eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(widgets): PRO interactive widgets via iframe srcdoc (#1771)

Browse Source 
* feat(widgets): add PRO interactive widgets via iframe srcdoc

Introduces a PRO tier for AI-generated widgets that supports full JS
execution (Chart.js, sortable tables, animated counters) via sandboxed
iframes — no Docker, no build step required.

Key design decisions:
- Server returns <body> + inline <script> only; client builds the full
  <!DOCTYPE html> skeleton with CSP guaranteed as the first <head> child
  so the AI can never inject or bypass the security policy
- sandbox="allow-scripts" only — no allow-same-origin, no allow-forms
- PRO HTML stored in separate wm-pro-html-{id} localStorage key to
  isolate 80KB quota pressure from the main widget metadata array
- Raw localStorage.setItem() for PRO writes with HTML-first write order
  and metadata rollback on failure (bypasses saveToStorage which swallows
  QuotaExceededError)
- Separate PRO_WIDGET_KEY env var + x-pro-key header gate on Railway
- Separate rate limit bucket (20/hr PRO vs 10/hr basic)
- Claude Sonnet 4.6 (8192 tokens, 10 turns, 120s) for PRO vs Haiku for
  basic; health endpoint exposes proKeyConfigured for modal preflight

* feat(pro): gate finance panels and widget buttons behind wm-pro-key

The PRO localStorage key now unlocks the three previously desktop-only
finance panels (stock-analysis, stock-backtest, daily-market-brief) on
the web variant, giving PRO users access without needing WORLDMONITOR_API_KEY.

Button visibility is now cleanly separated by key:
- wm-widget-key only → basic "Create with AI" button
- wm-pro-key only    → PRO "Create Interactive" button only
- both keys          → both buttons
- no key             → neither button

Widget boot loader also accepts either key so PRO-only users see their
saved interactive widgets on page load.

* fix(widgets): inject Chart.js CDN into PRO iframe shell so new Chart() is defined
This commit is contained in:
Elie Habib
2026-03-17 18:10:10 +04:00
committed by GitHub
parent 76fe050b01
commit 6d8109a85b
10 changed files with 1056 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/styles/main.css
View File

@@ -19312,6 +19312,31 @@ body.has-breaking-alert .panels-grid {
min-height: auto;
}
.wm-widget-pro iframe {
width: 100%;
height: 400px;
border: none;
display: block;
}
.widget-pro-badge {
display: inline-block;
font-size: 10px;
font-weight: 700;
line-height: 1;
padding: 2px 6px;
border-radius: 4px;
background: #f5a623;
color: #000;
vertical-align: middle;
margin-left: 6px;
letter-spacing: 0.03em;
}
.ai-widget-block-pro {
position: relative;
}
/* ─── Widget Chat Modal ─────────────────────────────────────────────────────── */
.widget-chat-modal {