sbot/ui/lib/com/webview.js

var h        = require('hyperscript')
var muxrpc   = require('muxrpc')
var pull     = require('pull-stream')
var pushable = require('pull-pushable')
var ssbref   = require('ssb-ref')
var app      = require('../app')

var manifest = {
  'get'              : 'async',
  'getPublicKey'     : 'async',
  'whoami'           : 'async',
  'relatedMessages'  : 'async',
  'createFeedStream' : 'source',
  'createUserStream' : 'source',
  'createLogStream'  : 'source',
  'messagesByType'   : 'source',
  'links'            : 'source'
}

module.exports = function (opts) {
  if (!opts) throw "`opts` required in com.webview"

  var webview = h('webview', { src: opts.url, preload: './webview-preload.js' })

  // setup rpc

  var ssb = muxrpc(null, manifest, serialize)(app.ssb)
  function serialize (stream) { return stream }

  var rpcStream = ssb.createStream()
  var ipcPush = pushable()
  webview.addEventListener('ipc-message', function (e) {
    if (e.channel == 'navigate') {
      if (e.args[0] && ssbref.isLink(e.args[0]))
        window.location.hash = '#/webview/' + e.args[0]
      else
        console.warn('Security Error: page attempted to navigate to disallowed location,', e.args[0])
    }
    if (e.channel == 'muxrpc-ssb') {
      var msg = e.args[0]
      try { msg = JSON.parse(msg) }
      catch (e) { return }
      ipcPush.push(msg)
    }
  })
  pull(ipcPush, rpcStream, pull.drain(
    function (msg) { webview.send('muxrpc-ssb', JSON.stringify(msg)) },
    function (err) { if (err) { console.error(err) } }
  ))

  // sandboxing

  // dont let the webview navigate away
  webview.addEventListener('did-stop-loading', function (e) {
    if (webview.getUrl().indexOf('http://localhost') !== 0 && webview.getUrl().indexOf('data:') !== 0) {
      console.warn('Security Error. Webview circumvented navigation sandbox.')
      webview.src = 'data:text/html,<strong>Security Error</strong> This page attempted to navigate out of its sandbox through explicit circumvention. Do not trust it!'
    }
  })

  return webview
}
move ssb-patchwork-api and ssb-patchwork-ui into this repo 2015-09-23 05:44:28 +11:00			`var h = require('hyperscript')`
			`var muxrpc = require('muxrpc')`
			`var pull = require('pull-stream')`
			`var pushable = require('pull-pushable')`
			`var ssbref = require('ssb-ref')`
			`var app = require('../app')`

			`var manifest = {`
			`'get' : 'async',`
			`'getPublicKey' : 'async',`
			`'whoami' : 'async',`
			`'relatedMessages' : 'async',`
			`'createFeedStream' : 'source',`
			`'createUserStream' : 'source',`
			`'createLogStream' : 'source',`
			`'messagesByType' : 'source',`
			`'links' : 'source'`
			`}`

			`module.exports = function (opts) {`
			if (!opts) throw "`opts` required in com.webview"

			`var webview = h('webview', { src: opts.url, preload: './webview-preload.js' })`

			`// setup rpc`

			`var ssb = muxrpc(null, manifest, serialize)(app.ssb)`
			`function serialize (stream) { return stream }`

			`var rpcStream = ssb.createStream()`
			`var ipcPush = pushable()`
			`webview.addEventListener('ipc-message', function (e) {`
			`if (e.channel == 'navigate') {`
			`if (e.args[0] && ssbref.isLink(e.args[0]))`
			`window.location.hash = '#/webview/' + e.args[0]`
			`else`
			`console.warn('Security Error: page attempted to navigate to disallowed location,', e.args[0])`
			`}`
			`if (e.channel == 'muxrpc-ssb') {`
			`var msg = e.args[0]`
			`try { msg = JSON.parse(msg) }`
			`catch (e) { return }`
			`ipcPush.push(msg)`
			`}`
			`})`
			`pull(ipcPush, rpcStream, pull.drain(`
			`function (msg) { webview.send('muxrpc-ssb', JSON.stringify(msg)) },`
			`function (err) { if (err) { console.error(err) } }`
			`))`

			`// sandboxing`

			`// dont let the webview navigate away`
			`webview.addEventListener('did-stop-loading', function (e) {`
			`if (webview.getUrl().indexOf('http://localhost') !== 0 && webview.getUrl().indexOf('data:') !== 0) {`
			`console.warn('Security Error. Webview circumvented navigation sandbox.')`
			`webview.src = 'data:text/html,<strong>Security Error</strong> This page attempted to navigate out of its sandbox through explicit circumvention. Do not trust it!'`
			`}`
			`})`

			`return webview`
			`}`