Renamed cymais to infinito and did some other optimations and logout implementations

roles/srv-web-7-7-inj-logout/meta/main.yml

@@ -5,7 +5,7 @@ galaxy_info:
   description: >
     Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions
     (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.
-  license: "CyMaIS NonCommercial License (CNCL)"
+  license: "Infinito.Nexus NonCommercial License (CNCL)"
   license_url: "https://s.veen.world/cncl"
   min_ansible_version: "2.9"
   platforms:
@@ -22,8 +22,8 @@ galaxy_info:
     Kevin Veen‑Birkenbach  
     Consulting & Coaching Solutions  
     https://www.veen.world
-  repository: "https://github.com/kevinveenbirkenbach/cymais"
-  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
-  documentation: "https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/srv-web-7-7-inj-logout"
+  repository: "https://github.com/kevinveenbirkenbach/infinito-nexus"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/tree/main/roles/srv-web-7-7-inj-logout"
 dependencies:
   - srv-web-7-4-core

roles/srv-web-7-7-inj-logout/tasks/deploy.yml

@@ -0,0 +1,16 @@
+- name: Deploy logout.js
+  template:
+    src: logout.js.j2
+    dest: "{{ inj_logout_js_destination }}"
+    owner: "{{ nginx.user }}"
+    group: "{{ nginx.user }}"
+    mode: '0644'
+
+- name: Get stat for logout.js
+  stat:
+    path: "{{ inj_logout_js_destination }}"
+  register: inj_logout_js_stat
+
+- name: Set inj_logout_js_version
+  set_fact:
+    inj_logout_js_version: "{{ inj_logout_js_stat.stat.mtime }}"

roles/srv-web-7-7-inj-logout/tasks/main.yml

@@ -1,7 +1,10 @@
-# run_once_srv_web_7_7_inj_logout: deactivated
+- name: "deploy the logout.js"
+  include_tasks: "deploy.yml"
+  when: run_once_srv_web_7_7_inj_logout is not defined
+
 - name: "Load logout code for '{{ application_id }}'"
   set_fact:
-    logout_code: "{{ lookup('template', 'logout.js.j2') }}"
+    logout_code: "{{ lookup('template', 'logout_one_liner.js.j2') }}"
 
 - name: "Collapse logout code into one-liner for '{{application_id}}'"
   set_fact:
@@ -11,3 +14,8 @@
   set_fact:
     applications: "{{ applications | append_csp_hash(application_id, logout_code_one_liner) }}"
   changed_when: false
+
+- name: mark js as deployed
+  set_fact:
+    run_once_srv_web_7_7_inj_logout: true
+  when: run_once_srv_web_7_7_inj_logout is not defined

roles/srv-web-7-7-inj-logout/templates/body_sub.j2

@@ -0,0 +1 @@
+<script>{{ logout_code_one_liner }}</script>

roles/srv-web-7-7-inj-logout/templates/head_sub.j2

@@ -1 +1 @@
-<script>{{ logout_code_one_liner }}</script>
+<script src="{{ domains | get_url('web-svc-cdn', web_protocol) }}/logout.js?{{ inj_logout_js_version }}"></script>

roles/srv-web-7-7-inj-logout/templates/logout.js.j2

@@ -1,101 +1,102 @@
-(function () {
-  const logoutUrlBase = '{{ oidc.client.logout_url }}';
-  const redirectUri = encodeURIComponent('{{ web_protocol }}://{{ primary_domain }}');
-  const logoutUrl = logoutUrlBase + '?redirect_uri=' + redirectUri;
+/* logoutPatch.js */
+(function(global) {
+  /**
+   * Initialize the logout patch script.
+   * @param {string} logoutUrlBase - Base logout URL (e.g., from your OIDC client).
+   * @param {string} webProtocol - Protocol to use (e.g., "https").
+   * @param {string} primaryDomain - Primary domain (e.g., "example.com").
+   */
+  function initLogoutPatch(logoutUrlBase, webProtocol, primaryDomain) {
+    const redirectUri = encodeURIComponent(webProtocol + '://' + primaryDomain);
+    const logoutUrl = logoutUrlBase + '?redirect_uri=' + redirectUri;
 
-  function matchesLogout(str) {
-    return str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
-  }
+    function matchesLogout(str) {
+      return str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
+    }
 
-  function hasLogoutAttribute(el) {
-    for (const attr of el.attributes) {
-      if (/logout/i.test(attr.name) || /\/logout/i.test(attr.value)) {
-        return true;
+    function hasLogoutAttribute(el) {
+      for (const attr of el.attributes) {
+        if (/logout/i.test(attr.name) || /\/logout/i.test(attr.value)) {
+          return true;
+        }
+      }
+      return false;
+    }
+
+    function matchesTechnicalIndicators(el) {
+      const title = el.getAttribute('title');
+      const ariaLabel = el.getAttribute('aria-label');
+      const onclick = el.getAttribute('onclick');
+
+      if (matchesLogout(title) || matchesLogout(ariaLabel) || matchesLogout(onclick)) return true;
+
+      for (const attr of el.attributes) {
+        if (attr.name.startsWith('data-') && matchesLogout(attr.name + attr.value)) return true;
+      }
+
+      if (typeof el.onclick === 'function' && matchesLogout(el.onclick.toString())) return true;
+
+      if (el.tagName.toLowerCase() === 'use') {
+        const href = el.getAttribute('xlink:href') || el.getAttribute('href');
+        if (matchesLogout(href)) return true;
+      }
+      return false;
+    }
+
+    function overrideLogout(el) {
+      if (el.dataset._logoutHandled) return;
+      el.dataset._logoutHandled = "true";
+      el.style.cursor = 'pointer';
+      el.addEventListener('click', function(event) {
+        event.preventDefault();
+        window.location.href = logoutUrl;
+      });
+
+      const tagName = el.tagName.toLowerCase();
+      if (tagName === 'a' && el.hasAttribute('href') && /\/logout/i.test(el.getAttribute('href'))) {
+        el.setAttribute('href', logoutUrl);
+      }
+      if ((tagName === 'button' || tagName === 'input') && el.hasAttribute('formaction') && /\/logout/i.test(el.getAttribute('formaction'))) {
+        el.setAttribute('formaction', logoutUrl);
+      }
+      if (tagName === 'form' && el.hasAttribute('action') && /\/logout/i.test(el.getAttribute('action'))) {
+        el.setAttribute('action', logoutUrl);
       }
     }
-    return false;
-  }
 
-  function matchesTechnicalIndicators(el) {
-    const title = el.getAttribute('title');
-    const ariaLabel = el.getAttribute('aria-label');
-    const onclick = el.getAttribute('onclick');
-
-    if (matchesLogout(title) || matchesLogout(ariaLabel) || matchesLogout(onclick)) return true;
-
-    for (const attr of el.attributes) {
-      if (attr.name.startsWith('data-') && matchesLogout(attr.name + attr.value)) return true;
-    }
-
-    if (typeof el.onclick === 'function' && matchesLogout(el.onclick.toString())) return true;
-
-    if (el.tagName.toLowerCase() === 'use') {
-      const href = el.getAttribute('xlink:href') || el.getAttribute('href');
-      if (matchesLogout(href)) return true;
-    }
-
-    return false;
-  }
-
-  function overrideLogout(el) {
-    if (el.dataset._logoutHandled) return; // Prevent duplicate handling
-    el.dataset._logoutHandled = "true";
-
-    el.style.cursor = 'pointer';
-    el.addEventListener('click', function (event) {
-      event.preventDefault();
-      window.location.href = logoutUrl;
-    });
-
-    const tagName = el.tagName.toLowerCase();
-
-    if (tagName === 'a' && el.hasAttribute('href') && /\/logout/i.test(el.getAttribute('href'))) {
-      el.setAttribute('href', logoutUrl);
-    }
-
-    if ((tagName === 'button' || tagName === 'input') &&
-        el.hasAttribute('formaction') && /\/logout/i.test(el.getAttribute('formaction'))) {
-      el.setAttribute('formaction', logoutUrl);
-    }
-
-    if (tagName === 'form' && el.hasAttribute('action') && /\/logout/i.test(el.getAttribute('action'))) {
-      el.setAttribute('action', logoutUrl);
-    }
-  }
-
-  function scanAndPatch(elements) {
-    elements.forEach(el => {
-      const tagName = el.tagName.toLowerCase();
-      const isPotentialLogoutElement = ['a', 'button', 'input', 'form', 'use'].includes(tagName);
-
-      if (
-        isPotentialLogoutElement && (
+    function scanAndPatch(elements) {
+      elements.forEach(el => {
+        const tagName = el.tagName.toLowerCase();
+        const isPotential = ['a','button','input','form','use'].includes(tagName);
+        if (!isPotential) return;
+        if (
           matchesLogout(el.getAttribute('name')) ||
           matchesLogout(el.id) ||
           matchesLogout(el.className) ||
           matchesLogout(el.innerText) ||
           hasLogoutAttribute(el) ||
           matchesTechnicalIndicators(el)
-        )
-      ) {
-        overrideLogout(el);
-      }
-    });
-  }
+        ) {
+          overrideLogout(el);
+        }
+      });
+    }
 
-  // Initial scan
-  scanAndPatch(document.querySelectorAll('*'));
-{#
-  // MutationObserver for dynamic content
-  const observer = new MutationObserver(mutations => {
-    mutations.forEach(mutation => {
-      mutation.addedNodes.forEach(node => {
-        if (!(node instanceof Element)) return;
-        scanAndPatch([node, ...node.querySelectorAll('*')]);
+    // Initial scan
+    scanAndPatch(Array.from(document.querySelectorAll('*')));
+
+    // Watch for dynamic content
+    const observer = new MutationObserver(mutations => {
+      mutations.forEach(mutation => {
+        mutation.addedNodes.forEach(node => {
+          if (!(node instanceof Element)) return;
+          scanAndPatch([node, ...node.querySelectorAll('*')]);
+        });
       });
     });
-  });
+    observer.observe(document.body, { childList: true, subtree: true });
+  }
 
-  observer.observe(document.body, { childList: true, subtree: true });
-#}
-})();
+  // Expose to global scope
+  global.initLogoutPatch = initLogoutPatch;
+})(window);

roles/srv-web-7-7-inj-logout/templates/logout_one_liner.js.j2

@@ -0,0 +1,5 @@
+initLogoutPatch(
+    '{{ oidc.client.logout_url }}',
+    '{{ web_protocol }}',
+    '{{ primary_domain }}'
+);

roles/srv-web-7-7-inj-logout/vars/main.yml

@@ -0,0 +1,2 @@
+inj_logout_file_name:       "logout.js"
+inj_logout_js_destination:  "{{ [ nginx.directories.data.cdn, inj_logout_file_name ] | path_join }}"