max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove allowlist references

Browse Source
pull/381/head
Lucas Nogueira 2 years ago
parent 895115e707
commit 907569c3ba
No known key found for this signature in database
GPG Key ID: FFEA6C72E73482F1
15 changed files with 49 additions and 227 deletions
Show Stats Download Patch File Download Diff File

16
plugins/app/guest-js/index.ts
Unescape View File

@ -5,22 +5,6 @@
/**
* Get application metadata.
*
* The APIs must be added to [`tauri.allowlist.app`](https://tauri.app/v1/api/config/#allowlistconfig.app) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "app": {
* "all": true, // enable all app APIs
* "show": true,
* "hide": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* @module
*/

16
plugins/clipboard/guest-js/index.ts
Unescape View File

@ -5,22 +5,6 @@
/**
* Read and write to the system clipboard.
*
* The APIs must be added to [`tauri.allowlist.clipboard`](https://tauri.app/v1/api/config/#allowlistconfig.clipboard) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "clipboard": {
* "all": true, // enable all Clipboard APIs
* "writeText": true,
* "readText": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* @module
*/

8
plugins/dialog/guest-js/index.ts
Unescape View File

@ -113,11 +113,11 @@ async function open(
/**
* Open a file/directory selection dialog.
*
* The selected paths are added to the filesystem and asset protocol allowlist scopes.
* The selected paths are added to the filesystem and asset protocol scopes.
* When security is more important than the easy of use of this API,
* prefer writing a dedicated command instead.
*
* Note that the allowlist scope change is not persisted, so the values are cleared when the application is restarted.
* Note that the scope change is not persisted, so the values are cleared when the application is restarted.
* You can save it to the filesystem using [tauri-plugin-persisted-scope](https://github.com/tauri-apps/tauri-plugin-persisted-scope).
* @example
* ```typescript
@ -175,11 +175,11 @@ async function open(
/**
* Open a file/directory save dialog.
*
* The selected path is added to the filesystem and asset protocol allowlist scopes.
* The selected path is added to the filesystem and asset protocol scopes.
* When security is more important than the easy of use of this API,
* prefer writing a dedicated command instead.
*
* Note that the allowlist scope change is not persisted, so the values are cleared when the application is restarted.
* Note that the scope change is not persisted, so the values are cleared when the application is restarted.
* You can save it to the filesystem using [tauri-plugin-persisted-scope](https://github.com/tauri-apps/tauri-plugin-persisted-scope).
* @example
* ```typescript

34
plugins/fs/guest-js/index.ts
Unescape View File

@ -5,32 +5,6 @@
/**
* Access the file system.
*
* This package is also accessible with `window.__TAURI__.fs` when [`build.withGlobalTauri`](https://tauri.app/v1/api/config/#buildconfig.withglobaltauri) in `tauri.conf.json` is set to `true`.
*
* The APIs must be added to [`tauri.allowlist.fs`](https://tauri.app/v1/api/config/#allowlistconfig.fs) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "fs": {
* "all": true, // enable all FS APIs
* "readFile": true,
* "writeFile": true,
* "readDir": true,
* "copyFile": true,
* "createDir": true,
* "removeDir": true,
* "removeFile": true,
* "renameFile": true,
* "metadata": true,
* "exists": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Security
*
* This module prevents path traversal, not allowing absolute paths or parent dir components
@ -45,11 +19,9 @@
* *databases* folder of the {@link path.appDataDir | $APPDATA directory}:
* ```json
* {
* "tauri": {
* "allowlist": {
* "fs": {
* "scope": ["$APPDATA/databases/*"]
* }
* "plugins": {
* "fs": {
* "scope": ["$APPDATA/databases/*"]
* }
* }
* }

2
plugins/fs/src/scope.rs
Unescape View File

@ -80,7 +80,7 @@ fn push_pattern<P: AsRef<Path>, F: Fn(&str) -> Result<Pattern, glob::PatternErro
}
impl Scope {
/// Creates a new scope from a `FsAllowlistScope` configuration.
/// Creates a new scope from a `FsScope` configuration.
pub(crate) fn new<R: Runtime, M: Manager<R>>(
manager: &M,
scope: &FsScope,

13
plugins/global-shortcut/guest-js/index.ts
Unescape View File

@ -5,19 +5,6 @@
/**
* Register global shortcuts.
*
* The APIs must be added to [`tauri.allowlist.globalShortcut`](https://tauri.app/v1/api/config/#allowlistconfig.globalshortcut) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "globalShortcut": {
* "all": true // enable all global shortcut APIs
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
* @module
*/

25
plugins/http/guest-js/index.ts
Unescape View File

@ -5,21 +5,6 @@
/**
* Access the HTTP client written in Rust.
*
* The APIs must be allowlisted on `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "http": {
* "all": true, // enable all http APIs
* "request": true // enable HTTP request API
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Security
*
* This API has a scope configuration that forces you to restrict the URLs and paths that can be accessed using glob patterns.
@ -27,11 +12,9 @@
* For instance, this scope configuration only allows making HTTP requests to the GitHub API for the `tauri-apps` organization:
* ```json
* {
* "tauri": {
* "allowlist": {
* "http": {
* "scope": ["https://api.github.com/repos/tauri-apps/*"]
* }
* "plugins": {
* "http": {
* "scope": ["https://api.github.com/repos/tauri-apps/*"]
* }
* }
* }
@ -105,7 +88,7 @@ class Body {
* By default it sets the `application/x-www-form-urlencoded` Content-Type header,
* but you can set it to `multipart/form-data` if the Cargo feature `multipart` is enabled.
*
* Note that a file path must be allowed in the `fs` allowlist scope.
* Note that a file path must be allowed in the `fs` scope.
* @example
* ```typescript
* import { Body } from "@tauri-apps/plugin-http"

2
plugins/http/src/scope.rs
Unescape View File

@ -13,7 +13,7 @@ pub struct Scope {
}
impl Scope {
/// Creates a new scope from the allowlist's `http` scope configuration.
/// Creates a new scope from the scope configuration.
pub(crate) fn new(scope: &HttpAllowlistScope) -> Self {
Self {
allowed_urls: scope

15
plugins/notification/guest-js/index.ts
Unescape View File

@ -6,21 +6,6 @@
* Send toast notifications (brief auto-expiring OS window element) to your user.
* Can also be used with the Notification Web API.
*
* This package is also accessible with `window.__TAURI__.notification` when [`build.withGlobalTauri`](https://tauri.app/v1/api/config/#buildconfig.withglobaltauri) in `tauri.conf.json` is set to `true`.
*
* The APIs must be added to [`tauri.allowlist.notification`](https://tauri.app/v1/api/config/#allowlistconfig.notification) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "notification": {
* "all": true // enable all notification APIs
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
* @module
*/

13
plugins/os/guest-js/index.ts
Unescape View File

@ -5,19 +5,6 @@
/**
* Provides operating system-related utility methods and properties.
*
* The APIs must be added to [`tauri.allowlist.os`](https://tauri.app/v1/api/config/#allowlistconfig.os) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "os": {
* "all": true, // enable all Os APIs
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
* @module
*/

45
plugins/shell/guest-js/index.ts
Unescape View File

@ -6,36 +6,19 @@
* Access the system shell.
* Allows you to spawn child processes and manage files and URLs using their default application.
*
* The APIs must be added to [`tauri.allowlist.shell`](https://tauri.app/v1/api/config/#allowlistconfig.shell) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "shell": {
* "all": true, // enable all shell APIs
* "execute": true, // enable process spawn APIs
* "sidecar": true, // enable spawning sidecars
* "open": true // enable opening files/URLs using the default program
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Security
*
* This API has a scope configuration that forces you to restrict the programs and arguments that can be used.
*
* ### Restricting access to the {@link open | `open`} API
*
* On the allowlist, `open: true` means that the {@link open} API can be used with any URL,
* On the configuration object, `open: true` means that the {@link open} API can be used with any URL,
* as the argument is validated with the `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+` regex.
* You can change that regex by changing the boolean value to a string, e.g. `open: ^https://github.com/`.
*
* ### Restricting access to the {@link Command | `Command`} APIs
*
* The `shell` allowlist object has a `scope` field that defines an array of CLIs that can be used.
* The plugin configuration object has a `scope` field that defines an array of CLIs that can be used.
* Each CLI is a configuration object `{ name: string, cmd: string, sidecar?: bool, args?: boolean | Arg[] }`.
*
* - `name`: the unique identifier of the command, passed to the {@link Command.create | Command.create function}.
@ -55,13 +38,17 @@
* Configuration:
* ```json
* {
* "scope": [
* {
* "name": "run-git-commit",
* "cmd": "git",
* "args": ["commit", "-m", { "validator": "\\S+" }]
* "plugins": {
* "shell": {
* "scope": [
* {
* "name": "run-git-commit",
* "cmd": "git",
* "args": ["commit", "-m", { "validator": "\\S+" }]
* }
* ]
* }
* ]
* }
* }
* ```
* Usage:
@ -425,7 +412,7 @@ class Command<O extends IOPayload> extends EventEmitter<CommandEvents> {
* Creates a new `Command` instance.
*
* @param program The program name to execute.
* It must be configured on `tauri.conf.json > tauri > allowlist > shell > scope`.
* It must be configured on `tauri.conf.json > plugins > shell > scope`.
* @param args Program arguments.
* @param options Spawn options.
*/
@ -462,7 +449,7 @@ class Command<O extends IOPayload> extends EventEmitter<CommandEvents> {
* ```
*
* @param program The program to execute.
* It must be configured on `tauri.conf.json > tauri > allowlist > shell > scope`.
* It must be configured on `tauri.conf.json > plugins > shell > scope`.
*/
static create<O extends IOPayload>(
program: string,
@ -494,7 +481,7 @@ class Command<O extends IOPayload> extends EventEmitter<CommandEvents> {
* ```
*
* @param program The program to execute.
* It must be configured on `tauri.conf.json > tauri > allowlist > shell > scope`.
* It must be configured on `tauri.conf.json > plugins > shell > scope`.
*/
static sidecar<O extends IOPayload>(
program: string,
@ -634,7 +621,7 @@ type CommandEvent<O extends IOPayload> =
* ```
*
* @param path The path or URL to open.
* This value is matched against the string regex defined on `tauri.conf.json > tauri > allowlist > shell > open`,
* This value is matched against the string regex defined on `tauri.conf.json > plugins > shell > open`,
* which defaults to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`.
* @param openWith The app to open the file or URL with.
* Defaults to the system default application for the specified path type.

4
plugins/shell/src/config.rs
Unescape View File

@ -2,9 +2,7 @@ use std::path::PathBuf;
use serde::{de::Error as DeError, Deserialize, Deserializer};
/// Allowlist for the shell APIs.
///
/// See more: https://tauri.app/v1/api/config#shellallowlistconfig
/// Configuration for the shell plugin.
#[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize)]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct Config {

2
plugins/shell/src/open.rs
Unescape View File

@ -104,7 +104,7 @@ impl Program {
/// Opens path or URL with the program specified in `with`, or system default if `None`.
///
/// The path will be matched against the shell open validation regex, defaulting to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`.
/// A custom validation regex may be supplied in the config in `tauri > allowlist > scope > open`.
/// A custom validation regex may be supplied in the config in `plugins > shell > scope > open`.
///
/// # Examples
///

2
plugins/shell/src/scope.rs
Unescape View File

@ -248,7 +248,7 @@ impl Scope {
/// Open a path in the default (or specified) browser.
///
/// The path is validated against the `tauri > allowlist > shell > open` validation regex, which
/// The path is validated against the `plugins > shell > open` validation regex, which
/// defaults to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`.
pub fn open(&self, path: &str, with: Option<Program>) -> Result<(), Error> {
// ensure we pass validation if the configuration has one

79
plugins/window/guest-js/index.ts
Unescape View File

@ -5,51 +5,6 @@
/**
* Provides APIs to create windows, communicate with other windows and manipulate the current window.
*
* The APIs must be added to [`tauri.allowlist.window`](https://tauri.app/v1/api/config/#allowlistconfig.window) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "window": {
* "all": true, // enable all window APIs
* "create": true, // enable window creation
* "center": true,
* "requestUserAttention": true,
* "setResizable": true,
* "setTitle": true,
* "maximize": true,
* "unmaximize": true,
* "minimize": true,
* "unminimize": true,
* "show": true,
* "hide": true,
* "close": true,
* "setDecorations": true,
* "setShadow": true,
* "setAlwaysOnTop": true,
* "setContentProtected": true,
* "setSize": true,
* "setMinSize": true,
* "setMaxSize": true,
* "setPosition": true,
* "setFullscreen": true,
* "setFocus": true,
* "setIcon": true,
* "setSkipTaskbar": true,
* "setCursorGrab": true,
* "setCursorVisible": true,
* "setCursorIcon": true,
* "setCursorPosition": true,
* "setIgnoreCursorEvents": true,
* "startDragging": true,
* "print": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Window events
*
* Events can be listened to using `appWindow.listen`:
@ -1017,12 +972,12 @@ class WindowManager extends WebviewWindowHandle {
label: this.label,
value: size
? {
type: size.type,
data: {
width: size.width,
height: size.height,
},
}
type: size.type,
data: {
width: size.width,
height: size.height,
},
}
: null,
});
}
@ -1051,12 +1006,12 @@ class WindowManager extends WebviewWindowHandle {
label: this.label,
value: size
? {
type: size.type,
data: {
width: size.width,
height: size.height,
},
}
type: size.type,
data: {
width: size.width,
height: size.height,
},
}
: null,
});
}
@ -1831,11 +1786,11 @@ function mapMonitor(m: Monitor | null): Monitor | null {
return m === null
? null
: {
name: m.name,
scaleFactor: m.scaleFactor,
position: mapPhysicalPosition(m.position),
size: mapPhysicalSize(m.size),
};
name: m.name,
scaleFactor: m.scaleFactor,
position: mapPhysicalPosition(m.position),
size: mapPhysicalSize(m.size),
};
}
function mapPhysicalPosition(m: PhysicalPosition): PhysicalPosition {

Write Preview
Loading…
Cancel
Save