// cdrop service worker — makes the web app installable and caches hashed static // assets for faster repeat loads. // // Deliberately minimal. It does NOT intercept: // - /api/* — SSE (/api/hub/events), clipboard, signaling, relay need a // live, unbuffered connection; and the OAuth exchange/refresh // must not be cached. // - navigations — page loads / OAuth redirects go straight to the network. // (A SW that mediates navigations was stalling the Casdoor → // app redirect for ~2 min in Safari; cdrop is useless offline // anyway, so there's nothing to gain by caching the shell.) // - cross-origin — fonts / CDN are left to the browser. // // What's left: hashed JS/CSS/image assets, served stale-while-revalidate. const CACHE = "cdrop-assets-v2"; self.addEventListener("install", (event) => { // No precache — assets are cached lazily on first fetch. Activate immediately. event.waitUntil(self.skipWaiting()); }); self.addEventListener("activate", (event) => { event.waitUntil( caches.keys() .then((keys) => Promise.all(keys.filter((k) => k !== CACHE).map((k) => caches.delete(k)))) .then(() => self.clients.claim()), ); }); self.addEventListener("fetch", (event) => { const req = event.request; if (req.method !== "GET") { return; } if (req.mode === "navigate") { return; } // page loads / OAuth redirects → network const url = new URL(req.url); if (url.origin !== self.location.origin) { return; } // cross-origin (fonts/CDN) → browser default if (url.pathname.startsWith("/api/")) { return; } // live backend → never intercept // Static assets (Vite emits content-hashed, immutable files): serve cache // immediately, refresh in the background. event.respondWith( caches.match(req).then((cached) => { const network = fetch(req) .then((resp) => { if (resp && resp.status === 200 && resp.type === "basic") { const copy = resp.clone(); caches.open(CACHE).then((c) => c.put(req, copy)).catch(() => {}); } return resp; }) .catch(() => cached); return cached || network; }), ); }); // ---- Web Push -------------------------------------------------------------- // Fires only when this device's page is closed (an open page got the event over // SSE and showed an in-app toast instead). The payload is the JSON the server's // push.Sender already localized: { type, title, body, tag, url }. The SW just // displays it — no /api access, no app logic. self.addEventListener("push", (event) => { let data = {}; try { data = event.data ? event.data.json() : {}; } catch (_e) { data = {}; } const title = data.title || "cdrop"; const options = { body: data.body || "", tag: data.tag || undefined, // same tag replaces a stale notification in place icon: "/icon-192.png", badge: "/icon-192.png", data: { url: data.url || "/" }, }; event.waitUntil(self.registration.showNotification(title, options)); }); // Clicking a notification focuses an existing window if one is open, else opens // the app at the notification's target URL. self.addEventListener("notificationclick", (event) => { event.notification.close(); const target = (event.notification.data && event.notification.data.url) || "/"; event.waitUntil( self.clients.matchAll({ type: "window", includeUncontrolled: true }).then((clients) => { for (const c of clients) { if ("focus" in c) { return c.focus(); } } return self.clients.openWindow ? self.clients.openWindow(target) : undefined; }), ); });