refactor(front-injection): stabilize run_once flow and explicit web-service loading

- sys-front-inj-all: load web-svc-cdn and web-svc-logout once; reinitialize inj_enabled after services; move run_once block to top; reorder injections. - sys-front-inj-css: move run_once call into 01_core; fix app_style_present default; simplify main. - sys-front-inj-desktop/js/matomo: deactivate per-role run_once blocks; keep utils/run_once where appropriate. - sys-front-inj-logout: switch to files/logout.js + copy; update head_sub mtime lookup; mark set_fact tasks unchanged. - sys-svc-cdn: inline former 01_core tasks into main; ensure shared/vendor dirs and set run_once in guarded block; remove 01_core.yml. Rationale: prevent cascading 'false_condition: run_once_sys_svc_cdn is not defined' skips by setting run-once facts only after the necessary tasks and avoiding parent-scope guards; improves determinism and handler flushing. Conversation: https://chatgpt.com/share/68ecfaa5-94a0-800f-b1b6-2b969074651f
2025-11-06 13:17:58 +00:00 · 2025-10-13 15:12:23 +02:00
parent 087175a3c7
commit c835ca8f2c
14 changed files with 60 additions and 82 deletions
--- a/roles/sys-front-inj-logout/files/logout.js
+++ b/roles/sys-front-inj-logout/files/logout.js
@@ -0,0 +1,127 @@
+/* logoutPatch.js */
+(function(global) {
+  /**
+   * Initialize the logout patch script.
+   * @param {string} logoutUrlBase - Base logout URL (e.g., from your OIDC client).
+   * @param {string} webProtocol - Protocol to use (e.g., "https").
+   * @param {string} primaryDomain - Primary domain (e.g., "example.com").
+   */
+  function initLogoutPatch(logoutUrlBase, webProtocol, primaryDomain) {
+    const redirectUri = encodeURIComponent(webProtocol + '://' + primaryDomain);
+    const logoutUrl = logoutUrlBase + '?redirect_uri=' + redirectUri;
+
+    function matchesLogout(str) {
+      return str && /(?:^|\W)log\s*out(?:\W|$)|logout/i.test(str);
+    }
+
+    /**
+    * Returns true if any attribute name or value on the given element
+    * contains the substring "logout" (case-insensitive).
+    *
+    * @param {Element} element – The DOM element to inspect.
+    * @returns {boolean} – True if "logout" appears in any attribute name or value.
+    */
+    function containsLogoutAttribute(element) {
+      for (const attribute of element.attributes) {
+        if (/logout/i.test(attribute.name) || /logout/i.test(attribute.value)) {
+          return true;
+        }
+      }
+      return false;
+    }
+
+    function matchesTechnicalIndicators(el) {
+      const title = el.getAttribute('title');
+      const ariaLabel = el.getAttribute('aria-label');
+      const onclick = el.getAttribute('onclick');
+
+      if (matchesLogout(title) || matchesLogout(ariaLabel) || matchesLogout(onclick)) return true;
+
+      for (const attr of el.attributes) {
+        if (attr.name.startsWith('data-') && matchesLogout(attr.name + attr.value)) return true;
+      }
+
+      if (typeof el.onclick === 'function' && matchesLogout(el.onclick.toString())) return true;
+
+      if (el.tagName.toLowerCase() === 'use') {
+        const href = el.getAttribute('xlink:href') || el.getAttribute('href');
+        if (matchesLogout(href)) return true;
+      }
+      return false;
+    }
+
+    /**
+    * Apply logout redirect behavior to a matching element:
+    * – Installs a capturing click‐handler to force navigation to logoutUrl
+    * – Always sets href/formaction/action to logoutUrl
+    * – Marks the element as patched to avoid double‐binding
+    *
+    * @param {Element} el – The element to override (e.g. <a>, <button>, <form>, <input>)
+    * @param {string} logoutUrl – The full logout URL including redirect params
+    */
+    function overrideLogout(el, logoutUrl) {
+      // avoid patching the same element twice
+      if (el.dataset._logoutHandled) return;
+      el.dataset._logoutHandled = "true";
+
+      // show pointer cursor
+      el.style.cursor = 'pointer';
+
+      // capture‐phase listener so it fires before any framework handlers
+      el.addEventListener('click', function(e) {
+        e.preventDefault();
+        window.location.href = logoutUrl;
+      }, { capture: true });
+
+      const tag = el.tagName.toLowerCase();
+
+      // always set the link target on <a>
+      if (tag === 'a') {
+        el.setAttribute('href', logoutUrl);
+      }
+      // always set the formaction on <button> or <input>
+      else if ((tag === 'button' || tag === 'input') && el.hasAttribute('formaction')) {
+        el.setAttribute('formaction', logoutUrl);
+      }
+      // always set the form action on <form>
+      else if (tag === 'form') {
+        el.setAttribute('action', logoutUrl);
+      }
+    }
+
+    function scanAndPatch(elements) {
+      elements.forEach(el => {
+        const tagName = el.tagName.toLowerCase();
+        const isPotential = ['a','button','input','form','use'].includes(tagName);
+        if (!isPotential) return;
+        if (
+          matchesLogout(el.getAttribute('name')) ||
+          matchesLogout(el.id) ||
+          matchesLogout(el.className) ||
+          matchesLogout(el.innerText) ||
+          containsLogoutAttribute(el) ||
+          matchesTechnicalIndicators(el)
+        ) {
+          overrideLogout(el, logoutUrl);
+        }
+      });
+    }
+
+    // Initial scan
+    scanAndPatch(Array.from(document.querySelectorAll('*')));
+
+    // Watch for dynamic content
+    const observer = new MutationObserver(mutations => {
+      mutations.forEach(mutation => {
+        mutation.addedNodes.forEach(node => {
+          if (!(node instanceof Element)) return;
+          scanAndPatch([node, ...node.querySelectorAll('*')]);
+        });
+      });
+    });
+    observer.observe(document.body, { childList: true, subtree: true });
+  }
+
+  // Expose to global scope
+  global.initLogoutPatch = initLogoutPatch;
+})(window);