Qortal/Qortal-Hub
1
0
Fork 0
mirror of https://github.com/Qortal/Qortal-Hub.git synced 2025-04-24 03:47:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

tighten up csp

Browse Source
This commit is contained in:
PhilReact 2024-11-05 15:44:54 +02:00
parent 1b8137fe35
commit 37de676069
4 changed files with 259 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
electron/src/index.ts
View File

@ -23,7 +23,7 @@ const capacitorFileConfig: CapacitorElectronConfig = getCapacitorElectronConfig(
// Initialize our app. You can pass menu templates into the app here.
// const myCapacitorApp = new ElectronCapacitorApp(capacitorFileConfig);
const myCapacitorApp = new ElectronCapacitorApp(capacitorFileConfig, trayMenuTemplate, appMenuBarMenuTemplate);
export const myCapacitorApp = new ElectronCapacitorApp(capacitorFileConfig, trayMenuTemplate, appMenuBarMenuTemplate);
// If deeplinking is enabled then we will set it up here.
if (capacitorFileConfig.electron?.deepLinkingEnabled) {

9
electron/src/preload.ts
View File

@ -5,11 +5,16 @@ console.log('User Preload!');
const { contextBridge, shell, ipcRenderer } = require('electron');
contextBridge.exposeInMainWorld('electronAPI', {
openExternal: (url) => shell.openExternal(url)
openExternal: (url) => shell.openExternal(url),
setAllowedDomains: (domains) => {
ipcRenderer.send('set-allowed-domains', domains);
},
});
contextBridge.exposeInMainWorld('electron', {
onUpdateAvailable: (callback) => ipcRenderer.on('update_available', callback),
onUpdateDownloaded: (callback) => ipcRenderer.on('update_downloaded', callback),
restartApp: () => ipcRenderer.send('restart_app')
});
});
ipcRenderer.send('test-ipc');

103
electron/src/setup.ts
View File

@ -6,13 +6,34 @@ import {
} from '@capacitor-community/electron';
import chokidar from 'chokidar';
import type { MenuItemConstructorOptions } from 'electron';
import { app, BrowserWindow, Menu, MenuItem, nativeImage, Tray, session } from 'electron';
import { app, BrowserWindow, Menu, MenuItem, nativeImage, Tray, session, ipcMain } from 'electron';
import electronIsDev from 'electron-is-dev';
import electronServe from 'electron-serve';
import windowStateKeeper from 'electron-window-state';
import { join } from 'path';
import { myCapacitorApp } from '.';
const defaultDomains = [
'http://127.0.0.1:12391',
'ws://127.0.0.1:12391',
'https://ext-node.qortal.link',
'wss://ext-node.qortal.link',
'https://appnode.qortal.org',
"https://api.qortal.org",
"https://api2.qortal.org",
"https://appnode.qortal.org",
"https://apinode.qortalnodes.live",
"https://apinode1.qortalnodes.live",
"https://apinode2.qortalnodes.live",
"https://apinode3.qortalnodes.live",
"https://apinode4.qortalnodes.live"
];
// let allowedDomains: string[] = [...defaultDomains]
const domainHolder = {
allowedDomains: [...defaultDomains],
};
// Define components for a watcher to detect when the webapp is changed so we can reload in Dev mode.
const reloadWatcher = {
debouncer: null,
@ -220,15 +241,79 @@ export class ElectronCapacitorApp {
}
// Set a CSP up for our application based on the custom scheme
// export function setupContentSecurityPolicy(customScheme: string): void {
// session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
// callback({
// responseHeaders: {
// ...details.responseHeaders,
// 'Content-Security-Policy': [
// "script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; connect-src 'self' https://*:* http://*:* wss://*:* ws://*:*",
// ],
// },
// });
// });
// }
export function setupContentSecurityPolicy(customScheme: string): void {
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
callback({
responseHeaders: {
...details.responseHeaders,
'Content-Security-Policy': [
"script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; connect-src 'self' https://*:* http://*:* wss://*:* ws://*:*",
],
},
const allowedSources = ["'self'", ...domainHolder.allowedDomains].join(' ');
const csp = `
script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' ${allowedSources};
object-src 'self';
connect-src ${allowedSources};
`.replace(/\s+/g, ' ').trim();
callback({
responseHeaders: {
...details.responseHeaders,
'Content-Security-Policy': [csp],
},
});
});
});
}
// IPC listener for updating allowed domains
ipcMain.on('set-allowed-domains', (event, domains: string[]) => {
// Validate and transform user-provided domains
const validatedUserDomains = domains
.flatMap((domain) => {
try {
const url = new URL(domain);
const protocol = url.protocol === 'https:' ? 'wss:' : 'ws:';
const socketUrl = `${protocol}//${url.hostname}${url.port ? ':' + url.port : ''}`;
return [url.origin, socketUrl];
} catch {
return [];
}
})
.filter(Boolean) as string[];
// Combine default and validated user domains
const newAllowedDomains = [...new Set([...defaultDomains, ...validatedUserDomains])];
// Sort both current allowed domains and new domains for comparison
const sortedCurrentDomains = [...domainHolder.allowedDomains].sort();
const sortedNewDomains = [...newAllowedDomains].sort();
// Check if the lists are different
const hasChanged =
sortedCurrentDomains.length !== sortedNewDomains.length ||
sortedCurrentDomains.some((domain, index) => domain !== sortedNewDomains[index]);
// If there's a change, update allowedDomains and reload the window
if (hasChanged) {
domainHolder.allowedDomains = newAllowedDomains;
const mainWindow = myCapacitorApp.getMainWindow();
if (mainWindow && !mainWindow.isDestroyed()) {
mainWindow.webContents.reload();
}
}
});

298
src/ExtStates/NotAuthenticated.tsx
View File

@ -23,15 +23,14 @@ import { set } from "lodash";
import { cleanUrl, isUsingLocal } from "../background";
const manifestData = {
version: '0.2.0'
}
version: "0.2.0",
};
export const NotAuthenticated = ({
getRootProps,
getInputProps,
setExtstate,
apiKey,
setApiKey,
globalApiKey,
@ -54,9 +53,9 @@ export const NotAuthenticated = ({
const [customApikey, setCustomApiKey] = React.useState("");
const [customNodeToSaveIndex, setCustomNodeToSaveIndex] =
React.useState(null);
const importedApiKeyRef = useRef(null)
const currentNodeRef = useRef(null)
const hasLocalNodeRef = useRef(null)
const importedApiKeyRef = useRef(null);
const currentNodeRef = useRef(null);
const hasLocalNodeRef = useRef(null);
const isLocal = cleanUrl(currentNode?.url) === "127.0.0.1:12391";
const handleFileChangeApiKey = (event) => {
const file = event.target.files[0]; // Get the selected file
@ -71,7 +70,6 @@ export const NotAuthenticated = ({
}
};
const checkIfUserHasLocalNode = useCallback(async () => {
try {
const url = `http://127.0.0.1:12391/admin/status`;
@ -93,43 +91,48 @@ export const NotAuthenticated = ({
}, []);
useEffect(() => {
window.sendMessage("getCustomNodesFromStorage")
.then((response) => {
if (response) {
setCustomNodes(response || []);
}
})
.catch((error) => {
console.error("Failed to get custom nodes from storage:", error.message || "An error occurred");
});
window
.sendMessage("getCustomNodesFromStorage")
.then((response) => {
if (response) {
setCustomNodes(response || []);
window.electronAPI.setAllowedDomains(response?.map((node)=> node.url))
}
})
.catch((error) => {
console.error(
"Failed to get custom nodes from storage:",
error.message || "An error occurred"
);
});
}, []);
useEffect(()=> {
importedApiKeyRef.current = importedApiKey
}, [importedApiKey])
useEffect(()=> {
currentNodeRef.current = currentNode
}, [currentNode])
useEffect(() => {
importedApiKeyRef.current = importedApiKey;
}, [importedApiKey]);
useEffect(() => {
currentNodeRef.current = currentNode;
}, [currentNode]);
useEffect(()=> {
hasLocalNodeRef.current = hasLocalNode
}, [hasLocalNode])
useEffect(() => {
hasLocalNodeRef.current = hasLocalNode;
}, [hasLocalNode]);
const validateApiKey = useCallback(async (key, fromStartUp) => {
try {
if(!currentNodeRef.current) return
const isLocalKey = cleanUrl(key?.url) === "127.0.0.1:12391";
if(isLocalKey && !hasLocalNodeRef.current && !fromStartUp){
throw new Error('Please turn on your local node')
}
const isCurrentNodeLocal = cleanUrl(currentNodeRef.current?.url) === "127.0.0.1:12391";
if(isLocalKey && !isCurrentNodeLocal) {
setIsValidApiKey(false);
setUseLocalNode(false);
return
}
if (!currentNodeRef.current) return;
const isLocalKey = cleanUrl(key?.url) === "127.0.0.1:12391";
if (isLocalKey && !hasLocalNodeRef.current && !fromStartUp) {
throw new Error("Please turn on your local node");
}
const isCurrentNodeLocal =
cleanUrl(currentNodeRef.current?.url) === "127.0.0.1:12391";
if (isLocalKey && !isCurrentNodeLocal) {
setIsValidApiKey(false);
setUseLocalNode(false);
return;
}
let payload = {};
if (currentNodeRef.current?.url === "http://127.0.0.1:12391") {
@ -137,7 +140,7 @@ export const NotAuthenticated = ({
apikey: importedApiKeyRef.current || key?.apikey,
url: currentNodeRef.current?.url,
};
} else if(currentNodeRef.current) {
} else if (currentNodeRef.current) {
payload = currentNodeRef.current;
}
const url = `${payload?.url}/admin/apikey/test`;
@ -152,21 +155,24 @@ export const NotAuthenticated = ({
// Assuming the response is in plain text and will be 'true' or 'false'
const data = await response.text();
if (data === "true") {
window.sendMessage("setApiKey", payload)
.then((response) => {
if (response) {
handleSetGlobalApikey(payload);
setIsValidApiKey(true);
setUseLocalNode(true);
if (!fromStartUp) {
setApiKey(payload);
window
.sendMessage("setApiKey", payload)
.then((response) => {
if (response) {
handleSetGlobalApikey(payload);
setIsValidApiKey(true);
setUseLocalNode(true);
if (!fromStartUp) {
setApiKey(payload);
}
}
}
})
.catch((error) => {
console.error("Failed to set API key:", error.message || "An error occurred");
});
})
.catch((error) => {
console.error(
"Failed to set API key:",
error.message || "An error occurred"
);
});
} else {
setIsValidApiKey(false);
setUseLocalNode(false);
@ -213,24 +219,28 @@ export const NotAuthenticated = ({
}
setCustomNodes(nodes);
window.electronAPI.setAllowedDomains(nodes?.map((node)=> node.url))
setCustomNodeToSaveIndex(null);
if (!nodes) return;
window.sendMessage("setCustomNodes", nodes)
.then((response) => {
if (response) {
setMode("list");
setUrl("http://");
setCustomApiKey("");
// add alert if needed
}
})
.catch((error) => {
console.error("Failed to set custom nodes:", error.message || "An error occurred");
});
window
.sendMessage("setCustomNodes", nodes)
.then((response) => {
if (response) {
setMode("list");
setUrl("http://");
setCustomApiKey("");
// add alert if needed
}
})
.catch((error) => {
console.error(
"Failed to set custom nodes:",
error.message || "An error occurred"
);
});
};
return (
<>
<Spacer height="35px" />
@ -296,16 +306,16 @@ export const NotAuthenticated = ({
}}
/>
</Box>
<Spacer height="15px" />
<Typography
sx={{
fontSize: "12px",
visibility: !useLocalNode && 'hidden'
}}
>
{"Using node: "} {currentNode?.url}
</Typography>
<Spacer height="15px" />
<Typography
sx={{
fontSize: "12px",
visibility: !useLocalNode && "hidden",
}}
>
{"Using node: "} {currentNode?.url}
</Typography>
<>
<Spacer height="15px" />
<Box
@ -344,28 +354,30 @@ export const NotAuthenticated = ({
validateApiKey(currentNode);
} else {
setCurrentNode({
url: "http://127.0.0.1:12391",
url: "http://127.0.0.1:12391",
});
setUseLocalNode(false);
window
.sendMessage("setApiKey", null)
.then((response) => {
if (response) {
setApiKey(null);
handleSetGlobalApikey(null);
}
})
setUseLocalNode(false)
window.sendMessage("setApiKey", null)
.then((response) => {
if (response) {
setApiKey(null);
handleSetGlobalApikey(null);
}
})
.catch((error) => {
console.error("Failed to set API key:", error.message || "An error occurred");
});
.catch((error) => {
console.error(
"Failed to set API key:",
error.message || "An error occurred"
);
});
}
}}
disabled={false}
defaultChecked
/>
}
label={`Use ${isLocal ? 'Local' : 'Custom'} Node`}
label={`Use ${isLocal ? "Local" : "Custom"} Node`}
/>
</Box>
{currentNode?.url === "http://127.0.0.1:12391" && (
@ -379,31 +391,33 @@ export const NotAuthenticated = ({
onChange={handleFileChangeApiKey} // File input handler
/>
</Button>
<Typography sx={{
fontSize: '12px',
visibility: importedApiKey ? 'visible' : 'hidden'
}}>{`api key : ${importedApiKey}`}</Typography>
<Typography
sx={{
fontSize: "12px",
visibility: importedApiKey ? "visible" : "hidden",
}}
>{`api key : ${importedApiKey}`}</Typography>
</>
)}
<Button
size="small"
onClick={() => {
setShow(true);
}}
variant="contained"
component="label"
>
Choose custom node
</Button>
<Button
size="small"
onClick={() => {
setShow(true);
}}
variant="contained"
component="label"
>
Choose custom node
</Button>
</>
<Typography sx={{
color: "white",
fontSize: '12px'
}}>Build version: {manifestData?.version}</Typography>
<Typography
sx={{
color: "white",
fontSize: "12px",
}}
>
Build version: {manifestData?.version}
</Typography>
</Box>
</>
<CustomizedSnackbars
@ -430,7 +444,6 @@ export const NotAuthenticated = ({
flexDirection: "column",
}}
>
{mode === "list" && (
<Box
sx={{
@ -472,17 +485,20 @@ export const NotAuthenticated = ({
setMode("list");
setShow(false);
setUseLocalNode(false);
window.sendMessage("setApiKey", null)
.then((response) => {
if (response) {
setApiKey(null);
handleSetGlobalApikey(null);
}
})
.catch((error) => {
console.error("Failed to set API key:", error.message || "An error occurred");
});
window
.sendMessage("setApiKey", null)
.then((response) => {
if (response) {
setApiKey(null);
handleSetGlobalApikey(null);
}
})
.catch((error) => {
console.error(
"Failed to set API key:",
error.message || "An error occurred"
);
});
}}
variant="contained"
>
@ -527,18 +543,21 @@ export const NotAuthenticated = ({
setMode("list");
setShow(false);
setIsValidApiKey(false);
setUseLocalNode(false);
window.sendMessage("setApiKey", null)
.then((response) => {
if (response) {
setApiKey(null);
handleSetGlobalApikey(null);
}
})
.catch((error) => {
console.error("Failed to set API key:", error.message || "An error occurred");
});
setUseLocalNode(false);
window
.sendMessage("setApiKey", null)
.then((response) => {
if (response) {
setApiKey(null);
handleSetGlobalApikey(null);
}
})
.catch((error) => {
console.error(
"Failed to set API key:",
error.message || "An error occurred"
);
});
}}
variant="contained"
>
@ -562,7 +581,6 @@ export const NotAuthenticated = ({
const nodesToSave = [
...(customNodes || []),
].filter((item) => item?.url !== node?.url);
saveCustomNodes(nodesToSave);
}}
@ -601,9 +619,7 @@ export const NotAuthenticated = ({
/>
</Box>
)}
</Box>
</DialogContent>
<DialogActions>
{mode === "list" && (