Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(http): enhance scope URL matching via urlpattern #1030

Merged
merged 2 commits into from
Mar 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changes/enhance-http-scope.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"http": patch
---

The scope URL now follows the URL pattern standard instead of a simple glob pattern.
59 changes: 57 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions examples/api/src-tauri/gen/schemas/desktop-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -2242,7 +2242,7 @@
],
"properties": {
"url": {
"description": "A URL that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples:\n\n- \"https://*\" or \"https://**\" : allows all HTTPS urls\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"description": "A URL that can be accessed by the webview when using the HTTP APIs. Wildcards can be used following the URL pattern standard.\n\nSee [the URL Pattern spec](https://urlpattern.spec.whatwg.org/) for more information.\n\nExamples:\n\n- \"https://*\" : allows all HTTPS origin on port 443\n\n- \"https://*:*\" : allows all HTTPS origin on any port\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"type": "string"
}
}
Expand All @@ -2258,7 +2258,7 @@
],
"properties": {
"url": {
"description": "A URL that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples:\n\n- \"https://*\" or \"https://**\" : allows all HTTPS urls\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"description": "A URL that can be accessed by the webview when using the HTTP APIs. Wildcards can be used following the URL pattern standard.\n\nSee [the URL Pattern spec](https://urlpattern.spec.whatwg.org/) for more information.\n\nExamples:\n\n- \"https://*\" : allows all HTTPS origin on port 443\n\n- \"https://*:*\" : allows all HTTPS origin on any port\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"type": "string"
}
}
Expand Down
86 changes: 43 additions & 43 deletions examples/api/src-tauri/gen/schemas/mobile-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,22 @@
"default": "",
"type": "string"
},
"context": {
"description": "Execution context of the capability.\n\nAt runtime, Tauri filters the IPC command together with the context to determine whether it is allowed or not and its scope.",
"default": "local",
"allOf": [
"remote": {
"description": "Configure remote URLs that can use the capability permissions.",
"anyOf": [
{
"$ref": "#/definitions/CapabilityRemote"
},
{
"$ref": "#/definitions/CapabilityContext"
"type": "null"
}
]
},
"local": {
"description": "Whether this capability is enabled for local app URLs or not. Defaults to `true`.",
"default": true,
"type": "boolean"
},
"windows": {
"description": "List of windows that uses this capability. Can be a glob pattern.\n\nOn multiwebview windows, prefer [`Self::webviews`] for a fine grained access control.",
"type": "array",
Expand All @@ -78,7 +85,7 @@
}
},
"platforms": {
"description": "Target platforms this capability applies. By default all platforms applies.",
"description": "Target platforms this capability applies. By default all platforms are affected by this capability.",
"default": [
"linux",
"macOS",
Expand All @@ -93,42 +100,21 @@
}
}
},
"CapabilityContext": {
"description": "Context of the capability.",
"oneOf": [
{
"description": "Capability refers to local URL usage.",
"type": "string",
"enum": [
"local"
]
},
{
"description": "Capability refers to remote usage.",
"type": "object",
"required": [
"remote"
],
"properties": {
"remote": {
"type": "object",
"required": [
"urls"
],
"properties": {
"urls": {
"description": "Remote domains this capability refers to. Can use glob patterns.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
},
"additionalProperties": false
"CapabilityRemote": {
"description": "Configuration for remote URLs that are associated with the capability.",
"type": "object",
"required": [
"urls"
],
"properties": {
"urls": {
"description": "Remote domains this capability refers to. Can use glob patterns.",
"type": "array",
"items": {
"type": "string"
}
}
]
}
},
"PermissionEntry": {
"description": "An entry for a permission value in a [`Capability`] can be either a raw permission [`Identifier`] or an object that references a permission and extends its scope.",
Expand Down Expand Up @@ -2256,7 +2242,7 @@
],
"properties": {
"url": {
"description": "A URL that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples:\n\n- \"https://*\" or \"https://**\" : allows all HTTPS urls\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"description": "A URL that can be accessed by the webview when using the HTTP APIs. Wildcards can be used following the URL pattern standard.\n\nSee [the URL Pattern spec](https://urlpattern.spec.whatwg.org/) for more information.\n\nExamples:\n\n- \"https://*\" : allows all HTTPS origin on port 443\n\n- \"https://*:*\" : allows all HTTPS origin on any port\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"type": "string"
}
}
Expand All @@ -2272,7 +2258,7 @@
],
"properties": {
"url": {
"description": "A URL that can be accessed by the webview when using the HTTP APIs. The scoped URL is matched against the request URL using a glob pattern.\n\nExamples:\n\n- \"https://*\" or \"https://**\" : allows all HTTPS urls\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"description": "A URL that can be accessed by the webview when using the HTTP APIs. Wildcards can be used following the URL pattern standard.\n\nSee [the URL Pattern spec](https://urlpattern.spec.whatwg.org/) for more information.\n\nExamples:\n\n- \"https://*\" : allows all HTTPS origin on port 443\n\n- \"https://*:*\" : allows all HTTPS origin on any port\n\n- \"https://*.github.com/tauri-apps/tauri\": allows any subdomain of \"github.com\" with the \"tauri-apps/api\" path\n\n- \"https://myapi.service.com/users/*\": allows access to any URLs that begins with \"https://myapi.service.com/users/\"",
"type": "string"
}
}
Expand Down Expand Up @@ -5756,6 +5742,13 @@
"webview:allow-print"
]
},
{
"description": "webview:allow-reparent -> Enables the reparent command without any pre-configured scope.",
"type": "string",
"enum": [
"webview:allow-reparent"
]
},
{
"description": "webview:allow-set-webview-focus -> Enables the set_webview_focus command without any pre-configured scope.",
"type": "string",
Expand Down Expand Up @@ -5826,6 +5819,13 @@
"webview:deny-print"
]
},
{
"description": "webview:deny-reparent -> Denies the reparent command without any pre-configured scope.",
"type": "string",
"enum": [
"webview:deny-reparent"
]
},
{
"description": "webview:deny-set-webview-focus -> Denies the set_webview_focus command without any pre-configured scope.",
"type": "string",
Expand Down
2 changes: 1 addition & 1 deletion examples/api/src/views/Http.svelte
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
const form = new FormData();
form.append("foo", foo);
form.append("bar", bar);
const response = await tauriFetch("http://localhost:3003", {
const response = await tauriFetch("http://localhost:3003/tauri", {
method: "POST",
body: form,
});
Expand Down
6 changes: 4 additions & 2 deletions plugins/http/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,17 @@ tauri-plugin = { workspace = true, features = [ "build" ] }
schemars = { workspace = true }
serde = { workspace = true }
url = { workspace = true }
glob = "0.3"
urlpattern = "0.2"
regex = "1"

[dependencies]
serde = { workspace = true }
serde_json = { workspace = true }
tauri = { workspace = true }
thiserror = { workspace = true }
tauri-plugin-fs = { path = "../fs", version = "2.0.0-beta.1" }
glob = "0.3"
urlpattern = "0.2"
regex = "1"
http = "0.2"
reqwest = { version = "0.11", default-features = false }
url = { workspace = true }
Expand Down
16 changes: 13 additions & 3 deletions plugins/http/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,15 @@ const COMMANDS: &[&str] = &["fetch", "fetch_cancel", "fetch_send", "fetch_read_b
#[derive(schemars::JsonSchema)]
struct ScopeEntry {
/// A URL that can be accessed by the webview when using the HTTP APIs.
/// The scoped URL is matched against the request URL using a glob pattern.
/// Wildcards can be used following the URL pattern standard.
///
/// See [the URL Pattern spec](https://urlpattern.spec.whatwg.org/) for more information.
///
/// Examples:
///
/// - "https://*" or "https://**" : allows all HTTPS urls
/// - "https://*" : allows all HTTPS origin on port 443
///
/// - "https://*:*" : allows all HTTPS origin on any port
///
/// - "https://*.github.com/tauri-apps/tauri": allows any subdomain of "github.com" with the "tauri-apps/api" path
///
Expand All @@ -28,7 +32,13 @@ struct ScopeEntry {
impl From<ScopeEntry> for scope::Entry {
fn from(value: ScopeEntry) -> Self {
scope::Entry {
url: value.url.parse().unwrap(),
url: urlpattern::UrlPattern::parse(
urlpattern::UrlPatternInit::parse_constructor_string::<regex::Regex>(
&value.url, None,
)
.unwrap(),
)
.unwrap(),
}
}
}
Expand Down
Loading
Loading