); } ``` **Conditionally (only for non-admins in React):** ```jsx function SettingsPage() { const { currentUser } = useAuth(); const isAdmin = currentUser?.role === 'admin'; return (

{!isAdmin && ); } ``` ### 6.4 If you DON'T want the end-user widget Set `endUserDiv="false"` in the client.js attributes and don't add the mount div. Nothing will be injected. --- ## 7. Preventing Button Flash When `cloudFAB` is enabled, there can be a brief flash of legacy buttons before the FAB replaces them. To prevent this, add this **inline script BEFORE** the client.js tag: ```html ``` > **Replace `MYAPP-`** with your actual prefix + hyphen. If you don't use a prefix, use the unprefixed selectors: `#fw-btn, .cd-open-btn, #openPopupBtn, .floating-btn`. ### Complete HTML example (with flash prevention): ```html ``` --- ## 8. Alternative Integration Methods ### Method A: Five separate script tags If you prefer explicit control, add these in **exact order** before ``: ```html ``` > **Note:** This method does NOT support `data-prefix` namespacing. Use the client.js method (Section 3) if you need namespacing. ### Method B: Dynamic loader Host `loader.js` on your server or use inline: ```html ``` See the loader.js source for customization. This also does NOT support `data-prefix`. --- ## 9. Backend Requirements The widget scripts submit requests to a backend API. Ensure these are configured: ### 9.1 Integration API | Setting | Value | |---------|-------| | **Endpoint** | `POST /api/integration/requests?api_key=` | | **Auth header** | `Authorization: Bearer ` (sent by widget from stored token) | | **Content-Type** | `multipart/form-data` (FormData with optional file uploads) | **Request body fields:** | Field | Type | Required | Notes | |-------|------|----------|-------| | `requester_type` | string | Yes | `"client"` or `"end_user"` | | `requester_email` | string | Yes | From JWT or stored user | | `requester_name` | string | Yes | From JWT or stored user | | `title` | string | Yes | Issue title | | `description` | string | Yes | Issue description | | `request_type` | string | Yes | e.g. `"bug"` | | `urgency` | string | Yes | `"low"`, `"medium"`, `"high"` | | `page_name` | string/array | Yes | Selected page(s) | | `page_url` | string | **No** | Current page URL. **Must be optional** so localhost works | | `files` / `attachments` | file(s) | No | Optional file upload | **Response format:** ```json { "success": true, "data": { "request_id": "REQ-1234" } } ``` or on error: ```json { "success": false, "message": "Validation failed", "errors": [...] } ``` ### 9.2 Batch API (multiRequests) | Setting | Value | |---------|-------| | **Endpoint** | `POST /api/integration/requests/batch?api_key=` | | **Body** | FormData with `requests` (JSON array) + `attachments[i]` (files) | ### 9.3 CORS The API server must allow: - **Origins:** The host page origin (e.g. `https://yourapp.com`) and the script server origin - **Headers:** `Authorization`, `X-API-Key`, `Content-Type` - **Methods:** `GET`, `POST`, `OPTIONS` ### 9.4 Script server The server at `https://injection.ohtplayground.com/` must serve these files with CORS `Access-Control-Allow-Origin: *` for GET: - `client.js` - `singleRequest.js` - `client-dashboard.js` - `multiRequests.js` - `endUserDiv.js` - `cloudFAB.js` - `client-dashboard.html` --- ## 10. Testing Checklist After integration, verify each scenario: ### Setup - [ ] Script tag added before `` - [ ] `api_key` is correct - [ ] `data-prefix` is set to your project name - [ ] `dashboard_url` is reachable - [ ] Your app stores JWT in `localStorage.token` (or `access_token` / `sessionStorage.token`) - [ ] Your app stores user email (in JWT or user object) ### Admin user - [ ] Login as admin → blue + FAB appears (bottom-right) - [ ] Hover FAB → cloud expands with "Submit an issue" and "Requests Dashboard" - [ ] Click "Submit an issue" → modal opens, fill form, submit → success popup - [ ] Click "Requests Dashboard" → dashboard overlay opens, shows submitted requests - [ ] No legacy black request button visible at any point - [ ] Logout → FAB disappears, nothing shows on login page ### Non-admin user - [ ] Login as non-admin → FAB does NOT appear - [ ] If `endUserDiv="true"` and mount point exists → "Report a problem" card appears - [ ] Click "+ Report a problem" → modal opens, submit → success - [ ] Logout → card disappears ### Not logged in - [ ] On login page → nothing shows (no FAB, no buttons, no cards) - [ ] No console errors from widget scripts ### Edge cases - [ ] Hard refresh (Ctrl+Shift+R) → no flash of old buttons - [ ] Open in incognito → nothing shows (no token) - [ ] Navigate between pages (SPA) → widgets update correctly --- ## 11. Troubleshooting ### "Nothing appears at all" 1. **Check the browser console** for 404 errors on script URLs. If `client.js` returns 404, the script server doesn't have it deployed. 2. **Check that the JWT is stored.** In browser console: `localStorage.getItem('token')` — should return a JWT string. 3. **Check role detection.** In console: `localStorage.getItem('user_data')` — the parsed object should have a `role` field. ### "FAB doesn't appear for admin" The widget considers a user "admin" if `role` equals or contains `"admin"`, or if `role_id === 1`. Check that your stored user has one of these. ### "End-user widget doesn't appear" 1. Is `endUserDiv="true"` in the script tag? 2. Is `` in the DOM? (Check with browser DevTools.) 3. Is the user non-admin? The widget hides for admin users. 4. Is the user authenticated? The widget hides if no token is found. ### "Flash of black button before FAB" Add the inline hide-style script **before** client.js (see [Section 7](#7-preventing-button-flash)). ### "FAB stays visible after logout" Ensure your app clears `localStorage.token` and `localStorage.user_data` on logout. If your app uses `window.location.href = '/login'`, the full page reload will re-run the scripts and the FAB will be removed. ### "CORS error on form submission" The integration API (`/api/integration/requests`) must allow: - Your page origin in `Access-Control-Allow-Origin` - `Authorization` in `Access-Control-Allow-Headers` ### "page_url validation error on localhost" The backend must accept requests **without** `page_url`. The widget omits it on localhost to avoid SSRF issues. --- ## 12. Quick Reference Card **Copy-paste this into your HTML (before ``):** ```html ``` **Then replace:** 1. `MYAPP` → your project's short name (both in the inline script and `data-prefix`) 2. `api_key` → your API key (if different) 3. URLs → your script server / dashboard URLs (if different) **For end-user "Report a problem":** add `` where you want the card to appear (only for non-admin users). --- *This guide covers everything needed to integrate. If you have questions, check the Troubleshooting section or contact the OpsHeaven team.*