diff --git a/plugins/fs/src/commands.rs b/plugins/fs/src/commands.rs index cb40c3ee..e3541bcc 100644 --- a/plugins/fs/src/commands.rs +++ b/plugins/fs/src/commands.rs @@ -85,6 +85,7 @@ pub fn create( options: Option, ) -> CommandResult { let resolved_path = resolve_path( + "create", &webview, &global_scope, &command_scope, @@ -119,6 +120,7 @@ pub fn open( options: Option, ) -> CommandResult { let (file, _path) = resolve_file( + "open", &webview, &global_scope, &command_scope, @@ -172,6 +174,7 @@ pub async fn copy_file( options: Option, ) -> CommandResult<()> { let resolved_from_path = resolve_path( + "copy-file", &webview, &global_scope, &command_scope, @@ -179,6 +182,7 @@ pub async fn copy_file( options.as_ref().and_then(|o| o.from_path_base_dir), )?; let resolved_to_path = resolve_path( + "copy-file", &webview, &global_scope, &command_scope, @@ -213,6 +217,7 @@ pub fn mkdir( options: Option, ) -> CommandResult<()> { let resolved_path = resolve_path( + "mkdir", &webview, &global_scope, &command_scope, @@ -280,6 +285,7 @@ pub async fn read_dir( options: Option, ) -> CommandResult> { let resolved_path = resolve_path( + "read-dir", &webview, &global_scope, &command_scope, @@ -319,6 +325,7 @@ pub async fn read_file( options: Option, ) -> CommandResult { let (mut file, path) = resolve_file( + "read-file", &webview, &global_scope, &command_scope, @@ -355,6 +362,7 @@ pub async fn read_text_file( options: Option, ) -> CommandResult { let (mut file, path) = resolve_file( + "read-text-file", &webview, &global_scope, &command_scope, @@ -393,6 +401,7 @@ pub fn read_text_file_lines( use std::io::BufRead; let resolved_path = resolve_path( + "read-text-file-lines", &webview, &global_scope, &command_scope, @@ -447,6 +456,7 @@ pub fn remove( options: Option, ) -> CommandResult<()> { let resolved_path = resolve_path( + "remove", &webview, &global_scope, &command_scope, @@ -516,6 +526,7 @@ pub fn rename( options: Option, ) -> CommandResult<()> { let resolved_old_path = resolve_path( + "rename", &webview, &global_scope, &command_scope, @@ -523,6 +534,7 @@ pub fn rename( options.as_ref().and_then(|o| o.old_path_base_dir), )?; let resolved_new_path = resolve_path( + "rename", &webview, &global_scope, &command_scope, @@ -570,6 +582,7 @@ pub async fn seek( #[cfg(target_os = "android")] fn get_metadata std::io::Result>( + permission: &str, metadata_fn: F, webview: &Webview, global_scope: &GlobalScope, @@ -580,6 +593,7 @@ fn get_metadata std::io::Result { let (file, path) = resolve_file( + permission, webview, global_scope, command_scope, @@ -601,6 +615,7 @@ fn get_metadata std::io::Result get_fs_metadata( + permission, metadata_fn, webview, global_scope, @@ -613,6 +628,7 @@ fn get_metadata std::io::Result std::io::Result>( + permission: &str, metadata_fn: F, webview: &Webview, global_scope: &GlobalScope, @@ -621,6 +637,7 @@ fn get_metadata std::io::Result, ) -> CommandResult { get_fs_metadata( + permission, metadata_fn, webview, global_scope, @@ -631,6 +648,7 @@ fn get_metadata std::io::Result std::io::Result>( + permission: &str, metadata_fn: F, webview: &Webview, global_scope: &GlobalScope, @@ -639,6 +657,7 @@ fn get_fs_metadata std::io::Result, ) -> CommandResult { let resolved_path = resolve_path( + permission, webview, global_scope, command_scope, @@ -663,6 +682,7 @@ pub fn stat( options: Option, ) -> CommandResult { let metadata = get_metadata( + "stat", |p| std::fs::metadata(p), &webview, &global_scope, @@ -683,6 +703,7 @@ pub fn lstat( options: Option, ) -> CommandResult { let metadata = get_metadata( + "lstat", |p| std::fs::symlink_metadata(p), &webview, &global_scope, @@ -711,6 +732,7 @@ pub async fn truncate( options: Option, ) -> CommandResult<()> { let resolved_path = resolve_path( + "truncate", &webview, &global_scope, &command_scope, @@ -780,6 +802,7 @@ fn default_create_value() -> bool { } fn write_file_inner( + permission: &str, webview: Webview, global_scope: &GlobalScope, command_scope: &CommandScope, @@ -788,6 +811,7 @@ fn write_file_inner( options: Option, ) -> CommandResult<()> { let (mut file, path) = resolve_file( + permission, &webview, global_scope, command_scope, @@ -865,7 +889,15 @@ pub async fn write_file( .get("options") .and_then(|p| p.to_str().ok()) .and_then(|opts| serde_json::from_str(opts).ok()); - write_file_inner(webview, &global_scope, &command_scope, path, &data, options) + write_file_inner( + "write-file", + webview, + &global_scope, + &command_scope, + path, + &data, + options, + ) } #[tauri::command] @@ -879,6 +911,7 @@ pub async fn write_text_file( #[allow(unused)] options: Option, ) -> CommandResult<()> { write_file_inner( + "write-text-file", webview, &global_scope, &command_scope, @@ -897,6 +930,7 @@ pub fn exists( options: Option, ) -> CommandResult { let resolved_path = resolve_path( + "exists", &webview, &global_scope, &command_scope, @@ -908,16 +942,25 @@ pub fn exists( #[cfg(not(target_os = "android"))] pub fn resolve_file( + permission: &str, webview: &Webview, global_scope: &GlobalScope, command_scope: &CommandScope, path: SafeFilePath, open_options: OpenOptions, ) -> CommandResult<(File, PathBuf)> { - resolve_file_in_fs(webview, global_scope, command_scope, path, open_options) + resolve_file_in_fs( + permission, + webview, + global_scope, + command_scope, + path, + open_options, + ) } fn resolve_file_in_fs( + permission: &str, webview: &Webview, global_scope: &GlobalScope, command_scope: &CommandScope, @@ -925,6 +968,7 @@ fn resolve_file_in_fs( open_options: OpenOptions, ) -> CommandResult<(File, PathBuf)> { let path = resolve_path( + permission, webview, global_scope, command_scope, @@ -945,6 +989,7 @@ fn resolve_file_in_fs( #[cfg(target_os = "android")] pub fn resolve_file( + permission: &str, webview: &Webview, global_scope: &GlobalScope, command_scope: &CommandScope, @@ -960,6 +1005,7 @@ pub fn resolve_file( Ok((file, path)) } SafeFilePath::Path(path) => resolve_file_in_fs( + permission, webview, global_scope, command_scope, @@ -970,6 +1016,7 @@ pub fn resolve_file( } pub fn resolve_path( + permission: &str, webview: &Webview, global_scope: &GlobalScope, command_scope: &CommandScope, @@ -1013,7 +1060,17 @@ pub fn resolve_path( if scope.is_allowed(&path) { Ok(path) } else { - Err(CommandError::Plugin(Error::PathForbidden(path))) + #[cfg(not(debug_assertions))] + return Err(CommandError::Plugin(Error::PathForbidden(path))); + + #[cfg(debug_assertions)] + Err( + anyhow::anyhow!( + "forbidden path: {}, maybe it is not allowed on the scope for `allow-{permission}` permission in your capability file", + path.display() + ) + ) + .map_err(Into::into) } } diff --git a/plugins/fs/src/mobile.rs b/plugins/fs/src/mobile.rs index 06422be6..472f2c8a 100644 --- a/plugins/fs/src/mobile.rs +++ b/plugins/fs/src/mobile.rs @@ -89,7 +89,7 @@ impl Fs { std::fs::File::from_raw_fd(fd) }) } else { - todo!() + unimplemented!() } } } diff --git a/plugins/fs/src/watcher.rs b/plugins/fs/src/watcher.rs index cf2af503..8bc65c5a 100644 --- a/plugins/fs/src/watcher.rs +++ b/plugins/fs/src/watcher.rs @@ -93,6 +93,7 @@ pub async fn watch( let mut resolved_paths = Vec::with_capacity(paths.capacity()); for path in paths { resolved_paths.push(resolve_path( + "watch", &webview, &global_scope, &command_scope,