The Wigdet solution allows you to display custom information on the Next dashboard. The information source can be Next Hub or any other system as long as it can fit into an HTML page suitable to display in an iFrame. The image below shows an example widget diplayed on the estate brokers dashboard inside Next.
Manifest
In Next, you can add widget manifest via “Widgets” found on the administration page. In the manifest you spesify the widgets name, url and system rights.
Name (Navn på widget)
The name of the widget is visible in the widget list and as the header of the widget on the dashboard.
Source (Navn på kilde)
The name of the company name that provides the widget. A company can create multiple widgets with different name, but the same source name.
URL
The URL to the widget. This has to be a secure URL (https) and can contain mapping codes.
Mapping codes
| Code | Description |
|---|---|
| <installationId> | The installationId for the current Next instance |
| <userid> | UserId of current user |
| <username> | Username of current user |
| <usermail> | Email adress of the current user |
Added querystring parameters
| Name | Description |
|---|---|
| loc | The location, in Next, where the widget is to be shown 1 = Dashboard |
| id | Id of the widget instance (Only added when Next communications is allowed) |
| val | Base64 encoded SHA265 hash (Only added at end of URL when validation key is given) |
| ver | The version of the current Next instance (Only added when Next communications is allowed) |
| ts | The time for the request, in seconds since 1 january 1970 UTC. |
| src | Origin (protocol+hostname) of the Next instance (Only added when Next communications is allowed) |
Description (Beskrivelse)
A short description of what the widget presents. This is only visible in the widget list in Next.
Validationsecret (Valideringsnøkkel)
A secret which is used to verify that the request is from Next. See URL
verification
Permissions (Tillatelser)
Permissions is based on the iframe sandbox attributes https://www.w3schools.com/tags/att_iframe_sandbox.asp
| Value | Comment |
|---|---|
| Forms | Allow form submissions. See iframe sandbox “allow-forms” |
| Scripts | Allow scripts to be executed. See iframe sandbox “allow-scripts” |
| Communication with Next | Allow communication/interaction with the Next instance Only enabled if “Scripts” is enabled. |
| Modals | Allow to open modal windows. See iframe sandbox “allow-modals” |
| Popups | Allow popups. See iframe sandbox “allow-popups” |
| Allow popups escape widget | See iframe sandbox “allow-popups-to-escape-sandbox” Only enabled if “Popups” is enabled. |
URL verification
If validationsecret is given, the URL will contain the queryparameter “val”.
The value of val is a Base64 encoded SHA256 hash of the URL.
To verify the URL
- Extract URL without the “val” parameter.
- Append the validationsecret to the extracted URL.
- Generate a SHA256 hash and encode the result with Base64.
- Compare the value in “val” with the generated base64 encoded SHA256 hash.
Simple C# verification function
const int maxRequestAgeInMinutes = 5; //Timelimit of your choice
private bool IsValidNextRequest(string url, string secret)
{
Uri requestUri = new Uri(url);
var query = System.Web.HttpUtility.ParseQueryString(requestUri.Query);
var val = query.Get("val");
var ts = int.Parse(query.Get("ts"));
var requestTime = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc).AddSeconds(ts);
if (Math.Abs(DateTime.UtcNow.Subtract(requestTime).TotalMinutes) > maxRequestAgeInMinutes)
return false; //The request was to old.
var strippedUrl = url.Remove(url.IndexOf("&val="));
var valueToHash = strippedUrl + secret;
using (var sha = new System.Security.Cryptography.SHA256Managed())
{
var hashValue = sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(valueToHash));
var base64Hash = Convert.ToBase64String(hashValue);
return (base64Hash == val);
}
}
Example
Manifest URL
https://widgets.vitecnext.no/widget.html?i=<installationId>&uid=<USERID>&username=<username>&mail=<usermail>
Secret
WGhntutN7j2QjJaAdacq
Requested URL
https://widgets.vitecnext.no/widget.html?i=MSTEST&uid=TU&username=Test+User&mail=test.user%40vitecsoftware.com&loc=1 &src=https%3a%2f%2fcustomer.vitecnext.no &ver=5.1.0.0&id=wid_348084600&ts=1643569488&val=7PX6n2C%2fu%2ftTCxEOkazijZS8TDpTB89GI6kQsBqHNjY%3d
Based on the requested URL and the secret we can established that the
call was made from Next (validation was a match) at 2022-01-30 19:04:48 (UTC).
Client Script
Client
Enables interaction with Next
| Methods |
|---|
| ready() Informs the Next instance that the widget is ready to present data. This will remove the loading indicator in Next and show the widget content. |
| Properties |
|---|
| dashboard: Dashboard Functionality for widgets on the dashboard. |
|
location: number
Specifies where the widget is presented. (1=Dashboard) |
|
version: string
The version of the Next instance where the widget is presented. |
Dashboard
Provides functionality for widgets on the Next dashboard
| Methods | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
addGroup: (id: string, items: string[], callback: function(id: string, item: string)) Adds a group of tabs in the widget header. Only one tab is active at a time.Params
|
||||||||||||
addDropdown: (id: string, items: string[], callback: function(id: string, item:string)) Adds a dropdown tab in the widget header. Params
|
Download
Version 1.0
Initial version that supports widget on the main dashboard.
- Add/modify tab with dropdown
- Add/modify tabgroup
- Events for tabs
- The version of the Next instance
- Location (1=Dashboard)
- Notify Next when widget is ready to present data