Merge tag 'v0.3.2'

Author: ellaismer

.gitignore

@@ -4,6 +4,7 @@ npm-debug.log
 build
 dist
 docs
+test/tmp
 .build
 .coverage
 .dist

Cargo.precompiled.toml

@@ -25,10 +25,20 @@ const fetchParity = require('./operations/fetchParity');
 const handleError = require('./operations/handleError');
 const messages = require('./messages');
 const { killParity } = require('./operations/runParity');
+const { getLocalDappsPath } = require('./utils/paths');
+const { name: appName } = require('../package.json');
 
 const { app, BrowserWindow, ipcMain, session } = electron;
+const { URL } = url;
+
 let mainWindow;
 
+// Disable gpu acceleration on linux
+// https://github.com/parity-js/shell/issues/157
+if (!['darwin', 'win32'].includes(process.platform)) {
+  app.disableHardwareAcceleration();
+}
+
 function createWindow () {
   // Will send these variables to renderers via IPC
   global.dirName = __dirname;
@@ -37,13 +47,10 @@ function createWindow () {
 
   mainWindow = new BrowserWindow({
     height: 800,
-    width: 1200
+    width: 1200,
+    webPreferences: { nodeIntegrationInWorker: true }
   });
 
-  doesParityExist()
-    .catch(() => fetchParity(mainWindow)) // Install parity if not present
-    .catch(handleError); // Errors should be handled before, this is really just in case
-
   if (cli.uiDev === true) {
     // Opens http://127.0.0.1:3000 in --ui-dev mode
     mainWindow.loadURL('http://127.0.0.1:3000');
@@ -59,6 +66,10 @@ function createWindow () {
     );
   }
 
+  doesParityExist()
+    .catch(() => fetchParity(mainWindow)) // Install parity if not present
+    .catch(handleError); // Errors should be handled before, this is really just in case
+
   // Listen to messages from renderer process
   ipcMain.on('asynchronous-message', messages);
 
@@ -74,6 +85,90 @@ function createWindow () {
     callback({ requestHeaders: details.requestHeaders });
   });
 
+  // Verify WebView Options Before Creation
+  // https://electronjs.org/docs/tutorial/security#12-verify-webview-options-before-creation
+  mainWindow.webContents.on('will-attach-webview', (event, webPreferences, params) => {
+    // Strip away inline preload scripts, ours is at preloadURL
+    delete webPreferences.preload;
+
+    // TODO Verify that the location of webPreferences.preloadURL is:
+    // `file://path/to/app.asar/.build/preload.js`
+
+    // Disable Node.js integration
+    webPreferences.nodeIntegration = false;
+    webPreferences.contextIsolation = true;
+  });
+
+  // Listen to the creation of (dapp) webviews to attach event listeners to them
+  mainWindow.webContents.on('did-attach-webview', (event, webContents) => {
+    // Do not accept all kinds of web permissions (camera, location...)
+    // https://electronjs.org/docs/tutorial/security#4-handle-session-permission-requests-from-remote-content
+    webContents.session
+      .setPermissionRequestHandler((webContents, permission, callback) => {
+        // Deny all permissions for dapps
+        return callback(false);
+      });
+
+    let baseUrl;
+    let appId;
+
+    // Derive the dapp baseUrl (.../my-dapp/) from the first URL of the webview
+    // (.../my-dapp/index.html). The baseUrl defines what files the webview is
+    // allowed to navigate to within the same frame.
+    // For example, my-dapp/index.html can navigate to my-dapp/some/dir/hi.html
+    // and then back to my-dapp/index.html
+    webContents.once('did-navigate', (e, initialUrl) => {
+      const initialURL = new URL(initialUrl);
+
+      appId = initialURL.searchParams.get('appId');
+
+      initialURL.hash = '';
+      initialURL.search = '';
+      baseUrl = initialURL.href.substr(0, initialURL.href.lastIndexOf('/') + 1);
+    });
+
+    // The event handler for will-navigate needs to be set in the main process
+    // in order to be able to prevent the navigation: https://git.io/f4SNW
+    webContents.on('will-navigate', (e, targetUrl) => {
+      e.preventDefault();
+
+      if (targetUrl.startsWith(baseUrl)) {
+        // The target resource is located inside the dapp folder: allow in-frame
+        // navigation but enforce appId query parameter for inject.js
+
+        const newURL = new URL(targetUrl);
+
+        newURL.searchParams.set('appId', appId);
+
+        webContents.loadURL(newURL.href);
+      } else {
+        // Open all links to resources outside the dapp root in the browser
+        // (or with the default desktop app for protocols other than http)
+
+        electron.shell.openExternal(targetUrl);
+      }
+    });
+
+    // Block in-page requests to resources outside the dapp folder
+    webContents.session.webRequest.onBeforeRequest({ urls: ['file://*'] }, (details, callback) => {
+      if (baseUrl &&
+          !details.url.startsWith(baseUrl) &&
+          // dapp-dapp-visible needs to be able to display the icons of other
+          // dapps, so as a temporary fix we allow access to all images requests
+          details.resourceType !== 'image') {
+        const sanitizedUrl = details.url.replace(/'/, '');
+
+        if (!webContents.isDestroyed()) {
+          webContents.executeJavaScript(`console.warn('Parity UI blocked a request to access ${sanitizedUrl}')`);
+        }
+
+        callback({ cancel: true });
+      } else {
+        callback({ cancel: false });
+      }
+    });
+  });
+
   mainWindow.on('closed', () => {
     mainWindow = null;
   });
@@ -98,3 +193,10 @@ app.on('activate', () => {
     createWindow();
   }
 });
+
+// userData value is derived from the Electron app name by default. However,
+// Electron doesn't know the app name defined in package.json because we
+// execute Electron directly on a file. Running Electron on a folder (either
+// .build/ or electron/) doesn't solve the issue because the package.json
+// is located in the parent directory.
+app.setPath('userData', path.join(app.getPath('appData'), appName));

Cargo.toml

@@ -54,7 +54,7 @@ module.exports = {
       .then(() => fsChmod(parityPath(), '755')) // Should already be 755 after download, just to be sure
       .then(() => {
         const logStream = fs.createWriteStream(logFile, { flags: 'a' });
-        let logLastLine; // Always contains last line of the logFile
+        let logLastLine = ''; // Always contains last line of the logFile
 
         // Run an instance of parity with the correct args
         parity = spawn(parityPath(), parityArgv);

build.rs

@@ -19,24 +19,28 @@ const { spawn } = require('child_process');
 const parityPath = require('../utils/parityPath');
 
 module.exports = event => {
-  // Generate a new token
-  const paritySigner = spawn(parityPath(), ['signer', 'new-token']);
-
-  // Listen to the output of the previous command
-  paritySigner.stdout.on('data', data => {
-    // If the output line is xxxx-xxxx-xxxx-xxxx, then it's our token
-    const match = data
-      .toString()
-      .match(
-        /[a-zA-Z0-9]{4}(-)?[a-zA-Z0-9]{4}(-)?[a-zA-Z0-9]{4}(-)?[a-zA-Z0-9]{4}/
-      );
-
-    if (match) {
-      const token = match[0];
-
-      // Send back the token to the renderer process
-      event.sender.send('asynchronous-reply', token);
-      paritySigner.kill(); // We don't need the signer anymore
-    }
-  });
+  try {
+    // Generate a new token
+    const paritySigner = spawn(parityPath(), ['signer', 'new-token']);
+
+    // Listen to the output of the previous command
+    paritySigner.stdout.on('data', data => {
+      // If the output line is xxxx-xxxx-xxxx-xxxx, then it's our token
+      const match = data
+        .toString()
+        .match(
+          /[a-zA-Z0-9]{4}(-)?[a-zA-Z0-9]{4}(-)?[a-zA-Z0-9]{4}(-)?[a-zA-Z0-9]{4}/
+        );
+
+      if (match) {
+        const token = match[0];
+
+        // Send back the token to the renderer process
+        event.sender.send('asynchronous-reply', token);
+        paritySigner.kill(); // We don't need the signer anymore
+      }
+    });
+  } catch (err) {
+    console.log("Can't run `parity signer new-token` command.");
+  }
 };

electron/index.js

@@ -16,10 +16,11 @@
 
 const { app } = require('electron');
 
-const parityPath = `${app.getPath('userData')}/parity${process.platform === 'win32' ? '.exe' : ''}`;
-
 // TODO parityPath is now in the Application Data folder by default, it would
 // be nice to first look if /usr/bin/parity exists (and return that as
 // parityPath). For now we keep Application Data as parityPath.
 // See https://github.com/parity-js/shell/issues/66
-module.exports = () => parityPath;
+
+// We cannot use app.getPath('userData') outside of the exports because
+// it would then be executed before app.setPath('userData') in index.js
+module.exports = () => `${app.getPath('userData')}/parity${process.platform === 'win32' ? '.exe' : ''}`;

electron/operations/runParity.js

@@ -14,9 +14,13 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
-#[cfg(feature = "with-syntex")]
-include!(concat!(env!("OUT_DIR"), "/lib.rs"));
+const path = require('path');
+const electron = require('electron');
 
-#[cfg(not(feature = "with-syntex"))]
-include!("lib.rs.in");
+module.exports = {
+  getLocalDappsPath: () => {
+    const userData = electron.app.getPath('userData');
 
+    return path.join(userData, 'dapps');
+  }
+};