Browse Source

add blob and file http servers; add open file to menu

Paul Frazee 5 years ago
parent
commit
2a56a32475
7 changed files with 115 additions and 7 deletions
  1. 8
    3
      app/index.js
  2. 38
    0
      app/lib/blobs.js
  3. 32
    0
      app/lib/files.js
  4. 15
    0
      app/lib/menu.js
  5. 5
    1
      app/lib/muxrpc-ipc.js
  6. 16
    2
      app/lib/windows.js
  7. 1
    1
      package.json

+ 8
- 3
app/index.js View File

@@ -1,6 +1,7 @@
1 1
 var app = require('app')
2 2
 var Menu = require('menu')
3 3
 var path = require('path')
4
+var http = require('http')
4 5
 
5 6
 var config = require('ssb-config')
6 7
 var windows = require('./lib/windows')
@@ -14,14 +15,18 @@ app.on('ready', function ready () {
14 15
     // register sbot plugins
15 16
     sbot.use(require('phoenix-api'))
16 17
     
17
-    // setup electron
18
+    // setup blob and file serving
18 19
     var blobs = require('./lib/blobs')(sbot, app.getPath('userDesktop'))
19 20
     require('protocol').registerProtocol('blob', blobs.protocol)
21
+    http.createServer(blobs.server).listen(7777)
22
+    http.createServer(require('./lib/files').server).listen(7778)
23
+
24
+    // open main window
20 25
     var mainWindow = windows.open(
21
-      'file://' + path.join(__dirname, '../node_modules/ssbplug-phoenix/home.html'),
26
+      'file://' + path.join(__dirname, '../node_modules/ssbplug-phoenix/main.html'),
22 27
       sbot,
23 28
       blobs,
24
-      { width: 1000, height: 720 }
29
+      { width: 1030, height: 720 }
25 30
     )
26 31
     require('./lib/menu')(mainWindow)
27 32
     // mainWindow.openDevTools()

+ 38
- 0
app/lib/blobs.js View File

@@ -69,6 +69,44 @@ module.exports = function (sbot, checkout_dir) {
69 69
           cb = null
70 70
         }
71 71
       })
72
+    },
73
+
74
+    server: function (req, res) {
75
+      // function toBuffer() {
76
+      //   return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
77
+      // }
78
+
79
+      // local-host only
80
+      if (req.socket.remoteAddress != '127.0.0.1' &&
81
+          req.socket.remoteAddress != '::ffff:127.0.0.1' &&
82
+          req.socket.remoteAddress != '::1') {
83
+        console.log('Remote access attempted by', req.socket.remoteAddress)
84
+        res.writeHead(403)
85
+        return res.end('Remote access forbidden')
86
+      }
87
+
88
+      // restrict the CSP
89
+      res.setHeader('Content-Security-Policy', 
90
+        "default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; "+
91
+        "connect-src 'self'; "+
92
+        "object-src 'none'; "+
93
+        "frame-src 'none'; "+
94
+        "sandbox allow-same-origin allow-scripts"
95
+      )
96
+
97
+      var hash = req.url.slice(1)
98
+      sbot.blobs.has(hash, function(err, has) {
99
+        if (!has) {
100
+          res.writeHead(404)
101
+          res.end('File not found')
102
+          return
103
+        }
104
+        pull(
105
+          sbot.blobs.get(hash),
106
+          // toBuffer(),
107
+          toPull(res)
108
+        )
109
+      })
72 110
     }
73 111
   }
74 112
 

+ 32
- 0
app/lib/files.js View File

@@ -0,0 +1,32 @@
1
+var path = require('path')
2
+var fs   = require('fs')
3
+
4
+exports.server = function (req, res) {
5
+  // function toBuffer() {
6
+  //   return pull.map(function (s) { return Buffer.isBuffer(s) ? s : new Buffer(s, 'base64') })
7
+  // }
8
+  // local-host only
9
+  if (req.socket.remoteAddress != '127.0.0.1' &&
10
+      req.socket.remoteAddress != '::ffff:127.0.0.1' &&
11
+      req.socket.remoteAddress != '::1') {
12
+    console.log('Remote access attempted by', req.socket.remoteAddress)
13
+    res.writeHead(403)
14
+    return res.end('Remote access forbidden')
15
+  }
16
+
17
+  // restrict the CSP
18
+  res.setHeader('Content-Security-Policy', 
19
+    "default-src 'self' localhost:7777 'unsafe-inline' 'unsafe-eval' data:; "+
20
+    "connect-src 'self'; "+
21
+    "object-src 'none'; "+
22
+    "frame-src 'none'; "+
23
+    "sandbox allow-same-origin allow-scripts"
24
+  )
25
+
26
+  fs.createReadStream(req.url)
27
+    .on('error', function () {
28
+      res.writeHead(404)
29
+      res.end('File not found')
30
+    })
31
+    .pipe(res)
32
+}

+ 15
- 0
app/lib/menu.js View File

@@ -1,4 +1,5 @@
1 1
 var Menu = require('menu')
2
+var dialog = require('dialog')
2 3
 
3 4
 module.exports = function (window) {
4 5
   var template = [
@@ -19,6 +20,20 @@ module.exports = function (window) {
19 20
         }
20 21
       ]
21 22
     },
23
+    {
24
+      label: 'File',
25
+      submenu: [
26
+        {
27
+          label: 'Open File...',
28
+          accelerator: 'Command+O',
29
+          click: function() { 
30
+            var paths = dialog.showOpenDialog(window, { properties: ['openFile'] })
31
+            if (paths && paths[0])
32
+              window.rpc.navigate(paths[0])
33
+          }
34
+        }
35
+      ]
36
+    },
22 37
     {
23 38
       label: 'Edit',
24 39
       submenu: [

+ 5
- 1
app/lib/muxrpc-ipc.js View File

@@ -4,6 +4,10 @@ var pull       = require('pull-stream')
4 4
 var pushable   = require('pull-pushable')
5 5
 var Api        = require('scuttlebot/lib/api')
6 6
 
7
+var clientApi = {
8
+  navigate: 'async'
9
+}
10
+
7 11
 module.exports = function (window, sbot, params) {
8 12
   // construct api
9 13
   var api = Api(sbot)
@@ -16,7 +20,7 @@ module.exports = function (window, sbot, params) {
16 20
   // add rpc APIs to window
17 21
   window.createRpc = function () {
18 22
     // create rpc object
19
-    var rpc = window.rpc = muxrpc(null, sbot.manifest, serialize)(api)
23
+    var rpc = window.rpc = muxrpc(clientApi, sbot.manifest, serialize)(api)
20 24
     rpc.authorized = { id: sbot.feed.id, role: 'master' }
21 25
     rpc.permissions({allow: null, deny: null})
22 26
     function serialize (stream) { return stream }

+ 16
- 2
app/lib/windows.js View File

@@ -6,11 +6,25 @@ var blobslib = require('./blobs')
6 6
 
7 7
 var windows = []
8 8
 
9
+var secureWebPreferences = {
10
+  javascript: true,
11
+  'web-security': true,
12
+  images: true,
13
+  java: false,
14
+  webgl: false, // maybe allow?
15
+  webaudio: false, // maybe allow?
16
+  plugins: false,
17
+  'experimental-features': false,
18
+  'experimental-canvas-features': false,
19
+  'shared-worker': false
20
+}
21
+
9 22
 var open =
10 23
 module.exports.open = function (url, sbot, blobs, opts, params) {
11 24
   var win = new BrowserWindow(opts)
12 25
   win.loadUrl(url)
13 26
   setupRpc(win, sbot, params)
27
+  windows.push(win)
14 28
   
15 29
   win.on('closed', function() {
16 30
     var i = windows.indexOf(win)
@@ -35,13 +49,13 @@ module.exports.open = function (url, sbot, blobs, opts, params) {
35 49
               'file://' + path.join(__dirname, '../../node_modules/ssbplug-phoenix/blob-search.html'),
36 50
               sbot,
37 51
               blobs,
38
-              { width: 600, height: 650 },
52
+              { width: 600, height: 650, 'web-preferences': secureWebPreferences },
39 53
               { url: url, hash: hash }
40 54
             )
41 55
           } else
42 56
             console.log(err) // :TODO: something nicer
43 57
         } else {
44
-          shell.openItem(filepath)
58
+          shell.openItem(filepath) // open in desktop's default program
45 59
         }
46 60
       })
47 61
     } else {

+ 1
- 1
package.json View File

@@ -28,7 +28,7 @@
28 28
     "multiblob": "^1.5.0",
29 29
     "multicb": "^1.1.0",
30 30
     "muxrpc": "^5.0.1",
31
-    "phoenix-api": "~8.2.0",
31
+    "phoenix-api": "~8.3.0",
32 32
     "pull-pushable": "^1.1.4",
33 33
     "pull-stream": "^2.27.0",
34 34
     "scuttlebot": "^4.2.3",

Loading…
Cancel
Save