max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove allowlist references

Browse Source
pull/381/head
Lucas Nogueira 2 years ago
parent 895115e707
commit 907569c3ba
No known key found for this signature in database
GPG Key ID: FFEA6C72E73482F1
15 changed files with 49 additions and 227 deletions
Show Stats Download Patch File Download Diff File

16
plugins/app/guest-js/index.ts
Unescape View File

@ -5,22 +5,6 @@
/** /**
* Get application metadata. * Get application metadata.
* *
* The APIs must be added to [`tauri.allowlist.app`](https://tauri.app/v1/api/config/#allowlistconfig.app) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "app": {
* "all": true, // enable all app APIs
* "show": true,
* "hide": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* @module * @module
*/ */

16
plugins/clipboard/guest-js/index.ts
Unescape View File

@ -5,22 +5,6 @@
/** /**
* Read and write to the system clipboard. * Read and write to the system clipboard.
* *
* The APIs must be added to [`tauri.allowlist.clipboard`](https://tauri.app/v1/api/config/#allowlistconfig.clipboard) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "clipboard": {
* "all": true, // enable all Clipboard APIs
* "writeText": true,
* "readText": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* @module * @module
*/ */

8
plugins/dialog/guest-js/index.ts
Unescape View File

@ -113,11 +113,11 @@ async function open(
/** /**
* Open a file/directory selection dialog. * Open a file/directory selection dialog.
* *
* The selected paths are added to the filesystem and asset protocol allowlist scopes. * The selected paths are added to the filesystem and asset protocol scopes.
* When security is more important than the easy of use of this API, * When security is more important than the easy of use of this API,
* prefer writing a dedicated command instead. * prefer writing a dedicated command instead.
* *
* Note that the allowlist scope change is not persisted, so the values are cleared when the application is restarted. * Note that the scope change is not persisted, so the values are cleared when the application is restarted.
* You can save it to the filesystem using [tauri-plugin-persisted-scope](https://github.com/tauri-apps/tauri-plugin-persisted-scope). * You can save it to the filesystem using [tauri-plugin-persisted-scope](https://github.com/tauri-apps/tauri-plugin-persisted-scope).
* @example * @example
* ```typescript * ```typescript
@ -175,11 +175,11 @@ async function open(
/** /**
* Open a file/directory save dialog. * Open a file/directory save dialog.
* *
* The selected path is added to the filesystem and asset protocol allowlist scopes. * The selected path is added to the filesystem and asset protocol scopes.
* When security is more important than the easy of use of this API, * When security is more important than the easy of use of this API,
* prefer writing a dedicated command instead. * prefer writing a dedicated command instead.
* *
* Note that the allowlist scope change is not persisted, so the values are cleared when the application is restarted. * Note that the scope change is not persisted, so the values are cleared when the application is restarted.
* You can save it to the filesystem using [tauri-plugin-persisted-scope](https://github.com/tauri-apps/tauri-plugin-persisted-scope). * You can save it to the filesystem using [tauri-plugin-persisted-scope](https://github.com/tauri-apps/tauri-plugin-persisted-scope).
* @example * @example
* ```typescript * ```typescript

34
plugins/fs/guest-js/index.ts
Unescape View File

@ -5,32 +5,6 @@
/** /**
* Access the file system. * Access the file system.
* *
* This package is also accessible with `window.__TAURI__.fs` when [`build.withGlobalTauri`](https://tauri.app/v1/api/config/#buildconfig.withglobaltauri) in `tauri.conf.json` is set to `true`.
*
* The APIs must be added to [`tauri.allowlist.fs`](https://tauri.app/v1/api/config/#allowlistconfig.fs) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "fs": {
* "all": true, // enable all FS APIs
* "readFile": true,
* "writeFile": true,
* "readDir": true,
* "copyFile": true,
* "createDir": true,
* "removeDir": true,
* "removeFile": true,
* "renameFile": true,
* "metadata": true,
* "exists": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Security * ## Security
* *
* This module prevents path traversal, not allowing absolute paths or parent dir components * This module prevents path traversal, not allowing absolute paths or parent dir components
@ -45,11 +19,9 @@
* *databases* folder of the {@link path.appDataDir | $APPDATA directory}: * *databases* folder of the {@link path.appDataDir | $APPDATA directory}:
* ```json * ```json
* { * {
* "tauri": { * "plugins": {
* "allowlist": { * "fs": {
* "fs": { * "scope": ["$APPDATA/databases/*"]
* "scope": ["$APPDATA/databases/*"]
* }
* } * }
* } * }
* } * }

2
plugins/fs/src/scope.rs
Unescape View File

@ -80,7 +80,7 @@ fn push_pattern<P: AsRef<Path>, F: Fn(&str) -> Result<Pattern, glob::PatternErro
} }
impl Scope { impl Scope {
/// Creates a new scope from a `FsAllowlistScope` configuration. /// Creates a new scope from a `FsScope` configuration.
pub(crate) fn new<R: Runtime, M: Manager<R>>( pub(crate) fn new<R: Runtime, M: Manager<R>>(
manager: &M, manager: &M,
scope: &FsScope, scope: &FsScope,

13
plugins/global-shortcut/guest-js/index.ts
Unescape View File

@ -5,19 +5,6 @@
/** /**
* Register global shortcuts. * Register global shortcuts.
* *
* The APIs must be added to [`tauri.allowlist.globalShortcut`](https://tauri.app/v1/api/config/#allowlistconfig.globalshortcut) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "globalShortcut": {
* "all": true // enable all global shortcut APIs
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
* @module * @module
*/ */

25
plugins/http/guest-js/index.ts
Unescape View File

@ -5,21 +5,6 @@
/** /**
* Access the HTTP client written in Rust. * Access the HTTP client written in Rust.
* *
* The APIs must be allowlisted on `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "http": {
* "all": true, // enable all http APIs
* "request": true // enable HTTP request API
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Security * ## Security
* *
* This API has a scope configuration that forces you to restrict the URLs and paths that can be accessed using glob patterns. * This API has a scope configuration that forces you to restrict the URLs and paths that can be accessed using glob patterns.
@ -27,11 +12,9 @@
* For instance, this scope configuration only allows making HTTP requests to the GitHub API for the `tauri-apps` organization: * For instance, this scope configuration only allows making HTTP requests to the GitHub API for the `tauri-apps` organization:
* ```json * ```json
* { * {
* "tauri": { * "plugins": {
* "allowlist": { * "http": {
* "http": { * "scope": ["https://api.github.com/repos/tauri-apps/*"]
* "scope": ["https://api.github.com/repos/tauri-apps/*"]
* }
* } * }
* } * }
* } * }
@ -105,7 +88,7 @@ class Body {
* By default it sets the `application/x-www-form-urlencoded` Content-Type header, * By default it sets the `application/x-www-form-urlencoded` Content-Type header,
* but you can set it to `multipart/form-data` if the Cargo feature `multipart` is enabled. * but you can set it to `multipart/form-data` if the Cargo feature `multipart` is enabled.
* *
* Note that a file path must be allowed in the `fs` allowlist scope. * Note that a file path must be allowed in the `fs` scope.
* @example * @example
* ```typescript * ```typescript
* import { Body } from "@tauri-apps/plugin-http" * import { Body } from "@tauri-apps/plugin-http"

2
plugins/http/src/scope.rs
Unescape View File

@ -13,7 +13,7 @@ pub struct Scope {
} }
impl Scope { impl Scope {
/// Creates a new scope from the allowlist's `http` scope configuration. /// Creates a new scope from the scope configuration.
pub(crate) fn new(scope: &HttpAllowlistScope) -> Self { pub(crate) fn new(scope: &HttpAllowlistScope) -> Self {
Self { Self {
allowed_urls: scope allowed_urls: scope

15
plugins/notification/guest-js/index.ts
Unescape View File

@ -6,21 +6,6 @@
* Send toast notifications (brief auto-expiring OS window element) to your user. * Send toast notifications (brief auto-expiring OS window element) to your user.
* Can also be used with the Notification Web API. * Can also be used with the Notification Web API.
* *
* This package is also accessible with `window.__TAURI__.notification` when [`build.withGlobalTauri`](https://tauri.app/v1/api/config/#buildconfig.withglobaltauri) in `tauri.conf.json` is set to `true`.
*
* The APIs must be added to [`tauri.allowlist.notification`](https://tauri.app/v1/api/config/#allowlistconfig.notification) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "notification": {
* "all": true // enable all notification APIs
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
* @module * @module
*/ */

13
plugins/os/guest-js/index.ts
Unescape View File

@ -5,19 +5,6 @@
/** /**
* Provides operating system-related utility methods and properties. * Provides operating system-related utility methods and properties.
* *
* The APIs must be added to [`tauri.allowlist.os`](https://tauri.app/v1/api/config/#allowlistconfig.os) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "os": {
* "all": true, // enable all Os APIs
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
* @module * @module
*/ */

45
plugins/shell/guest-js/index.ts
Unescape View File

@ -6,36 +6,19 @@
* Access the system shell. * Access the system shell.
* Allows you to spawn child processes and manage files and URLs using their default application. * Allows you to spawn child processes and manage files and URLs using their default application.
* *
* The APIs must be added to [`tauri.allowlist.shell`](https://tauri.app/v1/api/config/#allowlistconfig.shell) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "shell": {
* "all": true, // enable all shell APIs
* "execute": true, // enable process spawn APIs
* "sidecar": true, // enable spawning sidecars
* "open": true // enable opening files/URLs using the default program
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Security * ## Security
* *
* This API has a scope configuration that forces you to restrict the programs and arguments that can be used. * This API has a scope configuration that forces you to restrict the programs and arguments that can be used.
* *
* ### Restricting access to the {@link open | `open`} API * ### Restricting access to the {@link open | `open`} API
* *
* On the allowlist, `open: true` means that the {@link open} API can be used with any URL, * On the configuration object, `open: true` means that the {@link open} API can be used with any URL,
* as the argument is validated with the `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+` regex. * as the argument is validated with the `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+` regex.
* You can change that regex by changing the boolean value to a string, e.g. `open: ^https://github.com/`. * You can change that regex by changing the boolean value to a string, e.g. `open: ^https://github.com/`.
* *
* ### Restricting access to the {@link Command | `Command`} APIs * ### Restricting access to the {@link Command | `Command`} APIs
* *
* The `shell` allowlist object has a `scope` field that defines an array of CLIs that can be used. * The plugin configuration object has a `scope` field that defines an array of CLIs that can be used.
* Each CLI is a configuration object `{ name: string, cmd: string, sidecar?: bool, args?: boolean | Arg[] }`. * Each CLI is a configuration object `{ name: string, cmd: string, sidecar?: bool, args?: boolean | Arg[] }`.
* *
* - `name`: the unique identifier of the command, passed to the {@link Command.create | Command.create function}. * - `name`: the unique identifier of the command, passed to the {@link Command.create | Command.create function}.
@ -55,13 +38,17 @@
* Configuration: * Configuration:
* ```json * ```json
* { * {
* "scope": [ * "plugins": {
* { * "shell": {
* "name": "run-git-commit", * "scope": [
* "cmd": "git", * {
* "args": ["commit", "-m", { "validator": "\\S+" }] * "name": "run-git-commit",
* "cmd": "git",
* "args": ["commit", "-m", { "validator": "\\S+" }]
* }
* ]
* } * }
* ] * }
* } * }
* ``` * ```
* Usage: * Usage:
@ -425,7 +412,7 @@ class Command<O extends IOPayload> extends EventEmitter<CommandEvents> {
* Creates a new `Command` instance. * Creates a new `Command` instance.
* *
* @param program The program name to execute. * @param program The program name to execute.
* It must be configured on `tauri.conf.json > tauri > allowlist > shell > scope`. * It must be configured on `tauri.conf.json > plugins > shell > scope`.
* @param args Program arguments. * @param args Program arguments.
* @param options Spawn options. * @param options Spawn options.
*/ */
@ -462,7 +449,7 @@ class Command<O extends IOPayload> extends EventEmitter<CommandEvents> {
* ``` * ```
* *
* @param program The program to execute. * @param program The program to execute.
* It must be configured on `tauri.conf.json > tauri > allowlist > shell > scope`. * It must be configured on `tauri.conf.json > plugins > shell > scope`.
*/ */
static create<O extends IOPayload>( static create<O extends IOPayload>(
program: string, program: string,
@ -494,7 +481,7 @@ class Command<O extends IOPayload> extends EventEmitter<CommandEvents> {
* ``` * ```
* *
* @param program The program to execute. * @param program The program to execute.
* It must be configured on `tauri.conf.json > tauri > allowlist > shell > scope`. * It must be configured on `tauri.conf.json > plugins > shell > scope`.
*/ */
static sidecar<O extends IOPayload>( static sidecar<O extends IOPayload>(
program: string, program: string,
@ -634,7 +621,7 @@ type CommandEvent<O extends IOPayload> =
* ``` * ```
* *
* @param path The path or URL to open. * @param path The path or URL to open.
* This value is matched against the string regex defined on `tauri.conf.json > tauri > allowlist > shell > open`, * This value is matched against the string regex defined on `tauri.conf.json > plugins > shell > open`,
* which defaults to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`. * which defaults to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`.
* @param openWith The app to open the file or URL with. * @param openWith The app to open the file or URL with.
* Defaults to the system default application for the specified path type. * Defaults to the system default application for the specified path type.

4
plugins/shell/src/config.rs
Unescape View File

@ -2,9 +2,7 @@ use std::path::PathBuf;
use serde::{de::Error as DeError, Deserialize, Deserializer}; use serde::{de::Error as DeError, Deserialize, Deserializer};
/// Allowlist for the shell APIs. /// Configuration for the shell plugin.
///
/// See more: https://tauri.app/v1/api/config#shellallowlistconfig
#[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize)] #[derive(Debug, Default, PartialEq, Eq, Clone, Deserialize)]
#[serde(rename_all = "camelCase", deny_unknown_fields)] #[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct Config { pub struct Config {

2
plugins/shell/src/open.rs
Unescape View File

@ -104,7 +104,7 @@ impl Program {
/// Opens path or URL with the program specified in `with`, or system default if `None`. /// Opens path or URL with the program specified in `with`, or system default if `None`.
/// ///
/// The path will be matched against the shell open validation regex, defaulting to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`. /// The path will be matched against the shell open validation regex, defaulting to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`.
/// A custom validation regex may be supplied in the config in `tauri > allowlist > scope > open`. /// A custom validation regex may be supplied in the config in `plugins > shell > scope > open`.
/// ///
/// # Examples /// # Examples
/// ///

2
plugins/shell/src/scope.rs
Unescape View File

@ -248,7 +248,7 @@ impl Scope {
/// Open a path in the default (or specified) browser. /// Open a path in the default (or specified) browser.
/// ///
/// The path is validated against the `tauri > allowlist > shell > open` validation regex, which /// The path is validated against the `plugins > shell > open` validation regex, which
/// defaults to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`. /// defaults to `^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+`.
pub fn open(&self, path: &str, with: Option<Program>) -> Result<(), Error> { pub fn open(&self, path: &str, with: Option<Program>) -> Result<(), Error> {
// ensure we pass validation if the configuration has one // ensure we pass validation if the configuration has one

79
plugins/window/guest-js/index.ts
Unescape View File

@ -5,51 +5,6 @@
/** /**
* Provides APIs to create windows, communicate with other windows and manipulate the current window. * Provides APIs to create windows, communicate with other windows and manipulate the current window.
* *
* The APIs must be added to [`tauri.allowlist.window`](https://tauri.app/v1/api/config/#allowlistconfig.window) in `tauri.conf.json`:
* ```json
* {
* "tauri": {
* "allowlist": {
* "window": {
* "all": true, // enable all window APIs
* "create": true, // enable window creation
* "center": true,
* "requestUserAttention": true,
* "setResizable": true,
* "setTitle": true,
* "maximize": true,
* "unmaximize": true,
* "minimize": true,
* "unminimize": true,
* "show": true,
* "hide": true,
* "close": true,
* "setDecorations": true,
* "setShadow": true,
* "setAlwaysOnTop": true,
* "setContentProtected": true,
* "setSize": true,
* "setMinSize": true,
* "setMaxSize": true,
* "setPosition": true,
* "setFullscreen": true,
* "setFocus": true,
* "setIcon": true,
* "setSkipTaskbar": true,
* "setCursorGrab": true,
* "setCursorVisible": true,
* "setCursorIcon": true,
* "setCursorPosition": true,
* "setIgnoreCursorEvents": true,
* "startDragging": true,
* "print": true
* }
* }
* }
* }
* ```
* It is recommended to allowlist only the APIs you use for optimal bundle size and security.
*
* ## Window events * ## Window events
* *
* Events can be listened to using `appWindow.listen`: * Events can be listened to using `appWindow.listen`:
@ -1017,12 +972,12 @@ class WindowManager extends WebviewWindowHandle {
label: this.label, label: this.label,
value: size value: size
? { ? {
type: size.type, type: size.type,
data: { data: {
width: size.width, width: size.width,
height: size.height, height: size.height,
}, },
} }
: null, : null,
}); });
} }
@ -1051,12 +1006,12 @@ class WindowManager extends WebviewWindowHandle {
label: this.label, label: this.label,
value: size value: size
? { ? {
type: size.type, type: size.type,
data: { data: {
width: size.width, width: size.width,
height: size.height, height: size.height,
}, },
} }
: null, : null,
}); });
} }
@ -1831,11 +1786,11 @@ function mapMonitor(m: Monitor | null): Monitor | null {
return m === null return m === null
? null ? null
: { : {
name: m.name, name: m.name,
scaleFactor: m.scaleFactor, scaleFactor: m.scaleFactor,
position: mapPhysicalPosition(m.position), position: mapPhysicalPosition(m.position),
size: mapPhysicalSize(m.size), size: mapPhysicalSize(m.size),
}; };
} }
function mapPhysicalPosition(m: PhysicalPosition): PhysicalPosition { function mapPhysicalPosition(m: PhysicalPosition): PhysicalPosition {

Write Preview
Loading…
Cancel
Save