3 files changed, 151 insertions, 52 deletions
diff --git a/packages/main/src/index.ts b/packages/main/src/index.ts
index 128ae35..2072017 100644
--- a/packages/main/src/index.ts
+++ b/packages/main/src/index.ts
@@ -22,7 +22,6 @@
 import { readFileSync } from 'node:fs';
 import { readFile } from 'node:fs/promises';
 import { arch } from 'node:os';
-import { URL } from 'node:url';
 import {
  ServiceToMainIpcMessage,
@@ -41,11 +40,12 @@ import { getSnapshot, onAction, onPatch } from 'mobx-state-tree';
 import osName from 'os-name';
 import {
-  DEVMODE_ALLOWED_URL_PREFIXES,
  enableStacktraceSourceMaps,
  installDevToolsExtensions,
  openDevToolsWhenReady,
 } from './infrastructure/electron/impl/devTools';
+import hardenSession from './infrastructure/electron/impl/hardenSession';
+import lockWebContentsToFile from './infrastructure/electron/impl/lockWebContentsToFile';
 import getDistResources from './infrastructure/resources/impl/getDistResources';
 import initReactions from './initReactions';
 import { createMainStore } from './stores/MainStore';
@@ -128,32 +128,6 @@ initReactions(store)
    log.log('Failed to initialize application', error);
  });
-const rendererBaseURL = resources.getRendererURL('/');
-function shouldCancelMainWindowRequest(url: string, method: string): boolean {
-  if (method !== 'GET') {
-    return true;
-  }
-  let normalizedURL: string;
-  try {
-    normalizedURL = new URL(url).toString();
-  } catch {
-    return true;
-  }
-  if (
-    isDevelopment &&
-    DEVMODE_ALLOWED_URL_PREFIXES.some((prefix) =>
-      normalizedURL.startsWith(prefix),
-    )
-  ) {
-    return false;
-  }
-  const isHttp = normalizedURL.startsWith(rendererBaseURL);
-  const isWs = normalizedURL.startsWith(
-    rendererBaseURL.replace(/^http:/, 'ws:'),
-  );
-  return !isHttp && !isWs;
-}
 async function createWindow(): Promise<unknown> {
  mainWindow = new BrowserWindow({
    show: false,
@@ -169,29 +143,7 @@ async function createWindow(): Promise<unknown> {
  webContents.userAgent = originalUserAgent;
-  webContents.session.setPermissionRequestHandler(
+  hardenSession(resources, isDevelopment, webContents.session);
-    (_webContents, _permission, callback) => {
-      callback(false);
-    },
-  );
-  webContents.session.webRequest.onBeforeRequest(
-    ({ url, method }, callback) => {
-      callback({
-        cancel: shouldCancelMainWindowRequest(url, method),
-      });
-    },
-  );
-  const pageURL = resources.getRendererURL('index.html');
-  webContents.on('will-navigate', (event, url) => {
-    if (url !== pageURL) {
-      event.preventDefault();
-    }
-  });
-  webContents.setWindowOpenHandler(() => ({ action: 'deny' }));
  if (isDevelopment) {
    openDevToolsWhenReady(mainWindow);
@@ -211,6 +163,7 @@ async function createWindow(): Promise<unknown> {
  });
  browserView.webContents.userAgent = userAgent;
  autorun(() => {
    browserView.setBounds(store.browserViewBounds);
  });
@@ -350,7 +303,7 @@ async function createWindow(): Promise<unknown> {
      log.error('Failed to load browser', error);
    });
-  return mainWindow.loadURL(pageURL);
+  return lockWebContentsToFile(resources, 'index.html', webContents);
 }
 app.on('second-instance', () => {
diff --git a/packages/main/src/infrastructure/electron/impl/hardenSession.ts b/packages/main/src/infrastructure/electron/impl/hardenSession.ts
new file mode 100644
index 0000000..71d8148
--- /dev/null
+++ b/packages/main/src/infrastructure/electron/impl/hardenSession.ts
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C)  2022 Kristóf Marussy <kristof@marussy.com>
+ *
+ * This file is part of Sophie.
+ *
+ * Sophie is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import { URL } from 'node:url';
+import type { Session } from 'electron';
+import { getLogger } from '../../../utils/log';
+import type Resources from '../../resources/Resources';
+import { DEVMODE_ALLOWED_URL_PREFIXES } from './devTools';
+const log = getLogger('hardenSession');
+/**
+ * Hardens a session to prevent loading resources outside the renderer resources and
+ * to reject all permission requests.
+ *
+ * In dev mode, installation of extensions and opening the devtools will be allowed.
+ *
+ * @param resources The resource handle associated with the paths and URL of the application.
+ * @param devMode Whether the application is in development mode.
+ * @param session The session to harden.
+ */
+export default function hardenSession(
+  resources: Resources,
+  devMode: boolean,
+  session: Session,
+): void {
+  session.setPermissionRequestHandler((_webContents, _permission, callback) => {
+    callback(false);
+  });
+  const rendererBaseURL = resources.getRendererURL('/');
+  log.debug('Renderer base URL:', rendererBaseURL);
+  const webSocketBaseURL = rendererBaseURL.replace(/^http(s)?:/, 'ws$1:');
+  log.debug('WebSocket base URL:', webSocketBaseURL);
+  function shouldCancelRequest(url: string, method: string): boolean {
+    if (method !== 'GET') {
+      return true;
+    }
+    let normalizedURL: string;
+    try {
+      normalizedURL = new URL(url).toString();
+    } catch {
+      return true;
+    }
+    if (
+      devMode &&
+      DEVMODE_ALLOWED_URL_PREFIXES.some((prefix) =>
+        normalizedURL.startsWith(prefix),
+      )
+    ) {
+      return false;
+    }
+    const isHttp = normalizedURL.startsWith(rendererBaseURL);
+    const isWs = normalizedURL.startsWith(webSocketBaseURL);
+    return !isHttp && !isWs;
+  }
+  session.webRequest.onBeforeRequest(({ url, method }, callback) => {
+    const cancel = shouldCancelRequest(url, method);
+    if (cancel) {
+      log.error('Prevented loading', method, url);
+    }
+    callback({ cancel });
+  });
+}
diff --git a/packages/main/src/infrastructure/electron/impl/lockWebContentsToFile.ts b/packages/main/src/infrastructure/electron/impl/lockWebContentsToFile.ts
new file mode 100644
index 0000000..6b458e0
--- /dev/null
+++ b/packages/main/src/infrastructure/electron/impl/lockWebContentsToFile.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C)  2022 Kristóf Marussy <kristof@marussy.com>
+ *
+ * This file is part of Sophie.
+ *
+ * Sophie is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import { WebContents } from 'electron';
+import { getLogger } from '../../../utils/log';
+import type Resources from '../../resources/Resources';
+const log = getLogger('lockWebContentsToFile');
+/**
+ * Loads the specified file in the webContents and prevent navigating away.
+ *
+ * Both navigating away to a different URL and opening a new window will be disallowed.
+ *
+ * @param resources The resource handle associated with the paths and URL of the application.
+ * @param filePath The path to the file in the render package to load.
+ * @param webContents The webContents to lock.
+ */
+export default function lockWebContentsToFile(
+  resources: Resources,
+  filePath: string,
+  webContents: WebContents,
+): Promise<void> {
+  const pageURL = resources.getRendererURL(filePath);
+  webContents.setWindowOpenHandler(() => ({ action: 'deny' }));
+  webContents.on('will-navigate', (event, url) => {
+    if (url !== pageURL) {
+      log.error(
+        'Prevented webContents locked to',
+        pageURL,
+        'from navigating to',
+        url,
+      );
+      event.preventDefault();
+    }
+  });
+  return webContents.loadURL(pageURL);
+}

diff --git a/packages/main/src/index.ts b/packages/main/src/index.ts index 128ae35..2072017 100644 --- a/packages/main/src/index.ts +++ b/packages/main/src/index.ts
@@ -22,7 +22,6 @@
22	import { readFileSync } from 'node:fs';	22	import { readFileSync } from 'node:fs';
23	import { readFile } from 'node:fs/promises';	23	import { readFile } from 'node:fs/promises';
24	import { arch } from 'node:os';	24	import { arch } from 'node:os';
25	import { URL } from 'node:url';
26		25
27	import {	26	import {
28	ServiceToMainIpcMessage,	27	ServiceToMainIpcMessage,
@@ -41,11 +40,12 @@ import { getSnapshot, onAction, onPatch } from 'mobx-state-tree';
41	import osName from 'os-name';	40	import osName from 'os-name';
42		41
43	import {	42	import {
44	DEVMODE_ALLOWED_URL_PREFIXES,
45	enableStacktraceSourceMaps,	43	enableStacktraceSourceMaps,
46	installDevToolsExtensions,	44	installDevToolsExtensions,
47	openDevToolsWhenReady,	45	openDevToolsWhenReady,
48	} from './infrastructure/electron/impl/devTools';	46	} from './infrastructure/electron/impl/devTools';
		47	import hardenSession from './infrastructure/electron/impl/hardenSession';
		48	import lockWebContentsToFile from './infrastructure/electron/impl/lockWebContentsToFile';
49	import getDistResources from './infrastructure/resources/impl/getDistResources';	49	import getDistResources from './infrastructure/resources/impl/getDistResources';
50	import initReactions from './initReactions';	50	import initReactions from './initReactions';
51	import { createMainStore } from './stores/MainStore';	51	import { createMainStore } from './stores/MainStore';
@@ -128,32 +128,6 @@ initReactions(store)
128	log.log('Failed to initialize application', error);	128	log.log('Failed to initialize application', error);
129	});	129	});
130		130
131	const rendererBaseURL = resources.getRendererURL('/');
132	function shouldCancelMainWindowRequest(url: string, method: string): boolean {
133	if (method !== 'GET') {
134	return true;
135	}
136	let normalizedURL: string;
137	try {
138	normalizedURL = new URL(url).toString();
139	} catch {
140	return true;
141	}
142	if (
143	isDevelopment &&
144	DEVMODE_ALLOWED_URL_PREFIXES.some((prefix) =>
145	normalizedURL.startsWith(prefix),
146	)
147	) {
148	return false;
149	}
150	const isHttp = normalizedURL.startsWith(rendererBaseURL);
151	const isWs = normalizedURL.startsWith(
152	rendererBaseURL.replace(/^http:/, 'ws:'),
153	);
154	return !isHttp && !isWs;
155	}
156
157	async function createWindow(): Promise<unknown> {	131	async function createWindow(): Promise<unknown> {
158	mainWindow = new BrowserWindow({	132	mainWindow = new BrowserWindow({
159	show: false,	133	show: false,
@@ -169,29 +143,7 @@ async function createWindow(): Promise<unknown> {
169		143
170	webContents.userAgent = originalUserAgent;	144	webContents.userAgent = originalUserAgent;
171		145
172	webContents.session.setPermissionRequestHandler(	146	hardenSession(resources, isDevelopment, webContents.session);
173	(_webContents, _permission, callback) => {
174	callback(false);
175	},
176	);
177
178	webContents.session.webRequest.onBeforeRequest(
179	({ url, method }, callback) => {
180	callback({
181	cancel: shouldCancelMainWindowRequest(url, method),
182	});
183	},
184	);
185
186	const pageURL = resources.getRendererURL('index.html');
187
188	webContents.on('will-navigate', (event, url) => {
189	if (url !== pageURL) {
190	event.preventDefault();
191	}
192	});
193
194	webContents.setWindowOpenHandler(() => ({ action: 'deny' }));
195		147
196	if (isDevelopment) {	148	if (isDevelopment) {
197	openDevToolsWhenReady(mainWindow);	149	openDevToolsWhenReady(mainWindow);
@@ -211,6 +163,7 @@ async function createWindow(): Promise<unknown> {
211	});	163	});
212		164
213	browserView.webContents.userAgent = userAgent;	165	browserView.webContents.userAgent = userAgent;
		166
214	autorun(() => {	167	autorun(() => {
215	browserView.setBounds(store.browserViewBounds);	168	browserView.setBounds(store.browserViewBounds);
216	});	169	});
@@ -350,7 +303,7 @@ async function createWindow(): Promise<unknown> {
350	log.error('Failed to load browser', error);	303	log.error('Failed to load browser', error);
351	});	304	});
352		305
353	return mainWindow.loadURL(pageURL);	306	return lockWebContentsToFile(resources, 'index.html', webContents);
354	}	307	}
355		308
356	app.on('second-instance', () => {	309	app.on('second-instance', () => {


diff --git a/packages/main/src/infrastructure/electron/impl/hardenSession.ts b/packages/main/src/infrastructure/electron/impl/hardenSession.ts new file mode 100644 index 0000000..71d8148 --- /dev/null +++ b/packages/main/src/infrastructure/electron/impl/hardenSession.ts
@@ -0,0 +1,87 @@
		1	/*
		2	* Copyright (C) 2022 Kristóf Marussy <kristof@marussy.com>
		3	*
		4	* This file is part of Sophie.
		5	*
		6	* Sophie is free software: you can redistribute it and/or modify
		7	* it under the terms of the GNU Affero General Public License as
		8	* published by the Free Software Foundation, version 3.
		9	*
		10	* This program is distributed in the hope that it will be useful,
		11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		13	* GNU Affero General Public License for more details.
		14	*
		15	* You should have received a copy of the GNU Affero General Public License
		16	* along with this program. If not, see <https://www.gnu.org/licenses/>.
		17	*
		18	* SPDX-License-Identifier: AGPL-3.0-only
		19	*/
		20
		21	import { URL } from 'node:url';
		22
		23	import type { Session } from 'electron';
		24
		25	import { getLogger } from '../../../utils/log';
		26	import type Resources from '../../resources/Resources';
		27
		28	import { DEVMODE_ALLOWED_URL_PREFIXES } from './devTools';
		29
		30	const log = getLogger('hardenSession');
		31
		32	/**
		33	* Hardens a session to prevent loading resources outside the renderer resources and
		34	* to reject all permission requests.
		35	*
		36	* In dev mode, installation of extensions and opening the devtools will be allowed.
		37	*
		38	* @param resources The resource handle associated with the paths and URL of the application.
		39	* @param devMode Whether the application is in development mode.
		40	* @param session The session to harden.
		41	*/
		42	export default function hardenSession(
		43	resources: Resources,
		44	devMode: boolean,
		45	session: Session,
		46	): void {
		47	session.setPermissionRequestHandler((_webContents, _permission, callback) => {
		48	callback(false);
		49	});
		50
		51	const rendererBaseURL = resources.getRendererURL('/');
		52	log.debug('Renderer base URL:', rendererBaseURL);
		53
		54	const webSocketBaseURL = rendererBaseURL.replace(/^http(s)?:/, 'ws$1:');
		55	log.debug('WebSocket base URL:', webSocketBaseURL);
		56
		57	function shouldCancelRequest(url: string, method: string): boolean {
		58	if (method !== 'GET') {
		59	return true;
		60	}
		61	let normalizedURL: string;
		62	try {
		63	normalizedURL = new URL(url).toString();
		64	} catch {
		65	return true;
		66	}
		67	if (
		68	devMode &&
		69	DEVMODE_ALLOWED_URL_PREFIXES.some((prefix) =>
		70	normalizedURL.startsWith(prefix),
		71	)
		72	) {
		73	return false;
		74	}
		75	const isHttp = normalizedURL.startsWith(rendererBaseURL);
		76	const isWs = normalizedURL.startsWith(webSocketBaseURL);
		77	return !isHttp && !isWs;
		78	}
		79
		80	session.webRequest.onBeforeRequest(({ url, method }, callback) => {
		81	const cancel = shouldCancelRequest(url, method);
		82	if (cancel) {
		83	log.error('Prevented loading', method, url);
		84	}
		85	callback({ cancel });
		86	});
		87	}


diff --git a/packages/main/src/infrastructure/electron/impl/lockWebContentsToFile.ts b/packages/main/src/infrastructure/electron/impl/lockWebContentsToFile.ts new file mode 100644 index 0000000..6b458e0 --- /dev/null +++ b/packages/main/src/infrastructure/electron/impl/lockWebContentsToFile.ts
@@ -0,0 +1,59 @@
		1	/*
		2	* Copyright (C) 2022 Kristóf Marussy <kristof@marussy.com>
		3	*
		4	* This file is part of Sophie.
		5	*
		6	* Sophie is free software: you can redistribute it and/or modify
		7	* it under the terms of the GNU Affero General Public License as
		8	* published by the Free Software Foundation, version 3.
		9	*
		10	* This program is distributed in the hope that it will be useful,
		11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		13	* GNU Affero General Public License for more details.
		14	*
		15	* You should have received a copy of the GNU Affero General Public License
		16	* along with this program. If not, see <https://www.gnu.org/licenses/>.
		17	*
		18	* SPDX-License-Identifier: AGPL-3.0-only
		19	*/
		20
		21	import { WebContents } from 'electron';
		22
		23	import { getLogger } from '../../../utils/log';
		24	import type Resources from '../../resources/Resources';
		25
		26	const log = getLogger('lockWebContentsToFile');
		27
		28	/**
		29	* Loads the specified file in the webContents and prevent navigating away.
		30	*
		31	* Both navigating away to a different URL and opening a new window will be disallowed.
		32	*
		33	* @param resources The resource handle associated with the paths and URL of the application.
		34	* @param filePath The path to the file in the render package to load.
		35	* @param webContents The webContents to lock.
		36	*/
		37	export default function lockWebContentsToFile(
		38	resources: Resources,
		39	filePath: string,
		40	webContents: WebContents,
		41	): Promise<void> {
		42	const pageURL = resources.getRendererURL(filePath);
		43
		44	webContents.setWindowOpenHandler(() => ({ action: 'deny' }));
		45
		46	webContents.on('will-navigate', (event, url) => {
		47	if (url !== pageURL) {
		48	log.error(
		49	'Prevented webContents locked to',
		50	pageURL,
		51	'from navigating to',
		52	url,
		53	);
		54	event.preventDefault();
		55	}
		56	});
		57
		58	return webContents.loadURL(pageURL);
		59	}