feat(sdk,client): target es2015 for old chromecast compatibility

Makefile

@@ -50,7 +50,7 @@ pkg/sdk/client/dist/client.js: tools/esbuild/bin/esbuild node_modules
 		pkg/sdk/client/src/index.ts \
 		--bundle \
 		--sourcemap \
-		--target=es2020 \
+		--target=es2015 \
 		--format=iife \
 		--global-name=Edge \
 		--define:global=window \

cmd/cli/command/app/common.go

@@ -0,0 +1,11 @@
+package app
+
+import (
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/app/metadata"
+)
+
+var manifestMetadataValidators = []app.MetadataValidator{
+	metadata.WithMinimumRoleValidator("visitor", "user", "superuser", "admin", "superadmin"),
+	metadata.WithNamedPathsValidator(metadata.NamedPathAdmin, metadata.NamedPathIcon),
+}

cmd/cli/command/app/package.go

@@ -52,6 +52,10 @@ func PackageCommand() *cli.Command {
 				return errors.Wrap(err, "could not load app manifest")
 			}
 
+			if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
+				return errors.Wrap(err, "invalid app manifest")
+			}
+
 			if err := os.MkdirAll(outputDir, 0o755); err != nil {
 				return errors.Wrapf(err, "could not create directory ''%s'", outputDir)
 			}

cmd/cli/command/app/run.go

@@ -110,6 +110,10 @@ func RunCommand() *cli.Command {
 				return errors.Wrap(err, "could not load manifest from app bundle")
 			}
 
+			if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
+				return errors.Wrap(err, "invalid app manifest")
+			}
+
 			storageFile := injectAppID(ctx.String("storage-file"), manifest.ID)
 
 			if err := ensureDir(storageFile); err != nil {

doc/README.md

@@ -6,6 +6,7 @@ Une **Edge App** est une application capable de s'exécuter dans un environnemen
 
 ### Référence
 
+- [Fichier `manifest.yml`](./apps/manifest.md)
 - [API Client](./apps/client-api/README.md)
 - [API Serveur](./apps/server-api/README.md)
 

doc/apps/manifest.md

@@ -0,0 +1,36 @@
+# Le fichier `manifest.yml`
+
+Le fichier `manifest.yml` à la racine du bundle de votre application contient des informations décrivant celles ci. Vous trouverez ci dessous un exemple commenté.
+
+```yaml
+# REQUIS - L'identifiant de votre application. Il doit être globalement unique. 
+# Un identifiant du type nom de domaine inversé est en général conseillé (ex: tld.mycompany.myapp)
+id: tld.mycompany.myapp
+
+# REQUIS - Le numéro de version de votre application
+# Celui ci devrait respecter le format "semver 2" (voir https://semver.org/)
+version: 0.0.0
+
+# REQUIS - Le titre de votre application.
+title: My App
+
+# OPTIONNEL - Les mots-clés associés à votre applications.
+tags: ["chat"]
+
+# OPTIONNEL - La description de votre application.
+# Vous pouvez utiliser la syntaxe Markdown pour la mettre en forme.
+description: |>
+    A simple demo application
+
+# OPTIONNEL - Métadonnées associées à l'application
+metadata:
+    # OPTIONNEL - Liste des chemins permettant d'accéder à certains URLs identifiées (page d'administration, icône si existante, etc)
+    paths:
+        # Si défini, chemin vers la page d'administration de l'application
+        admin: /admin
+        # Si défini, chemin vers l'icône associée à l'application
+        icon: /my-app-icon.png
+
+    # OPTIONNEL - Role minimum requis pour pouvoir accéder à l'application 
+    minimumRole: visitor
+```

doc/apps/my-first-app.md

@@ -22,23 +22,7 @@ my-app
 
 Ce fichier est le manifeste de votre application. Il permet au serveur d'identifier celle ci et de récupérer des informations la concernant.
 
-```yaml
----
-# L'identifiant de votre application. Il doit être globalement unique. 
-# Un identifiant du type nom de domaine inversé est en général conseillé (ex: tld.mycompany.myapp)
-id: tld.mycompany.myapp
-
-# Le titre de votre application.
-title: My App
-
-# Les mots-clés associés à votre applications.
-tags: ["chat"]
-
-# La description de votre application.
-# Vous pouvez utiliser la syntaxe Markdown pour la mettre en forme.
-description: |>
-    A simple demo application
-```
+[Voir le fichier `manifest.yml` d'exemple](./manifest.md)
 
 ## 4. Créer la page d'accueil
 

doc/apps/server-api/app.md

@@ -49,10 +49,11 @@ URL associée à l'application, ou `null` si aucune application n'a été trouv
 
 ```typescript
 interface Manifest {
-    id: string              // Identifiant de l'application
-    version: string         // Version de l'application
-    title: string           // Titre associé à l'application
-    description: string     // Description associée à l'application
-    tags: string[]          // Mots clés associés à l'application
+    id: string                          // Identifiant de l'application
+    version: string                     // Version de l'application
+    title: string                       // Titre associé à l'application
+    description: string                 // Description associée à l'application
+    tags: string[]                      // Mots clés associés à l'application
+    metadata: { [key: string]: any }    // Métadonnées associées à l'application. Voir ../manifest.md
 }
 ```

misc/client-sdk-testsuite/src/manifest.yml

@@ -4,4 +4,9 @@ title: SDK Test
 version: 0.0.0
 description: |
   Suite de tests pour le SDK client
-tags: ["test"]
+tags: ["test"]
+
+metadata:
+  paths:
+    icon: /icon.png
+  minimumRole: visitor

misc/client-sdk-testsuite/src/public/index.html

@@ -4,6 +4,7 @@
     <meta charset="utf-8" />
     <title>Client SDK Test suite</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="icon" type="image/png" href="/icon.png">
     <link rel="stylesheet" href="/vendor/mocha.css" />
     <style>
       body {

misc/client-sdk-testsuite/src/public/test/rpc-module.js

@@ -38,7 +38,7 @@ describe('Remote Procedure Call', function () {
 
 
     it('should call the add() method repetitively and keep count of the sent values', function () {
-        this.timeout(10000);
+        this.timeout(30000);
 
         const values = [];
         for (let i = 0; i <= 1000; i++) {

pkg/app/app.go

@@ -1,39 +0,0 @@
-package app
-
-import (
-	"forge.cadoles.com/arcad/edge/pkg/bundle"
-	"github.com/pkg/errors"
-	"gopkg.in/yaml.v2"
-)
-
-type ID string
-
-type Manifest struct {
-	ID          ID       `yaml:"id" json:"id"`
-	Version     string   `yaml:"version" json:"version"`
-	Title       string   `yaml:"title" json:"title"`
-	Description string   `yaml:"description" json:"description"`
-	Tags        []string `yaml:"tags" json:"tags"`
-}
-
-func LoadManifest(b bundle.Bundle) (*Manifest, error) {
-	reader, _, err := b.File("manifest.yml")
-	if err != nil {
-		return nil, errors.Wrap(err, "could not read manifest.yml")
-	}
-
-	defer func() {
-		if err := reader.Close(); err != nil {
-			panic(errors.WithStack(err))
-		}
-	}()
-
-	manifest := &Manifest{}
-
-	decoder := yaml.NewDecoder(reader)
-	if err := decoder.Decode(manifest); err != nil {
-		return nil, errors.Wrap(err, "could not decode manifest.yml")
-	}
-
-	return manifest, nil
-}

pkg/app/manifest.go

@@ -0,0 +1,85 @@
+package app
+
+import (
+	"strings"
+
+	"forge.cadoles.com/arcad/edge/pkg/bundle"
+	"github.com/pkg/errors"
+	"golang.org/x/mod/semver"
+	"gopkg.in/yaml.v2"
+)
+
+type ID string
+
+type Manifest struct {
+	ID          ID       `yaml:"id" json:"id"`
+	Version     string   `yaml:"version" json:"version"`
+	Title       string   `yaml:"title" json:"title"`
+	Description string   `yaml:"description" json:"description"`
+	Tags        []string `yaml:"tags" json:"tags"`
+	Metadata    MapStr   `yaml:"metadata" json:"metadata"`
+}
+
+type MetadataValidator func(map[string]any) (bool, error)
+
+func (m *Manifest) Validate(validators ...MetadataValidator) (bool, error) {
+	if m.ID == "" {
+		return false, errors.New("'id' property should not be empty")
+	}
+
+	if m.Version == "" {
+		return false, errors.New("'version' property should not be empty")
+	}
+
+	version := m.Version
+	if !strings.HasPrefix(version, "v") {
+		version = "v" + version
+	}
+
+	if !semver.IsValid(version) {
+		return false, errors.Errorf("version '%s' does not respect semver format", m.Version)
+	}
+
+	if m.Title == "" {
+		return false, errors.New("'title' property should not be empty")
+	}
+
+	if m.Tags != nil {
+		for _, t := range m.Tags {
+			if strings.ContainsAny(t, " \t\n\r") {
+				return false, errors.Errorf("tag '%s' should not contain any space or new line", t)
+			}
+		}
+	}
+
+	for _, v := range validators {
+		valid, err := v(m.Metadata)
+		if !valid || err != nil {
+			return valid, errors.WithStack(err)
+		}
+	}
+
+	return true, nil
+}
+
+func LoadManifest(b bundle.Bundle) (*Manifest, error) {
+	reader, _, err := b.File("manifest.yml")
+	if err != nil {
+		return nil, errors.Wrap(err, "could not read manifest.yml")
+	}
+
+	defer func() {
+		if err := reader.Close(); err != nil {
+			panic(errors.WithStack(err))
+		}
+	}()
+
+	manifest := &Manifest{}
+
+	decoder := yaml.NewDecoder(reader)
+	if err := decoder.Decode(manifest); err != nil {
+		return nil, errors.Wrap(err, "could not decode manifest.yml")
+	}
+
+	return manifest, nil
+}

pkg/app/map_str.go

@@ -0,0 +1,61 @@
+package app
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+type MapStr map[string]interface{}
+
+func MapStrUnion(dict1 MapStr, dict2 MapStr) MapStr {
+	dict := MapStr{}
+
+	for k, v := range dict1 {
+		dict[k] = v
+	}
+
+	for k, v := range dict2 {
+		dict[k] = v
+	}
+	return dict
+}
+
+func (ms *MapStr) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var result map[interface{}]interface{}
+	err := unmarshal(&result)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	*ms = cleanUpInterfaceMap(result)
+	return nil
+}
+
+func cleanUpInterfaceArray(in []interface{}) []interface{} {
+	result := make([]interface{}, len(in))
+	for i, v := range in {
+		result[i] = cleanUpMapValue(v)
+	}
+	return result
+}
+
+func cleanUpInterfaceMap(in map[interface{}]interface{}) MapStr {
+	result := make(MapStr)
+	for k, v := range in {
+		result[fmt.Sprintf("%v", k)] = cleanUpMapValue(v)
+	}
+	return result
+}
+
+func cleanUpMapValue(v interface{}) interface{} {
+	switch v := v.(type) {
+	case []interface{}:
+		return cleanUpInterfaceArray(v)
+	case map[interface{}]interface{}:
+		return cleanUpInterfaceMap(v)
+	case string:
+		return v
+	default:
+		return fmt.Sprintf("%v", v)
+	}
+}

pkg/app/metadata/minimum_role.go

@@ -0,0 +1,28 @@
+package metadata
+
+import (
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+)
+
+func WithMinimumRoleValidator(roles ...string) app.MetadataValidator {
+	return func(metadata map[string]any) (bool, error) {
+		rawMinimumRole, exists := metadata["minimumRole"]
+		if !exists {
+			return true, nil
+		}
+
+		minimumRole, ok := rawMinimumRole.(string)
+		if !ok {
+			return false, errors.Errorf("metadata['minimumRole']: unexpected value type '%T'", rawMinimumRole)
+		}
+
+		for _, r := range roles {
+			if minimumRole == r {
+				return true, nil
+			}
+		}
+
+		return false, errors.Errorf("metadata['minimumRole']: unexpected role '%s'", minimumRole)
+	}
+}

pkg/app/metadata/named_path.go

@@ -0,0 +1,51 @@
+package metadata
+
+import (
+	"strings"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+)
+
+type NamedPath string
+
+const (
+	NamedPathAdmin NamedPath = "admin"
+	NamedPathIcon  NamedPath = "icon"
+)
+
+func WithNamedPathsValidator(names ...NamedPath) app.MetadataValidator {
+	set := map[NamedPath]struct{}{}
+	for _, n := range names {
+		set[n] = struct{}{}
+	}
+
+	return func(metadata map[string]any) (bool, error) {
+		rawPaths, exists := metadata["paths"]
+		if !exists {
+			return true, nil
+		}
+
+		paths, ok := rawPaths.(app.MapStr)
+		if !ok {
+			return false, errors.Errorf("metadata['paths']: unexpected named path value type '%T'", rawPaths)
+		}
+
+		for n, p := range paths {
+			if _, exists := set[NamedPath(n)]; !exists {
+				return false, errors.Errorf("metadata['paths']: unexpected named path '%s'", n)
+			}
+
+			path, ok := p.(string)
+			if !ok {
+				return false, errors.Errorf("metadata['paths']['%s']: unexpected named path value type '%T'", n, path)
+			}
+
+			if !strings.HasPrefix(path, "/") {
+				return false, errors.Errorf("metadata['paths']['%s']: named path value should start with a '/'", n)
+			}
+		}
+
+		return true, nil
+	}
+}

pkg/app/metadata/testdata/manifests/invalid-minimum-role.yml

@@ -0,0 +1,7 @@
+id: foo.arcad.app
+version: v0.0.0
+title: Foo
+description: A test app
+tags: ["test"]
+metadata:
+  minimumRole: foo

pkg/app/metadata/testdata/manifests/invalid-paths.yml

@@ -0,0 +1,10 @@
+id: foo.arcad.app
+version: v0.0.0
+title: Foo
+description: A test app
+tags: ["test"]
+metadata:
+  paths:
+    invalid: /admin
+    icon: /my-app-icon.png
+  minimumRole: visitor

pkg/app/metadata/testdata/manifests/valid.yml

@@ -0,0 +1,10 @@
+id: foo.arcad.app
+version: v0.0.0
+title: Foo
+description: A test app
+tags: ["test"]
+metadata:
+  paths:
+    admin: /admin
+    icon: /my-app-icon.png
+  minimumRole: visitor

pkg/app/metadata/validator_test.go

@@ -0,0 +1,74 @@
+package metadata
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+	"gopkg.in/yaml.v2"
+)
+
+type validatorTestCase struct {
+	File        string
+	ExpectValid bool
+	ExpectError bool
+}
+
+var validatorTestCases = []validatorTestCase{
+	{
+		File:        "valid.yml",
+		ExpectValid: true,
+	},
+	{
+		File:        "invalid-paths.yml",
+		ExpectValid: false,
+		ExpectError: true,
+	},
+	{
+		File:        "invalid-minimum-role.yml",
+		ExpectValid: false,
+		ExpectError: true,
+	},
+}
+
+var validators = []app.MetadataValidator{
+	WithMinimumRoleValidator("visitor", "user", "superuser", "admin", "superadmin"),
+	WithNamedPathsValidator(NamedPathAdmin, NamedPathIcon),
+}
+
+func TestManifestValidate(t *testing.T) {
+	for _, tc := range validatorTestCases {
+		func(tc *validatorTestCase) {
+			t.Run(tc.File, func(t *testing.T) {
+				data, err := ioutil.ReadFile(filepath.Join("testdata/manifests", tc.File))
+				if err != nil {
+					t.Fatalf("%+v", errors.WithStack(err))
+				}
+
+				var manifest app.Manifest
+
+				if err := yaml.Unmarshal(data, &manifest); err != nil {
+					t.Fatalf("%+v", errors.WithStack(err))
+				}
+
+				valid, err := manifest.Validate(validators...)
+
+				t.Logf("[RESULT] valid:%v, err:%v", valid, err)
+
+				if e, g := tc.ExpectValid, valid; e != g {
+					t.Errorf("valid: expected '%v', got '%v'", e, g)
+				}
+
+				if tc.ExpectError && err == nil {
+					t.Error("err should not be nil")
+				}
+
+				if !tc.ExpectError && err != nil {
+					t.Errorf("err: expected nil, got '%+v'", err)
+				}
+			})
+		}(&tc)
+	}
+}

pkg/module/app/module.go

@@ -14,11 +14,12 @@ type Module struct {
 }
 
 type gojaManifest struct {
-	ID          string   `goja:"id" json:"id"`
-	Version     string   `goja:"version" json:"version"`
-	Title       string   `goja:"title" json:"title"`
-	Description string   `goja:"description" json:"description"`
-	Tags        []string `goja:"tags" json:"tags"`
+	ID          string         `goja:"id" json:"id"`
+	Version     string         `goja:"version" json:"version"`
+	Title       string         `goja:"title" json:"title"`
+	Description string         `goja:"description" json:"description"`
+	Tags        []string       `goja:"tags" json:"tags"`
+	Metadata    map[string]any `goja:"metadata" json:"metadata"`
 }
 
 func toGojaManifest(manifest *app.Manifest) *gojaManifest {
@@ -28,6 +29,7 @@ func toGojaManifest(manifest *app.Manifest) *gojaManifest {
 		Title:       manifest.Title,
 		Description: manifest.Description,
 		Tags:        manifest.Tags,
+		Metadata:    manifest.Metadata,
 	}
 }
 

pkg/sdk/client/dist/client.js

@@ -3865,6 +3865,8 @@ var Edge = (() => {
   var import_sockjs_client = __toESM(require_entry());
   var EventTypeMessage = "message";
   var EdgeAuth = "edge-auth";
+  var EdgeAuthTokenRequest = "edge_auth_token_request";
+  var EdgeAuthTokenResponse = "edge_auth_token_reponse";
   var Client = class extends EventTarget {
     constructor(autoReconnect = true) {
       super();
@@ -3872,6 +3874,7 @@ var Edge = (() => {
       this._onConnectionClose = this._onConnectionClose.bind(this);
       this._onConnectionMessage = this._onConnectionMessage.bind(this);
       this._handleRPCResponse = this._handleRPCResponse.bind(this);
+      this._handleEdgeAuthTokenRequest = this._handleEdgeAuthTokenRequest.bind(this);
       this._rpcID = 0;
       this._pendingRPC = {};
       this._queue = [];
@@ -3884,12 +3887,22 @@ var Edge = (() => {
       this.send = this.send.bind(this);
       this.upload = this.upload.bind(this);
       this.addEventListener(EventTypeMessage, this._handleRPCResponse);
+      window.addEventListener("message", this._handleEdgeAuthTokenRequest);
     }
     connect(token = "") {
+      let getToken;
+      if (token) {
+        getToken = Promise.resolve(token);
+      } else {
+        getToken = this._retrieveToken();
+      }
+      return getToken.then((token2) => this._connect(token2));
+    }
+    disconnect() {
+      this._cleanupConnection();
+    }
+    _connect(token) {
       return new Promise((resolve, reject) => {
-        if (token == "") {
-          token = this._getAuthCookieToken();
-        }
         const url = `//${document.location.host}/edge/sock?${EdgeAuth}=${token}`;
         this._log("opening connection to", url);
         const conn = new import_sockjs_client.default(url);
@@ -3920,15 +3933,65 @@ var Edge = (() => {
         conn.addEventListener("close", onError);
       });
     }
-    disconnect() {
-      this._cleanupConnection();
+    _retrieveToken() {
+      let token = this._getAuthCookieToken();
+      if (token) {
+        return Promise.resolve(token);
+      }
+      return this._getParentFrameToken();
+      ;
     }
     _getAuthCookieToken() {
       const cookie = document.cookie.split("; ").find((row) => row.startsWith(EdgeAuth));
+      let token = "";
       if (cookie) {
-        return cookie.split("=")[1];
+        token = cookie.split("=")[1];
       }
-      return "";
+      return token;
+    }
+    _getParentFrameToken(timeout = 5e3) {
+      if (!window.parent || window.parent === window) {
+        return Promise.resolve("");
+      }
+      return new Promise((resolve, reject) => {
+        let timedOut = false;
+        const timeoutId = setTimeout(() => {
+          timedOut = true;
+          reject(new Error("Edge auth token request timed out !"));
+        }, timeout);
+        const listener = (evt) => {
+          const message2 = evt.data;
+          if (!message2 || !message2.type || !message2.data) {
+            return;
+          }
+          if (message2.type !== EdgeAuthTokenResponse) {
+            return;
+          }
+          window.removeEventListener("message", listener);
+          clearTimeout(timeoutId);
+          if (timedOut)
+            return;
+          if (!message2.data) {
+            reject("Unexpected auth token request response !");
+            return;
+          }
+          resolve(message2.data?.token || "");
+        };
+        window.addEventListener("message", listener);
+        const message = { type: EdgeAuthTokenRequest };
+        window.parent.postMessage(message, "*");
+      });
+    }
+    _handleEdgeAuthTokenRequest(evt) {
+      const message = evt.data;
+      if (!message || !message.type || message.type !== EdgeAuthTokenRequest) {
+        return;
+      }
+      if (!evt.source) {
+        return;
+      }
+      const token = this._getAuthCookieToken();
+      evt.source.postMessage({ type: EdgeAuthTokenResponse, data: { token } }, evt.origin);
     }
     _onConnectionMessage(evt) {
       const rawMessage = JSON.parse(evt.data);
@@ -4104,7 +4167,7 @@ var Edge = (() => {
       if (!target)
         return;
       this._log("sending crossframe message", message);
-      target.postMessage(message);
+      target.postMessage(message, "*");
     }
     _log(...args) {
       if (!this.debug)
@@ -4113,6 +4176,9 @@ var Edge = (() => {
     }
     _handleWindowMessage(evt) {
       const message = evt.data;
+      if (!message || !message.type || !message.data) {
+        return;
+      }
       const event = new CustomEvent(message.type, {
         cancelable: true,
         detail: message.data
@@ -4136,27 +4202,15 @@ var Edge = (() => {
     }
     _initResizeObserver() {
       const resizeObserver = new ResizeObserver(() => {
-        const body2 = document.body, html = document.documentElement;
-        const height = Math.max(
-          body2.scrollHeight,
-          body2.offsetHeight,
-          html.clientHeight,
-          html.scrollHeight,
-          html.offsetHeight
-        );
-        const width = Math.max(
-          body2.scrollWidth,
-          body2.offsetWidth,
-          html.clientWidth,
-          html.scrollWidth,
-          html.offsetWidth
-        );
+        const rect = document.documentElement.getBoundingClientRect();
+        const height = rect.height;
+        const width = rect.width;
         this.post({ type: "size_changed" /* SIZE_CHANGED */, data: { height, width } });
       });
       const body = document.body;
       if (!body)
         return;
-      resizeObserver.observe(body);
+      resizeObserver.observe(document.documentElement);
     }
   };
 

pkg/sdk/client/src/client.ts

@@ -5,6 +5,8 @@ import SockJS from 'sockjs-client';
 
 const EventTypeMessage = "message";
 const EdgeAuth = "edge-auth"
+const EdgeAuthTokenRequest = "edge_auth_token_request"
+const EdgeAuthTokenResponse = "edge_auth_token_reponse"
 
 export class Client extends EventTarget {
 
@@ -19,10 +21,11 @@ export class Client extends EventTarget {
   constructor(autoReconnect = true) {
     super();
     this._conn = null;
-    
+
     this._onConnectionClose = this._onConnectionClose.bind(this);
     this._onConnectionMessage = this._onConnectionMessage.bind(this);
     this._handleRPCResponse = this._handleRPCResponse.bind(this);
+    this._handleEdgeAuthTokenRequest = this._handleEdgeAuthTokenRequest.bind(this);
 
     this._rpcID = 0;
     this._pendingRPC = {};
@@ -30,70 +33,149 @@ export class Client extends EventTarget {
     this._reconnectionDelay = 250;
     this._autoReconnect = autoReconnect;
     this.debug = false;
-    
+
     this.connect = this.connect.bind(this);
     this.disconnect = this.disconnect.bind(this);
     this.rpc = this.rpc.bind(this);
     this.send = this.send.bind(this);
     this.upload = this.upload.bind(this);
+    
 
     this.addEventListener(EventTypeMessage, this._handleRPCResponse);
+    window.addEventListener('message', this._handleEdgeAuthTokenRequest);
   }
 
-  connect(token = "") {
-    return new Promise((resolve, reject) => {
-      if (token == "") {
-        token = this._getAuthCookieToken()
-      }
+  connect(token = ""): Promise<Client> {
+    let getToken: Promise<string>
 
-      const url = `//${document.location.host}/edge/sock?${EdgeAuth}=${token}`;
-      this._log("opening connection to", url);
-      const conn: any = new SockJS(url);
+    if (token) {
+      getToken = Promise.resolve(token)
+    } else {
+      getToken = this._retrieveToken()
+    }
 
-      const onOpen = () => {
-        this._log('client connected');
-        resetHandlers();
-        conn.onclose = this._onConnectionClose;
-        conn.onmessage = this._onConnectionMessage;
-        this._conn = conn;
-        this._sendQueued();
-        setTimeout(() => {
-          this._dispatchConnect();
-        }, 0);
-        return resolve(this);
-      };
-
-      const onError = (evt) => {
-        resetHandlers();
-        this._scheduleReconnection();
-        return reject(evt);
-      };
-
-      const resetHandlers = () => {
-        conn.removeEventListener('open', onOpen);
-        conn.removeEventListener('close', onError);
-        conn.removeEventListener('error', onError);
-      };
-      
-      conn.addEventListener('open', onOpen);
-      conn.addEventListener('error', onError);
-      conn.addEventListener('close', onError);
-    });
+    return getToken.then(token => this._connect(token))
   }
 
   disconnect() {
     this._cleanupConnection();
   }
 
-  _getAuthCookieToken() {
-    const cookie = document.cookie.split("; ")
-      .find((row) => row.startsWith(EdgeAuth));
-    
-    if (cookie) {
-      return cookie.split("=")[1];
+  _connect(token: string): Promise<Client> {
+    return new Promise((resolve, reject) => {
+      const url = `//${document.location.host}/edge/sock?${EdgeAuth}=${token}`;
+        this._log("opening connection to", url);
+        const conn: any = new SockJS(url);
+
+        const onOpen = () => {
+          this._log('client connected');
+          resetHandlers();
+          conn.onclose = this._onConnectionClose;
+          conn.onmessage = this._onConnectionMessage;
+          this._conn = conn;
+          this._sendQueued();
+          setTimeout(() => {
+            this._dispatchConnect();
+          }, 0);
+          return resolve(this);
+        };
+
+        const onError = (evt) => {
+          resetHandlers();
+          this._scheduleReconnection();
+          return reject(evt);
+        };
+
+        const resetHandlers = () => {
+          conn.removeEventListener('open', onOpen);
+          conn.removeEventListener('close', onError);
+          conn.removeEventListener('error', onError);
+        };
+
+        conn.addEventListener('open', onOpen);
+        conn.addEventListener('error', onError);
+        conn.addEventListener('close', onError);
+    })
+  }
+
+  _retrieveToken(): Promise<string> {
+    let token = this._getAuthCookieToken();
+    if (token) {
+      return Promise.resolve(token);
     }
 
-    return "";
+    return this._getParentFrameToken();;
+  }
+
+  _getAuthCookieToken(): string {
+    const cookie = document.cookie.split("; ")
+      .find((row) => row.startsWith(EdgeAuth));
+
+    let token = "";
+
+    if (cookie) {
+      token = cookie.split("=")[1];
+    }
+
+    return token;
+  }
+
+  _getParentFrameToken(timeout = 5000): Promise<string> {
+    if (!window.parent || window.parent === window) {
+      return Promise.resolve("");
+    }
+
+    return new Promise((resolve, reject) => {
+      let timedOut = false;
+      const timeoutId = setTimeout(() => {
+        timedOut = true;
+        reject(new Error("Edge auth token request timed out !"));
+      }, timeout);
+
+      const listener = (evt) => {
+        const message = evt.data;
+
+        if (!message || !message.type || !message.data) {
+          return
+        }
+
+        if (message.type !== EdgeAuthTokenResponse) {
+          return;
+        }
+
+        window.removeEventListener('message', listener);
+        clearTimeout(timeoutId);
+
+        if (timedOut) return;
+
+        if (!message.data) {
+          reject("Unexpected auth token request response !");
+          return;
+        }
+
+        resolve(message.data?.token || "");
+      }
+
+      window.addEventListener('message', listener);
+      
+      const message = { type: EdgeAuthTokenRequest };
+      window.parent.postMessage(message, '*');
+    })
+  }
+
+  _handleEdgeAuthTokenRequest(evt: MessageEvent) {
+    const message = evt.data;
+    if (!message || !message.type || message.type !== EdgeAuthTokenRequest) {
+      return;
+    }
+
+    if (!evt.source) {
+      return;
+    }
+
+    const token = this._getAuthCookieToken();
+    // @ts-ignore
+    evt.source.postMessage({ type: EdgeAuthTokenResponse, data: { token }}, evt.origin);
   }
 
   _onConnectionMessage(evt) {
@@ -108,7 +190,7 @@ export class Client extends EventTarget {
 
   _handleRPCResponse(evt) {
     const { jsonrpc, id, error, result } = evt.detail;
-    
+
     if (jsonrpc !== '2.0' || id === undefined) return;
     if (!evt.detail.hasOwnProperty("error") && !evt.detail.hasOwnProperty("result")) return;
 
@@ -216,20 +298,20 @@ export class Client extends EventTarget {
     return this._conn !== null;
   }
 
-  upload(blob: string|Blob, metadata: any) {
+  upload(blob: string | Blob, metadata: any) {
     return new Promise((resolve, reject) => {
       const formData = new FormData();
       formData.set("file", blob);
-      
+
       if (metadata) {
         try {
           formData.set("metadata", JSON.stringify(metadata));
-        } catch(err) {
+        } catch (err) {
           return reject(err);
         }
       }
       const xhr = new XMLHttpRequest();
-        
+
       const result = {
         onProgress: null,
         abort: () => xhr.abort(),
@@ -239,7 +321,7 @@ export class Client extends EventTarget {
               let data;
               try {
                 data = JSON.parse(xhr.responseText);
-              } catch(err) {
+              } catch (err) {
                 reject(err);
                 return;
               }

pkg/sdk/client/src/crossframe-messenger.ts

@@ -27,7 +27,7 @@ export class CrossFrameMessenger extends EventTarget {
     post(message: CrossFrameMessage, target: Window = window.parent) {
         if (!target) return;
         this._log("sending crossframe message", message);
-        target.postMessage(message)
+        target.postMessage(message, '*');
     }
 
     _log(...args) {
@@ -37,6 +37,10 @@ export class CrossFrameMessenger extends EventTarget {
 
     _handleWindowMessage(evt: MessageEvent) {
         const message = evt.data;
+        if (!message || !message.type || !message.data) {
+            return;
+        }
+        
         const event = new CustomEvent(message.type, {
             cancelable: true,
             detail: message.data
@@ -67,14 +71,9 @@ export class CrossFrameMessenger extends EventTarget {
 
     _initResizeObserver() {
         const resizeObserver = new ResizeObserver(() => {
-            const body = document.body,
-                html = document.documentElement;
-
-            const height = Math.max( body.scrollHeight, body.offsetHeight, 
-                html.clientHeight, html.scrollHeight, html.offsetHeight );
-            
-            const width = Math.max( body.scrollWidth, body.offsetWidth, 
-                html.clientWidth, html.scrollWidth, html.offsetWidth );
+            const rect = document.documentElement.getBoundingClientRect();
+            const height = rect.height;
+            const width = rect.width;
 
             this.post({ type: CrossFrameMessageType.SIZE_CHANGED, data: { height, width }});
         });
@@ -83,6 +82,6 @@ export class CrossFrameMessenger extends EventTarget {
 
         if (!body) return;
 
-        resizeObserver.observe(body);
+        resizeObserver.observe(document.documentElement);
     }
 }

pkg/storage/sqlite/sql.go

@@ -25,7 +25,7 @@ func Open(path string) (*sql.DB, error) {
 func withTx(ctx context.Context, db *sql.DB, fn func(tx *sql.Tx) error) error {
 	var tx *sql.Tx
 
-	tx, err := db.Begin()
+	tx, err := db.BeginTx(ctx, nil)
 	if err != nil {
 		return errors.WithStack(err)
 	}