diff --git a/src/main/ipc-handlers/application.ts b/src/main/ipc-handlers/application.ts index 21b4facb..0f7a0357 100644 --- a/src/main/ipc-handlers/application.ts +++ b/src/main/ipc-handlers/application.ts @@ -1,36 +1,44 @@ import { app, dialog, ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; import { ShortcutRegister } from '../libs/ShortcutRegister'; export default () => { - ipcMain.on('close-app', () => { + ipcMain.on('close-app', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; app.exit(); }); ipcMain.handle('show-open-dialog', (event, options) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; return dialog.showOpenDialog(options); }); - ipcMain.handle('get-download-dir-path', () => { + ipcMain.handle('get-download-dir-path', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; return app.getPath('downloads'); }); - ipcMain.handle('resotre-default-shortcuts', () => { + ipcMain.handle('resotre-default-shortcuts', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; const shortCutRegister = ShortcutRegister.getInstance(); shortCutRegister.restoreDefaults(); }); - ipcMain.handle('reload-shortcuts', () => { + ipcMain.handle('reload-shortcuts', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; const shortCutRegister = ShortcutRegister.getInstance(); shortCutRegister.reload(); }); ipcMain.handle('update-shortcuts', (event, shortcuts) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; const shortCutRegister = ShortcutRegister.getInstance(); shortCutRegister.updateShortcuts(shortcuts); }); - ipcMain.handle('unregister-shortcuts', () => { + ipcMain.handle('unregister-shortcuts', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; const shortCutRegister = ShortcutRegister.getInstance(); shortCutRegister.unregister(); }); diff --git a/src/main/ipc-handlers/connection.ts b/src/main/ipc-handlers/connection.ts index ea8a0630..d9b2b074 100644 --- a/src/main/ipc-handlers/connection.ts +++ b/src/main/ipc-handlers/connection.ts @@ -4,9 +4,12 @@ import * as fs from 'fs'; import { SslOptions } from 'mysql2'; import { ClientsFactory } from '../libs/ClientsFactory'; +import { validateSender } from '../libs/misc/validateSender'; export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('test-connection', async (event, conn: antares.ConnectionParams) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + const params = { host: conn.host, port: +conn.port, @@ -83,6 +86,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('connect', async (event, conn: antares.ConnectionParams) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + const params = { host: conn.host, port: +conn.port, @@ -158,6 +163,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('disconnect', (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + connections[uid].destroy(); delete connections[uid]; }); diff --git a/src/main/ipc-handlers/database.ts b/src/main/ipc-handlers/database.ts index 0bca2b7b..4aaf721f 100644 --- a/src/main/ipc-handlers/database.ts +++ b/src/main/ipc-handlers/database.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-databases', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].getDatabases(); return { status: 'success', response: result }; diff --git a/src/main/ipc-handlers/functions.ts b/src/main/ipc-handlers/functions.ts index c54d9e77..b8675b2e 100644 --- a/src/main/ipc-handlers/functions.ts +++ b/src/main/ipc-handlers/functions.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-function-informations', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getFunctionInformations(params); return { status: 'success', response: result }; @@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('drop-function', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropFunction(params); return { status: 'success' }; @@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-function', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterFunction(params); return { status: 'success' }; @@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-trigger-function', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterTriggerFunction(params); return { status: 'success' }; @@ -43,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-function', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createFunction(params); return { status: 'success' }; @@ -53,6 +65,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-trigger-function', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createTriggerFunction(params); return { status: 'success' }; diff --git a/src/main/ipc-handlers/routines.ts b/src/main/ipc-handlers/routines.ts index b293116e..efcb2046 100644 --- a/src/main/ipc-handlers/routines.ts +++ b/src/main/ipc-handlers/routines.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-routine-informations', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getRoutineInformations(params); return { status: 'success', response: result }; @@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('drop-routine', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropRoutine(params); return { status: 'success' }; @@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-routine', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterRoutine(params); return { status: 'success' }; @@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-routine', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createRoutine(params); return { status: 'success' }; diff --git a/src/main/ipc-handlers/schedulers.ts b/src/main/ipc-handlers/schedulers.ts index 97e54b1e..f7340202 100644 --- a/src/main/ipc-handlers/schedulers.ts +++ b/src/main/ipc-handlers/schedulers.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-scheduler-informations', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getEventInformations(params); return { status: 'success', response: result }; @@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('drop-scheduler', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropEvent(params); return { status: 'success' }; @@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-scheduler', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterEvent(params); return { status: 'success' }; @@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-scheduler', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createEvent(params); return { status: 'success' }; @@ -43,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('toggle-scheduler', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { if (!params.enabled) await connections[params.uid].enableEvent({ ...params }); diff --git a/src/main/ipc-handlers/schema.ts b/src/main/ipc-handlers/schema.ts index f3594357..8323b4e4 100644 --- a/src/main/ipc-handlers/schema.ts +++ b/src/main/ipc-handlers/schema.ts @@ -5,6 +5,8 @@ import { dialog, ipcMain } from 'electron'; import * as fs from 'fs'; import * as path from 'path'; +import { validateSender } from '../libs/misc/validateSender'; + const isDevelopment = process.env.NODE_ENV !== 'production'; export default (connections: {[key: string]: antares.Client}) => { @@ -12,6 +14,8 @@ export default (connections: {[key: string]: antares.Client}) => { let importer: ChildProcess = null; ipcMain.handle('create-schema', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createSchema(params); @@ -23,6 +27,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('update-schema', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterSchema(params); @@ -34,6 +40,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('delete-schema', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropSchema(params); @@ -45,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-schema-collation', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const collation = await connections[params.uid].getDatabaseCollation( params @@ -61,6 +71,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-structure', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const structure: unknown = await connections[params.uid].getStructure( params.schemas @@ -74,6 +86,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-collations', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].getCollations(); @@ -85,6 +99,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-variables', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].getVariables(); @@ -96,6 +112,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-engines', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result: unknown = await connections[uid].getEngines(); @@ -107,6 +125,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-version', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].getVersion(); @@ -118,6 +138,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-processes', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].getProcesses(); @@ -129,6 +151,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('kill-process', async (event, { uid, pid }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].killProcess(pid); @@ -140,6 +164,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('use-schema', async (event, { uid, schema }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (!schema) return; try { @@ -152,6 +178,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('raw-query', async (event, { uid, query, schema, tabUid, autocommit }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (!query) return; try { @@ -171,6 +199,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('export', (event, { uid, type, tables, ...rest }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (exporter !== null) { exporter.kill(); return; @@ -245,7 +275,9 @@ export default (connections: {[key: string]: antares.Client}) => { }); }); - ipcMain.handle('abort-export', async () => { + ipcMain.handle('abort-export', async (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + let willAbort = false; if (exporter) { @@ -267,6 +299,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('import-sql', async (event, options) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (importer !== null) { importer.kill(); return; @@ -318,7 +352,9 @@ export default (connections: {[key: string]: antares.Client}) => { }); }); - ipcMain.handle('abort-import-sql', async () => { + ipcMain.handle('abort-import-sql', async (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + let willAbort = false; if (importer) { @@ -340,6 +376,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('kill-tab-query', async (event, { uid, tabUid }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (!tabUid) return; try { @@ -352,6 +390,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('commit-tab', async (event, { uid, tabUid }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (!tabUid) return; try { @@ -364,6 +404,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('rollback-tab', async (event, { uid, tabUid }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (!tabUid) return; try { @@ -376,6 +418,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('destroy-connection-to-commit', async (event, { uid, tabUid }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (!tabUid) return; try { diff --git a/src/main/ipc-handlers/tables.ts b/src/main/ipc-handlers/tables.ts index 710ccc25..d5221077 100644 --- a/src/main/ipc-handlers/tables.ts +++ b/src/main/ipc-handlers/tables.ts @@ -8,8 +8,12 @@ import { ipcMain } from 'electron'; import * as fs from 'fs'; import * as moment from 'moment'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-table-columns', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getTableColumns(params); return { status: 'success', response: result }; @@ -20,6 +24,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-table-data', async (event, { uid, schema, table, limit, page, sortParams, where }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const offset = (page - 1) * limit; const query = connections[uid] @@ -45,6 +51,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-table-count', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getTableApproximateCount(params); return { status: 'success', response: result }; @@ -55,6 +63,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-table-options', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getTableOptions(params); return { status: 'success', response: result }; @@ -65,6 +75,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-table-indexes', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getTableIndexes(params); @@ -76,6 +88,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-table-ddl', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getTableDll(params); @@ -87,6 +101,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-key-usage', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getKeyUsage(params); @@ -98,6 +114,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('update-table-cell', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + delete params.row._antares_id; const { stringsWrapper: sw } = customizations[connections[params.uid]._client]; @@ -227,6 +245,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('delete-table-rows', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (params.primary) { // eslint-disable-next-line @typescript-eslint/no-explicit-any const idString = params.rows.map((row: {[key: string]: any}) => { @@ -281,6 +301,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('insert-table-fake-rows', async (event, params: InsertRowsParams) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { // TODO: move to client classes const rows: {[key: string]: string | number | boolean | Date | Buffer}[] = []; @@ -403,6 +425,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('get-foreign-list', async (event, { uid, schema, table, column, description }) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const query = connections[uid] .select(`${column} AS foreign_column`) @@ -436,6 +460,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-table', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createTable(params); return { status: 'success' }; @@ -446,6 +472,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-table', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterTable(params); return { status: 'success' }; @@ -456,6 +484,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('duplicate-table', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].duplicateTable(params); return { status: 'success' }; @@ -466,6 +496,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('truncate-table', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].truncateTable(params); return { status: 'success' }; @@ -476,6 +508,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('drop-table', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropTable(params); return { status: 'success' }; diff --git a/src/main/ipc-handlers/triggers.ts b/src/main/ipc-handlers/triggers.ts index b54786be..415325a3 100644 --- a/src/main/ipc-handlers/triggers.ts +++ b/src/main/ipc-handlers/triggers.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-trigger-informations', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getTriggerInformations(params); return { status: 'success', response: result }; @@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('drop-trigger', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropTrigger(params); return { status: 'success' }; @@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-trigger', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterTrigger(params); return { status: 'success' }; @@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-trigger', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createTrigger(params); return { status: 'success' }; @@ -43,6 +53,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('toggle-trigger', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { if (!params.enabled) await connections[params.uid].enableTrigger(params); diff --git a/src/main/ipc-handlers/updates.ts b/src/main/ipc-handlers/updates.ts index c5ef0d5c..617377f4 100644 --- a/src/main/ipc-handlers/updates.ts +++ b/src/main/ipc-handlers/updates.ts @@ -2,6 +2,8 @@ import { ipcMain } from 'electron'; import * as Store from 'electron-store'; import { autoUpdater } from 'electron-updater'; +import { validateSender } from '../libs/misc/validateSender'; + const persistentStore = new Store({ name: 'settings', clearInvalidConfig: true, @@ -18,6 +20,8 @@ autoUpdater.allowPrerelease = persistentStore.get('allow_prerelease', false) as export default () => { ipcMain.on('check-for-updates', event => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + mainWindow = event; if (process.windowsStore || (process.platform === 'linux' && !process.env.APPIMAGE)) mainWindow.reply('no-auto-update'); @@ -31,31 +35,38 @@ export default () => { } }); - ipcMain.on('restart-to-update', () => { + ipcMain.on('restart-to-update', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; autoUpdater.quitAndInstall(); }); // auto-updater events - autoUpdater.on('checking-for-update', () => { + autoUpdater.on('checking-for-update', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; mainWindow.reply('checking-for-update'); }); - autoUpdater.on('update-available', () => { + autoUpdater.on('update-available', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + if (isMacOS) mainWindow.reply('link-to-download'); else mainWindow.reply('update-available'); }); - autoUpdater.on('update-not-available', () => { + autoUpdater.on('update-not-available', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; mainWindow.reply('update-not-available'); }); - autoUpdater.on('download-progress', data => { - mainWindow.reply('download-progress', data); + autoUpdater.on('download-progress', event => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + mainWindow.reply('download-progress', event); }); - autoUpdater.on('update-downloaded', () => { + autoUpdater.on('update-downloaded', (event) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; mainWindow.reply('update-downloaded'); }); diff --git a/src/main/ipc-handlers/users.ts b/src/main/ipc-handlers/users.ts index 8a1ff309..e6a4fe34 100644 --- a/src/main/ipc-handlers/users.ts +++ b/src/main/ipc-handlers/users.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-users', async (event, uid) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[uid].getUsers(); return { status: 'success', response: result }; diff --git a/src/main/ipc-handlers/views.ts b/src/main/ipc-handlers/views.ts index 63825497..0f64b901 100644 --- a/src/main/ipc-handlers/views.ts +++ b/src/main/ipc-handlers/views.ts @@ -1,8 +1,12 @@ import * as antares from 'common/interfaces/antares'; import { ipcMain } from 'electron'; +import { validateSender } from '../libs/misc/validateSender'; + export default (connections: {[key: string]: antares.Client}) => { ipcMain.handle('get-view-informations', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { const result = await connections[params.uid].getViewInformations(params); return { status: 'success', response: result }; @@ -13,6 +17,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('drop-view', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].dropView(params); return { status: 'success' }; @@ -23,6 +29,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('alter-view', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].alterView(params); return { status: 'success' }; @@ -33,6 +41,8 @@ export default (connections: {[key: string]: antares.Client}) => { }); ipcMain.handle('create-view', async (event, params) => { + if (!validateSender(event.senderFrame)) return { status: 'error', response: 'Unauthorized process' }; + try { await connections[params.uid].createView(params); return { status: 'success' }; diff --git a/src/main/libs/misc/validateSender.ts b/src/main/libs/misc/validateSender.ts new file mode 100644 index 00000000..06cc186e --- /dev/null +++ b/src/main/libs/misc/validateSender.ts @@ -0,0 +1,11 @@ +import { WebFrameMain } from 'electron'; +import * as path from 'path'; + +const isDevelopment = process.env.NODE_ENV !== 'production'; +const indexPath = path.resolve(__dirname, 'index.html').split(path.sep).join('/'); + +export function validateSender (frame: WebFrameMain) { + const frameUrl = new URL(frame.url); + if ((isDevelopment && frameUrl.host === 'localhost:9080') || frameUrl.href.replace('file:///', '').replace('file://localhost', '') === indexPath) return true; + return false; +} diff --git a/src/main/main.ts b/src/main/main.ts index 2bf1458e..d8c1ee76 100644 --- a/src/main/main.ts +++ b/src/main/main.ts @@ -142,6 +142,14 @@ else { const extensionPath = path.resolve(__dirname, `../../misc/${antares.devtoolsId}`); window.webContents.session.loadExtension(extensionPath, { allowFileAccess: true }).catch(console.error); } + + window.webContents.on('will-navigate', (e) => { // Prevent browser navigation + e.preventDefault(); + }); + + window.webContents.on('did-create-window', (w) => { // Close new windows + w.close(); + }); }); }