AA-9932 Handle legacy.livechat.com and legacy.lc:3001 domains as allo…

…wed origins (#22)

* [Chore] Add legacy Agent App domains handling together with testing. Add jest configuration.
* [Fix] Revert unwanted changes to package-lock.json.
* [Chore] Bump package version.

babel.config.js

@@ -0,0 +1,11 @@
+/**
+ * Dedicated only to `jest` as it cannot read a `rollup` babel configuration dedicated for build process.
+ * @see https://jestjs.io/docs/en/getting-started#using-typescript
+ * @see https://stackoverflow.com/questions/45327218/how-do-i-get-jest-to-run-tests-against-a-rollupbabel-build
+ */
+module.exports = {
+  presets: [
+    ['@babel/preset-env', { targets: { node: 'current' } }],
+    '@babel/preset-typescript'
+  ]
+};

jest.config.js

@@ -0,0 +1,9 @@
+/**
+ * For a detailed explanation regarding each configuration property, visit:
+ * @see https://jestjs.io/docs/en/configuration.html
+ */
+module.exports = {
+  roots: ['<rootDir>/src'],
+  testRegex: '(/__tests__/.*|(\\.|/)(test|spec))\\.tsx?$',
+  moduleFileExtensions: ['ts', 'js']
+};

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@livechat/agent-app-sdk",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "SDK for extending LiveChat's Agent App",
   "license": "MIT",
   "repository": {
@@ -22,7 +22,10 @@
   "scripts": {
     "build": "rollup -c",
     "prebuild": "rimraf dist && rimraf types",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run test:ci && npm run build",
+    "test": "jest",
+    "test:ci": "jest --ci",
+    "test:watch": "jest --watch"
   },
   "dependencies": {
     "@babel/runtime": "^7.2.0",
@@ -34,8 +37,11 @@
     "@babel/core": "^7.1.5",
     "@babel/plugin-transform-runtime": "^7.2.0",
     "@babel/preset-env": "^7.1.5",
+    "@babel/preset-typescript": "^7.10.4",
+    "@types/jest": "^26.0.10",
     "core-js": "^3.0.1",
     "husky": "^2.1.0",
+    "jest": "^26.4.1",
     "lint-staged": "^8.1.5",
     "prettier": "^1.17.0",
     "regenerator-runtime": "^0.13.2",

src/widgets/connection/driver.ts

@@ -5,19 +5,15 @@ import {
   IInboxMessage,
   IOutboxMessage
 } from './interfaces';
-
-const ORIGIN_LIST = {
-  'http://my.lc:3000': true,
-  'https://my.labs.livechatinc.com': true,
-  'https://my.staging.livechatinc.com': true,
-  'https://my.livechatinc.com': true
-};
+import { getIsEventOriginAllowed } from './helpers';
 
 export function Plain(): IConnectionDriver {
   let currentListener: ConnectionListener = (_: IInboxMessage) => {};
 
   function handleEvent(event) {
-    if (ORIGIN_LIST[event.origin] === true) {
+    const isEventOrignAllowed = getIsEventOriginAllowed(event.origin);
+
+    if (isEventOrignAllowed) {
       currentListener(event.data);
     }
   }

src/widgets/connection/helpers.spec.ts

@@ -0,0 +1,35 @@
+import { getIsEventOriginAllowed } from './helpers';
+
+describe('getIsEventOriginAllowed', () => {
+  it('returns true for valid domains', () => {
+    expect(getIsEventOriginAllowed('https://my.lc:3000/chats')).toBe(true);
+    expect(getIsEventOriginAllowed('https://legacy.lc:3001/archives')).toBe(
+      true
+    );
+    expect(
+      getIsEventOriginAllowed('https://my.labs.livechatinc.com/agents')
+    ).toBe(true);
+    expect(
+      getIsEventOriginAllowed('https://my.staging.livechatinc.com/customers')
+    ).toBe(true);
+    expect(
+      getIsEventOriginAllowed('https://my.staging.livechatinc.com/customers')
+    ).toBe(true);
+    expect(getIsEventOriginAllowed('https://my.livechat.com/')).toBe(true);
+  });
+
+  it('returns false for invalid domains', () => {
+    expect(getIsEventOriginAllowed('https://localhost:3000/chats')).toBe(false);
+    expect(getIsEventOriginAllowed('https://my.lp:3000/archives')).toBe(false);
+    expect(getIsEventOriginAllowed('https://fakelivechat.com/customers')).toBe(
+      false
+    );
+    expect(getIsEventOriginAllowed('https://google.com')).toBe(false);
+  });
+
+  it('returns false for invalid URL', () => {
+    expect(getIsEventOriginAllowed('')).toBe(false);
+    expect(getIsEventOriginAllowed(null)).toBe(false);
+    expect(getIsEventOriginAllowed('Its not a valid URL')).toBe(false);
+  });
+});

src/widgets/connection/helpers.ts

@@ -0,0 +1,37 @@
+/**
+ * Domain allowed to communicate via iframe with Agent App SDK.
+ */
+const ALLOWED_DOMAINS = [
+  'livechatinc.com',
+  'livechat.com',
+  'my.lc:3000',
+  'legacy.lc:3001'
+];
+
+/**
+ * Returns `true`, if origin is allowed to communicate with Agent App SDK.
+ * @param {string} origin Origin of `message` event targetting Agent App SDK.
+ * @
+ */
+export function getIsEventOriginAllowed(origin: string): boolean {
+  if (!origin) {
+    return false;
+  }
+
+  try {
+    const originURL = new URL(origin);
+    const originDomain = originURL.hostname;
+    const splitted = originDomain.split('.');
+    const domainOnly = splitted.slice(splitted.length - 2).join('.');
+
+    // As .lc domain is registerable we restrict our development environment
+    // based on port usage.
+    const toBeVerified = originURL.port
+      ? `${domainOnly}:${originURL.port}`
+      : domainOnly;
+
+    return ALLOWED_DOMAINS.includes(toBeVerified);
+  } catch {
+    return false;
+  }
+}