Adding the ability to register a single script using the "script" attribute at the map property level.
This commit is contained in:
parent
7d67f55012
commit
6fbf165c91
@ -8,6 +8,11 @@ FROM thecodingmachine/nodejs:14-apache
|
|||||||
|
|
||||||
COPY --chown=docker:docker front .
|
COPY --chown=docker:docker front .
|
||||||
COPY --from=builder --chown=docker:docker /var/www/messages/generated /var/www/html/src/Messages/generated
|
COPY --from=builder --chown=docker:docker /var/www/messages/generated /var/www/html/src/Messages/generated
|
||||||
|
|
||||||
|
# Removing the iframe.html file from the final image as this adds a XSS attack.
|
||||||
|
# iframe.html is only in dev mode to circumvent a limitation
|
||||||
|
RUN rm dist/iframe.html
|
||||||
|
|
||||||
RUN yarn install
|
RUN yarn install
|
||||||
|
|
||||||
ENV NODE_ENV=production
|
ENV NODE_ENV=production
|
||||||
|
17
front/dist/iframe.html
vendored
Normal file
17
front/dist/iframe.html
vendored
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<!doctype html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<script src="/iframe_api.js" ></script>
|
||||||
|
<script>
|
||||||
|
// Note: this is a huge XSS flow as we allow anyone to load a Javascript file in our domain.
|
||||||
|
// This file must ABSOLUTELY be removed from the Docker images/deployments and is only here
|
||||||
|
// for development purpose (because dynamically generated iframes are not working with
|
||||||
|
// webpack hot reload due to an issue with rights)
|
||||||
|
const urlParams = new URLSearchParams(window.location.search);
|
||||||
|
const scriptUrl = urlParams.get('script');
|
||||||
|
const script = document.createElement('script');
|
||||||
|
script.src = scriptUrl;
|
||||||
|
document.head.append(script);
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
</html>
|
@ -2,6 +2,8 @@ import {Subject} from "rxjs";
|
|||||||
import {ChatEvent, isChatEvent} from "./Events/ChatEvent";
|
import {ChatEvent, isChatEvent} from "./Events/ChatEvent";
|
||||||
import {IframeEvent, isIframeEventWrapper} from "./Events/IframeEvent";
|
import {IframeEvent, isIframeEventWrapper} from "./Events/IframeEvent";
|
||||||
import {UserInputChatEvent} from "./Events/UserInputChatEvent";
|
import {UserInputChatEvent} from "./Events/UserInputChatEvent";
|
||||||
|
import * as crypto from "crypto";
|
||||||
|
import {HtmlUtils} from "../WebRtc/HtmlUtils";
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -14,6 +16,7 @@ class IframeListener {
|
|||||||
public readonly chatStream = this._chatStream.asObservable();
|
public readonly chatStream = this._chatStream.asObservable();
|
||||||
|
|
||||||
private readonly iframes = new Set<HTMLIFrameElement>();
|
private readonly iframes = new Set<HTMLIFrameElement>();
|
||||||
|
private readonly scripts = new Map<string, HTMLIFrameElement>();
|
||||||
|
|
||||||
init() {
|
init() {
|
||||||
window.addEventListener("message", (message) => {
|
window.addEventListener("message", (message) => {
|
||||||
@ -54,6 +57,70 @@ class IframeListener {
|
|||||||
this.iframes.delete(iframe);
|
this.iframes.delete(iframe);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
registerScript(scriptUrl: string): void {
|
||||||
|
console.log('Loading map related script at ', scriptUrl)
|
||||||
|
|
||||||
|
if (!process.env.NODE_ENV || process.env.NODE_ENV === 'development') {
|
||||||
|
// Using external iframe mode (
|
||||||
|
const iframe = document.createElement('iframe');
|
||||||
|
iframe.id = this.getIFrameId(scriptUrl);
|
||||||
|
iframe.style.display = 'none';
|
||||||
|
iframe.src = '/iframe.html?script='+encodeURIComponent(scriptUrl);
|
||||||
|
|
||||||
|
// We are putting a sandbox on this script because it will run in the same domain as the main website.
|
||||||
|
iframe.sandbox.add('allow-scripts');
|
||||||
|
iframe.sandbox.add('allow-top-navigation-by-user-activation');
|
||||||
|
|
||||||
|
document.body.prepend(iframe);
|
||||||
|
|
||||||
|
this.scripts.set(scriptUrl, iframe);
|
||||||
|
this.registerIframe(iframe);
|
||||||
|
} else {
|
||||||
|
// production code
|
||||||
|
const iframe = document.createElement('iframe');
|
||||||
|
iframe.id = this.getIFrameId(scriptUrl);
|
||||||
|
|
||||||
|
// We are putting a sandbox on this script because it will run in the same domain as the main website.
|
||||||
|
iframe.sandbox.add('allow-scripts');
|
||||||
|
iframe.sandbox.add('allow-top-navigation-by-user-activation');
|
||||||
|
|
||||||
|
const html = '<!doctype html>\n' +
|
||||||
|
'\n' +
|
||||||
|
'<html lang="en">\n' +
|
||||||
|
'<head>\n' +
|
||||||
|
'<script src="'+window.location.protocol+'//'+window.location.host+'/iframe_api.js" ></script>\n' +
|
||||||
|
'<script src="'+scriptUrl+'" ></script>\n' +
|
||||||
|
'</head>\n' +
|
||||||
|
'</html>\n';
|
||||||
|
|
||||||
|
//iframe.src = "data:text/html;charset=utf-8," + escape(html);
|
||||||
|
iframe.srcdoc = html;
|
||||||
|
|
||||||
|
document.body.prepend(iframe);
|
||||||
|
|
||||||
|
this.scripts.set(scriptUrl, iframe);
|
||||||
|
this.registerIframe(iframe);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private getIFrameId(scriptUrl: string): string {
|
||||||
|
return 'script'+crypto.createHash('md5').update(scriptUrl).digest("hex");
|
||||||
|
}
|
||||||
|
|
||||||
|
unregisterScript(scriptUrl: string): void {
|
||||||
|
const iFrameId = this.getIFrameId(scriptUrl);
|
||||||
|
const iframe = HtmlUtils.getElementByIdOrFail<HTMLIFrameElement>(iFrameId);
|
||||||
|
if (!iframe) {
|
||||||
|
throw new Error('Unknown iframe for script "'+scriptUrl+'"');
|
||||||
|
}
|
||||||
|
this.unregisterIframe(iframe);
|
||||||
|
iframe.remove();
|
||||||
|
|
||||||
|
this.scripts.delete(scriptUrl);
|
||||||
|
}
|
||||||
|
|
||||||
sendUserInputChat(message: string) {
|
sendUserInputChat(message: string) {
|
||||||
this.postMessage({
|
this.postMessage({
|
||||||
'type': 'userInputChat',
|
'type': 'userInputChat',
|
||||||
|
@ -72,6 +72,7 @@ import {TextureError} from "../../Exception/TextureError";
|
|||||||
import {addLoader} from "../Components/Loader";
|
import {addLoader} from "../Components/Loader";
|
||||||
import {ErrorSceneName} from "../Reconnecting/ErrorScene";
|
import {ErrorSceneName} from "../Reconnecting/ErrorScene";
|
||||||
import {localUserStore} from "../../Connexion/LocalUserStore";
|
import {localUserStore} from "../../Connexion/LocalUserStore";
|
||||||
|
import {iframeListener} from "../../Api/IframeListener";
|
||||||
|
|
||||||
export interface GameSceneInitInterface {
|
export interface GameSceneInitInterface {
|
||||||
initPosition: PointInterface|null,
|
initPosition: PointInterface|null,
|
||||||
@ -313,6 +314,12 @@ export class GameScene extends ResizableScene implements CenterListener {
|
|||||||
// });
|
// });
|
||||||
// });
|
// });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Now, let's load the script, if any
|
||||||
|
const scripts = this.getScriptUrls(this.mapFile);
|
||||||
|
for (const script of scripts) {
|
||||||
|
iframeListener.registerScript(script);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//hook initialisation
|
//hook initialisation
|
||||||
@ -744,6 +751,12 @@ export class GameScene extends ResizableScene implements CenterListener {
|
|||||||
public cleanupClosingScene(): void {
|
public cleanupClosingScene(): void {
|
||||||
// stop playing audio, close any open website, stop any open Jitsi
|
// stop playing audio, close any open website, stop any open Jitsi
|
||||||
coWebsiteManager.closeCoWebsite();
|
coWebsiteManager.closeCoWebsite();
|
||||||
|
// Stop the script, if any
|
||||||
|
const scripts = this.getScriptUrls(this.mapFile);
|
||||||
|
for (const script of scripts) {
|
||||||
|
iframeListener.unregisterScript(script);
|
||||||
|
}
|
||||||
|
|
||||||
this.stopJitsi();
|
this.stopJitsi();
|
||||||
this.playAudio(undefined);
|
this.playAudio(undefined);
|
||||||
// We are completely destroying the current scene to avoid using a half-backed instance when coming back to the same map.
|
// We are completely destroying the current scene to avoid using a half-backed instance when coming back to the same map.
|
||||||
@ -829,8 +842,12 @@ export class GameScene extends ResizableScene implements CenterListener {
|
|||||||
return this.getProperty(layer, "startLayer") == true;
|
return this.getProperty(layer, "startLayer") == true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private getProperty(layer: ITiledMapLayer, name: string): string|boolean|number|undefined {
|
private getScriptUrls(map: ITiledMap): string[] {
|
||||||
const properties = layer.properties;
|
return (this.getProperties(map, "script") as string[]).map((script) => (new URL(script, this.MapUrlFile)).toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
private getProperty(layer: ITiledMapLayer|ITiledMap, name: string): string|boolean|number|undefined {
|
||||||
|
const properties: ITiledMapLayerProperty[] = layer.properties;
|
||||||
if (!properties) {
|
if (!properties) {
|
||||||
return undefined;
|
return undefined;
|
||||||
}
|
}
|
||||||
@ -841,6 +858,14 @@ export class GameScene extends ResizableScene implements CenterListener {
|
|||||||
return obj.value;
|
return obj.value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private getProperties(layer: ITiledMapLayer|ITiledMap, name: string): (string|number|boolean|undefined)[] {
|
||||||
|
const properties: ITiledMapLayerProperty[] = layer.properties;
|
||||||
|
if (!properties) {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
return properties.filter((property: ITiledMapLayerProperty) => property.name.toLowerCase() === name.toLowerCase()).map((property) => property.value);
|
||||||
|
}
|
||||||
|
|
||||||
//todo: push that into the gameManager
|
//todo: push that into the gameManager
|
||||||
private async loadNextGame(exitSceneIdentifier: string){
|
private async loadNextGame(exitSceneIdentifier: string){
|
||||||
const {roomId, hash} = Room.getIdFromIdentifier(exitSceneIdentifier, this.MapUrlFile, this.instance);
|
const {roomId, hash} = Room.getIdFromIdentifier(exitSceneIdentifier, this.MapUrlFile, this.instance);
|
||||||
|
@ -14,7 +14,7 @@ export interface ITiledMap {
|
|||||||
* Map orientation (orthogonal)
|
* Map orientation (orthogonal)
|
||||||
*/
|
*/
|
||||||
orientation: string;
|
orientation: string;
|
||||||
properties: {[key: string]: string};
|
properties: ITiledMapLayerProperty[];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Render order (right-down)
|
* Render order (right-down)
|
||||||
|
8
maps/tests/script.js
Normal file
8
maps/tests/script.js
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
console.log('SCRIPT LAUNCHED');
|
||||||
|
WA.sendChatMessage('Hi, my name is Poly and I repeat what you say!', 'Poly Parrot');
|
||||||
|
|
||||||
|
|
||||||
|
WA.onChatMessage((message => {
|
||||||
|
console.log('CHAT MESSAGE RECEIVED BY SCRIPT');
|
||||||
|
WA.sendChatMessage('Poly Parrot says: "'+message+'"', 'Poly Parrot');
|
||||||
|
}));
|
77
maps/tests/script_api.json
Normal file
77
maps/tests/script_api.json
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
{ "compressionlevel":-1,
|
||||||
|
"editorsettings":
|
||||||
|
{
|
||||||
|
"export":
|
||||||
|
{
|
||||||
|
"target":"."
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"height":10,
|
||||||
|
"infinite":false,
|
||||||
|
"layers":[
|
||||||
|
{
|
||||||
|
"data":[1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1],
|
||||||
|
"height":10,
|
||||||
|
"id":1,
|
||||||
|
"name":"floor",
|
||||||
|
"opacity":1,
|
||||||
|
"type":"tilelayer",
|
||||||
|
"visible":true,
|
||||||
|
"width":10,
|
||||||
|
"x":0,
|
||||||
|
"y":0
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"data":[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
|
||||||
|
"height":10,
|
||||||
|
"id":2,
|
||||||
|
"name":"start",
|
||||||
|
"opacity":1,
|
||||||
|
"type":"tilelayer",
|
||||||
|
"visible":true,
|
||||||
|
"width":10,
|
||||||
|
"x":0,
|
||||||
|
"y":0
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"draworder":"topdown",
|
||||||
|
"id":3,
|
||||||
|
"name":"floorLayer",
|
||||||
|
"objects":[],
|
||||||
|
"opacity":1,
|
||||||
|
"type":"objectgroup",
|
||||||
|
"visible":true,
|
||||||
|
"x":0,
|
||||||
|
"y":0
|
||||||
|
}],
|
||||||
|
"nextlayerid":6,
|
||||||
|
"nextobjectid":1,
|
||||||
|
"orientation":"orthogonal",
|
||||||
|
"properties":[
|
||||||
|
{
|
||||||
|
"name":"script",
|
||||||
|
"type":"string",
|
||||||
|
"value":"script.js"
|
||||||
|
}],
|
||||||
|
"renderorder":"right-down",
|
||||||
|
"tiledversion":"1.3.3",
|
||||||
|
"tileheight":32,
|
||||||
|
"tilesets":[
|
||||||
|
{
|
||||||
|
"columns":11,
|
||||||
|
"firstgid":1,
|
||||||
|
"image":"tileset1.png",
|
||||||
|
"imageheight":352,
|
||||||
|
"imagewidth":352,
|
||||||
|
"margin":0,
|
||||||
|
"name":"tileset1",
|
||||||
|
"spacing":0,
|
||||||
|
"tilecount":121,
|
||||||
|
"tileheight":32,
|
||||||
|
"tilewidth":32
|
||||||
|
}],
|
||||||
|
"tilewidth":32,
|
||||||
|
"type":"map",
|
||||||
|
"version":1.2,
|
||||||
|
"width":10
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user