@schibsted/sourcepoint/src/browser/ecosystemConsent.js

Package containing scripts used by Schibsteds' sites to integrate with Sourcepoint CMP

import { getCookie, setCookie, eraseCookie, debug, setTargetingParams, hashUserAuthId, setUserId, openPrivacySettings, triggerLogin } from './utils.js';
import { getIdentityObject, resolveIdentityInstance } from './schibsted-account/index.js';
import { appendPulseTrackingToEvents } from './pulse/index.js';
import { appendSentryEvents } from './sentry/index.js';

export async function setupEcosystemConsent(_window, _document, _navigator, config) {
    getEcosystemConfig(_window, _document, _navigator, config);
    
    const {
        jsSdkVersion,
        id,
        realm,
        clientId,
        pulseTracker,
        referrer,
        state,
        pulseObjectName,
        showInWebview,
        identityObject,
        identityObjectName,
        disableSentry,
        disableNativeConsentCheck,
        enableUserCentric,
        enableEcosystemConsent,
        groupId,
        ...spConfig
    } = config;

    if (!enableEcosystemConsent) {
        debug('Ecosystem Consent is disabled');
        return initEcosystemConfig(_window, spConfig);
    }

    try {
        const identityObject = await resolveIdentityInstance(_window);

        if (!identityObject) {
            console.warn('Ecosystem Consent: No Schibsted Account integration detected.');
            return initEcosystemConfig(_window, spConfig);
        }

        const authId = await resolveAuthId(identityObject);
        
        if (authId) {
            debug('Ecosystem Consent: AuthId resolved for authenticated user');
            setTargetingParams(config, 'ecosystem-consent', true);
            
            return initEcosystemConfig(_window, { 
                authId, 
                targetingParams: config.targetingParams,
                ...spConfig 
            });
        } else {
            debug('Ecosystem Consent: No authId available, falling back to standard config');
            return initEcosystemConfig(_window, spConfig);
        }
    } catch (err) {
        console.error('Ecosystem Consent setup error: ', err);
        return initEcosystemConfig(_window, spConfig);
    }
}

function getEcosystemConfig(_window, _document, _navigator, config) {
    if (!config || !config.baseEndpoint || !config.propertyId || !config.consentLanguage) {
        throw new Error('One of missing: baseEndpoint, propertyId, consentLanguage');
    }

    // Stub _sp_.config early for synchronous snippets to avoid race:
    // messaging may read _sp_.config before async ecosystem init finishes.
    _window._sp_ = _window._sp_ || {};
    _window._sp_.config = _window._sp_.config || {};

    appendPulseTrackingToEvents(_window, config);
    appendSentryEvents(config);

    if (config.propertyHref) config.joinHref = true;
    config.accountId = config.accountId || 1047;
    config.custom = {};
    config.gdpr = { includeTcfApi: true };

    // minimal required fields for messaging
    const minimalRequiredFields = [
        'baseEndpoint',
        'propertyId',
        'consentLanguage',
        'accountId',
        'propertyHref',
        'joinHref',
        'gdpr',
        'custom'
    ];
    minimalRequiredFields.forEach(k => {
        if (config[k] !== undefined) {
            _window._sp_.config[k] = config[k];
        }
    });

    // Mirror PSI logic for synchronous snippet compatibility
    const userId = config.userId || getIdentityObject(_window, config)?._session?.userId;
    const clientId = config.clientId || getIdentityObject(_window, config)?.clientId;

    const {
        pulseTracker,
        referrer,
        state,
        pulseObjectName,
        showInWebview,
        identityObject,
        identityObjectName,
        enableUserCentric,
        groupId
    } = config;

    _window.psi = _window.psi || {};
    _window.psi.isLoggedInUser = !!userId;
    _window.psi.setUserId = setUserId;
    _window.psi.openPrivacySettings = openPrivacySettings;
    _window.psi.pulseTracker = pulseTracker;
    _window.psi.clientId = clientId;
    _window.psi.referrer = referrer;
    _window.psi.state = state;
    _window.psi.pulseObjectName = pulseObjectName;
    _window.psi.showInWebview = showInWebview;
    _window.psi.identityObject = identityObject;
    _window.psi.identityObjectName = identityObjectName;
    _window.psi.triggerLogin = triggerLogin;
    _window.psi.enableUserCentric = enableUserCentric;
    _window.psi.groupId = groupId;
}

function initEcosystemConfig(_window, spConfig) {
    _window._sp_ = _window._sp_ || {};
    _window._sp_.config = _window._sp_.config || {};
    Object.assign(_window._sp_.config, spConfig);
    debug('Ecosystem Consent initiated with config: ', _window._sp_.config);
}

async function resolveAuthId(identityObject) {
    if (!identityObject) {
        return null;
    }

    try {
        const isLoggedInUser = getCookie('CMP:isLoggedIn') || await identityObject.isLoggedIn();
        if (!isLoggedInUser) {
            return null;
        }

        identityObject.on('logout', function () {
            eraseCookie('CMP:isLoggedIn');
        });

        if (!getCookie('CMP:isLoggedIn')) {
            setCookie('CMP:isLoggedIn', true);
        }

        const userId = await identityObject.getUserId();
        
        if (!userId) {
            console.warn('Ecosystem Consent: Invalid userId received from getUserId()');
            return null;
        }

        const authId = await hashUserAuthId(userId);

        return authId;
    } catch (err) {
        console.error('Ecosystem Consent - Identity error: ', err);
        return null;
    }
}