refactor: move certificate trust to main process

There is no need to synchronize the list of trusted certificates to the renderer process, so we can get away with storing them in the transient state of the Profile store. Signed-off-by: Kristóf Marussy <kristof@marussy.com>
author: Kristóf Marussy <kristof@marussy.com> 2022-05-26 15:23:11 +0200
committer: Kristóf Marussy <kristof@marussy.com> 2022-05-27 21:07:44 +0200
commit: f712970fa91ab990c9ce959bf0889f68bfad8658 (patch)
tree: 0358e1e2ab232a6369ba93352fa6c301311a313f
parent: build: fix test rootDir configuration (diff)
download: sophie-f712970fa91ab990c9ce959bf0889f68bfad8658.tar.gz
sophie-f712970fa91ab990c9ce959bf0889f68bfad8658.tar.zst
sophie-f712970fa91ab990c9ce959bf0889f68bfad8658.zip
5 files changed, 43 insertions, 62 deletions
diff --git a/packages/main/src/stores/Profile.ts b/packages/main/src/stores/Profile.ts
index b4343a0..73f4f0b 100644
--- a/packages/main/src/stores/Profile.ts
+++ b/packages/main/src/stores/Profile.ts
@@ -18,21 +18,40 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { Certificate, Profile as ProfileBase } from '@sophie/shared';
+import {
-import { clone, getSnapshot, Instance } from 'mobx-state-tree';
+  type Certificate,
+  type CertificateSnapshotIn,
+  Profile as ProfileBase,
+} from '@sophie/shared';
+import { getSnapshot, type Instance } from 'mobx-state-tree';
 import type ProfileConfig from './config/ProfileConfig.js';
-const Profile = ProfileBase.views((self) => ({
+const Profile = ProfileBase.volatile(
-  get config(): ProfileConfig {
+  (): {
-    const { id, settings } = self;
+    temporarilyTrustedCertificates: string[];
-    return { ...getSnapshot(settings), id };
+  } => ({
-  },
+    temporarilyTrustedCertificates: [],
-})).actions((self) => ({
+  }),
-  temporarilyTrustCertificate(certificate: Certificate): void {
+)
-    self.temporarilyTrustedCertificates.push(clone(certificate));
+  .views((self) => ({
-  },
+    get config(): ProfileConfig {
-}));
+      const { id, settings } = self;
+      return { ...getSnapshot(settings), id };
+    },
+    isCertificateTemporarilyTrusted(
+      certificate: CertificateSnapshotIn,
+    ): boolean {
+      return self.temporarilyTrustedCertificates.includes(
+        certificate.fingerprint,
+      );
+    },
+  }))
+  .actions((self) => ({
+    temporarilyTrustCertificate(certificate: Certificate): void {
+      self.temporarilyTrustedCertificates.push(certificate.fingerprint);
+    },
+  }));
 /*
  eslint-disable-next-line @typescript-eslint/no-redeclare --
diff --git a/packages/main/src/stores/Service.ts b/packages/main/src/stores/Service.ts
index 3b7d0b2..d062fe1 100644
--- a/packages/main/src/stores/Service.ts
+++ b/packages/main/src/stores/Service.ts
@@ -67,6 +67,11 @@ const Service = defineServiceModel(ServiceSettings)
    get shouldBeLoaded(): boolean {
      return !self.crashed;
    },
+    isCertificateTemporarilyTrusted(
+      certificate: CertificateSnapshotIn,
+    ): boolean {
+      return self.settings.profile.isCertificateTemporarilyTrusted(certificate);
+    },
  }))
  .views((self) => ({
    get shouldBeVisible(): boolean {
diff --git a/packages/shared/src/stores/Profile.ts b/packages/shared/src/stores/Profile.ts
index 076c639..7d00925 100644
--- a/packages/shared/src/stores/Profile.ts
+++ b/packages/shared/src/stores/Profile.ts
@@ -18,28 +18,15 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { Instance, types } from 'mobx-state-tree';
+import { type Instance, types } from 'mobx-state-tree';
-import Certificate, { CertificateSnapshotIn } from './Certificate.js';
 import ProfileSettings from './ProfileSettings.js';
 const Profile = /* @__PURE__ */ (() =>
-  types
+  types.model('Profile', {
-    .model('Profile', {
+    id: types.identifier,
-      id: types.identifier,
+    settings: ProfileSettings,
-      settings: ProfileSettings,
+  }))();
-      temporarilyTrustedCertificates: types.array(Certificate),
-    })
-    .views((self) => ({
-      isCertificateTemporarilyTrusted(
-        certificate: CertificateSnapshotIn,
-      ): boolean {
-        return self.temporarilyTrustedCertificates.some(
-          (trustedCertificate) =>
-            trustedCertificate.fingerprint === certificate.fingerprint,
-        );
-      },
-    })))();
 /*
  eslint-disable-next-line @typescript-eslint/no-redeclare --
diff --git a/packages/shared/src/stores/ServiceBase.ts b/packages/shared/src/stores/ServiceBase.ts
index 7bd1d68..b2aff67 100644
--- a/packages/shared/src/stores/ServiceBase.ts
+++ b/packages/shared/src/stores/ServiceBase.ts
@@ -18,10 +18,8 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { IAnyModelType, Instance, types } from 'mobx-state-tree';
+import { type IAnyModelType, type Instance, types } from 'mobx-state-tree';
-import type { CertificateSnapshotIn } from './Certificate.js';
-import type Profile from './Profile.js';
 import ServiceSettingsBase from './ServiceSettingsBase.js';
 import ServiceState from './ServiceState.js';
@@ -56,13 +54,6 @@ export function defineServiceModel<TS extends IAnyModelType>(settings: TS) {
      get crashed(): boolean {
        return self.state.type === 'crashed';
      },
-      isCertificateTemporarilyTrusted(
-        certificate: CertificateSnapshotIn,
-      ): boolean {
-        return (
-          self.settings.profile as Profile
-        ).isCertificateTemporarilyTrusted(certificate);
-      },
      get securityLabel(): SecurityLabelKind {
        const {
          state: { type: stateType },
diff --git a/packages/shared/src/stores/__tests__/ServiceBase.test.ts b/packages/shared/src/stores/__tests__/ServiceBase.test.ts
index e7aa078..e2b0aa9 100644
--- a/packages/shared/src/stores/__tests__/ServiceBase.test.ts
+++ b/packages/shared/src/stores/__tests__/ServiceBase.test.ts
@@ -66,14 +66,10 @@ const testCertificate: SnapshotIn<typeof Certificate> = {
 function createTestService(
  snapshot: Partial<SnapshotIn<typeof ServiceBase>>,
-  profileSnapshot?: Partial<SnapshotIn<typeof Profile>>,
 ): ServiceBase {
  const sharedStore = SharedStoreBase.create({
    profilesById: {
-      testProfile: {
+      testProfile,
-        ...testProfile,
-        ...profileSnapshot,
-      },
    },
    servicesById: {
      testService: {
@@ -187,20 +183,3 @@ test('shows a certificate error warning if there is a certificate error', () =>
  expect(service.securityLabel).toBe(SecurityLabelKind.CertificateError);
  expect(service.alwaysShowLocationBar).toBe(true);
 });
-test('does not trust an untrusted certificate', () => {
-  const service = createTestService({});
-  expect(service.isCertificateTemporarilyTrusted(testCertificate)).toBe(false);
-});
-test('trusts a trusted certificate', () => {
-  const service = createTestService(
-    {},
-    {
-      temporarilyTrustedCertificates: [testCertificate],
-    },
-  );
-  expect(service.isCertificateTemporarilyTrusted(testCertificate)).toBe(true);
-});
author	Kristóf Marussy <kristof@marussy.com>	2022-05-26 15:23:11 +0200
committer	Kristóf Marussy <kristof@marussy.com>	2022-05-27 21:07:44 +0200
commit	f712970fa91ab990c9ce959bf0889f68bfad8658 (patch)
tree	0358e1e2ab232a6369ba93352fa6c301311a313f
parent	build: fix test rootDir configuration (diff)
download	sophie-f712970fa91ab990c9ce959bf0889f68bfad8658.tar.gz sophie-f712970fa91ab990c9ce959bf0889f68bfad8658.tar.zst sophie-f712970fa91ab990c9ce959bf0889f68bfad8658.zip