Skip to content

Commit 82aa654

Browse files
committed
feat(apps): Inline intent object into service app index.html
1 parent 684d49b commit 82aa654

3 files changed

Lines changed: 52 additions & 9 deletions

File tree

web/apps/apps.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -808,7 +808,7 @@ func openWebapp(c echo.Context) error {
808808
}
809809

810810
isLoggedIn := true
811-
params := buildServeParams(c, inst, webapp, isLoggedIn, sess.ID())
811+
params := buildServeParams(c, inst, webapp, nil, isLoggedIn, sess.ID())
812812
obj := &apiOpenParams{
813813
slug: slug,
814814
cookie: cookie.String(),

web/apps/apps_test.go

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -274,17 +274,37 @@ func TestApps(t *testing.T) {
274274
u, err := url.Parse(intent.Services[0].Href)
275275
require.NoError(t, err)
276276

277-
csp := e.GET(u.Path).
277+
resp := e.GET(u.Path).
278278
WithHost(slug+"."+testInstance.Domain).
279279
WithQueryString(u.RawQuery).
280280
WithCookie("cozysessid", cozysessID).
281-
Expect().Status(200).
282-
Header(echo.HeaderContentSecurityPolicy)
281+
Expect().Status(200)
282+
283+
csp := resp.Header(echo.HeaderContentSecurityPolicy)
283284
csp.Contains("script-src")
284285
csp.Contains("'wasm-unsafe-eval'")
285286
csp.Contains("connect-src blob:")
286287
csp.Contains("worker-src 'self' blob:;")
287288
csp.Contains("frame-ancestors 'self' https://test-app.cozywithapps.example.net;")
289+
290+
body := resp.Body()
291+
body.Contains(`window.__COZY_INTENT__ = JSON.parse(`)
292+
body.Contains(intent.ID())
293+
body.Contains("PICK")
294+
body.Contains("io.cozy.foos")
295+
body.Contains("https://test-app.cozywithapps.example.net")
296+
})
297+
298+
t.Run("ServeWithoutIntentDoesNotInline", func(t *testing.T) {
299+
e := testutils.CreateTestClient(t, ts.URL)
300+
301+
body := e.GET("/foo").
302+
WithHost(slug+"."+testInstance.Domain).
303+
WithCookie("cozysessid", cozysessID).
304+
Expect().Status(200).
305+
Body()
306+
307+
body.NotContains(`window.__COZY_INTENT__`)
288308
})
289309

290310
t.Run("ServeWithAnIntentsClientURL", func(t *testing.T) {

web/apps/serve.go

Lines changed: 28 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ import (
2828
"github.com/cozy/cozy-stack/pkg/jsonapi"
2929
"github.com/cozy/cozy-stack/pkg/registry"
3030
"github.com/cozy/cozy-stack/web/auth"
31+
"github.com/cozy/cozy-stack/web/intents"
3132
"github.com/cozy/cozy-stack/web/middlewares"
3233
"github.com/cozy/cozy-stack/web/settings"
3334
"github.com/cozy/cozy-stack/web/statik"
@@ -272,8 +273,6 @@ func ServeAppFile(c echo.Context, i *instance.Instance, fs appfs.FileServer, web
272273
intentDoc = handleIntent(c, i, slug, intentID)
273274
}
274275

275-
_ = intentDoc // threaded into serveParams in the next change
276-
277276
if route.Public && slug == consts.DataProxySlug {
278277
// Allow to dataproxy to be embedded in a iframe from the login page of the
279278
// stack for cleaning.
@@ -296,7 +295,7 @@ func ServeAppFile(c echo.Context, i *instance.Instance, fs appfs.FileServer, web
296295
// XXX: Force include Warnings template in all app indexes
297296
tmplText := string(buf)
298297
if closeTagIdx := strings.Index(tmplText, "</head>"); closeTagIdx >= 0 {
299-
tmplText = tmplText[:closeTagIdx] + "\n{{.Warnings}}\n" + tmplText[closeTagIdx:]
298+
tmplText = tmplText[:closeTagIdx] + "\n{{.Warnings}}\n{{.IntentData}}\n" + tmplText[closeTagIdx:]
300299
} else {
301300
needsOpenTag := true
302301
if openTagIdx := strings.Index(tmplText, "<head>"); openTagIdx >= 0 {
@@ -313,7 +312,7 @@ func ServeAppFile(c echo.Context, i *instance.Instance, fs appfs.FileServer, web
313312
tmplText += "\n<head>"
314313
}
315314

316-
tmplText += "\n{{.Warnings}}\n</head>\n" + after
315+
tmplText += "\n{{.Warnings}}\n{{.IntentData}}\n</head>\n" + after
317316
}
318317
}
319318

@@ -335,7 +334,7 @@ func ServeAppFile(c echo.Context, i *instance.Instance, fs appfs.FileServer, web
335334
}
336335
}
337336
}
338-
params := buildServeParams(c, i, webapp, isLoggedIn, sessID)
337+
params := buildServeParams(c, i, webapp, intentDoc, isLoggedIn, sessID)
339338

340339
generated := &bytes.Buffer{}
341340
if err := tmpl.Execute(generated, params); err != nil {
@@ -365,6 +364,7 @@ func buildServeParams(
365364
c echo.Context,
366365
inst *instance.Instance,
367366
webapp *app.WebappManifest,
367+
intentDoc *intent.Intent,
368368
isLoggedIn bool,
369369
sessID string,
370370
) serveParams {
@@ -388,6 +388,7 @@ func buildServeParams(
388388
Token: token,
389389
SubDomain: subdomainsType,
390390
Tracking: tracking,
391+
intent: intentDoc,
391392
webapp: webapp,
392393
instance: inst,
393394
isLoggedIn: isLoggedIn,
@@ -496,6 +497,7 @@ type serveParams struct {
496497
Token string
497498
SubDomain string
498499
Tracking bool
500+
intent *intent.Intent
499501
webapp *app.WebappManifest
500502
instance *instance.Instance
501503
isLoggedIn bool
@@ -627,9 +629,26 @@ func (s serveParams) Warnings() (template.HTML, error) {
627629
return warningsHTML(s.instance, s.isLoggedIn)
628630
}
629631

632+
func (s serveParams) IntentData() (template.HTML, error) {
633+
if s.intent == nil {
634+
return "", nil
635+
}
636+
api := intents.NewAPIIntent(s.intent, s.instance)
637+
raw, err := jsonapi.MarshalObject(api)
638+
if err != nil {
639+
return "", err
640+
}
641+
buf := new(bytes.Buffer)
642+
if err := intentTemplate.Execute(buf, string(raw)); err != nil {
643+
return "", err
644+
}
645+
return template.HTML(buf.String()), nil
646+
}
647+
630648
var clientTemplate *template.Template
631649
var barTemplate *template.Template
632650
var warningsTemplate *template.Template
651+
var intentTemplate *template.Template
633652

634653
// BuildTemplates ensure that cozy-client-js and the bar can be injected in templates
635654
func BuildTemplates() {
@@ -650,6 +669,10 @@ func BuildTemplates() {
650669
{{end}}
651670
{{end}}`,
652671
))
672+
673+
intentTemplate = template.Must(template.New("intent-data").Parse(
674+
`<script>window.__COZY_INTENT__ = JSON.parse({{.}})</script>`,
675+
))
653676
}
654677

655678
func cozyclientjsHTML(i *instance.Instance) (template.HTML, error) {

0 commit comments

Comments
 (0)