Installability

Every web page is an installable app! Generate or repair a Web Manifest for any web page.

このスクリプトの質問や評価の投稿はこちら通報はこちらへお寄せください。
// ==UserScript==
// @name        Installability
// @description Every web page is an installable app! Generate or repair a Web Manifest for any web page.
// @namespace   Itsnotlupus Industries
// @match       https://*/*
// @version     1.8
// @noframes
// @author      itsnotlupus
// @license     MIT
// @require     https://greasyfork.org/scripts/468394-itsnotlupus-tiny-utilities/code/utils.js
// @grant       GM_xmlhttpRequest
// @grant       GM_addElement
// @grant       GM_getValue
// @grant       GM_setValue
// @connect     *
// ==/UserScript==

/* jshint esversion:11 */
/* eslint curly: 0 no-return-assign: 0, no-loop-func: 0 */
/* global $, $$, crel, log, logGroup, withLogs, fetchJSON, observeDOM */

/**
 * Wishlist:
 * - too many rules. can't deploy a worker, etc.
 *   - how far could a userscript go in emulating an offline worker tho?
 *     - fetch/xhr can be intercepted.
 *     - image loading could be polyfilled too.
 *     - page navigation is iffier. if the first page doesn't load, the userscript won't either.
 *     - but if we can get pasted that, network-first offline policy would probably cause the least damage (https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps/Guides/Caching)
 *     - [...new Set([...$$`[href],[src]`].map(a=>a.href??a.src).filter(url=>url.startsWith(location.origin)).map(url=>url.split('#')[0]))] // things one might precache in an install event handler
 *   - maskable icons (which involves finding the smallest rect that captures all non-transparent pixels, and shrinking them to fit within safe area.)
 * - take the silliness further:
 *   - detecting main site navigation entrypoints and generating shortcuts would kinda kick ass.
 *   - look for more weird PWA features, and see if there's a generic way to leverage them.
 */

// Bits of code that might be useful later:

// 1. holding a user's hand to get installed. in case the script ever exposes a more visible mean to install an app, I guess.
//early:
//  const installer = await new Promise(r => addEventListener('beforeinstallprompt', r));
//later:
//  installer.prompt();
//  const { outcome } = await installer.userChoice;
//  const installed = await new Promise(r => addEventListener('appinstalled', r);

// a default app icon to use if no suitable icons are found in the site
const FALLBACK_ICON = 'data:image/svg+xml;base64,'+btoa`<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48"><defs><linearGradient id="a" x1="-44" x2="-4" y1="-24" y2="-24" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#009467"/><stop offset="1" stop-color="#87d770"/></linearGradient></defs><rect width="40" height="40" x="-44" y="-44" fill="url(#a)" rx="20" transform="matrix(0 -1 -1 0 0 0)"/><path d="M4 23.5v.5a20 20 0 1 0 40 0v-.5a20 20 0 0 1-40 0z" opacity=".1"/><path fill="#fff" d="M24.5 23a1.5 1.5 0 0 0 0 3 1.5 1.5 0 0 0 0-3z"/><g fill="none" stroke="#fff" stroke-linecap="round" stroke-linejoin="round"><path d="M33.5 27.5s3-1 3-3c0-3.5-9.2-5-12.5-5-7-.1-12.3 1.4-12.5 4s3 3 3 3"/><path d="M30.5 17.5s1.1-3.8-.6-4.7c-3-1.7-8.9 5.7-10.5 8.4-3.7 6-5 11.4-2.8 12.9 2.2 1.4 3.9-.6 3.9-.6"/><path d="M21.5 14.5s-2.2-2.4-3.8-1.4c-3 1.8.3 10.5 2 13.4 3.3 6.2 7.3 10 9.6 8.8 5.2-2-.8-12.8-.8-12.8"/></g></svg>`;

// keep cached bits of manifests on any given site for 24 hours before fetching/generating new ones.
const CACHE_MANIFEST_EXPIRATION = 24*3600*1000; 

/** cache the result of work() into GM storage for a day. */
async function cacheInto(key, work) {
  const cached = GM_getValue(key);
  if (cached && cached.expires > Date.now()) return cached.data;
  const data = await work();
  if (data != null) GM_setValue(key, { expires: Date.now() + CACHE_MANIFEST_EXPIRATION, data });
  return data;
}

/** Resolve a relative URL into an absolute URL */
const resolveURL = (url, base=location.href) => url && new URL(url, base).toString();

/**
 * load an image without CSP restrictions.
 */
function getImage(src) {1
  return new Promise((resolve) => {
    const img = GM_addElement('img', {
      src: resolveURL(src),
      crossOrigin: "anonymous"
    });
    img.onload = () => resolve(img);
    img.onerror = () => resolve(null);
    img.remove();
  });
}

/** test if the URL given loads correctly (not 404, etc.) */
function workingURL(src) {
  return new Promise(resolve => {
    const url = resolveURL(src);
    GM_xmlhttpRequest({
      url,
      method: "HEAD",
      onload(res) {
        resolve(res.status<300);
      },
      onerror() {
        resolve(false);
      }
    });
  });
}

function cachedWorkingURL(src) {
  return cacheInto('working-url:'+src, () => workingURL(src));
}

/** fetch an arbitrary URL using current browser cookies. no restrictions. */
function grabURL(src) {
  return new Promise(resolve => {
    const url = resolveURL(src);
    GM_xmlhttpRequest({
      url,
      responseType: 'blob',
      async onload(res) {
        resolve(res.response);
      },
      onerror() {
        log("Couldn't grab URL " + src);
        resolve(null);
      }
    });
  });
}

/**
 * Grab an image and its mime-type regardless of browser sandbox limitations.
 */
async function getUntaintedImage(src) {
  const blob = await grabURL(src);
  const blobURL = URL.createObjectURL(blob);
  const img = await getImage(blobURL);
  if (!img) return null;
  URL.revokeObjectURL(blobURL);
  return {
    src: resolveURL(src),
    img,
    width: img.naturalWidth,
    height: img.naturalHeight,
    type: blob.type
  };
}

function makeBigPNG({ img }) {
  // scale to at least 512x512, but keep the pixels if there are more.
  const width = Math.max(512, img.width);
  const height = Math.max(512, img.height);
  const canvas = crel('canvas', { width, height });
  const ctx = canvas.getContext('2d');
  ctx.drawImage(img, 0, 0, width, height);
  const url = canvas.toDataURL({ type: "image/png" });
  return {
    src: url,
    width,
    height,
    type: "image/png"
  };
}

function guessAppName() {
  // Remember how there's this universal way to get a web site's name? Yeah, me neither.
  const goodNames = [
    // plausible places to find one
    $`meta[name="application-name"]`?.content,
    $`meta[name="apple-mobile-web-app-title"]`?.content,
    $`meta[name="al:android:app_name"]`?.content,
    $`meta[name="al:ios:app_name"]`?.content,
    $`meta[property="og:site_name"]`?.content,
    $`meta[property="og:title"]`?.content,
  ].filter(v=>!!v).sort((a,b)=>a.length-b.length); // short names first.
  const badNames = [
    // various bad ideas
    $`link[rel="search]"`?.title.replace(/ search/i,''),
    document.title,
    $`h1`?.textContent,
    [...location.hostname.replace(/^www\./,'')].map((c,i)=>i?c:c.toUpperCase()).join('') // capitalized domain name. If everything else fails, there's at least this.
  ].filter(v=>!!v);
  const short_name = goodNames[0] ?? badNames[0];
  //const app_name = goodNames.at(-1) ?? badNames[0];
  return short_name;
}

function guessAppDescription() {
  const descriptions = [
    $`meta[property="og:description"]`?.content,
    $`meta[name="description"]`?.content,
    $`meta[name="description"]`?.getAttribute("value"),
    $`meta[name="twitter:description"]`?.content,
  ].filter(v=>!!v);
  return descriptions[0];
}

function guessAppColors() {
  const colors = [
    $`meta[name="theme-color"]`?.content,
    getComputedStyle(document.body).backgroundColor
  ].filter(v=>!!v);
  return {
    theme_color: colors[0],
    background_color: colors.at(-1)
  };
}

async function gatherAppIcons() {
  // focus on caching only the bits with network requests
  return cacheInto("images:"+location.origin, async () => {
     const iconURLs = [
      ...Array.from($$`link[rel*="icon"]`).filter(link=>link.rel!="mask-icon").map(link=>link.href),
      resolveURL($`meta[itemprop="image"]`?.content),
    ].filter(v=>!!v);
    // fetch all the icons, so we know what we're working with.
    const images = (await Promise.all(iconURLs.map(getUntaintedImage))).filter(v=>!!v);
    if (!images.length) {
      const fallback = await getUntaintedImage("/favicon.ico"); // last resort. well known location for tiny site icons.
      if (fallback) images.unshift(fallback);
    }
    if (!images.length) {
      images.unshift(await getUntaintedImage(FALLBACK_ICON));
      verb = 'generated with a fallback icon';
    }
    const icons = images.map(img => ({
      src: img.src,
      sizes: `${img.width}x${img.height}`,
      type: img.type
    }));
    await fixAppIcons(icons);
    verb = '';
    return icons;
  });
}

function getIconMaxSize(icon) {
  // "any" is technically infinite, but 512x512 is close enough
  const sizes = icon.sizes.split(/\s+/).map(size=>size=='any'?[512,512]:size.split(/x/i).map(v=>+v)).sort((a,b)=>b[0]-a[0]);
  return sizes[0]; // [ width, height ]
}

function appIconsValid(icons) {
  return icons.some(icon => {
    const [ width, height ] = getIconMaxSize(icon);
    return width >= 512 && height >= 512 && icon.type == 'image/png';
  });
}

async function fixAppIcons(icons) {
  icons.sort((a,b)=>getIconMaxSize(b)[0] - getIconMaxSize(a)[0]); // largest image first. suboptimal
  // grab the biggest one.
  const biggestImage = icons[0];
  const [ width, height ] = getIconMaxSize(biggestImage);
  if (width < 512 || height < 512 || biggestImage.type !== 'image/png') {
    log(`We may not have a valid icon yet, scaling an image of type ${biggestImage.type} and size (${width}x${height}) into a big enough PNG.`);
    // welp, we're gonna scale it.
    const img = await makeBigPNG(await getUntaintedImage(biggestImage.src));
    icons.unshift({
      src: img.src,
      sizes: `${img.width}x${img.height}`,
      type: img.type
    });
  }
  return icons;
}

async function guessRelatedApplications() {

  // 1. "app links", a weird decade old half-baked half-supported spec that has the data we'd need for this.
  // seen on threads.net, and probably not much elsewhere. but hey, we can parse synchronously and cheaply.
  const apps = [];
  const android_id = $`meta[property="al:android:package"]`?.content
  if (android_id) {
    const url = `https://play.google.com/store/apps/details?id=${android_id}`;
    if (await cachedWorkingURL(url)) {
      apps.push({
        platform: "play", // XXX "chromeos_play"?
        id: android_id,
        url
      });
    }
  }
  const ios_id = $`meta[property="al:ios:app_store_id"]`?.content;
  if (ios_id) {
    const app_name = $`meta[property="al:ios:app-name"]`?.content ?? 'app';
    const url = `https://apps.apple.com/app/${app_name}/${ios_id}`;
    if (await cachedWorkingURL(url)) {
      apps.push({
        platform: "itunes",
        id: ios_id,
        url
      });
    }
  }
  // theoretically, there could be more here, like windows app and stuff.
  // see https://developers.facebook.com/docs/applinks/metadata-reference

  // 2. .well-known/assetlinks.json
  // see https://github.com/google/digitalassetlinks/blob/master/well-known/details.md
  const assetLinksJson = await cacheInto("assetLinksJson:"+location.origin, async () => {
    try {
      return await fetchJSON(resolveURL("/.well-known/assetlinks.json"));
    } catch {
      return [];
    }
  });
  if (Array.isArray(assetLinksJson)) {
    await Promise.all(assetLinksJson.filter(i=>i.relation.includes("delegate_permission/common.handle_all_urls")).map(async ({target}) => {
      switch (target.namespace) {
        case "android_app": {
          const url = `https://play.google.com/store/apps/details?id=${target.package_name}`
          if (await cachedWorkingURL(url)) {
            apps.push({
              platform: "play",
              id: target.package_name,
              url
            });
          }
          break;
        }
        case "ios_app": { // the definition of unbridled optimism
          const url = `https://apps.apple.com/app/app/${target.id}`;
          if (await cachedWorkingURL(url)) {
            if (target.appid) apps.push({
              platform: "itunes",
              id: target.appid,
              url
            });
          }
          break;
        }
      }
    }));
  }
  // dedup apps right quick
  const urls = new Set;
  for (let i=apps.length-1;i>=0;i--) {
    if (urls.has(apps[i].url)) {
      apps.splice(i,1);
    } else {
      urls.add(apps[i].url);
    }
  }

  return apps.length ? apps : undefined;
}

/** modify manifest in place, turn all known relative URLs into absolute URLs */
function fixManifestURLs(manifest, manifestURL) {

  // a map of URLs in the manifest structure
  const URL_IN_MANIFEST = {
    file_handlers: [ { action: true } ],
    icons: [ { src: true } ],
    protocol_handlers: [ { url: true } ],
    scope: true,
    screenshots: [ { src: true } ],
    serviceworker: { url: true },
    share_target: { action: true },
    shortcuts: [ {
      url: true,
      icons: [ { src: true } ]
    } ],
    start_url: true
  };
  // How to use a map to traverse a manifest
  function recurse(obj, schema, transform) {
    if (Array.isArray(schema)) return obj.forEach(item => recurse(item, schema[0], transform));
    Object.keys(schema).forEach(key => { switch (true) {
      case !obj[key]: return;
      case typeof obj[key] == 'object': recurse(obj[key], schema[key], transform); break;
      default: obj[key] = transform(obj[key]);
    }});
  }

  recurse(manifest, URL_IN_MANIFEST, url => resolveURL(url, manifestURL));
}

async function repairManifest() {
  let fixed = 0;
  const manifestURL = $`link[rel="manifest"]`.href;
  const manifest = await cacheInto("site_manifest:" + location.origin, async () => {
    verb = '';
    return JSON.parse(await (await grabURL(manifestURL)).text());
  });
  // since we're loading the manifest from a data: URL, get rid of all relative URLs
  fixManifestURLs(manifest, manifestURL);
  // fix: missing short_name
  if (!manifest.short_name) {
    log("Missing short_name field.");
    manifest.short_name = manifest.name || guessAppName();
    fixed++;
  }
  // fix: missing name
  if (!manifest.name) {
    log("Missing name field.");
    manifest.name = manifest.short_name || guessAppName();
    fixed++;
  }
  // fix: missing or insufficient icons
  if (!manifest.icons) {
    log("Missing icons field.");
    manifest.icons = await gatherAppIcons();
    fixed++;
  } else if (!appIconsValid(manifest.icons)) {
    log("Invalid icons field.");
    await fixAppIcons(manifest.icons);
    fixed++;
  }
  // fix: missing start_url
  if (!manifest.start_url) {
    log("Missing start_url field.");
    manifest.start_url = location.origin;
    fixed++;
  }
  // fix: invalid display value (typically "browser")
  if (!["standalone", "fullscreen", "minimal-ui"].includes(manifest.display)) {
    log("Missing or invalid display field.");
    manifest.display = "minimal-ui";
    fixed++;
  }
  if (manifest.prefer_related_applications) {
    log("Obsolete prefer_related_applications field found.");
    delete manifest.prefer_related_applications;
    fixed++;
  }
  if (manifest.launch_handler) {
    if (manifest.launch_handler.route_to) {
      log("Obsolete launch_handler.route_to field found, renaming to client_mode");
      manifest.launch_handler.client_mode = manifest.launch_handler.route_to;
      delete manifest.launch_handler.route_to;
      fixed++;
    }
    if (manifest.launch_handler.navigate_existing_client) {
      log ("Obsolete launch_handler.navigate_existing_client field found.");
      delete manifest.launch_handler.navigate_existing_client;
      fixed++;
    }
  }
  if (fixed) {
    $$`link[rel="manifest"]`.forEach(link=>link.remove());
    verb += `repaired ${fixed} issue${fixed>1?'s':''}`;
    return manifest;
  }
  // nothing to do, let the original manifest stand.nothing.
  verb += 'validated';
  return null;
}

// return an array of CSP sources acceptable for a manifest URL and usable by this script. may be empty.
async function inspectCSP() {
  const CSP_HEADER = 'Content-Security-Policy';
  const parseCSP = csp => csp?csp.split(';').map(line=>line.trim().split(/\s+/)).reduce((o,a)=>(a.length>1&&(o[a[0]]=a.slice(1)),o),{}):{};
  function checkCSP(csp, sources = []) {
    if (!Object.keys(csp).length) return sources;
    const allowedSources = csp['manifest-src'] ?? csp['default-src'];
    if (!allowedSources) return sources;
    return sources.filter(source=>allowedSources.includes(source));
  }

  const cspHeader = parseCSP((await fetch('', {method:'HEAD'})).headers.get(CSP_HEADER));
  const cspMeta = parseCSP($(`meta[http-equiv="${CSP_HEADER}"]`)?.content);
  const sources = checkCSP(cspMeta, checkCSP(cspHeader, ["data:", "blob:"]));
  if (sources.length) {
    // log("Acceptable manifest sources are ", sources);
  } else {
    log("CSP rules will probably prevent us from setting a manifest.");
  }
  return sources;
}

async function generateManifest(sources) {

  const short_name = guessAppName();
  const description = guessAppDescription();
  const { theme_color, background_color } = guessAppColors();

  const icons = await gatherAppIcons();

  const related_applications = await guessRelatedApplications();

  verb += 'generated';
  // There it is, our glorious Web Manifest.
  return {
    name: short_name,
    short_name,
    description,
    start_url: location.href,
    scope: resolveURL("/"),
    display: "standalone",
    display_override: [ "window-controls-overlay" ],
    theme_color,
    background_color,
    icons,
    related_applications
  };
}

let adjective;
let verb = 'grabbed from cache and ';

async function getManifest(sources) {
  const start = Date.now();
  let manifest;
  let wasGenerated = false;

  if ($`link[rel="manifest"]`) {
    adjective = 'Site';
    manifest = await repairManifest();
  } else {
    adjective = 'Custom';
    manifest = await generateManifest();
    wasGenerated = true;
  }

  if (manifest) {
    // Use GM_addElement to inject the manifest.
    // It doesn't succeed in bypassing Content Security Policy rules today, but maybe userscript extensions will make this work someday.
    // (Note: TamperMonkey Beta has a setting to disable CSP altogether in their Advanced Settings.)
    let manifestLink;
    if (sources.includes('data:')) {
      manifestLink = 'data:application/manifest+json;charset=utf-8,'+encodeURIComponent(JSON.stringify(manifest));
    } else {
      const blob = new Blob([JSON.stringify(manifest)], {type: 'application/manifest+json;charset=utf-8'});
      manifestLink = URL.createObjectURL(blob);
      // NOTE: no good way to revoke that URL. stick to page lifetime.
    }

    GM_addElement('link', {
      rel: "manifest",
      href: manifestLink
    });
    // This sets the color of the app title bar on desktop.
    if (!$`meta[name="theme-color"]`) GM_addElement('meta', {
      name: "theme-color",
      content: manifest.theme_color
    });
  }
  // summarize what we did.
  logGroup(`${adjective} manifest ${verb} in ${Date.now()-start}ms.`,
    manifest ?
      JSON.stringify(manifest,null,2).replace(/"data:.{70,}?"/g, url=>`"${url.slice(0,35)}…[${url.length-45}_more_bytes]…${url.slice(-10,-1)}"`)
      : $`link[rel="manifest"]`?.href ?? ''
  );
  return [manifest, wasGenerated];
}

// make a custom title bar from whatever header-like content we can find.
function customTitleBarJustAddWater(manifest) {

  let outerDisconnect;
  function findAndAdjustTitleBar(query) {
    if (query.matches) {

      let header = null;
      let disconnect;

      // 1. find a header. make it fit roughly as a titelbar, and make it draggable.
      function findHeader() {
        if (header && document.body.contains(header)) return;
        const nodes = [...$$`body *`];
        // header nodes are mostly top-most level nodes that cover the width of the page, are flush against the top of the page, and not too tall.
        // (all broad generalizations are faulty, etc.)
        const header_nodes = nodes.filter(n=> {
          const { width, height, top } = n.getBoundingClientRect();
          return document.body.clientWidth - width < 2 && top < 5 && height > 10 && height < 200;
        }).filter((n,i,a)=>a.every(p=>p==n||!p.contains(n)));
        if (!header_nodes.length) return;
        // ok, plausible header found. Yer a titlebar, Header!
        header = header_nodes[0];
        Object.assign(header.style, {
          // fixed or sticky position would be great here, but it's too likely to break pages that weren't expecting it.
          // settle for trying not to be drawn under native titlebar elements.
          WebkitAppRegion: 'drag',
          appRegion: 'drag',
          paddingLeft: 'env(titlebar-area-x, 0)',
          paddingRight: 'calc(100% - env(titlebar-area-width, 100%))',
          minHeight: 'env(titlebar-area-height, initial)',
          backgroundColor: manifest.theme_color
        });
        // 2. look for interactive elements within the header. make those not draggable.
        function findInteractiveHeaderElements() {
          // this won't catch clickable divs.
          $$('a,input,button,select,label,textarea', header).forEach(n=>Object.assign(n.style, {
            WebkitAppRegion: 'no-drag',
            appRegion: 'no-drag'
          }));
        }

        try { disconnect?.(); } catch (e) { log(e) }
        findInteractiveHeaderElements();
        disconnect = observeDOM(findInteractiveHeaderElements, header);
      }

      try { outerDisconnect?.(); } catch(e) { log(e) }
      findHeader();
      outerDisconnect = observeDOM(findHeader);
    } else {
      try { outerDisconnect?.(); } catch(e) { log(e) }
    }
  }

  const query = matchMedia('(display-mode: window-controls-overlay)');
  findAndAdjustTitleBar(query);
  query.addListener(e => findAndAdjustTitleBar(e));
}

async function main() {
  const sources = await inspectCSP();
  const [manifest, wasGenerated] = await getManifest(sources);
  // if there was a site manifest, then trust that someone knew what they were doing, and don't try weird shenanigans.
  if (wasGenerated) {
    // but if we instead foisted installability upon an unuspecting web page...
    await customTitleBarJustAddWater(manifest);
  }
}

main();