fabio286
/
antares
mirror of https://github.com/Fabio286/antares.git
1
1
Fork 0
Code Issues Releases Wiki Activity

perf(core): improved app security, fixes #666

This commit is contained in:
Fabio Di Stasio 2023-09-13 17:21:08 +00:00
parent 0de5ef8a98
commit 13592425af
14 changed files with 203 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/ipc-handlers/application.ts
View File

@ -1,36 +1,44 @@
import { app, dialog, ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
import { ShortcutRegister } from '../libs/ShortcutRegister';
export default () => {
ipcMain.on('close-app', () => {
ipcMain.on('close-app', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
app.exit();
});
ipcMain.handle('show-open-dialog', (event, options) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
return dialog.showOpenDialog(options);
});
ipcMain.handle('get-download-dir-path', () => {
ipcMain.handle('get-download-dir-path', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
return app.getPath('downloads');
});
ipcMain.handle('resotre-default-shortcuts', () => {
ipcMain.handle('resotre-default-shortcuts', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
const shortCutRegister = ShortcutRegister.getInstance();
shortCutRegister.restoreDefaults();
});
ipcMain.handle('reload-shortcuts', () => {
ipcMain.handle('reload-shortcuts', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
const shortCutRegister = ShortcutRegister.getInstance();
shortCutRegister.reload();
});
ipcMain.handle('update-shortcuts', (event, shortcuts) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
const shortCutRegister = ShortcutRegister.getInstance();
shortCutRegister.updateShortcuts(shortcuts);
});
ipcMain.handle('unregister-shortcuts', () => {
ipcMain.handle('unregister-shortcuts', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
const shortCutRegister = ShortcutRegister.getInstance();
shortCutRegister.unregister();
});

7
src/main/ipc-handlers/connection.ts
View File

@ -4,9 +4,12 @@ import * as fs from 'fs';
import { SslOptions } from 'mysql2';
import { ClientsFactory } from '../libs/ClientsFactory';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('test-connection', async (event, conn: antares.ConnectionParams) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
const params = {
host: conn.host,
port: +conn.port,
@ -83,6 +86,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('connect', async (event, conn: antares.ConnectionParams) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
const params = {
host: conn.host,
port: +conn.port,
@ -158,6 +163,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('disconnect', (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
connections[uid].destroy();
delete connections[uid];
});

4
src/main/ipc-handlers/database.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-databases', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].getDatabases();
return { status: 'success', response: result };

14
src/main/ipc-handlers/functions.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-function-informations', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getFunctionInformations(params);
return { status: 'success', response: result };
@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('drop-function', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropFunction(params);
return { status: 'success' };
@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-function', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterFunction(params);
return { status: 'success' };
@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-trigger-function', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterTriggerFunction(params);
return { status: 'success' };
@ -43,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-function', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createFunction(params);
return { status: 'success' };
@ -53,6 +65,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-trigger-function', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createTriggerFunction(params);
return { status: 'success' };

10
src/main/ipc-handlers/routines.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-routine-informations', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getRoutineInformations(params);
return { status: 'success', response: result };
@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('drop-routine', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropRoutine(params);
return { status: 'success' };
@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-routine', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterRoutine(params);
return { status: 'success' };
@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-routine', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createRoutine(params);
return { status: 'success' };

12
src/main/ipc-handlers/schedulers.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-scheduler-informations', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getEventInformations(params);
return { status: 'success', response: result };
@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('drop-scheduler', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropEvent(params);
return { status: 'success' };
@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-scheduler', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterEvent(params);
return { status: 'success' };
@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-scheduler', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createEvent(params);
return { status: 'success' };
@ -43,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('toggle-scheduler', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
if (!params.enabled)
await connections[params.uid].enableEvent({ ...params });

48
src/main/ipc-handlers/schema.ts
View File

@ -5,6 +5,8 @@ import { dialog, ipcMain } from 'electron';
import * as fs from 'fs';
import * as path from 'path';
import { validateSender } from '../libs/misc/validateSender';
const isDevelopment = process.env.NODE_ENV !== 'production';
export default (connections: {[key: string]: antares.Client}) => {
@ -12,6 +14,8 @@ export default (connections: {[key: string]: antares.Client}) => {
let importer: ChildProcess = null;
ipcMain.handle('create-schema', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createSchema(params);
@ -23,6 +27,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('update-schema', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterSchema(params);
@ -34,6 +40,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('delete-schema', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropSchema(params);
@ -45,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-schema-collation', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const collation = await connections[params.uid].getDatabaseCollation(
params
@ -61,6 +71,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-structure', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const structure: unknown = await connections[params.uid].getStructure(
params.schemas
@ -74,6 +86,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-collations', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].getCollations();
@ -85,6 +99,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-variables', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].getVariables();
@ -96,6 +112,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-engines', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result: unknown = await connections[uid].getEngines();
@ -107,6 +125,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-version', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].getVersion();
@ -118,6 +138,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-processes', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].getProcesses();
@ -129,6 +151,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('kill-process', async (event, { uid, pid }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].killProcess(pid);
@ -140,6 +164,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('use-schema', async (event, { uid, schema }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (!schema) return;
try {
@ -152,6 +178,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('raw-query', async (event, { uid, query, schema, tabUid, autocommit }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (!query) return;
try {
@ -171,6 +199,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('export', (event, { uid, type, tables, ...rest }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (exporter !== null) {
exporter.kill();
return;
@ -245,7 +275,9 @@ export default (connections: {[key: string]: antares.Client}) => {
});
});
ipcMain.handle('abort-export', async () => {
ipcMain.handle('abort-export', async (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
let willAbort = false;
if (exporter) {
@ -267,6 +299,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('import-sql', async (event, options) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (importer !== null) {
importer.kill();
return;
@ -318,7 +352,9 @@ export default (connections: {[key: string]: antares.Client}) => {
});
});
ipcMain.handle('abort-import-sql', async () => {
ipcMain.handle('abort-import-sql', async (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
let willAbort = false;
if (importer) {
@ -340,6 +376,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('kill-tab-query', async (event, { uid, tabUid }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (!tabUid) return;
try {
@ -352,6 +390,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('commit-tab', async (event, { uid, tabUid }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (!tabUid) return;
try {
@ -364,6 +404,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('rollback-tab', async (event, { uid, tabUid }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (!tabUid) return;
try {
@ -376,6 +418,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('destroy-connection-to-commit', async (event, { uid, tabUid }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (!tabUid) return;
try {

34
src/main/ipc-handlers/tables.ts
View File

@ -8,8 +8,12 @@ import { ipcMain } from 'electron';
import * as fs from 'fs';
import * as moment from 'moment';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-table-columns', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getTableColumns(params);
return { status: 'success', response: result };
@ -20,6 +24,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-table-data', async (event, { uid, schema, table, limit, page, sortParams, where }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const offset = (page - 1) * limit;
const query = connections[uid]
@ -45,6 +51,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-table-count', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getTableApproximateCount(params);
return { status: 'success', response: result };
@ -55,6 +63,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-table-options', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getTableOptions(params);
return { status: 'success', response: result };
@ -65,6 +75,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-table-indexes', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getTableIndexes(params);
@ -76,6 +88,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-table-ddl', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getTableDll(params);
@ -87,6 +101,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-key-usage', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getKeyUsage(params);
@ -98,6 +114,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('update-table-cell', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
delete params.row._antares_id;
const { stringsWrapper: sw } = customizations[connections[params.uid]._client];
@ -227,6 +245,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('delete-table-rows', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (params.primary) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const idString = params.rows.map((row: {[key: string]: any}) => {
@ -281,6 +301,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('insert-table-fake-rows', async (event, params: InsertRowsParams) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try { // TODO: move to client classes
const rows: {[key: string]: string | number | boolean | Date | Buffer}[] = [];
@ -403,6 +425,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('get-foreign-list', async (event, { uid, schema, table, column, description }) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const query = connections[uid]
.select(`${column} AS foreign_column`)
@ -436,6 +460,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-table', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createTable(params);
return { status: 'success' };
@ -446,6 +472,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-table', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterTable(params);
return { status: 'success' };
@ -456,6 +484,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('duplicate-table', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].duplicateTable(params);
return { status: 'success' };
@ -466,6 +496,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('truncate-table', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].truncateTable(params);
return { status: 'success' };
@ -476,6 +508,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('drop-table', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropTable(params);
return { status: 'success' };

12
src/main/ipc-handlers/triggers.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-trigger-informations', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getTriggerInformations(params);
return { status: 'success', response: result };
@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('drop-trigger', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropTrigger(params);
return { status: 'success' };
@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-trigger', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterTrigger(params);
return { status: 'success' };
@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-trigger', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createTrigger(params);
return { status: 'success' };
@ -43,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('toggle-trigger', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
if (!params.enabled)
await connections[params.uid].enableTrigger(params);

25
src/main/ipc-handlers/updates.ts
View File

@ -2,6 +2,8 @@ import { ipcMain } from 'electron';
import * as Store from 'electron-store';
import { autoUpdater } from 'electron-updater';
import { validateSender } from '../libs/misc/validateSender';
const persistentStore = new Store({
name: 'settings',
clearInvalidConfig: true,
@ -18,6 +20,8 @@ autoUpdater.allowPrerelease = persistentStore.get('allow_prerelease', false) as
export default () => {
ipcMain.on('check-for-updates', event => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
mainWindow = event;
if (process.windowsStore || (process.platform === 'linux' && !process.env.APPIMAGE))
mainWindow.reply('no-auto-update');
@ -31,31 +35,38 @@ export default () => {
}
});
ipcMain.on('restart-to-update', () => {
ipcMain.on('restart-to-update', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
autoUpdater.quitAndInstall();
});
// auto-updater events
autoUpdater.on('checking-for-update', () => {
autoUpdater.on('checking-for-update', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
mainWindow.reply('checking-for-update');
});
autoUpdater.on('update-available', () => {
autoUpdater.on('update-available', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
if (isMacOS)
mainWindow.reply('link-to-download');
else
mainWindow.reply('update-available');
});
autoUpdater.on('update-not-available', () => {
autoUpdater.on('update-not-available', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
mainWindow.reply('update-not-available');
});
autoUpdater.on('download-progress', data => {
mainWindow.reply('download-progress', data);
autoUpdater.on('download-progress', event => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
mainWindow.reply('download-progress', event);
});
autoUpdater.on('update-downloaded', () => {
autoUpdater.on('update-downloaded', (event) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
mainWindow.reply('update-downloaded');
});

4
src/main/ipc-handlers/users.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-users', async (event, uid) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[uid].getUsers();
return { status: 'success', response: result };

10
src/main/ipc-handlers/views.ts
View File

@ -1,8 +1,12 @@
import * as antares from 'common/interfaces/antares';
import { ipcMain } from 'electron';
import { validateSender } from '../libs/misc/validateSender';
export default (connections: {[key: string]: antares.Client}) => {
ipcMain.handle('get-view-informations', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
const result = await connections[params.uid].getViewInformations(params);
return { status: 'success', response: result };
@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('drop-view', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].dropView(params);
return { status: 'success' };
@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('alter-view', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].alterView(params);
return { status: 'success' };
@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => {
});
ipcMain.handle('create-view', async (event, params) => {
if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' };
try {
await connections[params.uid].createView(params);
return { status: 'success' };

11
src/main/libs/misc/validateSender.ts Normal file
View File

@ -0,0 +1,11 @@
import { WebFrameMain } from 'electron';
import * as path from 'path';
const isDevelopment = process.env.NODE_ENV !== 'production';
const indexPath = path.resolve(__dirname, 'index.html').split(path.sep).join('/');
export function validateSender (frame: WebFrameMain) {
const frameUrl = new URL(frame.url);
if ((isDevelopment && frameUrl.host === 'localhost:9080') || frameUrl.href.replace('file:///', '').replace('file://localhost', '') === indexPath) return true;
return false;
}

8
src/main/main.ts
View File

@ -142,6 +142,14 @@ else {
const extensionPath = path.resolve(__dirname, `../../misc/${antares.devtoolsId}`);
window.webContents.session.loadExtension(extensionPath, { allowFileAccess: true }).catch(console.error);
}
window.webContents.on('will-navigate', (e) => { // Prevent browser navigation
e.preventDefault();
});
window.webContents.on('did-create-window', (w) => { // Close new windows
w.close();
});
});
}