kano-world-js-sdk/xdAuthIframe.html at master · KanoComputing/kano-world-js-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<html>
    <head></head>
    <body>
        <script>
            var MESSAGE_NAMESPACE = 'kw-xd-auth',
                authorizedOrigins = [
                    /^http(s)?:\/\/(.*)(\.)?kano.me/,
                    /^http(s)?:\/\/localhost/
                ]

            function sendMessage (data) {
                data.namespace = MESSAGE_NAMESPACE;
                // Accept all origins, we have a custom origin checking
                parent.postMessage(JSON.stringify(data), '*');
            }

            function setToken (token) {
                if (!token) {
                    localStorage.removeItem('KW_TOKEN');

                    /* This token is used by the new part of Kano World */
                    localStorage.removeItem('KW_TOKENv2');
                } else {
                    localStorage.setItem('KW_TOKEN', token);
                }
                sendMessage({ id: 'set-token' });
            }

            function getToken () {
                var token = localStorage.getItem('KW_TOKEN');
                sendMessage({
                    id: 'token',
                    token: token
                });
            }

            function removeToken () {
                localStorage.removeItem('KW_TOKEN');
                // FIXME KW uses session instead of KW_TOKEN, remove this when KW uses the right key
                localStorage.removeItem('session');
                sendMessage({
                    id: 'remove-token'
                });
            }

            function messageReceived (event) {
                var origin = event.origin || event.originalEvent.origin, // For Chrome, the origin property is in the event.originalEvent object.
                    isAuthorized,
                    data;

                // Check the origin of the message
                isAuthorized = authorizedOrigins.some(function (reg) {
                    return reg.test(origin);
                });

                // Send an error if the origin is not authorized
                if (!isAuthorized) {
                    sendMessage({ id: 'error', message: 'The origin ' + origin + ' is not supported' });
                    return;
                }
                try {
                    data = JSON.parse(event.data);
                } catch (err) {

                }

                if (data && data.namespace === MESSAGE_NAMESPACE) {
                    if (data.action === 'get-token') {
                        getToken();
                    } else if (data.action === 'set-token') {
                        setToken(data.token);
                    } else if (data.action === 'remove-token') {
                        removeToken();
                    }
                }
            }

            function sendOnLoad() {
                sendMessage({
                    id: 'iframe-ready'
                });
            }
            //on creation
            sendOnLoad();
            window.addEventListener('message', messageReceived, false);
        </script>
    </body>
</html>