ID per widget |
| 71 | var id = 'id-' + this._randomID(); |
| 72 | |
| 73 | // Create a new widget |
| 74 | var widget = widgetClass.create(src, id); |
| 75 | |
| 76 | // Store the widget based on the identifier |
| 77 | widgets[id] = widget; |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 78 | limits[id] = maxMessages; |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 79 | |
| 80 | // Open widget in frontend |
| 81 | element.appendChild( |
| 82 | widget.element() |
| 83 | ); |
Akron | b43c8c6 | 2018-07-04 18:27:28 +0200 | [diff] [blame] | 84 | |
| 85 | return id; |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 86 | }, |
| 87 | |
Akron | e8e2c95 | 2018-07-04 13:43:12 +0200 | [diff] [blame] | 88 | // Receive a call from an embedded iframe. |
| 89 | // The handling needs to be very careful, |
| 90 | // as this can easily become a security nightmare. |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 91 | _receiveMsg : function (e) { |
| 92 | // Get event data |
| 93 | var d = e.data; |
| 94 | |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 95 | // If no data given - fail |
| 96 | // (probably check that it's an assoc array) |
| 97 | if (!d) |
| 98 | return; |
| 99 | |
| 100 | // e.origin is probably set and okay - CHECK! |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 101 | |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 102 | // Get origin ID |
| 103 | var id = d["originID"]; |
| 104 | |
| 105 | // If no origin ID given - fail |
| 106 | if (!id) |
| 107 | return; |
| 108 | |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 109 | // Get the widget |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 110 | var widget = widgets[id]; |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 111 | |
| 112 | // If the addressed widget does not exist - fail |
| 113 | if (!widget) |
| 114 | return; |
| 115 | |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 116 | // Check for message limits |
| 117 | if (limits[id]-- < 0) { |
Akron | e8e2c95 | 2018-07-04 13:43:12 +0200 | [diff] [blame] | 118 | |
| 119 | // Kill widget |
Akron | c0a2da8 | 2018-07-04 15:27:37 +0200 | [diff] [blame] | 120 | KorAP.log(0, 'Suspicious action by widget', widget.src); |
Akron | a99315e | 2018-07-03 22:56:45 +0200 | [diff] [blame] | 121 | widget.shutdown(); |
| 122 | delete limits[id]; |
| 123 | delete widgets[id]; |
| 124 | return; |
| 125 | }; |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 126 | |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 127 | // Resize the iframe |
| 128 | if (d.action === 'resize') { |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 129 | widget.resize(d); |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 130 | } |
| 131 | |
| 132 | // Log message from iframe |
| 133 | else if (d.action === 'log') { |
Akron | c0a2da8 | 2018-07-04 15:27:37 +0200 | [diff] [blame] | 134 | KorAP.log(d.code, d.msg, widget.src); |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 135 | }; |
| 136 | |
| 137 | // TODO: |
| 138 | // Close |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 139 | }, |
| 140 | |
Akron | a6c32b9 | 2018-07-02 18:39:42 +0200 | [diff] [blame] | 141 | // Get a random identifier |
| 142 | _randomID : function () { |
| 143 | return randomID(20); |
Akron | b43c8c6 | 2018-07-04 18:27:28 +0200 | [diff] [blame] | 144 | }, |
| 145 | |
| 146 | // Destructor, just for testing scenarios |
| 147 | destroy : function () { |
| 148 | limits = {}; |
| 149 | widgets = {}; |
| 150 | window.removeEventListener("message", this._listener); |
Akron | 479994e | 2018-07-02 13:21:44 +0200 | [diff] [blame] | 151 | } |
| 152 | } |
| 153 | }); |