Convert the bundled backend/internal/plugins/calcomblock package into a standalone reactor-mode wasm plugin, dropping every git.dev.alexdunmow.com/block/cms import (forbidden in standalone plugins): - package calcomblock -> package main; add wasip1 main.go with wasmguest.Serve(Registration). go.mod module git.dev.alexdunmow.com/block/calcomblock, block/core v0.18.2, no replace directives. - Settings persistence: replace the pool-backed poolQuerier (direct SQL against the public-schema `settings` table, which a sandboxed plugin role cannot read) with capabilityQuerier over the SDK settings.Settings / settings.Updater capabilities. GetSiteTimezone now resolves via GetSiteSettings host-side. - Vendor the small CMS-internal helpers the plugin used into internal/helpers (GetRealIP, StartCleanupLoop, MaskSecret, GetStringOr, the PluginSettingsQuerier settings helpers, PluginCrypto for tests) and internal/db (minimal Setting / UpsertSettingParams), each with a provenance header. - Inline the captcha widget: vendor blocks.CaptchaWidget as a local CaptchaWidget templ (captcha_widget.templ) and regenerate templ; drop the block/cms/blocks import from booking.templ. - blockConfig (server-authoritative captcha requirement via a page_block_snapshots scan) has no wasm-ABI capability, so it is left nil: honeypot + per-IP rate limit still apply. Documented as a follow-up. - web: @block-ninja/ui workspace:* -> ^0.1.0 registry version; eslint.config.js repointed at ../../../cms/web/eslint.config.js; rebuild web/dist. - Rewrite CLAUDE.md for the standalone wasm reality; add .gitignore. Full test suite preserved and passing; builds to calcomblock-2.0.0.bnp; check-safety passes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
37 lines
1.4 KiB
Plaintext
37 lines
1.4 KiB
Plaintext
package main
|
|
|
|
// CaptchaWidget renders the self-hosted Cap (trycap.dev) proof-of-work widget.
|
|
// When placed inside a <form>, the widget injects a hidden `cap-token` field on
|
|
// solve, which the form handler verifies against the instance's redeem endpoint.
|
|
//
|
|
// Vendored from the CMS built-in blocks.CaptchaWidget (cms/backend/blocks/
|
|
// captcha_widget.templ): a standalone wasm plugin cannot import the CMS-internal
|
|
// blocks package, but the widget markup is fully static (served from this
|
|
// instance's own origin), so it is reproduced here verbatim. Re-copy if the
|
|
// upstream widget changes.
|
|
templ CaptchaWidget() {
|
|
<script>
|
|
window.CAP_CUSTOM_WASM_URL = "/assets/captcha/cap_wasm_bg.wasm";
|
|
window.CAP_PAKO_URL = "/assets/captcha/pako_inflate.min.js";
|
|
</script>
|
|
<cap-widget
|
|
data-cap-api-endpoint="/api/captcha/"
|
|
data-cap-worker-count="2"
|
|
></cap-widget>
|
|
<script src="/assets/captcha/cap.min.js" defer></script>
|
|
<script>
|
|
(function(){
|
|
var s = document.currentScript;
|
|
var form = s && s.closest ? s.closest('form') : null;
|
|
if (!form) return;
|
|
// Reset the widget after each htmx submit so a single-use token that
|
|
// was already spent (verify succeeded, business logic may have failed)
|
|
// is cleared and the visitor can re-solve for a retry.
|
|
form.addEventListener('htmx:afterRequest', function(){
|
|
var w = form.querySelector('cap-widget');
|
|
if (w && typeof w.reset === 'function') w.reset();
|
|
});
|
|
})();
|
|
</script>
|
|
}
|