Commit Graph

2 Commits

Author SHA1 Message Date
Serge RAKOTO HARRY-NAIVO
c241b3e100 security(transport): use subprotocol + Authorization header for auth
Match the bot-side hardening
(serge/messenger-bot feat/webchat-auth-hardening): credentials no longer
leak via URL query strings.

  * WebSocket handshake uses Sec-WebSocket-Protocol subprotocols
    (messenzy.v1, messenzy-bot.<id>, messenzy-visitor.<id>,
    messenzy-key.<key>) — the browser WebSocket ctor doesn't accept
    custom headers, so subprotocols are the standard pattern.

  * HTTP fallback (/webchat/msg, /webchat/history) uses
    `Authorization: Bearer <apiKey>` — fetch supports custom headers.

  * botId/visitorId stay in body/query as public identifiers; only the
    apiKey moves off the URL.

No public API change — `createTransport(opts)` takes the same
TransportOpts as before.
2026-04-27 15:25:08 +02:00
Serge RAKOTO HARRY-NAIVO
9676bbf09f feat(widget): SP6 PR S6-1+2 - messenzy-widget repo scaffolding (Preact + Vite)
- package.json with Preact 10 + Vite 6 + TypeScript 5
- vite.config: IIFE + ESM lib outputs, preact/compat alias, CSS inlined via
  ?inline import (no separate .css file emitted - single-file IIFE)
- tsconfig.json (src/) + tsconfig.node.json (vite.config.ts)
- src/index.ts: entry, injects <style>, mounts <Widget /> on script load
- src/config.ts: parses data-bot-id + data-api-key + data-server-url
- src/vite-env.d.ts: ?inline CSS type declaration
- src/storage/visitor.ts: localStorage UUID v4 with in-memory fallback
- src/transport/ws-client.ts: WebSocket primary, exponential reconnect
  (max 5 retries ~30s cap), HTTP polling fallback at /webchat/history every 5s
- src/ui/widget.tsx: root Preact component, transport lifecycle, send handler
- src/ui/bubble.tsx: floating FAB with chat/close SVG icons, position aware
- src/ui/panel.tsx: header + scrollable message list + typing indicator + input
- src/ui/message.tsx: single message bubble (user right/bot left), timestamp
- src/ui/theme.css: CSS variables (--messenzy-primary/accent overridable)
- Build output: dist/messenzy-widget.iife.js 25.3 kB (9.7 kB gz), zero errors
- typecheck: clean (strict + exactOptionalPropertyTypes)
- .gitignore: node_modules/ dist/ .vite/ .env* .DS_Store
- README: integration snippet, script attributes table, theme, build instructions
2026-04-26 00:10:12 +02:00